Kanboard vs Hive
Side-by-side trajectory, velocity, and editorial themes.
Kanboard is on a year-long security-hardening run, sweeping the codebase one attack class at a time.
Kanboard's last six releases read as a single sustained security audit: parameterized queries replacing raw SQL, SSRF protection for webhooks, LDAP injection escapes, timing-safe token comparisons, CSRF for project role changes, comment-visibility enforcement for unauthenticated users, and removal of unsafe deserialization paths (file cache driver, legacy serialized events). Feature work continues in parallel — RTL support, Arabic translation, sub-task counts, bulk tag operations — but is clearly secondary to the hardening arc.
The team is methodically working through input surfaces (LDAP, headers, webhooks, file uploads, redirect targets) and output surfaces (comments, exports, API responses) to close authorization and injection gaps. This is mature-project hygiene, not pivot work — Kanboard is positioning itself as an audit-ready self-hostable kanban for organizations with security review checklists. PHP 8.1 is now the floor; the codebase is being modernized alongside the hardening.
Expect the security cadence to continue with one to two more releases focused on remaining trust boundaries, then a feature-weighted release picking up RTL/locale follow-ons and possibly the long-promised SQLite/Postgres parity work hinted at by recent Docker Compose additions.
Hive's quarter is mobile parity, with chat and dashboards getting tidied on the side.
Hive is in a steady incremental polish phase. The dominant thread is pulling more of the desktop experience onto mobile: workflow visibility, time tracking from action cards, Gantt views, and a beefed-up universal search all landed within a week of each other. Chat got a parallel set of refinements (inline video, file gallery, history preservation when members leave), and dashboards picked up median aggregation.
Hive looks focused on closing the desktop-mobile gap rather than opening new product surface area. Each mobile release individually is small, but together they push Hive toward being usable as a primary-not-secondary work surface on phones, which matters most for project managers who actually move around. Expect this cleanup arc to continue for at least another release cycle before strategic capabilities (AI, automation depth) reappear.
Next likely additions on mobile: editing or creating actions/workflows (currently view-only) and richer dashboard interaction. On the desktop side, a feature touching AI or workflow authoring is overdue given the cadence of small fixes.
See more alternatives to Kanboard →
See more alternatives to Hive →