BookStack vs Mattermost
Side-by-side trajectory, velocity, and editorial themes.
Security-first wiki on a steady cadence; v26.05 lands the year's biggest feature batch
BookStack is a mature self-hosted wiki shipping on a near-monthly cadence dominated by security releases. The recent arc pairs a substantial v26.05 feature drop with a steady stream of patch releases hardening URL filtering, attachments, MFA, and permission checks. The project's priority is clearly locking down untrusted-editor and public-instance scenarios while keeping the feature surface moving.
The pattern is a feature-anchor release (v26.03, v26.05) followed by a run of point releases that are almost entirely security and dependency hardening. Feature work is trending toward finer-grained permissions (separate revision-view control), a broader API (tag browsing), and export/editor polish. Expect the same rhythm to continue: one meaty minor, then hardening.
The next release is likely another security/dependency point release (v26.05.3 or similar) continuing the attachment/URL-filtering hardening, with the following feature minor extending the API and permission model.
Mattermost's story tightens around secure, agentic collaboration for defense and regulated ops
Mattermost's public output this month is entirely editorial — a run of blog posts, not product releases. The throughline is unmistakable: secure, self-hosted collaboration aimed at defense, critical infrastructure, and regulated enterprises, with a growing emphasis on operational AI such as local LLMs, MCP-fronted tools, and human-in-the-loop approvals.
The messaging is consolidating around operational AI inside a sovereign, on-prem collaboration layer: multiplayer tool-calling with approval controls, a defense partnership with Whitespace, and framing against rivals that bundle AI into collaboration pricing. This is positioning work that tends to precede or accompany product moves in the same direction.
The next actual releases will likely formalize the AI-in-the-workflow features these posts describe — approval-gated tool calls and retrieval over message archives. The entries don't pin a date, so timing is unclear.
See more alternatives to BookStack →
See more alternatives to Mattermost →