Polish "Do not expose `exception` error attribute by default"

Closes gh-8971

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/trace/WebRequestTraceFilterTests.java

@@ -256,7 +256,7 @@ public class WebRequestTraceFilterTests {
 
 	@Test
 	public void filterHasError() {
-		this.filter.setErrorAttributes(new DefaultErrorAttributes(false));
+		this.filter.setErrorAttributes(new DefaultErrorAttributes());
 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo");
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		response.setStatus(500);

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ErrorProperties.java

@@ -35,7 +35,7 @@ public class ErrorProperties {
 	private String path = "/error";
 
 	/**
-	 * Set whether to include "exception" attribute.
+	 * Set whether to include the "exception" attribute.
 	 */
 	private boolean includeException;
 

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/servlet/error/DefaultErrorAttributes.java

@@ -44,7 +44,7 @@ import org.springframework.web.servlet.ModelAndView;
  * <li>timestamp - The time that the errors were extracted</li>
  * <li>status - The status code</li>
  * <li>error - The error reason</li>
- * <li>exception - The class name of the root exception</li>
+ * <li>exception - The class name of the root exception (if configured)</li>
  * <li>message - The exception message</li>
  * <li>errors - Any {@link ObjectError}s from a {@link BindingResult} exception
  * <li>trace - The exception stack trace</li>
@@ -69,12 +69,20 @@ public class DefaultErrorAttributes
 
 	/**
 	 * Create a new {@link DefaultErrorAttributes} instance.
-	 * @param includeException whether to include "exception" attribute
+	 * @param includeException whether to include the "exception" attribute
 	 */
 	public DefaultErrorAttributes(boolean includeException) {
 		this.includeException = includeException;
 	}
 
+	/**
+	 * Create a new {@link DefaultErrorAttributes} instance that does not
+	 * include the "exception" attribute.
+	 */
+	public DefaultErrorAttributes() {
+		this(false);
+	}
+
 	@Override
 	public int getOrder() {
 		return Ordered.HIGHEST_PRECEDENCE;

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/servlet/error/DefaultErrorAttributesTests.java

@@ -45,7 +45,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  */
 public class DefaultErrorAttributesTests {
 
-	private DefaultErrorAttributes errorAttributes = new DefaultErrorAttributes(false);
+	private DefaultErrorAttributes errorAttributes = new DefaultErrorAttributes();
 
 	private MockHttpServletRequest request = new MockHttpServletRequest();
 

spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc

@@ -153,7 +153,7 @@ content into your application; rather pick only the properties that you need.
 	server.connection-timeout= # Time in milliseconds that connectors will wait for another HTTP request before closing the connection. When not set, the connector's container-specific default will be used. Use a value of -1 to indicate no (i.e. infinite) timeout.
 	server.display-name=application # Display name of the application.
 	server.max-http-header-size=0 # Maximum size in bytes of the HTTP message header.
-	server.error.include-exception=false # Set whether to include "exception" attribute.
+	server.error.include-exception=false # Set whether to include the "exception" attribute.
 	server.error.include-stacktrace=never # When to include a "stacktrace" attribute.
 	server.error.path=/error # Path of the error controller.
 	server.error.whitelabel.enabled=true # Enable the default error page displayed in browsers in case of a server error.