Security Audits may identify issues with 500 errors, and require the stack traces to be suppressed.
By default when a 500 error (Internal Server Error) occurs in Tomcat it will display a full stack trace on the error page. This can give a hacker information about what technology is being used within the application. To control the error response, it is recommended to customize your own error reporting valve. The current error reporting valve is a good starting point and can be modified to meet your needs. To remove the stack trace element alone will mean removing two lines of code.
Here is the source to the current valve:
The docs for how to configure it are: