>> Now, the question is whether we want to try to mitigate this or not... >> > It's not something I've ever used, but it doesn't look that difficult > compared to regex if all it has is "*", "?", "[...]" and "[!...]". What's not difficult? Avoiding DoS with arbitrary glob patterns? If yes, please share your idea :-)