We’ve recently just had a penetration test where the functionality implemented in R had an unhandled exception and passed the stack trace back to the client calling, including the lines of code that failed - while helpful, was a fail because of exposing the internals of the function to work out how to exploit it.
Can this be disabled?