We can only pray that Oracle will eliminate all security issues that make Mozilla think this way or they agree with each other. For some reasons, Mozilla believes that the latest Java plugin is unsafe. Unfortunately we cannot do anything about it. If you enable it, the uploader appears and it works as expected. The red "LEGO block" icon appears near the navigation bar and if you click it, it asks whether you want to enable the Java plugin (temporary or permanently). If you update Firefox to the version 24, you will notice that now it blocks Java applets. So it looks like pretty soon 100% of active Java users will update their Java machines. Now if the user needs to use a Java applet with LiveConnect enabled, they need either to update their Java or reduce the security level to "Medium". It makes impossible for the applet to initialize convertors and therefore the uploader does not know whether you need to send thumbnails, original files, etc. When they released Java 7u45, they just sent a command to old Javas and said them to turn off LiveConnect by default. It looks like Oracle can disable specific Java features from their "Ground Control Center". specify whether to upload thumbnails, original file, etc). In particular, you initialize convertors through LiveConnect (i.e. This is how you can change Java applet settings dynamically or handle the upload completion events. LiveConnect is a technology which allows the HTML page where the applet is located to "talk" with the applet using JavaScript. If you examine Java console log with the verbose mode enabled, you will notice a message like "LiveConnect is blocked for security reasons". If you did not update Java yet, you may notice that any version of the Upload Suite sends an empty request when you upload anything.
Uploader sends empty HTTP request on old Java So the new Upload Suite update works as earler and no extra security dialog appears. Fortunately, they allowed to use a wildcard. jar file in the same directory with the page which it hosts it or something like this. In the worst scenario we would have to locate the. It is necessary to do on the compile time. Why it happened? Oracle decided that if it is necessary to manipulate the applet through JavaScript, the applet developer should define where the pages which will use the applet are located. The uploader still works, but the additional dialog may be quite annoying. If you have Upload Suite 8.0.51 or later, after you update Java to 7u45, you may notice that every time you open a page with Java applet, and additional security dialog appears asking whether you allow or deny to let the applet access JavaScript and HTML where it is hosted. Now I would like to tell about what exactly happened and what we did about it. We tried our best to overcome the aftermath of this update and rolled out Upload Suite 8.0.52. They "improved security" which usually equals to "created unexpected headache to millions of the users with no visible reason". Oracle continues to torture their loveless stepchild called Java, as well as browser vendors do.