Information updated November 2018
Attachment File Types Allowed in Jama Connect
Jama users can add attachments to items and projects via several means that are outlined below.

Jama 2015.2 and Newer
Jama Connect will allow attaching only file types that exist in the allowlist. Jama Connect will not rely on the file extension only and will validate that the file type actually matches the file extension. These changes went into effect for Cloud customers in December 2015 and were included in Jama Connect 2015.2.
We collected file types based on the usage pattern of our current customers and screened each one for possible security risks, which determined the allow list below (as of Jama Connect 8.0.2).
"apk", "avi", "bmp", "btt", "cfa", "csv", "doc", "docm", "docx", "dot", "dotx", "dwg", "gif", "gz", "jama", "jpeg", "jpg", "md", "mov", "mp3", "mp4", "mpeg", "odg", "odp", "ods", "odt", "pages", "pdf", "pgp", "png", "ppt", "pptm", "pptx", "rar", "rtf", "tgz", "tif", "tiff", "tra", "txt", "vcs", "vsd", "vsdx", "vss", "war", "wav", "wma", "wmv", "wps", "xcf", "xls", "xlsb", "xlsm", "xlsx", "xlt", "xps", "zip", "zipx"
Note: Jama Connect no longer allows "" files for security reasons.
Existing attachments that are not on the allow list will still be downloadable but will not be viewable in the browser. You will see this error message when trying to upload a file type that is not in the allowlist.

Adding More File Types to the Allowlist
If there is a file type that you attach to Jama Connect items regularly and is missing from our allowlist, please let us know and we will consider adding it to the allowlist (provided it does not present any security risk).
- If you are using Self-Hosted Jama Connect 8.x, you can add allowed file types in the root menu as described here.
- If you are using our Cloud solution, please submit a Support ticket referencing your instance URL, and which file type(s) you'd like to add.
Inserting Image Files Into Items Using Rich Text Editor Fields Jama Connect Cloud and self-hosted versions only allow the following image types to be inserted into an item as an embedded image:
"", "gif", jpeg", "jpg", "png" (2015.2+ and Cloud *)
If users attempt to insert an image type that is not among the list above, Jama Connect will not recognize it and will prompt the user with a "You must select an image" message.
Note on Image Security Image Security is intended to provide more security for organizations and make images viewable only to users with proper permission. Image Security is disabled in Jama 8.0.2 and later or for our Cloud customers. (
See more on image security). This means users need to first login to Jama Connect in order to access images individually in a browser.
If Image Security is
turned on, users can view the image using the image URL in their browser only if the users are logged in. If the users are not logged in and try to access the image using the image URL, they will be prompted with the login page first.
If Image Security is
turned off, users can view images in a browser by using the image URL. In order to find the image URL, go to Item
View > Edit > Source and search for "src" attribute in the "" tag.
If Image Security is turned on and you still can access images individually in a browser without being logged in to Jama Connect, that can be because the browser has cached the image. Using default browser settings, Jama Connect caches images for 60 days in a client's browser.
#requirementsmanagement