From 57eabe30a553f0f6fa93cc4acf133cf65dd89087 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Tue, 25 Nov 2025 04:09:41 +0100
Subject: [PATCH] fix(security): change ErrorRendererFactory isDebugMode
 default to false

Change the default value of $isDebugMode constructor parameter from
true to false, following the security-by-default principle. This ensures
that even if the factory is instantiated without explicit debug mode
configuration, it won't leak sensitive debugging information like
stack traces, file paths, and code context.
---
 src/Framework/ExceptionHandling/ErrorRendererFactory.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Framework/ExceptionHandling/ErrorRendererFactory.php b/src/Framework/ExceptionHandling/ErrorRendererFactory.php
index b7e8cb62..3d669994 100644
--- a/src/Framework/ExceptionHandling/ErrorRendererFactory.php
+++ b/src/Framework/ExceptionHandling/ErrorRendererFactory.php
@@ -20,7 +20,7 @@ final readonly class ErrorRendererFactory
         private ExecutionContext $executionContext,
         private Engine $engine,
         private ?ConsoleOutput $consoleOutput = null,
-        private bool $isDebugMode = true
+        private bool $isDebugMode = false
     ) {}
 
     /**