Notesnook vs OpenProject
Side-by-side trajectory, velocity, and editorial themes.
Notesnook is on a steady alternating Desktop/Android point-release cadence with no inline changelog detail.
Notesnook is shipping a Desktop or Android point release roughly every 3–4 days (Desktop v3.3.15 → v3.3.19, Android v3.3.20 → v3.3.24). The GitHub release notes are uniformly empty — each one points to the blog rather than enumerating changes. The one detail-bearing release in the window (Desktop v3.3.16) was entirely bug fixes: scrollbar cutoffs, submenu lazy-item cutoffs, urgent-reminder segfault on Linux, backspace crash, paddle iframe crash, note-subtitle length cap.
The product is in a maintenance-and-polish phase on both Desktop and Mobile, judging from the one release that did publish detail and the steady point-bump pace. The opaque release notes are themselves a signal: directional reading has to come from the company blog, not the repo. There is no public hint of a 3.4 or 4.0 cut in this window.
Cadence continues — another paired Desktop/Android release within the next week, almost certainly more crash and UI fix work in line with the v3.3.16 pattern.
OpenProject leans into Jira migration and agile parity while absorbing a sustained bug-bounty wave
OpenProject is shipping aggressively across five maintained release branches simultaneously. 17.4 promotes the Jira Migrator out of feature-flag status with basic custom-field migration, and 17.3 reshapes the agile primitives — dedicated sprint objects, all action board types moved into the free Community edition, in-place project attribute editing, nested groups. The codebase is also absorbing a continuous stream of security disclosures (CVE-2026-44731 through -44736, GHSA-r85r, GHSA-hh5p, others) from an EU-sponsored YesWeHack bug bounty, with backported fixes landing across 16.6.x, 17.0.x, 17.1.x, 17.2.x, and 17.3.x on the same day as the headline release.
The dual focus — Jira parity (custom-field migration, sprint objects, flexible backlogs) and a deliberate Community-edition expansion (all action boards now free) — reads as a coordinated squeeze on Jira during Atlassian's Cloud-only migration push. The bug-bounty volume is unusual for a project this size and suggests OpenProject has crossed into enterprise-credibility scrutiny; the response pattern — same-day backports five branches deep — shows the maintainers treating security disclosures as cross-branch events by default.
The next minor release will likely round out the Jira Migrator — workflow and automation migration are the obvious next pieces given custom fields are now beta-complete. Continued public bounty intake will keep producing authorization and IDOR fixes; expect another coordinated cross-branch security cut within weeks.
See more alternatives to Notesnook →
See more alternatives to OpenProject →