Reported via technical committee responsible disclosure inbox:

When an exception occurs performing some database interaction, such as a batch update, the OpenTelemetry
Java auto-instrumentation will appropriately sanitize the db.statement attribute, as well as any other
relevant attributes, if any. However, the auto-instrumentation will NOT sanitize any exception messages
that are provided to it, such as a java.sq.BatchUpdateException. This leaves the possibility of PII and
other potential user information being leaked in the generated span.

Is it possible to leverage the existing database sanitizers to attempt to sanitize the db exception message
prior to adding the exception message as a span attribute?