Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Medium
Fix Version/s: None
Affects Version/s: 5.1.2, 5.2.7
Component/s: None
Labels:
- affects-server
- no-cvss-required

Introduced in Version:
5.01
Support reference count:
4
Symptom Severity:
Severity 2 - Major
UIS:
0
Bug Fix Policy:
View Atlassian Server bug fix policy
Current Status:

Hide

Atlassian Update – 31-10-2018

Hi everyone,

We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Won't Fix.

Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication.
Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

Thank you,
Ignat Alexeyenko
Jira Bugmaster

Show
Atlassian Update – 31-10-2018 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Won't Fix . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Ignat Alexeyenko Jira Bugmaster

Description

The X-Content-Type-Options:nosniff setting was introduced in JIRA 5.1.2 to resolve a security vulnerability: https://jira.atlassian.com/browse/JRA-27506

Since introduced, this causes image files not to render properly in IE if the file extension is uppercase.

Steps to Reproduce

Copy 2 image files into the $JIRA_INTALL/atlassian-jira/images folder of a JIRA 5.1.2 instance or higher
- Make sure one file has an uppercase file extension and the other, lowercase
- For example: test1.GIF and test2.gif

Edit the announcement banner and enter following html for testing purposes (replacing JIRAHOST:PORT with the proper values)

<html>
    <body>
        <h1>Uppercase File Extension</h1>
        <img src="http://JIRAHOST:PORT/images/test1.GIF"></img> 
        <br>
        <h1>Lowercase File Extension</h1>
        <img src="http://JIRAHOST:PORT/images/test2.gif"></img>
    </body>
</html>

Access JIRA with IE

Expected Results

Both images should be displayed in the announcement banner

Actual Results

Only the image with the lowercase file extension is rendered properly

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

uppercasetest.png
141 kB
28/Feb/2013 5:58 AM

Issue Links

relates to

JRASERVER-30373 JIRA will not display images with the wrong MIME type in IE due to nosniff header

Gathering Impact

Activity

People

Assignee:: Unassigned

Reporter:: ChrisA

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 28/Feb/2013 5:56 AM

Updated:: 28/Mar/2019 12:09 AM

Resolved:: 31/Oct/2018 11:03 AM