diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5db2246..25dd7bb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Order attachments by creation date.
 - Don't reopen monero wallet on each subscription monitor run.
 
+### Security
+
+- Updated markdown parser to latest version.
+
 ## [1.18.0] - 2023-03-21
 
 ### Added
diff --git a/Cargo.lock b/Cargo.lock
index c374ca1..a4ad1d1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -576,16 +576,14 @@ dependencies = [
 
 [[package]]
 name = "comrak"
-version = "0.15.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c11e55664fcff7f4d37cc2adf3a1996913692f037312f4ab0909047fdd2bf962"
+version = "0.17.1"
+source = "git+https://github.com/kivikakk/comrak?rev=93a94858168536704c5772d5573cdfce0e4e7ed4#93a94858168536704c5772d5573cdfce0e4e7ed4"
 dependencies = [
  "entities",
  "memchr",
  "once_cell",
- "pest",
- "pest_derive",
  "regex",
+ "slug",
  "typed-arena",
  "unicode_categories",
 ]
@@ -810,6 +808,12 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "deunicode"
+version = "0.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "850878694b7933ca4c9569d30a34b55031b9b139ee1fc7b94a527c4ef960d690"
+
 [[package]]
 name = "digest"
 version = "0.9.0"
@@ -2193,50 +2197,6 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e"
 
-[[package]]
-name = "pest"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbc7bc69c062e492337d74d59b120c274fd3d261b6bf6d3207d499b4b379c41a"
-dependencies = [
- "thiserror",
- "ucd-trie",
-]
-
-[[package]]
-name = "pest_derive"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60b75706b9642ebcb34dab3bc7750f811609a0eb1dd8b88c2d15bf628c1c65b2"
-dependencies = [
- "pest",
- "pest_generator",
-]
-
-[[package]]
-name = "pest_generator"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4f9272122f5979a6511a749af9db9bfc810393f63119970d7085fed1c4ea0db"
-dependencies = [
- "pest",
- "pest_meta",
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "pest_meta"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c8717927f9b79515e565a64fe46c38b8cd0427e64c40680b14a7365ab09ac8d"
-dependencies = [
- "once_cell",
- "pest",
- "sha1",
-]
-
 [[package]]
 name = "phf"
 version = "0.10.1"
@@ -3113,17 +3073,6 @@ dependencies = [
  "digest 0.10.3",
 ]
 
-[[package]]
-name = "sha1"
-version = "0.10.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "006769ba83e921b3085caa8334186b00cf92b4cb1a6cf4632fbccc8eff5c7549"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.10.3",
-]
-
 [[package]]
 name = "sha2"
 version = "0.9.9"
@@ -3207,6 +3156,15 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c111b5bd5695e56cffe5129854aa230b39c93a305372fdbb2668ca2394eea9f8"
 
+[[package]]
+name = "slug"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3bc762e6a4b6c6fcaade73e77f9ebc6991b676f88bb2358bddb56560f073373"
+dependencies = [
+ "deunicode",
+]
+
 [[package]]
 name = "smallvec"
 version = "1.6.1"
@@ -3571,12 +3529,6 @@ version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987"
 
-[[package]]
-name = "ucd-trie"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e79c4d996edb816c91e4308506774452e55e95c3c9de07b6729e17e15a5ef81"
-
 [[package]]
 name = "uint"
 version = "0.9.1"
diff --git a/mitra-utils/Cargo.toml b/mitra-utils/Cargo.toml
index a57d1b4..a8bff32 100644
--- a/mitra-utils/Cargo.toml
+++ b/mitra-utils/Cargo.toml
@@ -15,7 +15,7 @@ bs58 = "0.4.0"
 # Used for working with dates
 chrono = { version = "0.4.23", default-features = false, features = ["std"] }
 # Used for parsing markdown
-comrak = { version = "0.15.0", default-features = false }
+comrak = { git = "https://github.com/kivikakk/comrak", rev = "93a94858168536704c5772d5573cdfce0e4e7ed4", default-features = false }
 # Used to guess media type of a file
 mime_guess = "2.0.3"
 mime-sniffer = "0.1.2"
diff --git a/mitra-utils/src/markdown.rs b/mitra-utils/src/markdown.rs
index f1d9b96..f8cfdc4 100644
--- a/mitra-utils/src/markdown.rs
+++ b/mitra-utils/src/markdown.rs
@@ -68,7 +68,7 @@ fn replace_with_markdown<'a>(
     for child in node.children() {
         child.detach();
     };
-    let text = NodeValue::Text(markdown.as_bytes().to_vec());
+    let text = NodeValue::Text(markdown);
     let mut borrowed_node = node.data.borrow_mut();
     *borrowed_node = Ast::new(text);
     Ok(())
@@ -79,15 +79,14 @@ fn fix_microsyntaxes<'a>(
 ) -> Result<(), MarkdownError> {
     if let Some(prev) = node.previous_sibling() {
         if let NodeValue::Text(ref prev_text) = prev.data.borrow().value {
-            let prev_text = String::from_utf8(prev_text.to_vec())?;
             // Remove autolink if mention or object link syntax is found
             if prev_text.ends_with('@') || prev_text.ends_with("[[") {
-                let mut link_text = vec![];
+                let mut link_text = String::new();
                 for child in node.children() {
                     child.detach();
                     let child_value = &child.data.borrow().value;
                     if let NodeValue::Text(child_text) = child_value {
-                        link_text.extend(child_text);
+                        link_text.push_str(child_text);
                     };
                 };
                 let text = NodeValue::Text(link_text);
@@ -151,7 +150,7 @@ pub fn markdown_lite_to_html(text: &str) -> Result<String, MarkdownError> {
                 for child in node.children() {
                     child.detach();
                 };
-                let text = NodeValue::Text(markdown.as_bytes().to_vec());
+                let text = NodeValue::Text(markdown);
                 let text_node = arena.alloc(AstNode::from(text));
                 node.append(text_node);
                 let mut borrowed_node = node.data.borrow_mut();
@@ -180,8 +179,7 @@ pub fn markdown_lite_to_html(text: &str) -> Result<String, MarkdownError> {
                                 list_prefix_markdown.replace('1', &item_index_str);
                         };
                     };
-                    let list_prefix =
-                        NodeValue::Text(list_prefix_markdown.as_bytes().to_vec());
+                    let list_prefix = NodeValue::Text(list_prefix_markdown);
                     if !replacements.is_empty() {
                         // Insert line break before next list item
                         let linebreak = NodeValue::LineBreak;