python-multipart: RFC 2231/5987 extended parameters ignored in multipart headers

parse_options_header and related APIs (FormParser, create_form_parser, parse_form) now ignore RFC 2231/5987 extended parameters (name*, filename*, and continuation forms) in multipart/form-data headers. The plain name/filename parameter is now authoritative. Previously, extended parameters overrode plain ones, allowing interpretation conflicts.

Applications using python-multipart (including Starlette/FastAPI via request.form()) that parse multipart/form-data headers, especially those relying on upstream WAFs, proxies, or gateways that follow RFC 7578.

Upgrade python-multipart to version 0.0.30 or later to prevent smuggling of field names or filenames via extended parameters.