Please file a bug report with the relevant (and disclosable) details.
From: core-libs-dev <core-libs-dev-r...@openjdk.org> on behalf of David Schumann <da...@dev-core.org> Date: Friday, 27 January 2023 at 12:50 To: core-libs-dev@openjdk.org <core-libs-dev@openjdk.org> Subject: Is ReDos seen as bug/vulnerability? Hello, during a PenTest we found a ReDos issue in the JRE which causes Matcher.matches() to go into an endless loop. Is such an issue considered a bug for the JDK team (aka should I file a bug report)? Or is such an issue considered "by design"? The issue appears in current JRE versions (tested with 17 and 21) Best Regards, David Schumann
