Hi, It is about the CVE-2025-48988 mentioned in the email subject. I have a question that- if we update the "Apache Commons FileUpload" jar to the version which fixes the CVE-2025-48976; in that case, do we still need to update the Apache Tomcat to 9.0.106, 10.1.42 & 11.0.8 which has CVE-2025-48988 fixed ? Or is it not needed to update the Tomcat to these versions ?
Thanks & Regards,
