The following security advisories have been announced for Liferay Portal 6.2 CE GA2 (6.2.1):

• CST-SA: LPS-47093 CVE-2014-0050 DoS using Apache Commons FileUpload
• CST-SA: LPS-47428 Various XSS issues in 6.2.1 (Part 2)
• CST-SA: LPS-47460 - Struts 1 Classloader manipulation (Generic fix)

As always, a source patch for each vulnerability is now available through the Known Vulnerabilities page. In addition, a cumulative source and binary patch are available that includes all CST patches released for this version of Liferay. Please see the Security Patch Information page for details on how to apply these patches. Liferay Portal CE users are strongly advised to keep abreast of all new security advisories and apply associated fixes to your Liferay deployments.