just this morning i updated my debian server to php 5.3.9 , change log (last item in list) has a fix for this bug and now when running any hosted site using XSL transforms i get:

Warning: XSLTProcessor::transformToXml(): Can't set libxslt security properties, not doing transformation for security reasons

I'm not using any <sax:output> tags in my xslt at all.

Does anybody have any information on this, current chatter about it is thin, so i'm i little lost.

Using the suggestion about switching ini settings on and off either side of ->transformToXml():

ini_set("xsl.security_prefs", XSL_SECPREFS_NONE)

or

$xsl->setSecurityPreferences(XSL_SECPREFS_NONE)

brings me back to the same error

Many thanks.

Progress:
- Upgrading libxml and recompiling libxslt against the new version was a good suggestion, though has not fixed the issue.
- Compiling the latest php5.3 snapshot does not fix the issue.

Solution:
I'm unsure what actually solved this, very sorry for anyone else having the same problem. firstly i upgraded libxml, then applied a few patches, then went into php source for the xsl parser and added some debugging and a few tweaks, after a few compiles getting the configure args right the error went away and wasn't reproducible.
I would definitely recommend upgrading libxml as Petr suggested below and then grabbing the latest snapshot from php.net.