Newsletter
One edition per supported OpenClaw version. New features, improvements, and fixes — straight from the release we just validated.
Spans OpenClaw 2026.5.28–2026.6.8. Telegram replies now render tables, lists, and blockquotes with line breaks preserved; the Control UI chat got noticeably faster on startup, streaming, and first reply; and the new Skill Workshop lets agents propose, review, and roll back skills. Under the hood, channel state and cron stores move to SQLite with automatic migration, and the newest models land (Claude Opus 4.8, Claude Haiku 4.5, GLM-5.2). One platform change to know about: Discord, Slack, and WhatsApp plugins are now installed on demand rather than bundled — Bot It Out handles this for you automatically, so adding those channels keeps working without any action on your part.
Spans OpenClaw 2026.5.8–2026.5.27. Transcripts move from beta into core (transcript-backed meeting summaries, cleaned user turns, source-provider chunks); the image backend swaps from Sharp to Rastermill for faster metadata, resizing, and EXIF handling; an OpenAI-compatible embedding provider lands for memory systems; Pixverse joins the video generators. Security gets a broad pass: SSRF policy enforcement on browser snapshots, prompt-injection filtering on memory tools, group prompt text kept out of system prompts, repeated-dot hostname normalization, and stale device-token rejection. The Control UI gains an Activity tab and the TUI queues busy prompts instead of dropping them.
This release spans four OpenClaw versions (2026.5.4–2026.5.7) and brings owner-permission enforcement for native commands, cron CLI improvements with computed status fields, Docker compose hardening, and a broad sweep of channel-specific fixes across Discord, Telegram, WhatsApp, and Slack. Security improvements include WebSocket scope clamping, SSRF checks, and admin-gated memory toggles.
This release introduces a unified streaming progress mode across all channels, a new file-transfer plugin with default-deny security policies, stricter gateway config validation (fails closed instead of auto-restoring), and significant startup performance improvements through lazy-loading. Security hardening includes plugin install scanner improvements and symlink traversal protection in file transfers.
This release consolidates thread-spawn configuration into a single `threadBindings.spawnSessions` key (migrated automatically by `doctor --fix`), adds force-restart and wait flags for the gateway, introduces first-class git-based plugin installs, and brings Grok 4.3 as the default xAI chat model. Security hardening includes ClawPack response verification and BlueBubbles SSRF protection.
This release brings a major expansion of text-to-speech providers (Azure Speech, ElevenLabs v3, Volcengine, and more), new migration tools for importing Claude and Hermes configurations, Matrix end-to-end encryption support, and a revamped cold plugin registry for faster plugin management. Security improvements include safer device token rotation and hardened plugin symlink handling.
This release adds broad new provider capabilities — xAI image generation, TTS, and STT — along with a local TUI mode for terminal chats without the gateway. Security improvements include hardened Bot Framework token validation and rejection of non-HTTP(S) attachment URLs. Performance gains of up to 90% for bundled plugin loading round out the update.
This release strengthens command security with stricter owner identity checks, adds automatic session store pruning to keep things tidy, and brings streaming replies to Mattermost. Also includes dozens of reliability fixes across providers and channels.
This release focuses on security hardening — tighter trust boundaries for tool results, better secret redaction, and stricter DM pairing controls. Dreaming memory files now default to separate storage for cleaner organization.
This release adds forward compatibility for OpenAI's GPT-5.4 Pro model, a smarter Active Memory plugin that pulls context before replying, and Telegram forum topic awareness. Plus dozens of reliability and security fixes across channels and providers.
Your agents can now remember things between conversations with the new Active Memory plugin. This version also adds Codex as a built-in provider and gives Microsoft Teams users new message actions.