diff --git a/Cargo.lock b/Cargo.lock
index 0dbf5db9d..04f0cbd72 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -44,7 +44,7 @@ dependencies = [
 
 [[package]]
 name = "actix-files"
-version = "0.6.9"
+version = "0.6.10"
 dependencies = [
  "actix-http",
  "actix-rt",
diff --git a/actix-files/CHANGES.md b/actix-files/CHANGES.md
index 307f5852d..281e05312 100644
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@@ -2,6 +2,19 @@
 
 ## Unreleased
 
+## 0.6.10
+
+### Security Notice
+
+We addressed 2 vulnerabilities in this release:
+
+- Do not panic with empty Range header.
+- Avoid serving CWD on invalid `Files::new` inputs.
+
+We encourage updating your `actix-files` version as soon as possible.
+
+### Other changes
+
 - Minimum supported Rust version (MSRV) is now 1.88.
 - `PathBufWrap` & `UriSegmentError` made public. [#3694]
 
diff --git a/actix-files/Cargo.toml b/actix-files/Cargo.toml
index 148442d4f..12f99708e 100644
--- a/actix-files/Cargo.toml
+++ b/actix-files/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "actix-files"
-version = "0.6.9"
+version = "0.6.10"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>", "Rob Ede <robjtede@icloud.com>"]
 description = "Static file serving for Actix Web"
 keywords = ["actix", "http", "async", "futures"]