https://bz.apache.org/bugzilla/show_bug.cgi?id=60039
Bug ID: 60039 Summary: Provide a switch to disable sending exception stacktrace to client Product: Tomcat 8 Version: 8.5.x-trunk Hardware: All OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: saschakarc...@gmx.de In case a servlet throws an exception which runs through to the the container the method org.apache.catalina.valves.ErrorReportValve#report is used to send a generic error page to the client. This generic error page contains the exception's stacktrace which is great for debugging and development. This does of course not happen when appropriate <error-page>s have been defined in the web app's deployment descriptor. But in my scenario we do have lots of webapps. Some of them specify an error-page for HTTP Status 500, some don't. So sometimes it happens that stacktraces are sent to the client. >From perspective of administration the easiest possibility to avoid this would to have a configuration option which tells the generic error page whether to include details about the exception or instead just contains a generic error message like "Sorry. An internal server error occurred ..." Wouldn't it be useful to have such a configuration option? What do you guys think? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org