Used RSS library is unmaintained and has security issues #4
Description
Hi,
We at ownCloud News used SimplePie before and switched to picoFeed because of the following issues:
- SimplePie is not maintained anymore as far as we've experienced it. Fixes and enhancements were neither reviewed nor merged
- SimplePie is vulnerable to XXE (look it up, tl;dr: users can include abitrary files from your server in their feeds, such as /etc/passwd)