--- a/trytond/trytond/wsgi.py
+++ b/trytond/trytond/wsgi.py
@@ -4,6 +4,7 @@
 import http.client
 import logging
 import os
+import posixpath
 import sys
 import traceback
 import urllib.parse
@@ -25,6 +26,10 @@
 except ImportError:
     from werkzeug.contrib.fixers import ProxyFix as NumProxyFix
 try:
+    from werkzeug.security import safe_join
+except ImportError:
+    safe_join = posixpath.join
+try:
     from werkzeug.middleware.shared_data import SharedDataMiddleware
 except ImportError:
     from werkzeug.wsgi import SharedDataMiddleware
@@ -201,13 +206,14 @@
     def get_directory_loader(self, directory):
         def loader(path):
             if path is not None:
-                path = os.path.join(directory, path)
+                path = safe_join(directory, path)
             else:
                 path = directory
-            if os.path.isdir(path):
-                path = os.path.join(path, 'index.html')
-            if os.path.isfile(path):
-                return os.path.basename(path), self._opener(path)
+            if path is not None:
+                if os.path.isdir(path):
+                    path = posixpath.join(path, 'index.html')
+                if os.path.isfile(path):
+                    return os.path.basename(path), self._opener(path)
             return None, None
         return loader