diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4a89f8bf..d8fe90e9 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,15 @@
 Changelog
 =========
 
+In Development
+--------------
+
+Changed
+~~~~~~~
+
+* Update networkx >=2.6 for Python 3.8 to fix insecure deserialization #255 (improvement)
+  Contributed by @Stealthii
+
 1.5.0
 -----
 
diff --git a/requirements.txt b/requirements.txt
index 1d5ca55a..6bcb3c96 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,8 @@ eventlet
 Jinja2>=2.11 # BSD License (3 clause)
 jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
 # networkx v2.6 does not support Python3.6.  Update networkx to match st2
-networkx>=2.5.1,<2.6
+networkx>=2.5.1,<2.6; python_version < '3.7'
+networkx>=2.6,<3; python_version >= '3.7'
 python-dateutil
 PyYAML>=3.1.0 # MIT
 six>=1.9.0