Rize vs OpenProject
Side-by-side trajectory, velocity, and editorial themes.
Rize pivots from passive tracker to live, AI-queryable work data substrate.
Rize landed two directional moves in the last 30 days: live time-entry creation that replaces the previous batched-after-the-fact model, and a Beta MCP server that exposes time tracking data to Claude and ChatGPT for natural-language analysis. Around those, the team rebuilt the time-entry review panel and added an alternative Work Hours calculation that excludes break time the way most teams actually want. Cadence is high and the releases are coherent, not scattered.
The product is repositioning itself from 'passive tracker that classifies activity later' to 'live work-data platform other AI tools can read.' MCP integration signals Rize wants to be the data layer external assistants reach into, not a self-contained reporting app. The live-entries shift is the user-experience counterpart: data is current and editable in the moment instead of reconstructed later.
Expect the next moves to lean into the new substrate: manager-facing project-overrun alerts, budget-vs-actual dashboards, or richer outbound webhooks. A natural follow-on is broader MCP exposure (write-side actions, not just read), or a chat surface inside Rize itself.
OpenProject leans into Jira migration and agile parity while absorbing a sustained bug-bounty wave
OpenProject is shipping aggressively across five maintained release branches simultaneously. 17.4 promotes the Jira Migrator out of feature-flag status with basic custom-field migration, and 17.3 reshapes the agile primitives — dedicated sprint objects, all action board types moved into the free Community edition, in-place project attribute editing, nested groups. The codebase is also absorbing a continuous stream of security disclosures (CVE-2026-44731 through -44736, GHSA-r85r, GHSA-hh5p, others) from an EU-sponsored YesWeHack bug bounty, with backported fixes landing across 16.6.x, 17.0.x, 17.1.x, 17.2.x, and 17.3.x on the same day as the headline release.
The dual focus — Jira parity (custom-field migration, sprint objects, flexible backlogs) and a deliberate Community-edition expansion (all action boards now free) — reads as a coordinated squeeze on Jira during Atlassian's Cloud-only migration push. The bug-bounty volume is unusual for a project this size and suggests OpenProject has crossed into enterprise-credibility scrutiny; the response pattern — same-day backports five branches deep — shows the maintainers treating security disclosures as cross-branch events by default.
The next minor release will likely round out the Jira Migrator — workflow and automation migration are the obvious next pieces given custom fields are now beta-complete. Continued public bounty intake will keep producing authorization and IDOR fixes; expect another coordinated cross-branch security cut within weeks.
See more alternatives to Rize →
See more alternatives to OpenProject →