diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Gdata/App.php
--- a/web/lib/Zend/Gdata/App.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Gdata/App.php	Thu May 07 15:16:02 2015 +0200
@@ -16,9 +16,9 @@
  * @category   Zend
  * @package    Zend_Gdata
  * @subpackage App
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id: App.php 25259 2013-02-13 17:38:12Z frosch $
+ * @version    $Id$
  */
 
 /**
@@ -46,6 +46,9 @@
  */
 require_once 'Zend/Uri/Http.php';
 
+/** @see Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
 /**
  * Provides Atom Publishing Protocol (APP) functionality.  This class and all
  * other components of Zend_Gdata_App are designed to work independently from
@@ -54,7 +57,7 @@
  * @category   Zend
  * @package    Zend_Gdata
  * @subpackage App
- * @copyright  Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 class Zend_Gdata_App
@@ -822,10 +825,10 @@
         // Load the feed as an XML DOMDocument object
         @ini_set('track_errors', 1);
         $doc = new DOMDocument();
-        $success = @$doc->loadXML($string);
+        $doc = @Zend_Xml_Security::scan($string, $doc);
         @ini_restore('track_errors');
 
-        if (!$success) {
+        if (!$doc) {
             require_once 'Zend/Gdata/App/Exception.php';
             throw new Zend_Gdata_App_Exception(
                 "DOMDocument cannot parse XML: $php_errormsg");