Version v0.3.8 of golang.org/x/text
fixes a vulnerability in the golang.org/x/text/language
package which could cause a denial of service.
An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
This issue was discovered by OSS-Fuzz and reported to us by Adam Korczynski (ADA Logics), and is tracked as CVE-2022-32149 and https://go.dev/issue/56152
Roland on behalf of the Go team