diff --git a/Constraints/ExpressionSyntaxValidator.php b/Constraints/ExpressionSyntaxValidator.php
index 51c69f5e..10a918b8 100644
--- a/Constraints/ExpressionSyntaxValidator.php
+++ b/Constraints/ExpressionSyntaxValidator.php
@@ -46,7 +46,7 @@ class ExpressionSyntaxValidator extends ConstraintValidator
         $this->expressionLanguage ??= new ExpressionLanguage();
 
         try {
-            if (null === $constraint->allowedVariables && \defined(Parser::class.'::IGNORE_UNKNOWN_VARIABLES')) {
+            if (null === $constraint->allowedVariables) {
                 $this->expressionLanguage->lint($expression, [], Parser::IGNORE_UNKNOWN_VARIABLES);
             } else {
                 $this->expressionLanguage->lint($expression, $constraint->allowedVariables);
diff --git a/Constraints/RegexValidator.php b/Constraints/RegexValidator.php
index 5823f5d7..f05c6fa5 100644
--- a/Constraints/RegexValidator.php
+++ b/Constraints/RegexValidator.php
@@ -44,7 +44,9 @@ class RegexValidator extends ConstraintValidator
             $value = ($constraint->normalizer)($value);
         }
 
-        if ($constraint->match xor preg_match($constraint->pattern, $value)) {
+        $expectedResult = $constraint->match ? 1 : 0;
+
+        if (preg_match($constraint->pattern, $value) !== $expectedResult) {
             $this->context->buildViolation($constraint->message)
                 ->setParameter('{{ value }}', $this->formatValue($value))
                 ->setParameter('{{ pattern }}', $constraint->pattern)
diff --git a/Tests/Constraints/RegexValidatorTest.php b/Tests/Constraints/RegexValidatorTest.php
index 018f2f06..1115e810 100644
--- a/Tests/Constraints/RegexValidatorTest.php
+++ b/Tests/Constraints/RegexValidatorTest.php
@@ -117,4 +117,19 @@ class RegexValidatorTest extends ConstraintValidatorTestCase
             }],
         ];
     }
+
+    public function testMatchFalseWithTooManyBacktrackingShouldNotPass()
+    {
+        $value = '<'.str_repeat('a', 1000000).'<a href="javascript:alert(1)">test</a>';
+        $pattern = '/<script|([^>]*?)(on\w+\s*=\s*(["\']).*?\3|href\s*=\s*(["\'])javascript:.*?\4)[^>]*?>/is';
+        $constraint = new Regex(pattern: $pattern, message: 'myMessage', match: false);
+
+        $this->validator->validate($value, $constraint);
+
+        $this->buildViolation('myMessage')
+            ->setParameter('{{ value }}', '"'.$value.'"')
+            ->setParameter('{{ pattern }}', $pattern)
+            ->setCode(Regex::REGEX_FAILED_ERROR)
+            ->assertRaised();
+    }
 }
diff --git a/composer.json b/composer.json
index a88a1bca..a418132e 100644
--- a/composer.json
+++ b/composer.json
@@ -45,7 +45,8 @@
     },
     "conflict": {
         "doctrine/lexer": "<1.1",
-        "symfony/doctrine-bridge": "<7.4"
+        "symfony/doctrine-bridge": "<7.4",
+        "symfony/expression-language": "<7.4"
     },
     "autoload": {
         "psr-4": { "Symfony\\Component\\Validator\\": "" },