-
Bug
-
Resolution: Won't Fix
-
Medium
-
None
-
5.1.2, 5.2.7
-
None
-
5.01
-
4
-
Severity 2 - Major
-
0
-
-
The X-Content-Type-Options:nosniff setting was introduced in JIRA 5.1.2 to resolve a security vulnerability: https://jira.atlassian.com/browse/JRA-27506
Since introduced, this causes image files not to render properly in IE if the file extension is uppercase.
Steps to Reproduce
- Copy 2 image files into the $JIRA_INTALL/atlassian-jira/images folder of a JIRA 5.1.2 instance or higher
- Make sure one file has an uppercase file extension and the other, lowercase
- For example: test1.GIF and test2.gif
- Edit the announcement banner and enter following html for testing purposes (replacing JIRAHOST:PORT with the proper values)
<html> <body> <h1>Uppercase File Extension</h1> <img src="http://JIRAHOST:PORT/images/test1.GIF"></img> <br> <h1>Lowercase File Extension</h1> <img src="http://JIRAHOST:PORT/images/test2.gif"></img> </body> </html>
- Access JIRA with IE
Expected Results
Both images should be displayed in the announcement banner
Actual Results
Only the image with the lowercase file extension is rendered properly
- relates to
-
JRASERVER-30373 JIRA will not display images with the wrong MIME type in IE due to nosniff header
-
- Gathering Impact
-