ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*, DOMDocument::loadXML, and xml_parse. A new component,
ZendXml, was introduced to mitigate XML eXternal Entity and XML Entity
Expansion vectors that are present in older versions of libxml2 and/or PHP.
Zend\Json\Json::fromXml() and Zend\XmlRpc's Response and Fault classes
were potentially vulnerable to these attacks. If you use either of these
components, we recommend upgrading immediately.