You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I report some concerns about PII, after discovering some data on Sentry that I didn't know was captured.
I enabled Sentry Transaction/Performance 2 years ago. At this time, only the controller action were reported if I am not mistaken.
Some month ago, I upgraded from 5.7.0 to 5.16.1. I usually read the changelog to check for any important changes, particularly around PII.
I discovered some weeks ago that the params of the controller actions are now captured. Some investigation on my side showed that this is coming from #1973, which was reported as "Fix sentry-rails' controller span nesting", without mentioning this update on capture if I am not mistaken. This PR was introduced in 5.8.0.
Issue Description
I report some concerns about PII, after discovering some data on Sentry that I didn't know was captured.
I enabled Sentry Transaction/Performance 2 years ago. At this time, only the controller action were reported if I am not mistaken.
Some month ago, I upgraded from 5.7.0 to 5.16.1. I usually read the changelog to check for any important changes, particularly around PII.
I discovered some weeks ago that the params of the controller actions are now captured. Some investigation on my side showed that this is coming from #1973, which was reported as "Fix sentry-rails' controller span nesting", without mentioning this update on capture if I am not mistaken. This PR was introduced in 5.8.0.
Also, the send_default_pii option (https://docs.sentry.io/platforms/ruby/configuration/options/#send-default-pii) is presented as is:
which is not true here, as params is the body of the request. I expect this option to hide params in transactions, and probably in other parts.
What's your point of view?
Did I miss something in the release notes or any other news channel?
Reproduction Steps
Expected Behavior
Actual Behavior
Ruby Version
3.3.4
SDK Version
5.21.0
Integration and Its Version
No response
Sentry Config
No response
The text was updated successfully, but these errors were encountered: