diff --git a/CHANGES b/CHANGES
index 7d9f9d25..e83b2b95 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,9 @@ Bugfix release, release date to be announced.
   module setups.
 - Fixed an issue where the subdomain setting for modules was
   ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.
 
 Version 0.6
 -----------