diff --git a/CHANGELOG-1.4.md b/CHANGELOG-1.4.md
index 548d18be87..d994a87066 100644
--- a/CHANGELOG-1.4.md
+++ b/CHANGELOG-1.4.md
@@ -31,6 +31,7 @@ CHANGELOG - ZIKULA 1.4.x
     - Fixed many issues with translation in the Core installer and upgrader (#2919, #3192).
     - Fixed issue with using permissions to hide blocks (#3200).
     - Refactored PhpParser usage in ZikulaPhpFileExtractor to namespaces (#3183).
+    - Fixed possible jcss vulnerability in Windows environment (#3237).
 
  - Features:
     - Lost password functionality has been simplified to work without an additional (confusing) confirmation step (#1781, #3178).
diff --git a/src/jcss.php b/src/jcss.php
index 9f18eacaa8..734212693a 100644
--- a/src/jcss.php
+++ b/src/jcss.php
@@ -33,6 +33,7 @@
 }
 
 // clean $f
+$f = str_replace('\\', '', $f);
 $f = preg_replace('`/`', '', $f);
 
 // set full path to the file