Bonsai vs OpenProject
Side-by-side trajectory, velocity, and editorial themes.
Freelancer suite hardens into a CRM-first agency platform with billing tightly stitched to client work.
Bonsai is reshaping itself around a more flexible CRM core. Recent shipments add independent client/contact creation, multi-client contacts, custom filtered views across contacts/deals/projects/tasks, and a per-contact activity feed that ties documents, messages, and meetings together. Billing-side improvements continue alongside this — auto-attached invoice PDFs, card-on-file charging, and meetings-to-time-entries.
The product is no longer best described as 'freelancer software with a CRM' — the CRM is becoming the spine, with invoices, time, and project work threaded through it. The Zoom integration with synced recordings, transcripts, and AI summaries pushes it further toward an agency-style client operations layer rather than a solo-freelancer toolkit. Smaller billing improvements show continued investment in get-paid-faster mechanics, the original wedge.
Expect deeper CRM primitives — pipelines, more sophisticated automations, possibly native AI summarization rather than relying on Zoom's. The combination of meeting capture and time entries also suggests a likely move toward auto-suggested billable time from meeting data.
OpenProject leans into Jira migration and agile parity while absorbing a sustained bug-bounty wave
OpenProject is shipping aggressively across five maintained release branches simultaneously. 17.4 promotes the Jira Migrator out of feature-flag status with basic custom-field migration, and 17.3 reshapes the agile primitives — dedicated sprint objects, all action board types moved into the free Community edition, in-place project attribute editing, nested groups. The codebase is also absorbing a continuous stream of security disclosures (CVE-2026-44731 through -44736, GHSA-r85r, GHSA-hh5p, others) from an EU-sponsored YesWeHack bug bounty, with backported fixes landing across 16.6.x, 17.0.x, 17.1.x, 17.2.x, and 17.3.x on the same day as the headline release.
The dual focus — Jira parity (custom-field migration, sprint objects, flexible backlogs) and a deliberate Community-edition expansion (all action boards now free) — reads as a coordinated squeeze on Jira during Atlassian's Cloud-only migration push. The bug-bounty volume is unusual for a project this size and suggests OpenProject has crossed into enterprise-credibility scrutiny; the response pattern — same-day backports five branches deep — shows the maintainers treating security disclosures as cross-branch events by default.
The next minor release will likely round out the Jira Migrator — workflow and automation migration are the obvious next pieces given custom fields are now beta-complete. Continued public bounty intake will keep producing authorization and IDOR fixes; expect another coordinated cross-branch security cut within weeks.
See more alternatives to Bonsai →
See more alternatives to OpenProject →