I'm not sure, isn't the exception info in the logs restricted access anyway here? We don't typically emit exception info to end user, however if there are places in the client this happens (it shouldn't it should be generalized REST faults) that should certainly be fixed.
I do agree that it might be worthwhile to scrub these, in the logs even for those submitting support requests, but I'm not sure i see this as a sec issue currently.
I'm not sure, isn't the exception info in the logs restricted access anyway here? We don't typically emit exception info to end user, however if there are places in the client this happens (it shouldn't it should be generalized REST faults) that should certainly be fixed.
I do agree that it might be worthwhile to scrub these, in the logs even for those submitting support requests, but I'm not sure i see this as a sec issue currently.