Configuring JIRA's File Path Settings

Due to security vulnerabilities in JIRA that have been fixed in JIRA 4.1.1 and later (and in earlier versions of JIRA that have been fixed via patches available from JIRA Security Advisory 2010-04-16), it is now a mandatory requirement to explicitly permit modification to JIRA's file path settings using the first method below.

Enabling Modification to JIRA's File Path Settings

To change the locations for storing file attachments, backups, etc, you will need to do the following:

Shutdown JIRA.
Open the jira-application.properties file in a text editor. Refer to Advanced JIRA configuration with jira-application.properties for details.
Locate the jira.paths.set.allowed variable in this file.
Set this variable's value to true.
Restart JIRA.
After saving directory name changes via the JIRA user interface, it is strongly recommended that you follow the procedure for Securing JIRA's File Path Settings (below) as this will minimise the risk of your JIRA instance being compromised by security-related attacks.

Securing JIRA's File Path Settings

To secure the locations for storing file attachments, backups, etc, you will need to do the following:

Shutdown JIRA.
Open the jira-application.properties file in a text editor. Refer to Advanced JIRA configuration with jira-application.properties for details.
Locate the jira.paths.set.allowed variable in this file.
Do one of the following:
- Set the jira.paths.set.allowed variable to false (that is, jira.paths.set.allowed=false)
- Set the jira.paths.set.allowed variable to anything other than true or leave its value blank (that is, jira.paths.set.allowed= )
- Either delete the jira.paths.set.allowed property or comment it out (for example, #jira.paths.set.allowed=disabled)
Restart JIRA.

Child pages

Configuring JIRA's File Path Settings

Enabling Modification to JIRA's File Path Settings

Securing JIRA's File Path Settings