The following security advisories have been announced for Liferay Portal 6.2 CE GA2 (6.2.1):

• CST-SA: LPS-51061 HTTP host header manipulation
• CST-SA: LPS-51094 Various XSS issues in 6.2.1 (Part 4)

As always, a source patch for each vulnerability is now available through the Known Vulnerabilities page. In addition, a cumulative source and binary patch are available that includes all CST patches released for this version of Liferay. Please see the Security Patch Information page for details on how to apply these patches. Note in the README that from now on, the CST will issue two flavors of patches (you only need to install one of them) to deal with classloader issues on some app servers. See the README (bottom of page) for more detail. Liferay Portal CE users are strongly advised to keep abreast of all new security advisories and apply associated fixes to your Liferay deployments.