Details
-
Bug
-
Resolution: Won't Fix
-
Medium
-
None
-
5.1.2, 5.2.7
-
None
-
5.01
-
4
-
Severity 2 - Major
-
0
-
-
Description
The X-Content-Type-Options:nosniff setting was introduced in JIRA 5.1.2 to resolve a security vulnerability: https://jira.atlassian.com/browse/JRA-27506
Since introduced, this causes image files not to render properly in IE if the file extension is uppercase.
Steps to Reproduce
- Copy 2 image files into the $JIRA_INTALL/atlassian-jira/images folder of a JIRA 5.1.2 instance or higher
- Make sure one file has an uppercase file extension and the other, lowercase
- For example: test1.GIF and test2.gif
- Edit the announcement banner and enter following html for testing purposes (replacing JIRAHOST:PORT with the proper values)
<html> <body> <h1>Uppercase File Extension</h1> <img src="http://JIRAHOST:PORT/images/test1.GIF"></img> <br> <h1>Lowercase File Extension</h1> <img src="http://JIRAHOST:PORT/images/test2.gif"></img> </body> </html>
- Access JIRA with IE
Expected Results
Both images should be displayed in the announcement banner
Actual Results
Only the image with the lowercase file extension is rendered properly
Attachments
Issue Links
- relates to
-
JRASERVER-30373 JIRA will not display images with the wrong MIME type in IE due to nosniff header
- Gathering Impact