diff --git a/REVISION.md b/REVISION.md
index 3a83d21..cf05f1c 100644
--- a/REVISION.md
+++ b/REVISION.md
@@ -5,9 +5,10 @@ Revision history
 [![Build Status](https://scrutinizer-ci.com/g/mosbth/cimage/badges/build.png?b=master)](https://scrutinizer-ci.com/g/mosbth/cimage/build-status/master)
 
 
-v0.7.19* (2016-08-11)
+v0.7.19* (2016-08-31)
 -------------------------------------
 
+* Correct XSS injection in `check_system.php`.
 * Composer suggests ext-imagick and ext-curl.
 
 
diff --git a/webroot/check_system.php b/webroot/check_system.php
index 1443de8..889d176 100644
--- a/webroot/check_system.php
+++ b/webroot/check_system.php
@@ -2,7 +2,7 @@
 
 echo 'Current PHP version: ' . phpversion() . '<br><br>';
 
-echo 'Running on: ' . $_SERVER['SERVER_SOFTWARE'] . '<br><br>';
+echo 'Running on: ' . htmlentities($_SERVER['SERVER_SOFTWARE']) . '<br><br>';
 
 $no = extension_loaded('exif') ? null : 'NOT';
 echo "Extension exif is $no loaded.<br>";