Open-Source Trello Alternative "Kan" Faces Security Issues and Feature Gaps Despite Strong Community Interest

A new open-source project management tool called Kan has emerged as a potential alternative to Trello, but early testing by the developer community has revealed several critical issues that may limit its immediate adoption. The project, built with modern web technologies like Next.js and tRPC, aims to provide a fast and customizable kanban board solution with both self-hosted and cloud deployment options.

Technology Stack:

• Frontend: Next.js with Tailwind CSS
• Backend: tRPC with Better Auth
• Database: Drizzle ORM
• Email: React Email
• License: AGPLv3

Security Vulnerabilities Discovered During Initial Testing

Community members quickly identified serious security flaws during their evaluation of the platform. One user discovered that the profile picture upload feature can be exploited to host any type of file, including potentially malicious content. This vulnerability represents a significant risk for organizations considering the platform for production use. The discovery highlights the importance of thorough security testing before deploying new project management tools in business environments.

Identified Security Issues:

• Profile picture upload vulnerability allowing arbitrary file hosting
• Potential for hosting malicious content
• No proper file type validation

Missing Core Features Limit Production Readiness

Despite its promise as a Trello replacement, Kan currently lacks several features that users consider essential for effective project management. The most notable absence is Work-In-Progress (WIP) limits, which many consider the defining characteristic of proper kanban methodology. WIP limits help teams focus by restricting how many tasks can be active simultaneously, preventing workflow bottlenecks.

WIP limits are the good stuff.

The platform also struggles with basic functionality issues. Users reported problems creating lists with common kanban terms like Todo and Done, cards with special characters failing to create without error messages, and the ability to create multiple workspaces with identical names causing interface confusion.

Key Missing Features:

• Work-In-Progress (WIP) limits
• Webhook support
• Keyboard shortcuts
• Markdown support for code blocks
• Demo account functionality
• Templates (planned)
• Integrations (planned)

Technical Implementation Raises Deployment Concerns

The choice to build Kan using Next.js has sparked debate within the developer community about deployment complexity. While some argue that Next.js applications are straightforward to deploy as standard Node.js applications, others point out that achieving performance parity with Vercel's optimized hosting requires significant additional effort. This could create barriers for organizations wanting to self-host the solution, potentially limiting its appeal as an open-source alternative.

Competitive Landscape Shows Crowded Market

The discussion revealed a saturated market for kanban board solutions, with numerous existing open-source alternatives already available. Community members mentioned several established options including Wekan, Taiga, Kanboard, Planka, and Vikunja, each with their own strengths and user bases. This competitive environment raises questions about market differentiation and long-term sustainability for new entrants.

Existing Open-Source Alternatives:

• Wekan (https://wekan.github.io/)
• Taiga (https://taiga.io/)
• Kanboard (https://kanboard.org/)
• Planka (https://github.com/plankanban/planka)
• Vikunja (https://vikunja.io/)
• Nullboard (https://github.com/apankrat/nullboard)

Community Response Balances Encouragement with Realism

While developers appreciated the effort to create another open-source project management tool, many emphasized the need for clearer value propositions beyond simply being another Trello alternative. The community called for better explanation of unique features and improvements over existing solutions. Some users also requested practical enhancements like keyboard shortcuts, markdown support for code blocks, and webhook integration for automation workflows.

The project's creator has been responsive to feedback, adding requested features to the roadmap and fixing reported issues. However, the early discovery of security vulnerabilities and missing core functionality suggests that Kan may need significant development before it can compete effectively with established alternatives in the project management space.

Reference: kanbn/kan