diff --git a/docs/changelog.rst b/docs/changelog.rst
index 6450e252..e102aa88 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -3,6 +3,8 @@
 =========
 Changelog
 =========
+* :bug:`491` Require requests 2.20 or later to avoid reported security
+  vulnerabilities in earlier releases.
 * :release:`1.15.0 <2019-09-17>`
 * :feature:`488` Improved output on ``check`` command:
   Prints a message when there are no distributions given to check.
diff --git a/setup.py b/setup.py
index f0dbbfa2..5aba1828 100644
--- a/setup.py
+++ b/setup.py
@@ -72,7 +72,7 @@
     install_requires=[
         "pkginfo >= 1.4.2",
         "readme_renderer >= 21.0",
-        "requests >= 2.5.0, != 2.15, != 2.16",
+        "requests >= 2.20",
         "requests-toolbelt >= 0.8.0, != 0.9.0",
         "setuptools >= 0.7.0",
         "tqdm >= 4.14",