Kanboard vs Linear
Side-by-side trajectory, velocity, and editorial themes.
Kanboard is on a year-long security-hardening run, sweeping the codebase one attack class at a time.
Kanboard's last six releases read as a single sustained security audit: parameterized queries replacing raw SQL, SSRF protection for webhooks, LDAP injection escapes, timing-safe token comparisons, CSRF for project role changes, comment-visibility enforcement for unauthenticated users, and removal of unsafe deserialization paths (file cache driver, legacy serialized events). Feature work continues in parallel — RTL support, Arabic translation, sub-task counts, bulk tag operations — but is clearly secondary to the hardening arc.
The team is methodically working through input surfaces (LDAP, headers, webhooks, file uploads, redirect targets) and output surfaces (comments, exports, API responses) to close authorization and injection gaps. This is mature-project hygiene, not pivot work — Kanboard is positioning itself as an audit-ready self-hostable kanban for organizations with security review checklists. PHP 8.1 is now the floor; the codebase is being modernized alongside the hardening.
Expect the security cadence to continue with one to two more releases focused on remaining trust boundaries, then a feature-weighted release picking up RTL/locale follow-ons and possibly the long-promised SQLite/Postgres parity work hinted at by recent Docker Compose additions.
Linear keeps pushing its Agent deeper — from Teams chat to MCP tools to the actual codebase.
Linear is rapidly converting itself from issue tracker into an agent-native engineering coordination layer. Every major shipment in the last month — Microsoft Teams entry point, MCP tool access, Releases tracking, and now Code Intelligence — extends what Linear Agent can reach. The traditional issue-tracking surface continues to receive steady fixes and quality-of-life work, but the strategic energy is concentrated on giving the Agent more context and more reach.
Linear is positioning its Agent as a workspace orchestrator rather than a chat assistant bolted onto issues. The progression is unmistakable: first messaging surfaces (Slack, Teams), then external tools via MCP, now the codebase itself. Each step removes a reason a user would need to leave Linear to answer a work question, and steadily makes the Agent useful to PMs, support, and sales — not just engineers writing tickets.
Expect Linear to keep widening the Agent's reach into adjacent technical surfaces — CI/CD signals, incident tools, design and data systems — and to introduce paid Agent-action tiers as usage proves out. The Code Intelligence beta will likely move to general availability with codebase-scoped permissions becoming a first-class enterprise feature.
See more alternatives to Kanboard →
See more alternatives to Linear →