From 497bcbaf8b151d904497c9876d9a19cef329ccb3 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Tue, 9 Mar 2021 19:52:57 +0000
Subject: [PATCH] Update CHANGES.md

---
 actix-files/CHANGES.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md
index 9d1f08c22..c3a825753 100644
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@@ -1,10 +1,11 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
-* Prevent directory traversal attack by checking if the request path is a
-  descendant of the `serve_from` directory. E.g., if the files are served from
-  `./test/`, and someone requests `..%5c/some-secret-file`, they will get a
-  Forbidden response.
+* Prevent directory traversal attack by checking if the request path is a descendant of the
+  `serve_from` directory. E.g. If the files are served from `./test/`, and someone requests
+  `..%5c/some-secret-file`, they will get a 403 Forbidden response. [#2059]
+
+[#2059]: https://github.com/actix/actix-web/pull/2059
 
 
 ## 0.6.0-beta.2 - 2021-02-10