Protect your Jira against unauthorised file attachments
Protect your Jira against unauthorised file attachments
Control the way that attachments can be uploaded either with blacklisting or whitelisting the types of files allowed
Alert the user if the issue already has another attachment with the same filename. It can also be configured to fire events for notifications when attachments are added/removed.
Address your security and performance issues by scanning all uploaded attachments
Attachment Checker for Jira allows admin to secure their Jira instance by
- Whitelisting / Blacklisting file types (JRA-13684, JRA-61024)
- Limiting the number of attachments per issue
- Restricting attachments with duplicate file names (JRA-2169)
- Scanning attachments for viruses (JRA-8626)
- Notification for attachment events
- Restrict user groups from downloading attachments (JRASERVER-40061)
- Log attachment downloads
Features can be configured to turn on/off with customised messages.
- ensure conformance of authorised file formats
- prevent multiple copies of the same file from being uploaded
- avoid confusion caused by attachments with the same filename
- detection of infected files
- avoid circulation of virus infected files via Jira
- conserve disk space and bandwidth by blocking certain file types
This helps to address the finding commonly raised in Vulnerability Assessment Tests.
- CWE-434: Unrestricted Upload of File with Dangerous Type
*This app is Data Center compatible, pending approval process.
We are sorry to hear about your difficulty in getting our app to work with your Jira Data Center.Our support team will be happy to assist if you can provide us more information via our Jira Service Desk
As for the feature request for more granular restrictions, we have considered project level permissions, but decided against that as we wanted the user experience to be fast and easy administration for the Jira administrators.
Instead, we think restriction by user groups may more effective and address the security requirements
- Jira administrators
- staff (e.g trusted users who has greater rights)
- jira-users (e.g. external users who has jira access)
- logged in users (e.g. service desk customers)
This idea has been implemented in Attachment Checker for Confluence v1.6.0. If it is good, we will implement this for Jira as well.
Afternote: We realised that sometimes for big files, the download from Marketplace may not complete successfully. Please verify by renaming the extension to zip and see whether the file can be unzipped successfully.
Thanks for your suggestion. We have sent you an email to get more details on your suggestions.
|10 users$10||25 users$100||50 users$200||100 users$400||250 users$1,000||500 & upAdditional pricing details|
- How does server app pricing work?
Server products and apps are hosted on your servers. This app is sold as a perpetual license, and the purchase price includes 12 months of maintenance (support and version updates).
You can renew maintenance after 12 months at 50% of the current purchase price. You can upgrade the tier of your Atlassian product and app licenses at any time. Upgrade prices are calculated based on Atlassian's formula (view example).
If app pricing changes after your initial purchase, there's a 60-day grandfathering period during which you can renew based on the old pricing.
- How do I determine my server pricing?
Apps are billed based on the number of users in your Atlassian product. For Jira 7.0 or later, the app tier should match the maximum tier of the licensed Jira products on your instance. For example, if you're running Jira Software (500 users) and Jira Service Desk (25 agents) on the same instance, you should purchase the 500-user tier for apps. For versions of Jira prior to 7.0, the app tier should match the licensed user tier for Jira. Even if fewer users want to use the app than your Jira license, the two licenses should match exactly. Note: While this app has features specific to Jira Service Desk, the app is technically available across the whole Jira instance. Therefore the above guidelines for the license tier still apply.
- Can I install this app in a Data Center product?
This app does not have a Data Center approved version. Only apps meeting a set of performance requirements for large, clustered environments are approved for Data Center.
However, while server apps are built for single-server deployments, many customers successfully install them in Data Center products. If you're using a Data Center product, Atlassian recommends you contact the vendor to determine compatibility at scale.
Learn more about Data Center approved apps
- What type of license do I need if I'm using this app in a Data Center product?
Because this app does not have a Data Center approved version, you should purchase a Server license if you decide to install this app in a Data Center product.
Learn more about Data Center licensing
- Do you offer academic, community, or open-source licenses for server apps?
For server apps, academic licenses are available at a 50% discount if you have an academic license for your Atlassian product.
Community and open-source licenses are available for server apps. Learn more about community and open source licenses.
- Can I extend my free trial?
For server apps, you can extend your app trial up to 5 times - in other words, for up to six months. Extend your trial by generating a new evaluation license key from Atlassian Marketplace. Click Try it free and you'll be directed to generate a new license. Paste this license key into the app listing in UPM from your Atlassian product, and you're all set.
- How can I buy apps for my legacy Jira Server or Confluence Server license?
If you own a legacy Jira Server Unlimited (100+ users) or Confluence Server Unlimited (2000+ users) license purchased in 2012 or earlier, legacy app pricing is no longer available. You have two options for app purchasing:
- Purchase the app at the non-legacy Unlimited (10000+ users) tier.
- Renew your Jira or Confluence license at a non-legacy tier, then purchase the app at the same tier.
Akeles Consulting provides support for this app.
Version 3.1.0 • Jira Server 8.0.0 - 8.2.4 • Released 2019-06-12
New features, improvements and bug fix
- ACJ-1 - Check for duplicate attachments
- ACJ-62 - Option for auto deletion of duplicate attachments
- ACJ-81 - Error when previewing attachments in zip
- ACJ-82 - To add i18n support
- ACJ-83 - To auto clean up temp files
For more info, please refer to Release Notes for Attachment Checker for Jira 3.1.0.
- Log into your Jira instance as an admin.
- Click the admin dropdown and choose Atlassian Marketplace. The Manage add-ons screen loads.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate Attachment Checker for Jira via search. The appropriate app version appears in the search results.
- Click Try free to begin a new trial or Buy now to purchase a license for Attachment Checker for Jira. You're prompted to log into MyAtlassian. Attachment Checker for Jira begins to download.
- Enter your information and click Generate license when redirected to MyAtlassian.
- Click Apply license. If you're using an older version of UPM, you can copy and paste the license into your Jira instance.
To find older Attachment Checker for Jira versions compatible with your instance, you can look through our version history page.