This release of the Python agent adds the ability to strip exception messages from error traces, in order to prevent the inadvertent capture of sensitive information.
- Allowing Exception Messages
Because an exception message can contain sensitive information, the agent now provides the ability to strip exception messages before sending error traces to APM. Exception messages will be stripped automatically in high-security mode.
For exception messages you know to be safe, you can add them to an allow list so that those messages are passed unaltered to APM. Two new configuration settings control this feature:
capture_request_paramsAPI disabled for high-security mode
When operating in high-security mode, the agent should not capture query string parameters. However, prior to this release, it was possible to call
newrelic.agent.capture_request_params(flag=True), even if the agent was in high-security mode, and the agent would capture and report query string parameters. Now, the
capture_request_params API call does not override the
capture_params setting when the agent is in high-security mode, so query parameters are not captured.