Search Unity

Question Localization and Newtonsoft-json 13 due to v12 security vulnerability

Discussion in 'Localization Tools' started by dustinchertoff, Aug 23, 2022.

  1. dustinchertoff

    dustinchertoff

    Joined:
    Sep 29, 2021
    Posts:
    1
    Apparently Newtonsoft-json 12.0.3 (unity package 2.0.2) has a vulnerability in it resulting in newtonsoft deprecating this package. This results in a Whitesource error when running scans on application security.

    I haven't seen any issues in local testing, but since unity json 3.0.x isn't officially the dependency for the Localization package, I wanted to check with the team on whether this could be an issue / if a new version with an updated dependency was forthcoming.
     
    dustinchertoff, Aug 23, 2022
    #1

  2. karl_jones

    karl_jones

    Unity Technologies

    Joined:
    May 5, 2015
    Posts:
    8,281
    Updating newtonsoft to 3.0 should be fine. You should able to do this in the package manager. We have done it recently for 2.0 and had no issues
     
    karl_jones, Aug 23, 2022
    #2