Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.

Official Unity Hub 3.1 Release Overview

Discussion in 'Unity Hub' started by Gennady, Mar 16, 2022.

  1. Gennady

    Gennady

    Unity Technologies

    Joined:
    Mar 30, 2015
    Posts:
    27
    Today Unity Hub 3.1 was released. This latest release includes a new project management feature, as well as many bug fixes and improvements. We’ve unpacked these below.


    Favorite project

    To make organizing your projects easier, we've added a favorites feature, so you can easily filter through the projects that matter most to you. You'll see a star icon to the left of each of your projects under the 'Projects' tab. To favorite a project, simply select the star icon. Now you can quickly filter through your favorite projects and access them with ease.





    Bug fixes and improvements

    • We’ve fixed multiple licensing-related bugs that users have reported, including:

      • Serial number activation errors - the Hub will now provide more details about activation failure

      • License files were removed after updating the Hub - the cause has been fixed.
    • When starting the Hub application, some users reported seeing a blank screen. We have fixed several causes for this issue.

    • Additionally, some users reported that the Hub crashed while updating to a new version. This issue has been fixed.
    • Users on Windows were experiencing problems downloading custom editors and modules. This issue has been resolved.

    • There was an issue that prevented Visual Studio status from updating while in the Install modal. We’ve addressed this issue.

    • We’ve improved the start-up time for users opening the Hub on Intel Mac devices.

    • We’ve added keyboard support for creating a new project.

    • Based on beta user feedback, we removed the "rename" project feature from this release and will continue to iterate.

    Stay tuned for what’s next

    You can keep up with all of the Hub’s new features by visiting our release notes. Find out what we are working on and share your ideas with us by viewing the Unity Hub roadmap, or leave us your feedback here.
     
    DragonCoder and PutridEx like this.
  2. cyriaca

    cyriaca

    Joined:
    Oct 13, 2013
    Posts:
    45
    I updated to Hub 3.1.0 on macOS. macOS has a feature that by default prompts the user for program-specific file access permissions. Hub asked for permissions to access the Desktop (allowed) and the OneDrive folder (rejected). It ended up creating an empty text file on the Desktop.

    From a quick search, it looks like an updated Node module in this release did something.
    https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029
    edit: Unity Hub.app/Contents/Resources/app.asar definitely has the script that does this.
     
    Last edited: Mar 16, 2022
  3. sssembler

    sssembler

    Joined:
    Feb 4, 2021
    Posts:
    37
    Why does it also include a text file called WITH-LOVE-FROM-AMERICA.txt on your desktop after you update?
     
  4. DavidSalagean147

    DavidSalagean147

    Joined:
    Mar 11, 2020
    Posts:
    3
    maybe because it was made with love :)))
     
    norm2010 likes this.
  5. sssembler

    sssembler

    Joined:
    Feb 4, 2021
    Posts:
    37
    EvOne and Whitebrim like this.
  6. matthewpruitt

    matthewpruitt

    Unity Technologies

    Joined:
    Sep 15, 2016
    Posts:
    13
    Hi all,

    I wanted to let you know that we're rolling out the 3.1.1 hotfix right now to Windows, Mac, and Linux. We apologize for the inconvenience. This HotFix eliminates an issue where a 3rd party library was able to create an empty text file on the desktop of people using this release version. While it was a nuisance, the issue did not include malicious functionality. Any user that had this file appear on their desktop after updating the Unity Hub can delete this file.

    Additionally, we're working on auditing node-ipc and any other dependency so we can prevent this in the future.
     
    Whitebrim, phobos2077, ksf000 and 3 others like this.
  7. TufanMeric

    TufanMeric

    Joined:
    Jan 1, 2015
    Posts:
    8
    Ah yes, the only time I update Unity Hub, it runs malicious third party code in my work computer. Never again :)
     
    EvOne and petey like this.
  8. SpockBauru

    SpockBauru

    Joined:
    Apr 12, 2021
    Posts:
    13
    There's no way to prevent unity hub to auto update?

    I mean, Its being a real pain since it updated from 2.4 to 3! I had login bugs, black window, can't create a new project with Unity 2019.1, and now I almost wiped out my entire PC because a suspicious file appeared in the Desktop that was just a joke from some random hacktivist!

    C'mon! Make the updates optional!
     
    Last edited: Mar 17, 2022
  9. EvOne

    EvOne

    Joined:
    Jan 29, 2016
    Posts:
    171
    Add the choice of LIGHT theme!

    #39
     

    Attached Files:

    • Hub.jpg
      Hub.jpg
      File size:
      50.7 KB
      Views:
      444
    SpockBauru likes this.
  10. Baste

    Baste

    Joined:
    Jan 24, 2013
    Posts:
    5,844
    Oh my god get off Electron already. The JS ecosystem is toxic, and any auditing that finds anything okay with it is broken to begin with. Nothing malicious happened this time, but somebody being able to just put a file on users desktops because you pulled in some dependency shows that you have zero control over anything, and next time it'll be a keylogger or a bitcoin miner or whatever.

    Fire all the project managers that thought this was a good idea, burn the codebase to the ground, and build a Hub from scratch in a decent environment. You have c++ engineers, you have a game engine turning into a general purpose platform. Both of those are better choices than your current garbage fire.

    And it's not like you'd lose much - you've been unable to deliver features of fixes for the Hub at anything else than a glacial speed since it shipped, with what seems to be several different teams and attempts at reboots. It's just not working - not for us, not for you, not for anyone.

    Hell, it's taken you longer to make a three page app that lists folders, runs other programs, and manages a login than it takes to make a big multiplayer game.
     
  11. MidnightGameDeveloper

    MidnightGameDeveloper

    Joined:
    Apr 26, 2014
    Posts:
    50
    How can we be sure, that this did not install the code mentioned in the link from sssembler or any other malicious functions!?
     
    Kinjo-Goldbar, PanthenEye and EvOne like this.
  12. jjejj87

    jjejj87

    Joined:
    Feb 2, 2013
    Posts:
    829
    Today was my shipping day and thanks to this incident, it has been pushed to next Tuesday. So no you can't be sure until you make it sure.

    We are wiping the system and reverting back to a backup.

    This sucks.
     
    EvOne likes this.
  13. EvOne

    EvOne

    Joined:
    Jan 29, 2016
    Posts:
    171
    Today it created a folder with the name "WITH-LOVE-FROM-"

    but tomorrow, with the squealing "Save Ukrаinе" - it will remove or encrypt something important on ALL machines with Russian-locale around the World, not only in the Russian Federation!
    -and what will you do after that?
     
  14. PanthenEye

    PanthenEye

    Joined:
    Oct 14, 2013
    Posts:
    648
    I just built and set up a new, expensive machine. Now I'm wondering if I should wipe it clean. And maybe get rid of the Hub too if it's possible to use Unity without it.
     
    EvOne likes this.
  15. petey

    petey

    Joined:
    May 20, 2009
    Posts:
    1,656
    I’m in a similar situation, and the last thing I i have time for now is to reinstall a machine completely. :( But maybe I should??
     
    EvOne likes this.
  16. MidnightGameDeveloper

    MidnightGameDeveloper

    Joined:
    Apr 26, 2014
    Posts:
    50
    So far it seems like it only creates the .txt file, but honestly I am also considering restoring from a backup. Would be nice if we get a more detailed statement from the unity hub devs.
     
    EvOne likes this.
  17. jjejj87

    jjejj87

    Joined:
    Feb 2, 2013
    Posts:
    829
    I am not going to take the chance. Can't say for you but no one can guarantee anything. It will be a nightmare trying to fix a Steam release with a malware on it. I mean, how would I even begin...

    BTW, Unity should really stop trying to hide this and post a blog announcement, send emails etc. Before something sad happens. This needs to be put on a bright neon light up in the air so that people notice it rightaway. Posting a forum reply is not enough. It took me a while to even find that post. Also, I noticed the .txt file just before I uploaded my files...so I was just lucky. Can't say that it would be the case for many others.

    I always have Kaspersky on so I am not super worried, but we did have a breach and now measures have to be taken. I have to be responsible for publicly released files. Especially if my clients are paying.
     
  18. electro12

    electro12

    Joined:
    Sep 13, 2015
    Posts:
    11
    Right. So you use Kaspersky to shield you from (other) malware? :confused:
     
  19. Romaleks360

    Romaleks360

    Joined:
    Sep 9, 2017
    Posts:
    54
    that's epic
     
  20. jjejj87

    jjejj87

    Joined:
    Feb 2, 2013
    Posts:
    829
    I have the whole server/network firewalled with it so technically it should...although if signed software like Unity Hub has it...don't know if it is still effective. Its like your security guard letting a trusted guest in but secretly he was a terrorist..
     
    SpockBauru likes this.
  21. PanthenEye

    PanthenEye

    Joined:
    Oct 14, 2013
    Posts:
    648
    Your security guard might also be a double agent: https://www.bloomberg.com/news/arti...rsky-software-risks-being-exploited-by-russia
     
  22. EvOne

    EvOne

    Joined:
    Jan 29, 2016
    Posts:
    171
  23. jjejj87

    jjejj87

    Joined:
    Feb 2, 2013
    Posts:
    829
  24. ytkimirti

    ytkimirti

    Joined:
    Mar 21, 2015
    Posts:
    8
    You are absolutely right.
    Just so you know, there is a native alternative to unity hub written in C++ https://github.com/Ravbug/UnityHubNative
    I can't say it works amazingly, but it has potential
     
    MrJBRPG and EvOne like this.
  25. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    9,438
    Unfortunately at this point it’s more likely we get the Unity Editor rewritten on Electron instead of getting a small team to write a single small downloader / manager without it relying on a bunch of S***ty libraries.
     
    kyubiismypal and EvOne like this.
  26. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    9,438
    EvOne likes this.
  27. Peter77

    Peter77

    QA Jesus

    Joined:
    Jun 12, 2013
    Posts:
    6,265
    EvOne likes this.
  28. Kirsche

    Kirsche

    Joined:
    Apr 14, 2015
    Posts:
    105
    "Germany’s BSI said a Russian software company could conduct operations itself, be used as a tool for an attack or be spied on without its knowledge."

    A perfectly valid assessment, the Russians *could* do that. Shockingly this hypothetical scenario is a long-standing practice in the US. The Edward Snowden revelations proved that the US government can lawfully utilize secret-court orders to force private companies to create backdoors in their hard- and software while blackmailing disclosure.

    Want to be safe? Trust no one. Especially not the Unity Hub after this incident.
     
    EvOne likes this.
  29. petey

    petey

    Joined:
    May 20, 2009
    Posts:
    1,656
    Wow, the fact that someone went to the effort to write this says something. :) Thanks for sharing, I might take a look. Definitely jumping off hub after this.
     
  30. LeonhardP

    LeonhardP

    Unity Technologies

    Joined:
    Jul 4, 2016
    Posts:
    2,981
    Kirsche and jjejj87 like this.
  31. jjejj87

    jjejj87

    Joined:
    Feb 2, 2013
    Posts:
    829
    Kind of feel like this needs to be a CEO statement, but what is done is done. Thank you LeonhardP for the announcement. Hopefully next time Unity handles this differently.

    As for the hotfix, seems to be working good. And 4 hour turnaround is a solid job. Thank you.
     
    Noisecrime and LeonhardP like this.
  32. electro12

    electro12

    Joined:
    Sep 13, 2015
    Posts:
    11
    Seriously jjejj87. Chances are using Kaspersky for protection is like stopping fire with kerosene. Given who is in charge of that company and its ties...

    But let's be real. I could be a tin hat paranoid but I don't think there is any trustworthy major power government out there. It probably doesn't matter which antivirus you pick. Or OS. Or just about any piece of closed source s/w with high coverage. You can bet it probably has some deliberately planted back doors secretly forced by governments around the world. Yet, some governments look like lesser evil to me.

    But back on topic. I think the biggest issue with this node-ipc 'protestware' debacle is politics taking over s/w. The 'politware'. Highlighting just how easy and dangerous supply chain attacks could be.

    Some argue these are just few isolated cases blaming malicious package maintainers. Pretending it is nothing that can't be sorted by code review / auditing etc. But what if the reviewer himself has malicious intents? What about employees with malicious intents? What about basic human error that may still let crap slip through the fingers? What about small teams who simply don't have Unity's resources to audit every 3rd party piece of code they plug into their products?

    Next will be Blender with its thousands of 3rd party Python modules. Or e.g. MS Teams which is Electron Node app too btw. You name it.

    I think this topic is a pandora box going far beyond Unity's sandbox. Perhaps the first step with tackling this could be criminalizing any intentional harm and significantly rising the liability bar. You know ... making it impossible to hide behind:

    THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED ...
     
    NolanDarv and EvOne like this.
  33. EvOne

    EvOne

    Joined:
    Jan 29, 2016
    Posts:
    171
    How can I stop from installing this _already_loaded_ nastiness?

    - I want to do this because I have no idea what exactly from the versions (corrected or not corrected)
    was loaded with a Hub and now prepare for the installation after restarting the application!

    And I f@cking do not need problems with the "third-party software" I have here, on MY computer,
    just because YOU - Unity Team - got into Politics and decided to "support" someone! :mad:
     
  34. SpockBauru

    SpockBauru

    Joined:
    Apr 12, 2021
    Posts:
    13
    You should update to 3.1.1 right now since is the safe version.

    After that, take a look on this to stop auto updates: https://forum.unity.com/threads/bizarre-ocurrence-with-unityhub-3-1-0.1253835/#post-7969725

    About the politics .txt file in your Desktop, it wasn't made by Unity team, it is a bigger problem that affects lots of systems outside Unity. Some guy that maintain a dependency that literally hundreds of thousands of developers uses sabotaged its own package with this file... Unity just uses this basic package like everyone else (IMO this standard behavior is the real issue).

    Just to be clear, I'm not related to Unity team and I think that they should have a better security. And also make the auto updates optional.
     
    Last edited: Mar 18, 2022
    EvOne likes this.
  35. Mauri

    Mauri

    Joined:
    Dec 9, 2010
    Posts:
    2,629
    Try to comprehend stuff before you go on a rant.

    You have 3.0.1 installed, which does not include that manipulated node-ipc package. 3.1.1 is the hotfix that fixes said issue introduced in 3.1.0. Just update to 3.1.1 - this doesn't affect you at all anyway.

    Also, this has nothing to do with Unity going into politics. This node-ipc module is used for inter-process communication and widely used by many Node.js developers. Unity is not the only entity affected by this.
    .
     
    EvOne likes this.
  36. Laureus

    Laureus

    Joined:
    Jul 11, 2017
    Posts:
    4
    Just please add an easy way to switch accounts!
    It's a pain that in order to log out an account and log in another I have to log out in the Hub, log out in the browser, login in the browser and then the Hub catch the new session.
    Just keep the credentials offline, please!
     
    EvOne likes this.
  37. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    9,438
    A hub/launcher/license checker has even less reason to use nodejs / electron though.
     
    EvOne likes this.
  38. Hurri04

    Hurri04

    Joined:
    Nov 27, 2017
    Posts:
    54
    Getting rid of the dependency hell does indeed seem like a good idea, given these incidents.
    Although downloading and executing an alternative Hub from another random guy on the internet does also not exactly fill me with much confidence before that one has been properly vetted.

    @Gennady / @matthewpruitt / @LeonhardP Is there maybe a chance that the Unity Hub team could do this and possibly replace the current Hub app with it if this native version is indeed safe and more performant on top? (Sorry for pinging all of you, not sure who's watching the thread/ responsible for this.)
     
    EvOne likes this.
  39. Mythique

    Mythique

    Joined:
    Oct 18, 2015
    Posts:
    13
    This is unfortunately missing a few features that would make it a proper replacement of Unity Hub.

    But I am quite happy with how fast UnityHubNative is. Not at all surprised though. I would LOVE for the Unity Hub to be a native app instead of an electron app. Quite surprised by this choice to be honest, of course it makes multiplatforming easier but it always end up with a worse user experience...
     
    Last edited: Mar 21, 2022
    SpockBauru, EvOne and MrJBRPG like this.
  40. MrJBRPG

    MrJBRPG

    Joined:
    Nov 22, 2015
    Posts:
    36
    Thanks for the awareness of a native run substitute. That would be good enough for me until Unity fixes up the Mac M1 (2020 model Monterey 12.3) Unity Hub App Crash, which I posted at the Mac Unity Hub Crashed thread or some similar name.
     
    EvOne likes this.
  41. Hurri04

    Hurri04

    Joined:
    Nov 27, 2017
    Posts:
    54
    Alternatively, here's a fresh idea: I hear there's this cool new cross-platform engine that all the kids are using these days and while it started as a game engine it is being used for all kinds of apps nowadays. Although the dev who ends up developing the new launcher using this pretty unknown engine should be careful, I hear their launcher nearly scraped by exposing all their users to some pretty bad malware the other day.

    Hint: Just rebuild Unity Hub using the Unity Engine. Creating a 3-page app with some buttons and text is not rocket science. It might even result in getting to know a few things about the Unity workflow which could be improved, since Unity still doesn't create a game or two of their own, like another certain game engine company starting with "U" :p
     
  42. ScionOfDesign

    ScionOfDesign

    Joined:
    Oct 6, 2016
    Posts:
    33
    How do I get rid of this little cloud "Source Control" icon?
    upload_2022-3-21_14-9-45.png

    It is appearing in a project that we uploaded to Unity Collaborate once a long time ago, but have since archived/deleted it and turned off Unity Collaborate. Why is this badge still persisting? It does not appear on any of our other projects and is confusing.
     
  43. tweedie

    tweedie

    Joined:
    Apr 24, 2013
    Posts:
    310
    This is utterly embarrassing.

    You must understand that we cannot trust you to ensure no malicious code will be executed in the future, if you failed to catch this?

    As @Baste said, get off Electron, you're just counting down the days until a more severe issue raises its head. You have the skills and the resources to build this natively. This is a very simple product and you don't need nor want to be auditing your list of however-many-dozen dependencies, just to run and manage some other software you ship.

    From the outside, it feels like Unity are hiring more and more from the webdev world, who bring their bloated technology stacks with them, and it's responsible for a lot of the poorer quality additions to the engine that are (still) arriving at magnificently slow pace, because they're dramatically overcomplicating a simple enough problem.
     
    mgear, AcidArrow, GoGoGadget and 5 others like this.
  44. petey

    petey

    Joined:
    May 20, 2009
    Posts:
    1,656
    Wow, I just tried the other UnityHubNative and it's great! It's opens pretty much instantly :cool:
     
    EvOne likes this.
  45. georson_01

    georson_01

    Joined:
    Jan 16, 2020
    Posts:
    4
    is there a way to get light mode back? my eyes have difficulty in dark mode
     
    EvOne likes this.
  46. Mauri

    Mauri

    Joined:
    Dec 9, 2010
    Posts:
    2,629
    It's listed as "Under Consideration" in the roadmap.
    .
     
    EvOne and georson_01 like this.
  47. georson_01

    georson_01

    Joined:
    Jan 16, 2020
    Posts:
    4
    Thanks!
     
    EvOne likes this.
  48. petey

    petey

    Joined:
    May 20, 2009
    Posts:
    1,656
    How long would that take to do?
     
    EvOne likes this.
  49. mgear

    mgear

    Joined:
    Aug 3, 2010
    Posts:
    7,643
    in the meanwhile, there is Unity Hub patcher, that replaces default css style with light theme,
    or you can do it manually yourself and edit the template html.
     
    EvOne likes this.
  50. ROBYER1

    ROBYER1

    Joined:
    Oct 9, 2015
    Posts:
    1,314
    As an employee of a company where security is paramount and we have a lot of private and strictly protected projects, not being informed directly by Unity of this breach was a serious security concern for us internally today. I only saw about this issue when I happened to see an old tweet about it and I had the breached version of the software on my work device unknowingly.

    Some kind of notification to Hub users of this breach via an email or direct contact would put our minds at ease for using Unity moving forward. We are taking steps to alter our internal processes to proof important software updates due to this
     
unityunity