SpringBoot Errors and message not propagated in response after validation using @Valid in a @RestController

After upgrading from spring boot 2.2.6 to 2.3.6 or 2.4.0, we saw a difference between response from validation.

Before (in 2.2.6) :

{
    "timestamp": "2020-12-04T10:19:00.284+0000",
    "status": 400,
    "error": "Bad Request",
    "errors": [
        {
            "codes": [
                "NotNull.foo.bar",
                "NotNull.bar",
                "NotNull"
            ],
            "arguments": [
                {
                    "codes": [
                        "foo.bar",
                        "bar"
                    ],
                    "arguments": null,
                    "defaultMessage": "bar",
                    "code": "bar"
                }
            ],
            "defaultMessage": "ne peut pas être nul",
            "objectName": "foo",
            "field": "bar",
            "rejectedValue": null,
            "bindingFailure": false,
            "code": "NotNull"
        }
    ],
    "message": "Validation failed for object='foo'. Error count: 1",
    "path": "/test"
}

After (in 2.3.6 and 2.3.7.BUILD-SNAPSHOT):

{
    "timestamp": "2020-12-04T10:12:20.401+00:00",
    "status": 400,
    "error": "Bad Request",
    "message": "",
    "path": "/test"
}

You can use the sample project here to quickly reproduce (just switch from 2.3.6 to 2.2.6 to see the difference) : https://github.com/grzi/spring-validation-issue

Comment From: scottfrederick

Thanks for the report. This is a designed change in Spring Boot 2.3 to reduce the chance of leaking application information to a client. See the 2.3 release notes, which includes information on restoring the previous behavior.