Oracle continues to torture their loveless stepchild called Java, as well as browser vendors do. They "improved security" which usually equals to "created unexpected headache to millions of the users with no visible reason". We tried our best to overcome the aftermath of this update and rolled out Upload Suite 8.0.52.
Now I would like to tell about what exactly happened and what we did about it.
In the worst scenario we would have to locate the .jar file in the same directory with the page which it hosts it or something like this. Fortunately, they allowed to use a wildcard. So the new Upload Suite update works as earler and no extra security dialog appears.
If you did not update Java yet, you may notice that any version of the Upload Suite sends an empty request when you upload anything. If you examine Java console log with the verbose mode enabled, you will notice a message like "LiveConnect is blocked for security reasons". What is it?
It looks like Oracle can disable specific Java features from their "Ground Control Center". When they released Java 7u45, they just sent a command to old Javas and said them to turn off LiveConnect by default. It makes impossible for the applet to initialize convertors and therefore the uploader does not know whether you need to send thumbnails, original files, etc. So it sends nothing.
Now if the user needs to use a Java applet with LiveConnect enabled, they need either to update their Java or reduce the security level to "Medium". So it looks like pretty soon 100% of active Java users will update their Java machines.
If you update Firefox to the version 24, you will notice that now it blocks Java applets. The red "LEGO block" icon appears near the navigation bar and if you click it, it asks whether you want to enable the Java plugin (temporary or permanently). If you enable it, the uploader appears and it works as expected.
Unfortunately we cannot do anything about it. For some reasons, Mozilla believes that the latest Java plugin is unsafe. We can only pray that Oracle will eliminate all security issues that make Mozilla think this way or they agree with each other.
If you have old version of Upload Suite, you may notice that the security dialog which asks whether you trust Aurigma to install the uploader displays an additional message.
Obviously, you should be ready that the next Java update will break old uploaders again. New version of Java uploader (8.0.48 and later) don't have this problem. We have also prepared an update for the legacy version 6.
We can only thank Oracle that they warned beforehand. You have several weeks to update the uploader and we recommend to do it ASAP.
In fact, this problem is not related to the Java 7u45. It is a guilt of Apple - one more "big guy" who bullies our nerdy Java. They have accidently released new Safari version almost simultaneously with Oracle.
For some reasons they decided to run all Java applets in a "sandbox" which does not have an access to the file system until the user manually adds the website where this applet is used to the whilelist (they can do it in the Safari Preferences).
In the next version of the uploader, we are going to detect this situation and display some instructions to the user. Meanwhile, you have to instruct the users who have this problem how to whitelist your site.
This is a list of the most annoying changes in the Java 7 Update 45. Hopefully there is no other unexpected surprises. However anyway, we will keep you updated!
Aurigma is a software company specialized in creating products for web developers: