Need confirmation about CVE-2025-48988 impacting Tomcat 9.0.10x related to CVE-2025-48976.

Hi, It is about the CVE-2025-48988 mentioned in the email subject. I have a question that- if we update the "Apache Commons FileUpload" jar to the version which fixes the CVE-2025-48976; in that case, do we still need to update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8 which has CVE-2025

Need confirmation about CVE-2025-48988 impacting Tomcat 9.0.10x related to CVE-2025-48976.

Hi, It is about the CVE-2025-48988 mentioned in the email subject. I have a question that- if we update the "Apache Commons FileUpload" jar to the version which fixes the CVE-2025-48976; in that case, do we still need to update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8 which has CVE-2025