LoginSign Up
← Back to all sparks
O

OpenCATS

HR
Velocity2.5

Open-source applicant tracking system (ATS)

www.opencats.org

OpenCATS breaks a two-year quiet with v0.10.0, tightening attachment auth and form UX

applicant trackingrecruitingopen sourcesecurityphpmaintenance
Current state
OpenCATS, an open-source applicant-tracking system, ships rarely — its release history spans 2020 to 2026 with long gaps. The new v0.10.0 ends a roughly two-year quiet since the 2024 maintenance line, adding authentication on the attachments module, form-validation and default-company improvements, non-ASCII handling, and a JS back-button fix. Prior releases were predominantly security and PHP-compatibility maintenance.
Where it's heading
The pattern is a community project moving in slow, security-conscious increments: authenticated attachments and earlier XSS/cookie hardening show steady attention to securing an aging codebase. v0.10.0 suggests renewed maintenance momentum rather than a feature pivot.
Prediction
Expect continued infrequent releases focused on security hardening and PHP-version compatibility. A jump in cadence would be the signal to watch for renewed active development.

Recent moves

  1. 5d ago

    v0.10.0: auth-gated attachments and form-UX fixes

    v0.10.0 ends a long quiet period: attachments now require authentication, edit forms gain missing required-field markers and an owner check, job-order forms default the company name, and non-ASCII abbreviation and JS back-button bugs are fixed. A meaningful maintenance release for a slow-moving project.

    View source ↗
  2. 2y ago

    v0.9.7.4: dependency and composer maintenance

    A 2024 maintenance release shipped while PHP 8.2 compatibility was in progress — Dependabot upgrades, composer patches, and a file-extension tweak. Housekeeping with no user-facing capability.

    View source ↗
  3. 2y ago

    0.9.7.3: samesite/httponly session cookies

    A small 2024 patch enabling samesite/httponly session-cookie options and a legacy-root reference fix. Minor security hygiene rather than a notable change.

    View source ↗
  4. 2y ago

    v0.9.7.2: authenticated-XSS hardening

    A 2023 security release adding access controls to internal pages to close authenticated XSS vulnerabilities, and trimming dev packages from deployed builds. Part of the project's steady security-hardening pattern.

    View source ↗
  5. 3y ago

    0.9.6: PHP 7.2 support

    The 2022 release that brought PHP 7.2 support after UAT, with assorted mailer and config fixes. A compatibility milestone keeping the aging codebase deployable.

    View source ↗
  6. 6y ago

    0.9.5: PHP 7.x compatibility (revert)

    A 2020 release that reverts an earlier candidate-email change. Maintenance bookkeeping with no net new functionality.

    View source ↗