diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2aa0a146..9186fbb5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ### zeronet-conservancy 0.7.9+
-- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
+- update merkletools dependency to avoid legacy pysha3 (@caryoscelus)
+- fix ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus)
 
 ### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35)
 maintainers: @caryoscelus -> none
diff --git a/requirements.txt b/requirements.txt
index 4444b3f4..4298ed61 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,8 @@ setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerabil
 gevent>=20.9.0
 msgpack>=0.6.0
 base58
-merkletools
+# for some reason nobody released fresh merkletools that don't require on outdated pysha3
+git+https://github.com/Tierion/pymerkletools.git@f10d71e2cd529a833728e836dc301f9af502d0b0
 rsa
 PySocks>=1.6.8
 pyasn1