Github user cestella commented on a diff in the pull request: https://github.com/apache/metron/pull/779#discussion_r142471360 --- Diff: metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/RestExceptionHandler.java --- @@ -35,7 +36,7 @@ @ResponseBody ResponseEntity<?> handleControllerException(HttpServletRequest request, Throwable ex) { HttpStatus status = getStatus(request); - return new ResponseEntity<>(new RestError(status.value(), ex.getMessage(), getFullMessage(ex)), status); + return new ResponseEntity<>(new RestError(status.value(), ex.getMessage(), ExceptionUtils.getStackTrace(ex)), status); --- End diff -- I think I can live with just the root cause, but I'd like to know how exposing the stack trace is a security issue first. Can you clarify the reasoning behind it, @ottobackwards ? It's not that I disbelieve you, but I'd like to better understand because we currently have stack traces in logs all over the place.
---