Based on https://github.com/zendframework/zend-servicemanager/releases/tag/release-2.1.6 (commit eef6504f81b2abad6c1f6edef58e9e0e3a39dae9 in this repo)

====================

- **ZF2014-01:** Potential XXE/XEE attacks using PHP functions:
  `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. A new component,
  `laminas-xml`, was introduced to mitigate XML eXternal Entity and XML Entity
  Expansion vectors that are present in older versions of libxml2 and/or PHP.
  `Laminas\Json\Json::fromXml()` and `Laminas\XmlRpc`'s `Response` and `Fault` classes
  were potentially vulnerable to these attacks. If you use either of these
  components, we recommend upgrading immediately.