igiguere commented on code in PR #1632:
URL: https://github.com/apache/solr/pull/1632#discussion_r1190308248
##########
solr/core/src/java/org/apache/solr/servlet/ResponseUtils.java:
##########
@@ -70,10 +90,13 @@ public static int getErrorInfo(Throwable ex,
NamedList<Object> info, Logger log)
// For any regular code, don't include the stack trace
if (code == 500 || code < 100) {
- StringWriter sw = new StringWriter();
- ex.printStackTrace(new PrintWriter(sw));
- log.error("500 Exception", ex);
- info.add("trace", sw.toString());
+ // hide all stack traces, as configured
+ if (!hideStackTrace) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
Review Comment:
This PR aims at mitigating "information exposure through an error message".
With this PR, the stack trace will only be output if Solr is configured to
output stack traces.
The PR does not, however, attempt to fix pre-existing code, such as this
call to "printStackTrace"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
