diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Feed/Abstract.php
--- a/web/lib/Zend/Feed/Abstract.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Feed/Abstract.php	Thu May 07 15:16:02 2015 +0200
@@ -15,9 +15,9 @@
  *
  * @category   Zend
  * @package    Zend_Feed
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id: Abstract.php 25160 2012-12-18 15:17:16Z matthew $
+ * @version    $Id$
  */
 
 
@@ -26,6 +26,8 @@
  */
 require_once 'Zend/Feed/Element.php';
 
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
 
 /**
  * The Zend_Feed_Abstract class is an abstract class representing feeds.
@@ -37,7 +39,7 @@
  *
  * @category   Zend
  * @package    Zend_Feed
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 abstract class Zend_Feed_Abstract extends Zend_Feed_Element implements Iterator, Countable
@@ -111,10 +113,10 @@
     {
         @ini_set('track_errors', 1);
         $doc = new DOMDocument;
-        $status = @$doc->loadXML($this->_element);
+        $doc = @Zend_Xml_Security::scan($this->_element, $doc);
         @ini_restore('track_errors');
 
-        if (!$status) {
+        if (!$doc) {
             // prevent the class to generate an undefined variable notice (ZF-2590)
             if (!isset($php_errormsg)) {
                 if (function_exists('xdebug_is_enabled')) {
@@ -268,20 +270,15 @@
      */
     protected function _importFeedFromString($feed)
     {
-        // Load the feed as an XML DOMDocument object
-        $libxml_errflag       = libxml_use_internal_errors(true);
-        $libxml_entity_loader = libxml_disable_entity_loader(true);
-        $doc = new DOMDocument;
         if (trim($feed) == '') {
             require_once 'Zend/Feed/Exception.php';
             throw new Zend_Feed_Exception('Remote feed being imported'
             . ' is an Empty string or comes from an empty HTTP response');
         }
-        $status = $doc->loadXML($feed);
-        libxml_disable_entity_loader($libxml_entity_loader);
-        libxml_use_internal_errors($libxml_errflag);
+        $doc = new DOMDocument;
+        $doc = Zend_Xml_Security::scan($feed, $doc);
 
-        if (!$status) {
+        if (!$doc) {
             // prevent the class to generate an undefined variable notice (ZF-2590)
             // Build error message
             $error = libxml_get_last_error();