On Safari 11? - Do not upgrade to 1Password 7.2+

jacobp

If for any reason - say your enterprise IT department hasn't or can't release Safari 12 yet, and you're running Safari 11, do not upgrade to 1Password 7.2 or beyond. It is not listed in the release notes that this is a hard requirement for 7.2+ to work.

---

1Password Version: 7.2+
Extension Version: Not Provided
OS Version: OS X 10.13 and below
Sync Type: Not Provided

Lars

@jacobp - our recommendation as a security company is that people always run the most up-to-date versions of not just 1Password but also of other software, particularly their OS, but also other related applications such as browsers and other security-related software. For anyone else finding their way to this thread, Jacob is correct: in Safari 12, Apple began deprecating older .safariextz-style extensions (the kind we're all used to), in favor of a newer and more secure style of extension called Safari App Extensions. Apple have already removed the ability of users to download and install older-style extensions from developers, meaning the older-style extensions can ONLY be downloaded from the Safari Extensions Gallery now. That means not just 1Password but an increasing number of developers who develop product that works in the macOS environment will be switching over to this newer style of extension. And as the new ones are in compatible with the old (on purpose), at some point, every developer will need to figure out for themselves when to "pull the plug" and make the next version of their applications use the newer version instead of the old. Some of them may decide to release two versions of their apps, one for those who want the older version of Safari extension and one for those who want the newer version, but I'd be surprised if many do this, owing to the nature of what's ahead. Specifically, Apple have said they're likely going to be shuttering the Safari Extensions Gallery some time around the end of this year, which is in (can you believe it) only six or seven weeks. The instant they do that, there will be no way whatsoever for users of Safari 12 to install older-style extensions into Safari, and users of Safari versions older then 12 will only be able to do so via direct developer download. In short, two things:

1. The window for this either/or dilemma will very shortly be coming to a close. Apple, the developer of the OS on which we all rely, has made their decision, and in typical dedicated Apple fashion, they will not be shy about moving forward.
2. That means if you're in a corporate/enterprise environment that is sometimes a little slow to embrace newer technologies or the newest versions of software, you might want to warn them this will be an issue across the board, not just with 1Password.

For the individual user, of course, there remain multiple options: upgrading to Safari 12, switching to either Firefox or Chrome (which do not have this requirement; only Safari does), using 1Password X instead of the native 1Password for Mac application -- all of these are potential solutions to the problem in addition to staying on Safari 11. My thanks to @jacobp for pointing out this issue, and feel free to let us know if you have any follow-up questions. :)

jacobp

Thanks for all of the information @Lars.

I appreciate that AgileBits is a "security" company, but my point was in making this change clear - which the release notes do not. As a company, you can choose to require Safari 12, but users should be notified of a drastic change like this - and given clear information on how to continue to support themselves if for any reason they can't upgrade to Safari 12 in less than 3 weeks of it's release.

Further, there are many reasons that Safari 11 will likely remain in the ecosystem (in particular enterprises) for a while - not the least of which is Apple's the major change of removing support for NPAPI plugins, which means that many other enterprise software products have to create Safari non-NPAPI plugin replacements.

Lastly, Safari 11 works just fine with other Safari App Extensions, such as Adblock, so Safari 12 is not necessarily a requirement for App Extensions.

Again, my issue is the extreme lack of communication to a major change, that broke my daily workflow as a long time paying customer and made me waste several hours getting working again.

Lars

@jacobp - thanks for the feedback. :)

adviladic

We need a solution. I tried to backtrack and was not able to because the data structure was modified. Chrome and Firefox are not options for me. my hardware does not support Mojave. I am stuck. PLEASE HELP!

Lars

Welcome to the forum, @adviladic! I'm sorry for the trouble. Before I start attempting to come up with a solution for you, I'd need the specifics of what you're using:

1. What specific version of macOS are you using currently?
2. What specific version of 1Password for Mac do you have installed?
3. What specific version of Safari are you using?
4. Anything else I'd need to know - corporate policies mandating you use or not use certain products/solutions, etc.

Depending upon the limitations you have in your specific setup, I may or may not have a solution for you, but I'll do my best.

adviladic

Hello Lars, thank you for the response. I have already upgraded to Mac 10.13 and in the process have already updated to 1password 7.2. My system cannot handle Mac 10.14. One password tells me I can’t go back because my data has been changed. 1password website says that it is compatible with anything above Mac 10.12. If I would’ve known it was not compatible I would not have upgraded. Also I cannot use Firefox Or chrome because of incompatibility issues. In the
Or chrome because of incompatibility issues. I cannot afford to upgrade my hardware. We really need a resolution from 1Password. Thank you.

Lars

@adviladic - thanks for the response. Can you answer my #2 question, above? What specific version of Safari do you have installed, and is there a reason you can't upgrade to Safari 12? If you can use Safari 12, install it, and 7.2 should work just fine for you in macOS 10.13 (“High Sierra”). :)

Calrion

I'll second this. I've not yet trekked out of the High Sierra and into the Mojave (due to a not insignificant dependency tree that includes recent issues with Time Machine), and as I'm hoping to make that journey very shortly I've not yet updated to 10.13.6 so don't have access to Safari 12.

All that would've been required is a simple "But note this release requires Safari 12 or later." under the "Let's go on a Safari" heading.

To answer the specific questions above: macOS 10.13.5, 1Password 7.2.1 (MAS), Safari 11.1.1. And now a question of my own: as a 1Password account-holder, will Bad Things™ happen if I quit 1Password completely then use Time Machine to revert 1Password 7.2.1 to version 7.0.7?

jacobp

@Calrion You should be able to reconnect an older version of 1Password to the "1Password.com cloud" and be ok. You might have to delete the local database after you restore. My recovery was to go back to 1Password 6.8 since I didn't have a backup of 7 pre 7.2.

Calrion

@jacobp Yeah, that didn't work. At all. Well ok, maybe a little. :)

I used 1Password Mini to "completely quit 1Password", then restored v7.0.7 from Time Machine, only to see it crash—repeatedly—on launch. Aware of the data issue—and thanks for mentioning it—I deleted com.agilebits.* and 2BUA8C4S2C.com.agilebits.* under ~/Library/Containers and ~/Library/Group Containers then tried again with two issues: 1Password launched, and detected my existing account, but wouldn't accept the correct password; and I realised that while I do use a 1Password account, I don't only use a 1Password account and would likely lose access to my local-only vaults (read: it's not worth figuring exactly where the backups are and how to restore them for the short time I'll need to be on the older 1P version).

So I put those folders back where they came from (or so help me ;)), and I'm back on 7.2.1 until I update macOS (Real Soon Now™, I'd say).

jacobp

@calrion ah bummer on the local vaults. I don’t have any - so I couldn’t tell you where to look.

Lars

@Calrion

I've not yet updated to 10.13.6 so don't have access to Safari 12.

I'm not sure what you mean; Apple has released Safari 12 for both macOS 10.13 (“High Sierra”) and macOS 10.12 (“Sierra”), so you should be able to use it.

...as a 1Password account-holder, will Bad Things™ happen if I quit 1Password completely then use Time Machine to revert 1Password 7.2.1 to version 7.0.7?

I wouldn't recommend that kind of intricate surgery without guidance from one of us. If you've got a 1password.com membership, then even if you lost all your data on that Mac, you'd still have it on the 1password.com server. But things might get very unpredictable if you try restoring from a local cache of the data that's older (which is what Time Machine does), since the server is the "canonical" record of the data, and it's recently seen your data as updated to a certain point. Just...don't try reinstalling older copies of your data folder. Seriously.

It IS perfectly fine to click Help > Troubleshooting > Reset all 1Password Data, which will remove everything and allow you to start over, but that's not a solution to the issue of the schema change from 7.1.2 to 7.2, and it doesn't cover any local (standalone) vaults you have, either. Is there a reason you can't simply download Safari 12 for macOS 10.13 (“High Sierra”)? It should be in the Updates tab of the Mac App Store.

Calrion

I'm not sure what you mean; Apple has released Safari 12 for both macOS 10.13 (“High Sierra”) and macOS 10.12 (“Sierra”), so you should be able to use it.

Safari 12 is available for macOS Sierra and High Sierra, but only the latest versions of each. The best reference for this I could find is Apple's Security content of Safari 12 document, which says that "[Safari 12 is] available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14" (emphasis mine). To wit, my App Store app shows only an update to macOS 10.13.6 (which says nothing about Safari, 12 or otherwise); there's no Safari update available. Xcode is the same: Xcode v10.0 requires "macOS 10.13.6 or later".

I wouldn't recommend that kind of intricate surgery without guidance from one of us. If you've got a 1password.com membership, then even if you lost all your data on that Mac, you'd still have it on the 1password.com server. But things might get very unpredictable if you try restoring from a local cache of the data that's older (which is what Time Machine does)

I hear you. It's ok, I'm a trained professional. ;)

I only used Time Machine to restore the 1Password.app file, not any of the data; my interest with the data was making sure the v7.2.1-updated data files weren't interfering with 1P v7.0.7. In any case, I wasn't able to find a satisfactory solution in the time available, so I'm back on 1P v7.2.1 sans-Safari extension until I can update to at least macOS 10.13.6.

I hadn't yet updated to macOS 10.13.6 because I was expecting to shortly upgrade to macOS Mojave; I hadn't upgraded to Mojave yet because I was waiting for the point-1 release, and because I have some proverbial ducks to line-up first (including making sure Time Machine is working properly; I don't mind admitting I'm paranoid about mu Fusion Drive and APFS).

Lars

@Calrion - sounds good. If you're not willing to upgrade to the most-recent version of High Sierra or to go to Mojave directly, the options get considerably thinner. But it sounds like you're headed in that direction, so hopefully things will be back to normal for you soon. :)

AGAlumB

Safari 12 is available for macOS Sierra and High Sierra, but only the latest versions of each. The best reference for this I could find is Apple's Security content of Safari 12 document, which says that "[Safari 12 is] available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14" (emphasis mine).

@Calrion: I would hope that people would read the actual contents of these updates with regard to security, if nothing else. There are similar documents for 10.12.6 and 10.13.6, with fixes for severe vulnerabilities like Broadpwn as well. If some folks want to insist on running outdated software with known security vulnerabilities, that's up to them. But this is a support forum for 1Password, a security product. And as such this is not to be a clearinghouse for information on doing things that put users at risk. There are plenty of other venues for that. Keep that in mind before posting. Thanks.

jacobp

@brenty - Appreciate your point of view - but there are many reasons that folks can't run Safari 12, whether their company hasn't upgraded the base OS or Safari 12 (due to QA, security testing, etc.), needing features in Safari 11 that aren't available due to the major changes to Safari 12 yet, etc.

The point has been - 1Password dropped support to platforms and made a major requirements change without any notification to it's users, that is most definitely a 1Password support issue.

My issue in these forums is your teams refusal to acknowledge this mistake and falling back to "we're right, you're wrong".

AGAlumB

@jacobp: There are always "reasons", just not good ones when we're talking about security. And that's the focus of 1Password, and therefore this support forum. We're using a Safari App Extension as of 7.2 in order to remain compatible with Safari going forward, as we do with all our supported browsers. That's not something we're going to apologize for. It's certainly within a company or individuals rights to stick with outdated stuff, but by the same token we're not going to take responsibility for decisions others make — nor are we going to hold back our customers who stay up to date, or make the transition rockier by cutting it close to the deadline.

Lars

@jacobp

My issue in these forums is your teams refusal to acknowledge this mistake and falling back to "we're right, you're wrong".

It is? From reading your initial post in this thread, it seemed like your issue was making sure you repeated what you and I had discussed in an earlier thread. We typically discourage that kind of multi-posting of the same question/issue/comment to multiple threads, because it verges on spam once you've said something once, but I let this instance of it slide. However, brenty is quite right that this is not a salon for open-ended discussion of grievances, it's a support forum administered and run by us, for 1Password users -- of which there are many. Given the constraints you've put on your own use of 1Password, we do not have any solutions that will suit your exact situation, and we have other users who need our assistance.

You chose to upgrade to 7.2 in a corporate environment, knowing your IT department wouldn't be allowing you to run the latest version of Safari which included an entirely new extensions framework for a while, and unfortunately you got caught up in some of the problems that can arise when companies make major changes to how software behaves and what remains compatible. You're also unwilling to avail yourself of our suggested solution of using other available major browsers (Chrome, Firefox - which would eliminate this problem altogether) either with the standalone extension or even with 1Password X. And apparently, you're either not able or possibly unwilling to ask your IT department to allow you to install our own version of 7.1.2 as well. All these things are certainly choices you (or your IT department) can make, but they don't add up to it being our fault that you can't use 1Password in precisely the manner you'd prefer.

Regardless of any of the above, the salient issue at this point is that this forum is not a Socratic salon where all ideas are equally worthy of discussion at any length the poster wishes. We are simply not going to allow certain things - among them the usual suspects of spam, abuse, etc - but also the posting of suggestions that can very easily in inexperienced hands (or even relatively experienced ones) result in data loss or corruption.

ref: KRY-89253-972