Please file a bug report with the relevant (and disclosable) details.
From: core-libs-dev <[email protected]> on behalf of David Schumann <[email protected]> Date: Friday, 27 January 2023 at 12:50 To: [email protected] <[email protected]> Subject: Is ReDos seen as bug/vulnerability? Hello, during a PenTest we found a ReDos issue in the JRE which causes Matcher.matches() to go into an endless loop. Is such an issue considered a bug for the JDK team (aka should I file a bug report)? Or is such an issue considered "by design"? The issue appears in current JRE versions (tested with 17 and 21) Best Regards, David Schumann
