diff -r 5a6b6e770365 -r 68c69c656a2c web/lib/Zend/Mobile/Push/Message/Mpns/Raw.php
--- a/web/lib/Zend/Mobile/Push/Message/Mpns/Raw.php	Thu May 07 15:10:09 2015 +0200
+++ b/web/lib/Zend/Mobile/Push/Message/Mpns/Raw.php	Thu May 07 15:16:02 2015 +0200
@@ -15,20 +15,23 @@
  * @category   Zend
  * @package    Zend_Mobile
  * @subpackage Zend_Mobile_Push
- * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 
 /** Zend_Mobile_Push_Message_Mpns **/
 require_once 'Zend/Mobile/Push/Message/Mpns.php';
 
+/** Zend_Xml_Security */
+require_once 'Zend/Xml/Security.php';
+
 /**
  * Mpns Raw Message
  *
  * @category   Zend
  * @package    Zend_Mobile
  * @subpackage Zend_Mobile_Push
- * @copyright  Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright  Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
  * @license    http://framework.zend.com/license/new-bsd     New BSD License
  */
 class Zend_Mobile_Push_Message_Mpns_Raw extends Zend_Mobile_Push_Message_Mpns
@@ -94,7 +97,7 @@
         if (!is_string($msg)) {
             throw new Zend_Mobile_Push_Message_Exception('$msg is not a string');
         }
-        if (!simplexml_load_string($msg)) {
+        if (!Zend_Xml_Security::scan($msg)) {
             throw new Zend_Mobile_Push_Message_Exception('$msg is not valid xml');
         }
         $this->_msg = $msg;