On application startup, if the database is down the Bitbucket application displays the sensitive database hostname & port details in the error message in browser.
This is reproducible on Data Center: (yes)
- Shutdown both the Bitbucket application and the external database.
- Start the Bitbucket application and access the <BITBUCKET-BASE-URL> in the browser.
The error message in the browser should display generic database connectivity issue.
The error message in the browser displays the sensitive <DB-HOSTNAME>:<PORT> that can be seen by any user accessing the Bitbucket base url at that time.
Currently no workaround to hide this sensitive details in the error message.