Bot It OutBot It Out
Back to Newsletter
v2026.4.26OpenClawSecurity

TTS expansion, Claude/Hermes migration tools, Matrix E2EE, and cold plugin registry.

This release brings a major expansion of text-to-speech providers (Azure Speech, ElevenLabs v3, Volcengine, and more), new migration tools for importing Claude and Hermes configurations, Matrix end-to-end encryption support, and a revamped cold plugin registry for faster plugin management. Security improvements include safer device token rotation and hardened plugin symlink handling.

New features

New features

  • OpenClawTTS support expanded with Azure Speech, Xiaomi, Local CLI, Inworld, Volcengine, and ElevenLabs v3 providers.
  • OpenClawPer-agent TTS voice overrides — each agent can now use a different voice without changing the global setting.
  • OpenClawDiscord per-channel voice model override via `channels.discord.voice.model`.
  • OpenClawMatrix end-to-end encryption setup via `openclaw matrix encryption setup`.
  • OpenClawClaude migration tool (`openclaw migrate`) imports instructions, MCP servers, skills, and command prompts.
  • OpenClawHermes migration tool imports configuration, memory/plugin hints, model providers, MCP servers, skills, and credentials.
  • OpenClawCerebras added as a bundled AI provider with onboarding and static model catalog.
  • OpenClawGoogle Live browser Talk — new realtime transport for browser-based voice with ephemeral token support.
  • OpenClawStale gateway node cleanup via `openclaw nodes remove --node <id|name|ip>`.
  • OpenClawControl UI now supports PWA install and Web Push notifications.
Improvements

Improvements

  • OpenClawCold persisted plugin registry replaces broad manifest scans — faster `plugins list` and provider discovery.
  • OpenClaw`openclaw doctor --fix` now refreshes plugin index and cold registry automatically.
  • OpenClawOpenTelemetry coverage expanded across model calls, token usage, tool loops, exec processes, and memory pressure.
  • OpenClawBrowser automation improvements: safe tab URLs, CDP-native role snapshots, iframe awareness, and headless one-shot launch.
  • OpenClawOllama memory retrieval gets model-specific query prefixes for `nomic-embed-text`, `qwen3-embedding`, and `mxbai-embed-large`.
  • OpenClawOptional `maxActiveTranscriptBytes` for preflight transcript compaction on long-running sessions.
  • OpenClawAsymmetric embedding support via `memorySearch.inputType`, `queryInputType`, and `documentInputType`.
  • OpenClawGoogle Meet calendar-backed attendance export with dry-run previews.
Fixes

Fixes

  • OpenClawPlugin test files no longer trigger false-positive security scan failures during install.
  • OpenClawSymlinked plugin directories in global and workspace roots are now followed correctly during discovery.
  • OpenClawDocker slim runtime image now includes CA certificate bundle for outbound TLS.
Notes

Notes

  • OpenClawPlugin config direct load/write helpers are deprecated — use runtime snapshots with transactional mutation helpers instead.
  • OpenClawLegacy plugin registry (`OPENCLAW_DISABLE_PERSISTED_PLUGIN_REGISTRY`) is deprecated and will be removed in a future release.
  • OpenClawBundled `tokenjuice` runtime bumped to 0.6.3.
← Older: v2026.4.23

Running an older version?

Upgrade your instance from the dashboard to get everything above.

Open Dashboard