Jersey - JaxB: Should I send the stack trace for Bad XML?

For any bad XML, by default the Jersey - JaxB thro开发者_Go百科ws the following: Method failed: HTTP/1.1 400 Bad Request

My client(REST ws user) is insisting on giving a full blown info about the problem in the XML.

Is it wise to give the stack trace of the problem in the XML?

---

While debugging an application, it is fine to display a stack trace if it helps you to isolate a problem and fix it. When, however, the application reaches a production server, you should always disable the output of error messages, including stack traces.

Error messages and stack traces often include sensitive information in them. A hacker might use this information to learn about the environment, software versions, users, data, etc., knowledge of which might make it easier for a hacker to break into the system.

Unintentional information exposure through error messages, CWE-209, is among the top 25 common weaknesses in software as rated by CWE/SANS.