Security & Reliability
OpenClaw 2026.5.26 is a refinement release focused on closing security gaps in the memory layer and ensuring that user sessions remain robust across runtime transitions.
Security: Hardening the Memory Boundary
As agents become more autonomous, the integrity of their long-term memory is critical. This release introduces new safeguards to prevent malicious text from entering your knowledge base.
- Memory Store Validation: Text submitted via
memory_storeis now scrubbed for prompt-injection patterns before embedding. - Auth Rate Limiting: A default rate limiter is now active for all remote non-browser and HTTP gateway auth failures.
- SSRF Protection: Browser snapshot URLs are now validated against SSRF policies before ChromeMCP or CDP reads.
- Label Sanitization: Queued system-event text is sanitized to prevent plugin or channel labels from spoofing nested prompt markers.
Robust User Turn Persistence
Ensuring that your interaction history is never lost or corrupted is a top priority.
- Immediate Admission: User turns from CLI, WebChat, and media hooks are now persisted to the target session immediately.
- Idempotent Runtimes: Cleaned transcript text and provenance metadata are now idempotent, ensuring consistency across runtime restarts.
- Codex Mirrors: History from Codex app-server threads is now accurately projected into resumed OpenClaw sessions.
Gateway Performance & Efficiency
We've trimmed the Gateway's runtime overhead to provide a snappier experience.
- CPU Churn Reduction: Startup warnings and preparer stores are now reused, reducing initialization cycles.
- Lazy Metadata: Slash-command startup metadata is now lazy-loaded, speeding up the initial 'Ready' signal.
- Bounded Processes: Docker builds and install probes are now strictly bounded with timeouts to prevent wedged gates.
Platform & UI Updates
Quality-of-life improvements across the Control UI and messaging channels.
- TUI Prompt Queuing: Busy TUI prompts are now queued instead of dropped during heavy background work.
- iMessage Attachments: Support for reading image attachments from local Messages roots on macOS.
- Telegram Reliability: Better handling of inbound text entities and overlapping DM replies.
- Discord Voice: Improved playback stability and bucketed model picker menus.
Technical Highlights
- Rastermill: Replaced Sharp with Rastermill for more efficient image processing and EXIF normalization.
- Network Recovery: Telegram now treats ENETDOWN as a transient failure, following the standard recovery path.
- SDK Stability: Stabilized diagnostic event exports and plugin LLM command auth binding.
Upgrade Guide
Who should upgrade?
- Users utilizing the Memory Wiki who want to prevent prompt-injection poisoning
- Builders requiring high session reliability across CLI and Web runtimes
- macOS users relying on iMessage image attachment support
How to Upgrade
Update your installation via the terminal:
openclaw update
FAQ
What is the new memory prompt-injection filter?
It's a security layer that validates text submitted through the explicit memory_store tool. It rejects prompt-like patterns before they are embedded or stored in your Memory Wiki, preventing 'poisoning' of your agent's long-term context.
How does User Turn Persistence work?
CLI, WebChat, and Codex-mirror user turns are now persisted to the admitted session target immediately. This ensures that transcript history, inline image routing, and provenance metadata remain consistent even if a runtime fails or restarts.
What's new for Telegram and iMessage?
Telegram now preserves inbound text entities and overlapping DM replies more accurately. iMessage adds support for reading image attachments from local roots and improves attachment command handling.
How has Gateway performance improved?
We've reduced Gateway CPU churn by lazy-loading slash-command metadata and avoiding redundant session touches on read paths. Startup phases are now more strictly bounded with process-group timeouts.
Need help from people who already use this stuff?
Join the OpenClaw Community
Get help with your setup, share your agent workflows, and stay up to date with the latest releases in our profit-lab community.