Message-ID: From: "ahus1 (@ahus1)" To: "pgjdbc/pgjdbc" Date: Mon, 25 May 2026 19:37:13 +0000 Subject: Re: [pgjdbc/pgjdbc] issue #3050: Default driver settings can result in PII leakage In-Reply-To: References: List-Id: X-GitHub-Author-Login: ahus1 X-GitHub-Comment-Id: 4536747966 X-GitHub-Comment-Type: issue_comment X-GitHub-Issue: 3050 X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-Type: comment X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/3050#issuecomment-4536747966 Content-Type: text/plain; charset=utf-8 Let's collect up-votes for this one to change the default - I added mine at the top description. Unforatunately, it was the only one so far. The EU published a law as "Cyber Resilience Act", which requests "secure by default" configurations (see [Annex I](https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402847#anx_I)). So everything that is not secure-by-default could be considered a bug. So with secure-by-default, this would require all users to switch this to `false` to prevent leaking PII and other sensitive data to the logs, or the driver to defaulting to `false`.