An security vulnerability exists with the XSL Content portlet that can potentially allow execution of code on the server.
Specifically, the XML/XSL specification allows for potentially dangerous code to be executed. However, this can be a feature that is useful for some portals. So to address this issue, it is now possible to set permission in roles to determine who can add the XSL Content portlet to a page (
By default, users with a My Community will no longer be able to add the XSL Content portlet to their My Community pages. If users need to be given permission to add an XSL Content portlet to their My Community, additional permissions must be granted to the users.