diff --git a/README.md b/README.md
index 6dba82fa..53010c35 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@
 
 ## 🎅
 
-Let me take this opportunity to thank you for all your faith and dedication to the Iris Open Source Project. We have achieved so many things together. Hope your bond lasts forever! **Merry Christmas🌳**
+Let me take this opportunity to thank you for all your faith and dedication to the Iris Open Source Project. We have achieved so many things together. Hope your bond lasts forever! **Merry Christmas🎄**
 
 <!-- ![](https://iris-go.com/images/release.png) Iris version **12.1.8** has been [released](HISTORY.md#su-16-february-2020--v1218)! -->
 
diff --git a/context/context.go b/context/context.go
index b5e139b2..efedee3f 100644
--- a/context/context.go
+++ b/context/context.go
@@ -1974,6 +1974,13 @@ func (ctx *Context) UploadFormFiles(destDirectory string, before ...func(*Contex
 			for _, files := range fhs {
 			innerLoop:
 				for _, file := range files {
+					// Fix an issue that net/http has,
+					// an attacker can push a filename
+					// which could lead to override existing system files
+					// by ../../$file.
+					// Reported by Frank through security reports.
+					file.Filename = strings.TrimLeft(file.Filename, "../")
+					file.Filename = strings.TrimLeft(file.Filename, "..\\")
 
 					for _, b := range before {
 						if !b(ctx, file) {