Vikunja vs SmartSuite
Side-by-side trajectory, velocity, and editorial themes.
Vikunja crossed the v1.0 finish line and pivoted hard into security hardening.
Vikunja shipped two v1.0 release candidates through late 2025 and early 2026, then jumped to a v2 series whose first widely-tagged point release, v2.2.1, is dominated by security work. The latest release patches multiple SSRF and IDOR vulnerabilities, enforces disabled/locked-account semantics across every auth surface (OIDC, API tokens, CalDAV, LDAP), and adds a shared SSRF-safe HTTP client that webhooks and migrations now route through. User-facing feature work has slowed; the visible energy is in plumbing and audit cleanup.
The arc moves from feature-completion (S3 storage, drag-and-drop project moves, hover previews in late 2025) toward platform credibility — closing security gaps a self-hosted task tool needs to clear before serious team adoption. The rapid version-number jump from v1.0.0-rc4 to v2.2.1 in two months suggests v1.0 shipped and the team tagged a v2 line aimed at addressing accumulated authz debt. Expect the next several releases to keep the security-first posture rather than return to a feature push.
The next release will likely continue closing remaining authz edges (more IDOR audits, additional credential-stripping in API responses) and bundle a translations and dependency sweep. A user-facing feature push probably waits until the security work plateaus.
SmartSuite is rewiring its core primitives for ITSM, GRC, and structured service-desk work.
Two dense release waves in early and mid May target a clear set of buyers: service desks, governance/risk/compliance teams, and PMO operators. Forms got a major upgrade — multi-page flows, a review step, table-display linked records, and a new Internal mode for authenticated in-app submissions. Around it, SmartSuite added a first-class Team field through to automations, dynamic-value URLs, cross-Solution calendar roll-ups, Solution-level restore, and a manual stop on AI Field Agents.
The product is moving past its general no-code positioning toward becoming the work platform of choice for structured operational teams. Internal Forms, the Team field across automations, and Solution-level governance features are exactly the surface a buyer evaluating ServiceNow alternatives or a lightweight GRC platform looks for. The AI Field Agent work continues but is taking a back seat to the operational plumbing that lets larger, more regulated teams adopt SmartSuite without bolt-ons.
Expect deeper SLA, approval workflow, and audit primitives next — the natural follow-ons once Team and Internal Forms are in place. A native service-portal experience or richer ITSM-flavoured templates would not be surprising in the next quarter.
See more alternatives to Vikunja →
See more alternatives to SmartSuite →