This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git
commit c54f7cca761fb33096bb8e9b8530f09ddfc2bfb5 Author: Robert Lazarski <[email protected]> AuthorDate: Sat Apr 11 08:09:34 2026 -1000 Apply Gemini review: sanitize OpenApiServlet error response Return generic "Internal Server Error" instead of e.getMessage() in the OpenApiServlet error handler to avoid leaking internal details. Full exception is still logged server-side for debugging. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --- .../org/apache/axis2/spring/boot/Axis2OpenApiAutoConfiguration.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/spring-boot-starter/src/main/java/org/apache/axis2/spring/boot/Axis2OpenApiAutoConfiguration.java b/modules/spring-boot-starter/src/main/java/org/apache/axis2/spring/boot/Axis2OpenApiAutoConfiguration.java index b2b1815d94..d5d3b236a0 100644 --- a/modules/spring-boot-starter/src/main/java/org/apache/axis2/spring/boot/Axis2OpenApiAutoConfiguration.java +++ b/modules/spring-boot-starter/src/main/java/org/apache/axis2/spring/boot/Axis2OpenApiAutoConfiguration.java @@ -115,7 +115,8 @@ public class Axis2OpenApiAutoConfiguration { } } catch (Exception e) { log.error("OpenApiServlet error handling " + uri + ": " + e.getMessage(), e); - response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage()); + response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, + "Internal Server Error"); } } }
