Is plone.rest safe to use?

plone.rest has 1 known vulnerabilities on the latest version (5.1.0). DepScope rates its health at 44/100 (high risk).

What is the latest version of plone.rest?

The latest version of plone.rest is 5.1.0, released 2025-08-14.

Yes. plone.rest has 1 known vulnerabilities. See depscope.dev/pkg/pypi/plone.rest for details.

No, plone.rest is actively maintained. Latest release: 5.1.0 (2025-08-14).

Popular alternatives to plone.rest in PyPI include: packaging, certifi, charset-normalizer, charset_normalizer, cryptography.

plone.rest is licensed under GPL version 2.

pypiv5.1.0

Plone support for HTTP verbs.

License GPL version 237 versions1 maintainers16 deps

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 43b4a7e86206e237e1de5ca3817ed071575882f7 to fix known vulnerabilities

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

20/25

security

12/15

maturity

2/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2023-42457	plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).	43b4a7e86206e237e1de5ca3817ed071575882f7

Dependencies (16)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/plone.rest