patrickjuchli
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.2.1
+
+- Fixed: Reject control character injection attempts using paths. See https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q.
+
 ## 5.2.0
 
 - Changed: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c.