It's been noted that there are security implications of returning stack traces and detailed exception messages as a part of request failures. We can throw these errors so the server's log has a record of them, but we should return general messages with appropriate error codes as a result of some failure on our REST requests.
The implementation of this issue should audit the REST endpoints we support and sanitize their exception handling; that issue should have a detailed list of all the endpoints we need to touch in the patch.
It's been noted that there are security implications of returning stack traces and detailed exception messages as a part of request failures. We can throw these errors so the server's log has a record of them, but we should return general messages with appropriate error codes as a result of some failure on our REST requests.
The implementation of this issue should audit the REST endpoints we support and sanitize their exception handling; that issue should have a detailed list of all the endpoints we need to touch in the patch.