There was a recent related discussion on Hacker News and the top comment discusses why this sort of solution is not likely to be the best fit for smaller organizations. In short, doing it well requires time and effort from someone technically sophisticated, who must do more than the bare minimum for good results, as you just learned.

Even then, it’s likely to be less reliable than solutions hosted by big corporations and when there’s a problem, it’s your problem. I don’t want to discourage you, but understand what you’re committing to and make sure you have adequate buy-in in your organization.

Telegram isn’t open source, so I don’t think you’re going to find forks of it.

I stand corrected. Telegram’s client is open source (GPL) and what OP is asking for is reasonable.

That’s a valid point, though it looks like Popfile’s installation instructions call for manually installing libraries, presumably current ones. I think it processes only text, not PDFs or images, which are traditional sources of vulnerabilities. I’m fairly certain it doesn’t attempt to execute Javascript. It is, itself written in Perl, which is memory-safe.

It’s worth considering security because there’s so much malware out there trying to spread indiscriminately, but Popfile is less vulnerable than an Android app (which bundles its dependencies) or anything written in C (which is subject to all kinds of memory management bugs).

Abandoned doesn’t necessarily imply no longer useful. Sometimes, though rarely in the modern world software is finished.

I may give it a try. It does actually have the features I’m asking for.

I’ve been using one of the Javascript variants of this for a while. While that is a little heavier weight for the client than this completely static solution, it’s ultimately just a few kilobytes and minimal processing that’s fast even on old devices.

The EFF has a good document on this topic.