diff --git a/gogs.go b/gogs.go
index 8826eb1ff..2d8350f76 100644
--- a/gogs.go
+++ b/gogs.go
@@ -16,7 +16,7 @@ import (
 	"github.com/gogs/gogs/pkg/setting"
 )
 
-const APP_VER = "0.11.81.1217"
+const APP_VER = "0.11.82.1218"
 
 func init() {
 	setting.AppVer = APP_VER
diff --git a/pkg/tool/path.go b/pkg/tool/path.go
index 3c0d2d027..528db86df 100644
--- a/pkg/tool/path.go
+++ b/pkg/tool/path.go
@@ -17,5 +17,7 @@ func IsSameSiteURLPath(url string) bool {
 
 // SanitizePath sanitizes user-defined file paths to prevent remote code execution.
 func SanitizePath(path string) string {
-	return strings.TrimLeft(path, "./")
+	path = strings.TrimLeft(path, "/")
+	path = strings.Replace(path, "../", "", -1)
+	return path
 }
diff --git a/pkg/tool/path_test.go b/pkg/tool/path_test.go
index c9e182941..9f3441b11 100644
--- a/pkg/tool/path_test.go
+++ b/pkg/tool/path_test.go
@@ -38,6 +38,7 @@ func Test_SanitizePath(t *testing.T) {
 			expect string
 		}{
 			{"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
 
 			{"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"},
 		}
diff --git a/templates/.VERSION b/templates/.VERSION
index da31b367d..9f1b25ca7 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.11.81.1217
+0.11.82.1218