Is there a release date for implementing the Content Security Policy (CSP) at Liferay?

Issue

If CSP is in beta mode, how is Liferay protecting its system from vulnerability?
Is there a timescale for when the CSP will be fully deployed in the portal?
Once the CSP has been successfully implemented, can a fix be provided in the existing versions of DXP?

CSP is just an additional layer of protection. There are several other layers that can be applied according to the nature of the functionality that wants to be protected.
If the concern is regarding the missing CSP and Missing Secure Headers, then the missing CSP header itself is not considered a vulnerability.
There are certain directives that are planned to be implemented within 2025 Q1 and 2025 Q2. Also, the beta flag of CSP is planned to move to the released flag in milestone 2, which means the 2025 Q3 release.
If the fix of the CSP header is needed, it will be implemented as a new feature in the portal and cannot be backported in the older versions. Hence, the DXP version needs to be upgraded to use the feature.