Version 3.1 by Nicolas Gregoire on 2012/01/24 22:08

By default, the 'allow_xslt' configuration option is set to False. if this option is set to True, then "read/write/overwrite arbitrary path/file as the moin process uid/gidarbitrary" is possible. This is triggered by inserting then displaying wiki pages containing XSLT code.

This was documented in version 1.9.3 :