This is a fix for CVE-2020-10693 .
More details here: https://issues.redhat.com/browse/JBEAP-19087 .
Note that this is a problem only if developers include user input in the constraint violation message and do not properly escape it.