This is related to the fix for #18124 to protect against RFD attacks that rely on a file extension. We've already applied a fix as part of #18207 where ".html" is explicitly in the mapping. We will generalize that fix so it works the same for any extensions that appears in the mapping. That should address your case.
I've re-opened #18207 with the intent to provide a more general fix for any extension, not just ".html". Hence I'm marking this as a duplicate of that. Please watch #18207 instead. There should be an additional fix for it shortly.