From 1b7a0f38b8bc1fa72b3c8912740e01f0db81741e Mon Sep 17 00:00:00 2001
From: Alexander Alderman Webb <alexander.webb@sentry.io>
Date: Mon, 25 Aug 2025 08:04:14 +0200
Subject: [PATCH 1/5] Use numbered capture groups for sentry-trace validation

---
 .../main/java/io/sentry/SentryTraceHeader.java    | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/sentry/src/main/java/io/sentry/SentryTraceHeader.java b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
index 71e6d01bc7c..a4fb1df68f5 100644
--- a/sentry/src/main/java/io/sentry/SentryTraceHeader.java
+++ b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
@@ -15,10 +15,10 @@ public final class SentryTraceHeader {
   private final @NotNull SpanId spanId;
   private final @Nullable Boolean sampled;
 
+  // Use numbered capture groups for Android API level < 26 compatibility
   private static final Pattern SENTRY_TRACEPARENT_HEADER_REGEX =
       Pattern.compile(
-          "^[ \\t]*(?<traceId>[0-9a-f]{32})-(?<spanId>[0-9a-f]{16})(?<sampled>-[01])?[ \\t]*$",
-          Pattern.CASE_INSENSITIVE);
+          "^[ \\t]*([0-9a-f]{32})-([0-9a-f]{16})(-[01])?[ \\t]*$", Pattern.CASE_INSENSITIVE);
 
   public SentryTraceHeader(
       final @NotNull SentryId traceId,
@@ -33,14 +33,15 @@ public SentryTraceHeader(final @NotNull String value) throws InvalidSentryTraceH
     Matcher matcher = SENTRY_TRACEPARENT_HEADER_REGEX.matcher(value);
     boolean matchesExist = matcher.matches();
 
-    if (!matchesExist || matcher.group("traceId") == null || matcher.group("spanId") == null) {
+    if (!matchesExist) {
       throw new InvalidSentryTraceHeaderException(value);
     }
 
-    this.traceId = new SentryId(matcher.group("traceId"));
-    this.spanId = new SpanId(matcher.group("spanId"));
-    this.sampled =
-        matcher.group("sampled") == null ? null : "1".equals(matcher.group("sampled").substring(1));
+    this.traceId = new SentryId(matcher.group(1));
+    this.spanId = new SpanId(matcher.group(2));
+
+    String sampled = matcher.group(3);
+    this.sampled = sampled == null ? null : "1".equals(sampled.substring(1));
   }
 
   public @NotNull String getName() {

From 440900110b29de6669d8f4f1ce0fd7cdc31af423 Mon Sep 17 00:00:00 2001
From: Alexander Alderman Webb <alexander.webb@sentry.io>
Date: Mon, 25 Aug 2025 08:52:07 +0200
Subject: [PATCH 2/5] Fix tab escape in character gropu and add tests

---
 .../java/io/sentry/SentryTraceHeader.java     |  2 +-
 .../java/io/sentry/SentryTraceHeaderTest.kt   | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/sentry/src/main/java/io/sentry/SentryTraceHeader.java b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
index a4fb1df68f5..fc8f200e61a 100644
--- a/sentry/src/main/java/io/sentry/SentryTraceHeader.java
+++ b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
@@ -18,7 +18,7 @@ public final class SentryTraceHeader {
   // Use numbered capture groups for Android API level < 26 compatibility
   private static final Pattern SENTRY_TRACEPARENT_HEADER_REGEX =
       Pattern.compile(
-          "^[ \\t]*([0-9a-f]{32})-([0-9a-f]{16})(-[01])?[ \\t]*$", Pattern.CASE_INSENSITIVE);
+          "^[ \t]*([0-9a-f]{32})-([0-9a-f]{16})(-[01])?[ \t]*$", Pattern.CASE_INSENSITIVE);
 
   public SentryTraceHeader(
       final @NotNull SentryId traceId,
diff --git a/sentry/src/test/java/io/sentry/SentryTraceHeaderTest.kt b/sentry/src/test/java/io/sentry/SentryTraceHeaderTest.kt
index f63ef07f33d..7fd03ae80e9 100644
--- a/sentry/src/test/java/io/sentry/SentryTraceHeaderTest.kt
+++ b/sentry/src/test/java/io/sentry/SentryTraceHeaderTest.kt
@@ -132,6 +132,26 @@ class SentryTraceHeaderTest {
     assertNull(header.isSampled)
   }
 
+  @Test
+  fun `handles header without sampling decision and leading whitespace`() {
+    val sentryId = SentryId()
+    val spanId = SpanId()
+    val header = SentryTraceHeader(" \t $sentryId-$spanId")
+    assertEquals(sentryId, header.traceId)
+    assertEquals(spanId, header.spanId)
+    assertNull(header.isSampled)
+  }
+
+  @Test
+  fun `handles header without sampling decision and trailing whitespace`() {
+    val sentryId = SentryId()
+    val spanId = SpanId()
+    val header = SentryTraceHeader("$sentryId-$spanId \t ")
+    assertEquals(sentryId, header.traceId)
+    assertEquals(spanId, header.spanId)
+    assertNull(header.isSampled)
+  }
+
   @Test
   fun `when sampling decision is not made, getValue returns header with traceId and spanId`() {
     val sentryId = SentryId()

From a0a82702df1c2de4be7df16152e9db2a7bb1f8ab Mon Sep 17 00:00:00 2001
From: Alexander Alderman Webb <alexander.webb@sentry.io>
Date: Mon, 25 Aug 2025 08:56:31 +0200
Subject: [PATCH 3/5] Use previous tab escape

---
 sentry/src/main/java/io/sentry/SentryTraceHeader.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sentry/src/main/java/io/sentry/SentryTraceHeader.java b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
index fc8f200e61a..a4fb1df68f5 100644
--- a/sentry/src/main/java/io/sentry/SentryTraceHeader.java
+++ b/sentry/src/main/java/io/sentry/SentryTraceHeader.java
@@ -18,7 +18,7 @@ public final class SentryTraceHeader {
   // Use numbered capture groups for Android API level < 26 compatibility
   private static final Pattern SENTRY_TRACEPARENT_HEADER_REGEX =
       Pattern.compile(
-          "^[ \t]*([0-9a-f]{32})-([0-9a-f]{16})(-[01])?[ \t]*$", Pattern.CASE_INSENSITIVE);
+          "^[ \\t]*([0-9a-f]{32})-([0-9a-f]{16})(-[01])?[ \\t]*$", Pattern.CASE_INSENSITIVE);
 
   public SentryTraceHeader(
       final @NotNull SentryId traceId,

From f32a401577c7ed59d8b25876c438a9d036c83bac Mon Sep 17 00:00:00 2001
From: markushi <markus.hintersteiner@sentry.io>
Date: Mon, 25 Aug 2025 09:24:32 +0200
Subject: [PATCH 4/5] Add changelog entry

---
 CHANGELOG.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f00f2d73736..a05e9e8a4f4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+### Fixes
+
+- Do not use named capturing groups for regular expressions ([#4652](https://github.com/getsentry/sentry-java/pull/4652))
+  - This fixes a crash on Android verisons below 8.0 (API level 26)
+
 ### Features
 
 - Add onDiscard to enable users to track the type and amount of data discarded before reaching Sentry ([#4612](https://github.com/getsentry/sentry-java/pull/4612))

From be069c46633c4db9b01bb5c0f70036696d6606b5 Mon Sep 17 00:00:00 2001
From: markushi <markus.hintersteiner@sentry.io>
Date: Mon, 25 Aug 2025 09:29:49 +0200
Subject: [PATCH 5/5] Fix typo

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a05e9e8a4f4..a3250503787 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 ### Fixes
 
 - Do not use named capturing groups for regular expressions ([#4652](https://github.com/getsentry/sentry-java/pull/4652))
-  - This fixes a crash on Android verisons below 8.0 (API level 26)
+  - This fixes a crash on Android versions below 8.0 (API level 26)
 
 ### Features