github openclaw/openclaw v2026.2.1
openclaw 2026.2.1
on GitHub

10 hours ago

Changes

  • Docs: onboarding/install/i18n/exec-approvals/Control UI/exe.dev/cacheRetention updates + misc nav/typos. (#3050, #3461, #4064, #4675, #4729, #4763, #5003, #5402, #5446, #5474, #5663, #5689, #5694, #5967, #6270, #6300, #6311, #6416, #6487, #6550, #6789)
  • Telegram: use shared pairing store. (#6127) Thanks @obviyus.
  • Agents: add OpenRouter app attribution headers. Thanks @alexanderatallah.
  • Agents: add system prompt safety guardrails. (#5445) Thanks @joshp123.
  • Agents: update pi-ai to 0.50.9 and rename cacheControlTtl -> cacheRetention (with back-compat mapping).
  • Agents: extend CreateAgentSessionOptions with systemPrompt/skills/contextFiles.
  • Agents: add tool policy conformance snapshot (no runtime behavior change). (#6011)
  • Auth: update MiniMax OAuth hint + portal auth note copy.
  • Discord: inherit thread parent bindings for routing. (#3892) Thanks @aerolalit.
  • Gateway: inject timestamps into agent and chat.send messages. (#3705) Thanks @conroywhitney, @CashWilliams.
  • Gateway: require TLS 1.3 minimum for TLS listeners. (#5970) Thanks @loganaden.
  • Web UI: refine chat layout + extend session active duration.
  • CI: add formal conformance + alias consistency checks. (#5723, #5807)

Fixes

  • Plugins: validate plugin/hook install paths and reject traversal-like names.
  • Telegram: add download timeouts for file fetches. (#6914) Thanks @hclsys.
  • Telegram: enforce thread specs for DM vs forum sends. (#6833) Thanks @obviyus.
  • Streaming: flush block streaming on paragraph boundaries for newline chunking. (#7014)
  • Streaming: stabilize partial streaming filters.
  • Auto-reply: avoid referencing workspace files in /new greeting prompt. (#5706) Thanks @bravostation.
  • Tools: align tool execute adapters/signatures (legacy + parameter order + arg normalization).
  • Tools: treat "*" tool allowlist entries as valid to avoid spurious unknown-entry warnings.
  • Skills: update session-logs paths from .clawdbot to .openclaw. (#4502)
  • Slack: harden media fetch limits and Slack file URL validation. (#6639) Thanks @davidiach.
  • Lint: satisfy curly rule after import sorting. (#6310)
  • Process: resolve Windows spawn() failures for npm-family CLIs by appending .cmd when needed. (#5815) Thanks @thejhinvirtuoso.
  • Discord: resolve PluralKit proxied senders for allowlists and labels. (#5838) Thanks @thewilloftheshadow.
  • Tlon: add timeout to SSE client fetch calls (CWE-400). (#5926)
  • Memory search: L2-normalize local embedding vectors to fix semantic search. (#5332)
  • Agents: align embedded runner + typings with pi-coding-agent API updates (pi 0.51.0).
  • Agents: ensure OpenRouter attribution headers apply in the embedded runner.
  • Agents: cap context window resolution for compaction safeguard. (#6187) Thanks @iamEvanYT.
  • System prompt: resolve overrides and hint using session_status for current date/time. (#1897, #1928, #2108, #3677)
  • Agents: fix Pi prompt template argument syntax. (#6543)
  • Subagents: fix announce failover race (always emit lifecycle end; timeout=0 means no-timeout). (#6621)
  • Teams: gate media auth retries.
  • Telegram: restore draft streaming partials. (#5543) Thanks @obviyus.
  • Onboarding: friendlier Windows onboarding message. (#6242) Thanks @shanselman.
  • TUI: prevent crash when searching with digits in the model selector.
  • Agents: wire before_tool_call plugin hook into tool execution. (#6570, #6660) Thanks @ryancnelson.
  • Browser: secure Chrome extension relay CDP sessions.
  • Docker: use container port for gateway command instead of host port. (#5110) Thanks @mise42.
  • fix(lobster): block arbitrary exec via lobsterPath/cwd injection (GHSA-4mhr-g7xj-cg8j). (#5335) Thanks @vignesh07.
  • Security: sanitize WhatsApp accountId to prevent path traversal. (#4610)
  • Security: restrict MEDIA path extraction to prevent LFI. (#4930)
  • Security: validate message-tool filePath/path against sandbox root. (#6398)
  • Security: block LD*/DYLD* env overrides for host exec. (#4896) Thanks @HassanFleyah.
  • Security: harden web tool content wrapping + file parsing safeguards. (#4058) Thanks @VACInc.
  • Security: enforce Twitch allowFrom allowlist gating (deny non-allowlisted senders). Thanks @MegaManSec.
Check out latest releases or
releases around openclaw/openclaw v2026.2.1

Don't miss a new openclaw release

NewReleases is sending notifications on new releases.

Get notifications