So… Unity has a security vulnerability that requires pretty much every game made with it in the past six or seven years to be patched. And what have I been doing a lot of in the past few years? Making a whole bunch of games with Unity!
My personal opinion- keeping in mind that I’m not a security researcher or cybersecurity expert- is that the impact of this vulnerability isn’t that significant on Windows. My understanding is that an exploit would effectively require compromising the system already. While it can technically be used for privilege escalation on Windows, it’s a much bigger deal on macOS and Android, which have much stricter and more granular permissions models.
However, that’s not a hill I’m willing to die on- again, I’m not an expert– and I am planning to update as many of my games as practical. It won’t be all of them. I’ve made a lot of games and some of them run on old versions of Unity that don’t have a patch available. It’s possible to upgrade them, but more work, and I’m just one person.
Here’s an outline of what will and won’t get updated, based on release dates:
- before 2020: will not be updated
- 2020: Shattered and In The Middle Of The Night only
- 2021: TBD, will include At The Break Of Dawn at a minimum
- 2022-2025: all normal releases
And a few more specific details in point form:
- Priority will be 2025 games, then main series games, then the rest from newest to oldest
- Full rebuild with version number bump or binary patch and rerelease on a case by case basis
- Latest versions only, no updates for previous versions
- No updates for experimental builds (including platform builds labelled as experimental)
- No updates for limited releases
I don’t have a timeline, but I’m hoping to get through this by the end of the month.