diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md
index 9d1f08c22..c3a825753 100644
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@@ -1,10 +1,11 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
-* Prevent directory traversal attack by checking if the request path is a
-  descendant of the `serve_from` directory. E.g., if the files are served from
-  `./test/`, and someone requests `..%5c/some-secret-file`, they will get a
-  Forbidden response.
+* Prevent directory traversal attack by checking if the request path is a descendant of the
+  `serve_from` directory. E.g. If the files are served from `./test/`, and someone requests
+  `..%5c/some-secret-file`, they will get a 403 Forbidden response. [#2059]
+
+[#2059]: https://github.com/actix/actix-web/pull/2059
 
 
 ## 0.6.0-beta.2 - 2021-02-10