[1.8.x] Fixed catastrophic backtracking in URLValidator.

Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.

docs/releases/1.8.3.txt

@@ -60,6 +60,13 @@ The undocumented, internally unused ``validate_integer()`` function is now
 stricter as it validates using a regular expression instead of simply casting
 the value using ``int()`` and checking if an exception was raised.
 
+Denial-of-service possibility in URL validation
+===============================================
+
+:class:`~django.core.validators.URLValidator` included a regular expression
+that was extremely slow to evaluate against certain invalid inputs. This regular
+expression has been simplified and optimized.
+
 Bugfixes
 ========