The developers of the open-source project management tool Plane have completed a comprehensive migration with version 1.2.0: all web applications now run on React Router (Framework Mode) and Vite instead of Next.js. The change affects over 1200 files and more than 20,000 new lines of code in the makeplane/plane, plane-ee, and air-gapped deployment variant repositories. At the same time, the new version closes critical security vulnerabilities in Next.js and React.

The switch was made because Plane relies on a "client first" architecture without server-side rendering and does not utilize Next.js-specific features such as hybrid routing or special data fetching mechanisms. The developers report in a blog post that hot reload times dropped from 20 to 30 seconds to milliseconds. The dev server also starts significantly faster. Furthermore, build pipelines could be simplified, as tests and production builds are now based on the same tooling.

According to the developers, there are no breaking changes for operators of existing self-hosted instances. The change also does not alter the appearance or behavior of Plane for end-users. The migration only requires a Docker update or a new build of the containers. The project has tested the new architecture in cloud, self-hosted, and air-gapped environments. Plane does not publish a dedicated migration script; the standard upgrade procedure via Git pull and docker-compose up is sufficient.

New Navigation and Keyboard Shortcuts

In addition to the technical migration, version 1.2.0 also brings visible changes: a new top bar with global search and inbox replaces parts of the previous sidebar. Project features such as Cycles, Modules, Epics, and Pages appear as horizontal tabs. The left navigation can be reduced to an icon-only mode. With "Power K," Plane introduces advanced keyboard shortcuts that include navigation, creating work items, cycles, and modules, as well as switching sidebars and copying links.

The intake function receives a new "Triage" status for incoming requests, which operates independently of the regular project states. Further changes include simplified user filtering endpoints, new APIs for workspace invitations and project member management, and automatic icon assignment when creating projects via an external endpoint. The limit for project identifiers has been increased to 10 characters.

Security Updates Against RCE Vulnerabilities

An important part of the release are security patches: Plane fixes CVE-2025-66478 in Next.js and CVE-2025-55182 in React, both vulnerabilities with unauthenticated remote code execution. Additionally, Django has been updated to version 4.2.27 to close an SQL injection vulnerability in column aliases. The Nginx version has also been upgraded. Self-hosted operators should update Plane promptly to close these critical vulnerabilities.

The Enterprise Edition (plane-ee) and Helm packages receive the same changes as the Community Edition. Differences only exist in the additional cloud and analytics features of the enterprise variant. Plane does not publish quantitative performance metrics on bundle size or runtime latency before and after the migration, but emphasizes the significantly faster build and development workflows.

Plane positions itself as an open-source alternative to Jira, Linear, Monday, and Asana. Details about version 1.2.0 can be found in the GitHub release.

(fo)

Don’t miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.