Skip to main content
Skip table of contents

Which file types are safe for Jira

Introduction

A common question for Attachment Checker users is what are the file types are safe to be uploaded.

We wrote this KB article to help

Consideration Criteria

Here are some questions to ask yourself

  1. Whether the file type can execute malicious logic

  2. Whether the file type can be a carrier of viruses or malicious files

  3. Whether the file type is a commonly used and can be used in future

  4. Whether the file type take up a lot of disk space

Our Recommendations

Through our years of using Jira/Confluence, we recommend to set the allowlist with the minimal set of file types below.

You can refine the list based on the profile of your end users.

You can use this list in the Attachment Checker’s AllowList configuration.

CODE
jpg,png,gif,svg,ai,eps,psd,tif,xcf,doc,docx,xls,xlsx,ppt,pptx,dotx,xltx,potx,pdf,key,csv,log,sql,txt,html,xml,mov,mp4,m4v

Commonly Used File Types

Safe File Types

Those in green are in our recommended list

Type

Extensions

Remarks

Common used Images

gif, jpg, png, svg

We don’t recommend to allow BMP because it takes a lot of space

Other images

ai, eps, psd, tif, xcf

These are file formats used by popular image editors

Microsoft Office Documents

doc, docx, xls, xlsx, ppt, pptx

Microsoft Office Document Templates

dot, dotx, pot, potx, xlt, xltx

Only include them if you need to store the template files

OpenOffice Documents

ods, odp, odt

OpenOffice Document Templates

odt

Other Document Types

key, pdf, rtf, tex, xps, vss

Text Files

csv, log, sql, txt

Multimedia (Audio)

wav, wma, mp3

Multimedia (Videos)

mov, mpg, mp4, m4v, qt, wmv

Potentially used for screen recording

Web

htm, html, xml

Dangerous File Types

This is not an exhaustive list of dangerous. We only list some of them as examples to explain the risks.
Hence we recommend to use the AllowList mode.

Types

Example Extensions

Remarks

Executables

com, exe, pif, msi, scr, cpl, msc, bin

It is possible to include malicious logic or put viruses in the executables

Scripts

bat, py, wsf, cmd, ps1

Double clicking on the batch script can execute the script on Windows

Macro

docm, dotm, xlsm, xltm, xlam, pptm, potmxlsm

It is possible to add malicious logic in macros. There are also some macro viruses around

Compressed files

gz, zip, tar, 7z, arj, rar

It is possible to compress the malicious files in the archives. Hence we included them in this category

Email

msg, eml, pst

Likewise, it is possible to attach malicious file types within the email

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.