I have been sent an email regarding a Remote Code Execution flaw in the Editor, however I am not using any of the patched versions due to a bug being introduced that still has not been fixed. I am likely not the only one using minor versions. Can you please patch Unity 5.6.1 or fix the reported bug?
Thank you.
I have many questions about how to use the security patches, too.
I am maintaining over a dozen legacy projects that were written in many different editor versions–4.6.9f1, 4.7.2f1, 5.3.4p4, 5.4.3f1, 5.5.0f3, 5.5.2f1, and 5.6.0f3. None of these versions have patches, though later versions of 5.3.x, 5.4.x, 5.5.x, and 5.6.x have patches. So:
I’m a bit worried too. I know it’s important to patch your software, especially as this particular bug is apparently quite big, but when I checked the patch download site, version 5.6.1 wasn’t up there, so I’m wondering if I needn’t worry. I don’t want to mess my work up because I’m doing a Unity project for a potential job offer and I don’t want to lose my work.
Well, there should be some notice about older versions. For example, asset store developers have to keep older versions around to make the asset uploaded on the lowest version of Unity possible to make it compatible with that version. I can image lots of 4.6 and 5.0 installations laying around.