diff --git a/CHANGES b/CHANGES
index 82376c1f..07683b25 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+08 Jun 2012 - 2.6.6
+-------------------
+
+ * In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP.
+   The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus.
+   Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion.
+
 20 Mar 2012 - 2.6.5
 -------------------