open-telemetry · reyang · Apr 6, 2023 · Jan 22, 2023 · Jan 22, 2023 · Jan 22, 2023
@@ -24,6 +24,8 @@ release.
 - Rename google openshift platform attribute from `google_cloud_openshift` to `gcp_openshift`
   to match the existing `cloud.provider` prefix.
   [#3095](https://github.com/open-telemetry/opentelemetry-specification/pull/3095)
+- Add a recommendation to sanitize DB_STATEMENT by default.
+  ([#3127](https://github.com/open-telemetry/opentelemetry-specification/pull/3127))
 
 ### Compatibility
 

@@ -208,7 +208,10 @@ groups:
             If applicable and not explicitly disabled via instrumentation configuration.
         brief: >
           The database statement being executed.
-        note: The value may be sanitized to exclude sensitive information.
+        note: >
+          This attribute may contain private or sensitive information.
+          It is recommended to sanitize it to exclude such information.
+          Ideally, this is already done by default by the instrumentation collecting it.
         examples: ['SELECT * FROM wuser_table', 'SET mykey "WuValue"']
       - id: operation
         tag: call-level

@@ -164,7 +164,7 @@ Usually only one `db.name` will be used per connection though.
 
 **[1]:** In some SQL databases, the database name to be used is called "schema name". In case there are multiple layers that could be considered for database name (e.g. Oracle instance name and schema name), the database name to be used is the more specific layer (e.g. Oracle schema name).
 
-**[2]:** The value may be sanitized to exclude sensitive information.
+**[2]:** This attribute may contain private or sensitive information. It is recommended to sanitize it to exclude such information. Ideally, this is already done by default by the instrumentation collecting it.
 
 **[3]:** If applicable and not explicitly disabled via instrumentation configuration.