# So my Questions are: 1. Should I apply patch for  My Liferay 6.2 CE GA2 instance? If Yes then how to apply patch? as the patch is only available for 6.2 GA6.
2. And If applied the patch then how to test it?

The patch is for GA6, so you can't apply it to GA2. You should upgrade to GA6, then apply the patch. There are more issues (potentially security issues as well(?)) fixed in GA versions, and you should always be on the latest GA. Up until 7.2 typically no new features were introduced in newer GAs, just issues fixed. And often, the release of a new major version also means the end of updates for earlier major versions (with notable exceptions like this patch).
An alternative is to look at the patched components, and what changed between GA2 and GA6 to validate if you're in a situation where the patch indeed hits classes that were unchanged between GA2 and 6. But that's never been tested, it's comparable with looking at the changed code, then backporting the change to your version.

Thanks Olaf Kock for quick reply.
But one thing is, we have restricted our Webservices to specific IPs , So is there any chances of unwanted (outsider IPs) attack through JSON Webservices  as mentioned in "vulnerability CVE-2020-7961"
And Upgrading to GA6 would be a big task for us!

Our Liferay version is Liferay 6.2 GA2 and the patch is available for GA6. So We are planning to check if any of the classes in the below packages (which are used for Webservices) are present in the patch.
- portal-impl/src/com/liferay/portal/json/
- portal-impl/src/com/liferay/portal/jsonwebservice
If a class is present we will have to modify that class as per the changes in the patch.
Also in our case the Webservices are accessible only from our select Servers as mentioned below so this could be another level of safety.

I have add the Patch related to the JSON WebService for "vulnerability CVE-2020-7961" issue in Liferay 6.2 GA2.
How can I test whether issue is resolved? Is there any  JSON webservice API request by which i can test. 

Dominik Marks has an excellent blog article on this: https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches