Dear VC team,
a month ago Unity published info on a security issue that affects applications built with Unity, from 2017.1 up to the current versions as of then. It thus also affects Visual Components Experience in the version that you are still offering for download to this date. Don’t get me wrong, I am grateful for the great options that Experience offers, but I would have expected an update from your side by now.
Unity are offering a patching tool that can be applied to “fix” affected applications, also working for Experience; its functionality comes down to replacing the included UnityPlayer.dll by a matching fixed version. Of course every Experience user is free to use the patcher themselves, but as many of them probably are not using Unity, they may not be aware of the issue, whereas somebody on your team is supposed to have gotten the memo. I think you should be able to provide a rather cheap fix by applying the patcher to a finished build of Experience and repackage it for download, if a proper new build with an updated Unity version is not an option.
With or without an update to Experience, notifying your users would be nice, too.
Thanks in advance!
Kind regards,
Bernhard