By sending a cookie with a special char one can trigger a PHP warning:
curl --cookie 'PHPSESSID=äöü' https://builds-artifacts.matomo.org
The PHP warning will be shown within the HTML output:
<b>Warning</b>: SessionHandler::write(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>/home/piwik-builds-artifacts/ui-tests-viewer/vendor/symfony/http-foundation/Session/Storage/Proxy/SessionHandlerProxy.php</b> on line <b>77</b><br />
It is generally recommended to never enable displaying PHP errors in production systems. While this warning is harmless, other error types can contain sensitive information like passwords.
Cheers, we changed it there.