Comment 2 for bug 412517

I agree that this is confusing, and perhaps the error message itself could at least clarify that it is a security issue, and that if the input is trusted then it is simple to turn the option back on.

There is a bit more information in the /usr/share/doc/libsaxonb-java/README.Debian file, clarifying that the default is different in the Debian (and thus Ubuntu) packaging of saxonb than in the original upstream distribution. It says:

Calls on external Java functions disabled by default
----------------------------------------------------

By default, SaxonB enables calls on external Java functions to be
embedded in stylesheets or queries. Such calls can invoke arbitrary
Java methods and are thus a security risk when executing untrusted
XSLT stylesheets of XQuery queries. For this reason, SaxonB in Debian
comes with calls on external Java functions disabled by default.

If you are using the command line interface to the XSLT 2.0 or XQuery
processors of Saxon, you can enable this feature by passing the
"-ext:on" flag to your command line invocation.

If you are using SaxonB from its Java API you should set the Attribute
"FeatureKeys.ALLOW_EXTERNAL_FUNCTIONS" to "true". See the API
reference in the libsaxonb-java-doc package for more information.