We experienced high memory allocations when jenkins tried to check for plugin updates. Our product showed increased allocations when parsing current 2.8MB update-center.json

On prod instances this was about 170 GB of allocations within a minute. 

I was able to reproduce it locally using IntelliJ profiler which showed about 80 GB of allocations when parsing update-center.json with the JsonTokener (https://github.com/jenkinsci/json-lib/blob/master/src/main/jdk15/net/sf/json/JSONObject.java#L829)

culprit seems to be a null matcher which is recursively called and performs substring operations.

https://github.com/jenkinsci/json-lib/blob/master/src/main/java/net/sf/json/util/JSONTokener.java#L117

Not sure how big the impact on this is or will be, just wanted to mention it here as this drove some of our (already close to memory limit) instances OOM.