The following security advisories have been announced for Liferay Portal 6.2 CE GA2 (6.2.1):

• CST-SA: LPS-48763 Guest users can obtain list of sites and workflow definition
• CST-SA: LPS-48667 Multiple unvalidated redirects in 6.2.1
• CST-SA: LPS-48071 Various XSS issues in 6.2.1 (Part 3)

As always, a source patch for each vulnerability is now available through the Known Vulnerabilities page. In addition, a cumulative source and binary patch are available that includes all CST patches released for this version of Liferay. Please see the Security Patch Information page for details on how to apply these patches. Liferay Portal CE users are strongly advised to keep abreast of all new security advisories and apply associated fixes to your Liferay deployments.