Re: CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter

[Stuart Henderson <stu () spacehopper org>]

On 2026/01/23 11:06, Alan Coopersmith wrote:
> Of note, https://github.com/dabeaz/ply now bears a banner:
> "This repository was archived by the owner on Dec 21, 2025. It is now read-only."

And the most recent commit added to the readme:

    "After 25 years, I've decided to abandon the PLY project.  No further
    maintenance is expected.  At this point, there are many high-quality
    parsing libraries that you might consider using instead.  Or you could
    continue to use PLY by copying it into your project. Or you could write
    a hand-rolled recursive descent parser.  I don't really have a
    specific recommendation (although writing a parser by hand can be
    a fun challenge)."