diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d89162..84215f3 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 * Improved debugging output
 * Tried to fix scrollwheel
 * Fixed security audited npm packages
+* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
 
 ###### v0.9.0
 * [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
diff --git a/README.md b/README.md
index bb20692..e79faa1 100755
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
 * Removed express validator and replaced with homegrown function
 * Fixed showing welcome message on every login
 * Removed naked domains
+* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
 
 ###### v0.8.x
 * Hotfixed service worker bugs
diff --git a/config/routes/auth.js b/config/routes/auth.js
index 4c97ea0..92c554a 100755
--- a/config/routes/auth.js
+++ b/config/routes/auth.js
@@ -5,10 +5,13 @@ const mail = require('../mail.js')
 const User = require('../models.js').user
 const crypto = require('crypto')
 const moment = require('moment')
-const slugify = require('slug')
 const sanitize = require('mongo-sanitize')
 const debug = require('debug')('tracman-routes-auth')
 const env = require('../env/env.js')
+// Trim slug to patch CVE-2017-16117
+const slugify = function(s) {
+  return require('slug')(s.slice(0,99))
+}
 
 module.exports = (app, passport) => {
 
diff --git a/config/routes/index.js b/config/routes/index.js
index f42cce9..0439308 100755
--- a/config/routes/index.js
+++ b/config/routes/index.js
@@ -1,9 +1,12 @@
 'use strict'
 
 const router = require('express').Router()
-const slug = require('slug')
 const xss = require('xss')
 const User = require('../models.js').user
+// Trim slug to patch CVE-2017-16117
+const slug = function(s) {
+  return require('slug')(s.slice(0,99))
+}
 
 module.exports = router
 
diff --git a/config/routes/settings.js b/config/routes/settings.js
index a8074a1..893adcf 100755
--- a/config/routes/settings.js
+++ b/config/routes/settings.js
@@ -1,14 +1,16 @@
 'use strict'
 
-const slug = require('slug')
 const xss = require('xss')
 const mw = require('../middleware.js')
 const User = require('../models.js').user
 const mail = require('../mail.js')
 const env = require('../env/env.js')
-const sanitize = require('mongo-sanitize')
 const debug = require('debug')('tracman-routes-settings')
 const router = require('express').Router()
+// Trim slug to patch CVE-2017-16117
+const slug = function(s) {
+  return require('slug')(s.slice(0,99))
+}
 
 // Settings form
 router.route('/')