diff --git a/CHANGES b/CHANGES
index 4fc8dd23..e3f5475e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,9 @@ Bugfix release, release date to be announced.
   module setups.
 - Fixed an issue where the subdomain setting for modules was
   ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.
 
 Version 0.6
 -----------