From 179da5895f1fd3ebddb08cba7c93a9d78a8a2783 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Thu, 23 Dec 2010 14:18:14 +0100
Subject: [PATCH] Documented security fix in changelog

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 4fc8dd23..e3f5475e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,9 @@ Bugfix release, release date to be announced.
   module setups.
 - Fixed an issue where the subdomain setting for modules was
   ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.
 
 Version 0.6
 -----------