From b92120b190e92288468d8617bc0e270dbf32ea71 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Thu, 23 Dec 2010 14:18:14 +0100
Subject: [PATCH] Documented security fix in changelog

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 7d9f9d25..e83b2b95 100644
--- a/CHANGES
+++ b/CHANGES
@@ -40,6 +40,9 @@ Bugfix release, release date to be announced.
   module setups.
 - Fixed an issue where the subdomain setting for modules was
   ignored for the static folder.
+- Fixed a security problem that allowed clients to download arbitrary files
+  if the host server was a windows based operating system and the client
+  uses backslashes to escape the directory the files where exposed from.
 
 Version 0.6
 -----------