tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: svn commit: r1348762 - in /tomcat/trunk: java/org/apache/catalina/valves/ test/org/apache/catalina/valves/
Date Mon, 11 Jun 2012 17:02:22 GMT

On 6/11/12 5:24 AM, wrote:
> Author: markt
> Date: Mon Jun 11 09:24:53 2012
> New Revision: 1348762
> URL:
> Log:
> Fix
> Stepping through the code, light dawns as to what the bug report was getting at.
> Use the message from the Throwable for the error report if none was specified via sendError()

This might end up being a security problem, depending on what
information is in the exception message. Can we make this a non-default
option? Many sites (ours included) attempt to avoid any part of a stack
trace (even the message) leaking-out to users.


View raw message