This was tested against 2.3.1 and HEAD.
Consider this class:
Now consider this test case:
This is a serious bug because it leaks information. It's not specific to @QueryParam, the other annotations have the same problem.
I discovered it in a resource that is used for authentication: after logging in once, I could log in again without providing a username and password!