Comparison between Jira built-in feature and Attachment Checker

Feature	Jira built-in feature	Attachment Checker
Restrict file extensions Admins can specify the extensions to allow/block.
Restrict files without extension Admins can choose to allow/block files without extension.
Restrict related file extensions automatically Admins only need to specify one extension, all related extensions are implicitly allowed/blocked.	Admins have to specify all related extensions.	All related extensions are included automatically.
Case sensitivity File extension checks are case-insensitive so admins do not have to specify all combinations.	Admins have to specify all combinations of uppercase/lowercase for an extension.	As an example, exe extension is treated as equivalent to EXE.
MIME type checks Apache Tika is used to detect the MIME type to prevent bypass of extension check by renaming or removing the file extension.	Restriction can be easily bypassed by renaming the file extensions.	Provides 2 layers of check (File Extension and MIME type).
Exception handling for confidential Microsoft Office files It is possible to prevent users from uploading confidential files. This MIME type allows the identification of password protected or encrypted Microsoft Office files.	It is not possible to differentiate an encrypted Microsoft Word (docx) file with the file extension	By default, password protected or encrypted Microsoft Office files are not allowed even if the extensions are allowed. This can be granted as an exception.
Backend checks Checks attachments added via backend: Emails REST APIs ScriptRunner	Restriction only applies to attachments uploaded via UI.	Attachments added via mails will be deleted if file type is not allowed.
Project level settings Project admins can specify the extensions for different issue types.	Restriction applies to all projects.	Different projects can have different restrictions based on the project purpose/use cases.
Configurable error message Admins can configure the error message to be displayed when files are blocked.	Standardized error message.	Allows admins to provide relevant message/instruction to the users.
Support 3rd party apps Checks attachments added via 3rd party apps' endpoints: Assets Xray Zephyr Scale	Checks are only done for Jira’s attachments.	Support checks for 3rd party apps which uploads/stores the attachments differently. Admins can also choose to include or exclude these apps from the file type check.

Feature

Jira built-in feature

Attachment Checker

Restrict file extensions

Admins can specify the extensions to allow/block.

Restrict files without extension

Admins can choose to allow/block files without extension.

Restrict related file extensions automatically

Admins only need to specify one extension, all related extensions are implicitly allowed/blocked.

jira related extensions not included.png

Case sensitivity

File extension checks are case-insensitive so admins do not have to specify all combinations.

Admins have to specify all combinations of uppercase/lowercase for an extension.

As an example, exe extension is treated as equivalent to EXE.

MIME type checks

Apache Tika is used to detect the MIME type to prevent bypass of extension check by renaming or removing the file extension.

Restriction can be easily bypassed by renaming the file extensions.

Provides 2 layers of check (File Extension and MIME type).

Exception handling for confidential Microsoft Office files

It is possible to prevent users from uploading confidential files. This MIME type allows the identification of password protected or encrypted Microsoft Office files.

It is not possible to differentiate an encrypted Microsoft Word (docx) file with the file extension

By default, password protected or encrypted Microsoft Office files are not allowed even if the extensions are allowed. This can be granted as an exception.

Backend checks

Checks attachments added via backend:

Emails
REST APIs
ScriptRunner

Restriction only applies to attachments uploaded via UI.

Attachments added via mails will be deleted if file type is not allowed.

Project level settings

Project admins can specify the extensions for different issue types.

Restriction applies to all projects.

Different projects can have different restrictions based on the project purpose/use cases.

Configurable error message

Admins can configure the error message to be displayed when files are blocked.

Standardized error message.

Allows admins to provide relevant message/instruction to the users.

Support 3rd party apps

Checks attachments added via 3rd party apps' endpoints:

Checks are only done for Jira’s attachments.

Support checks for 3rd party apps which uploads/stores the attachments differently. Admins can also choose to include or exclude these apps from the file type check.

Admins have to specify all related extensions.

All related extensions are included automatically.