Starting with Java 7 Update 51, applets that do not conform with the latest security practices can still be authorized to run by including the sites that host them to the Exception Site List.
Starting with Java 8 Update 20, the Medium security level has been removed from the Java Control Panel. Only High and Very High levels are available.
The exception site list provides users with the option of allowing the same applets that would have been allowed by selecting the Medium option but on a site-by-site basis therefore minimizing the risk of using more permissive settings.
You might also be interested in: