Description

Currently, JIRA does not provide the functionality to restrict attachments to specific file types. This poses a security risk as users can upload files containing malicious code, such as SVG files or other formats like .BAT, .EXE, and .MSI that could potentially be exploited. Implementing a feature that allows administrators to define and restrict permissible file types for attachments would enhance security and ensure that only safe and approved file types are uploaded.

Expected Results

• Administrators can configure a whitelist of allowed file types for attachments.
• Users attempting to upload disallowed file types receive an error message and are prevented from proceeding.
• The system logs attempts to upload disallowed file types for security auditing.

Actual Results

• Unable to prevent the upload of potentially harmful file types.

Workaround

• Restrict the "Create Attachments" permission