Most of the regular expression engines use ``++backtracking++`` to try all possible execution paths of the regular expression when evaluating an input, in some cases it can cause performance issues, called ``++catastrophic backtracking++`` situations. In the worst case, the complexity of the regular expression is exponential in the size of the input, this means that a small carefully-crafted input (like 20 chars) can trigger ``++catastrophic backtracking++`` and cause a denial of service of the application. Super-linear regex complexity can lead to the same impact too with, in this case, a large carefully-crafted input (thousands chars).
Note that, due to improvements to the matching algorithm, some cases of exponential runtime complexity have become impossible when run using JDK 9 or later. In such cases, an issue will only be reported if the project's target Java version is 8 or earlier.
