1.. include:: ../../Includes.txt 2 3================================================================================= 4Feature: #89978 - Introduce Status Report for insecure exception handler settings 5================================================================================= 6 7See :issue:`89978` 8 9Description 10=========== 11 12When using a debug exception handler in production (either by configuring it explicitly 13or by using the wrong application context) stack traces may disclose information. 14To avoid such setups a new status report has been introduced that warns administrators if a debug exception handler is configured. 15 16 17Impact 18====== 19 20To mitigate the information disclosure, a new status report has 21been introduced: 22 23- if display errors is set to 1 (-> uses DebugExceptionHandler setting) 24 and context is Production, an Error is displayed 25- if display errors is set to 1 (-> uses DebugExceptionHandler setting) 26 and context is Development, a Warning is displayed 27- if the production exception handler setting is configured to use the 28 DebugExceptionHandler, an Error is displayed 29 30.. index:: Backend, LocalConfiguration, ext:reports 31