From c0896c3ae6be7fc9808cc63b90601ea82f859f4c Mon Sep 17 00:00:00 2001
From: brenosilva <brenosilva@9017d574-64ec-4062-9424-5e00b32a252b>
Date: Fri, 8 Jun 2012 15:29:11 +0000
Subject: [PATCH] Update CHANGES

---
 CHANGES | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGES b/CHANGES
index 82376c1f..07683b25 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+08 Jun 2012 - 2.6.6
+-------------------
+
+ * In 2009, Stefan Esser published an evasion technique that relies on the use of single quotes and PHP.
+   The trick was treating a request parameter as a file. A patch was applied into ModSecurity 2.5.11 by Brian Rectanus.
+   Ivan Ristic reported that the patch was imcomplete. We added extra checks for this evasion.
+
 20 Mar 2012 - 2.6.5
 -------------------