Bot It OutBot It Out
Back to Newsletter
v2026.5.27OpenClawSecurity

Transcripts go core, OpenAI-compatible embeddings, Pixverse video, and a swept-up security boundary across SSRF, prompt-injection, and device-token paths.

Spans OpenClaw 2026.5.8–2026.5.27. Transcripts move from beta into core (transcript-backed meeting summaries, cleaned user turns, source-provider chunks); the image backend swaps from Sharp to Rastermill for faster metadata, resizing, and EXIF handling; an OpenAI-compatible embedding provider lands for memory systems; Pixverse joins the video generators. Security gets a broad pass: SSRF policy enforcement on browser snapshots, prompt-injection filtering on memory tools, group prompt text kept out of system prompts, repeated-dot hostname normalization, and stale device-token rejection. The Control UI gains an Activity tab and the TUI queues busy prompts instead of dropping them.

New features

New features

  • OpenClawTranscripts are now a core feature: transcript-backed meeting summaries, source-provider chunks, cleaned user turns.
  • OpenClawOpenAI-compatible embedding provider for memory systems.
  • OpenClawPixverse joins the video-generation providers.
  • OpenClawReaction-based message approvals for Signal, iMessage, and WhatsApp.
  • OpenClawActivity tab added to the Control UI for real-time tool summaries.
  • OpenClaw`openclaw qa coverage --match <query>` for focused scenario selection in QA-Lab.
  • OpenClawDiscord alpha-bucket model picker for plugin lists exceeding 25 items.
  • OpenClawBundled Codex CLI updated to 0.134.0.
Improvements

Improvements

  • OpenClawImage backend swapped from Sharp to Rastermill for metadata, resizing, and EXIF orientation handling.
  • OpenClawGateway hot-paths optimised via metadata caching to reduce repeated work.
  • OpenClawTUI now queues busy prompts instead of dropping them.
  • OpenClaw`cron.maxConcurrentRuns` default raised to 8.
  • OpenClawDoctor command improved with explicit restart guidance.
  • OpenClawStricter CLI validation for numeric and version options.
  • OpenClaw`openclaw status` output now includes more subagent detail.
  • OpenClawChannel delivery improvements across Matrix, iMessage, Slack, Discord, and Teams.
Fixes

Fixes

  • OpenClawFaster failure detection in CLI/auth/doctor paths.
  • OpenClawLegacy `api_key` auth profiles auto-migrated to the canonical form on load.
  • OpenClawAgent runtime recovery: workspace separation and hook context isolation hardened.
Breaking changes

Breaking changes

  • OpenClawWhatsApp accounts no longer auto-infer `groupPolicy` from `groupAllowFrom` (Telegram still does). If you set `groupAllowFrom` on WhatsApp, also set `groupPolicy: allowlist` explicitly. Bot It Out's deployer already does this — only relevant if you edit WhatsApp config by hand.
  • OpenClawChannel SDK refactor: channel message compatibility moved into core and old channel turn runtime aliases removed. Third-party channel plugins may need updates.
  • OpenClawMemory-specific embedding provider registration is now deprecated compatibility — use the generic embedding provider interface.
Notes

Notes

  • SecurityBrowser snapshot SSRF validation added.
  • SecuritySystem-event text sanitization prevents prompt-marker spoofing.
  • SecurityFetched files are now wrapped as external content to fence prompt-injection vectors.
  • SecurityGroup prompt text is kept out of the system prompt; repeated-dot hostnames are normalised.
  • SecurityStale device tokens are rejected at validation time.
  • SecurityClickClack allowlist enforcement and phone-control mutation authorization tightened.
← Older: v2026.5.7

Running an older version?

Upgrade your instance from the dashboard to get everything above.

Open Dashboard