Details
-
Suggestion
-
Resolution: Not a bug
-
None
Description
NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion.
This setting is still needed. However, the name of it no longer really reflects what it does. What the setting actually does is change the attachment security policy. The default level is a default (secure) attachment level which uses a blacklist of content-types which are sent as attachment downloads, the "insecure" level simply sends all attachments "inline" and the "secure" attachment level sends all attachments as downloads.
Problem Definition
The Internet Explorer MIME Sniffing Security Hole Workaround Policy in Configuring JIRA Options can be confusing - it it also not consistent. It will allow PNGs and block JPGs. It's also not entirely clear of the behaviour of it, for example in JRA-28965.
Suggested Solution
Remove the Internet Explorer MIME Sniffing Security Hole Workaround Policy functionality - IE7 has not been supported in JIRA for quite some time.
Attachments
Issue Links
- is related to
-
- Closed
-
- Closed
- relates to
-
JRACLOUD-42617 Certain wiki markup characters can be used to escape Internet Explorer MIME Sniffing Security Hole Workaround Policy
-
- Closed
-