Mark, On 6/11/12 5:24 AM, ma...@apache.org wrote: > Author: markt > Date: Mon Jun 11 09:24:53 2012 > New Revision: 1348762 > > URL: http://svn.apache.org/viewvc?rev=1348762&view=rev > Log: > Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=53071 > Stepping through the code, light dawns as to what the bug report was getting > at. > Use the message from the Throwable for the error report if none was specified > via sendError()
This might end up being a security problem, depending on what information is in the exception message. Can we make this a non-default option? Many sites (ours included) attempt to avoid any part of a stack trace (even the message) leaking-out to users. -chris
signature.asc
Description: OpenPGP digital signature
