diff --git a/CHANGES.md b/CHANGES.md
index 0206c6e7e..8518bfecc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -3,6 +3,7 @@
 ### v0.7.1 2021-09
 
 - [修复]用户上传文件中yaml加载的安全漏洞；
+- [优化]默认禁止上传SVG图片（有安全风险）；
 
 
 ### v0.7.0 2021-08-31
diff --git a/MrDoc/settings.py b/MrDoc/settings.py
index a057d0293..871757ce4 100644
--- a/MrDoc/settings.py
+++ b/MrDoc/settings.py
@@ -195,7 +195,7 @@
 MEDIA_ROOT = os.path.join(BASE_DIR,'media')
 
 # 允许上传的图片后缀
-ALLOWED_IMG = CONFIG.get("image_upload","suffix_name",fallback="jpg,jpeg,gif,png,bmp,webp,svg").split(",")
+ALLOWED_IMG = CONFIG.get("image_upload","suffix_name",fallback="jpg,jpeg,gif,png,bmp,webp").split(",")
 
 
 REST_FRAMEWORK = {