OpenClaw’s Last 10 Releases: A Technical Deep Dive from Beginner to Power User

Release Overview

Between 2026‑02‑19 and 2026‑03‑09 OpenClaw delivered 10 releases (100 changes) across five dimensions: 38 % new features, 24 % security fixes, 18 % bug fixes, 12 % breaking changes, and 8 % infrastructure updates.

Change‑Type Distribution

Feature: 38 (38 %)

Security: 24 (24 %)

Bug fix: 18 (18 %)

Breaking: 12 (12 %)

Infra: 8 (8 %)

Version Composition

v2026.2.23 is the security peak (5 CVEs, SSRF policy rewrite). v2026.2.24‑2.25 contain consecutive breaking changes to the Heartbeat DM policy. v2026.3.2 combines high security and breaking scores.

Subsystem Change Count

Security/Auth: 22 changes

Gateway: 18 changes

Mobile: 16 changes

AI Providers: 15 changes

Feishu/Channels: 13 changes

Config/CLI: 12 changes

Agent/ACP: 11 changes

Docker/Ops: 9 changes

Maturity Scores

Security system: 72/88, Architecture scalability: 62/85, Ops deployment: 68/75, Platform ecosystem: 45/80 (largest gap), AI providers: 52/78, Config management: 65/70, Mobile: 38/62, Internationalization: 40/42 (stagnant).

Security Fixes & Breaking Changes

Cumulative security and breaking changes per version (e.g., v2026.2.23 → 10 security, 3 breaking; v2026.3.2 → 19 security, 10 breaking).

Key Breaking Changes

v2026.2.23

: SSRF policy key allowPrivateNetwork replaced by browserAccess.ssrfPolicy. Migration via openclaw doctor --fix or manual edit. v2026.2.24‑v2026.2.25: Heartbeat DM default flipped from allow to block and back, affecting monitoring alerts. v2026.3.2: Plain‑text ws:// blocked on private networks; recommended OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1 or migrate to wss://. v2026.3.2: SecretRef parsing changed to fail‑fast; run openclaw secrets audit before upgrade. v2026.2.25: Anthropic authentication narrowed to setup-token only.

CVE Details

Four CVEs fixed in v2026.2.23:

CVE‑2026‑26322: WebSocket target injection leading to internal SSRF; fixed by adding trusted‑network policy and deprecating allowPrivateNetwork.

CVE‑2026‑26319: Webhook signature verification bypass via insecure === comparison; fixed with crypto.timingSafeEqual.

CVE‑2026‑26323: Plugin/Hook path traversal allowing arbitrary command execution; fix enforces whitelist‑based path.resolve().

CVE‑2026‑26326: Skills execution leaked API keys through process.env; fix scopes keys to a separate environment.

Architecture Evolution

Quadrant chart shows rapid growth in platform ecosystem and AI provider integration, while internationalization lags.

New Capabilities Milestones

v2026.2.26: Multi‑agent proxy binding CLI openclaw agents bindings/bind/unbind.

v2026.3.1: Claude 4.6 adaptive thinking and standard K8s health probes.

v2026.3.2: Native PDF tool, Feishu multi‑agent broadcast.

v2026.3.7: ContextEngine plugin architecture with seven lifecycle hooks.

v2026.3.8: Backup tool and ACP provenance verification.

Upgrade Checklist

Prioritize CRITICAL → HIGH → MEDIUM fixes. Pre‑upgrade steps include running openclaw secrets audit, fixing deprecated keys, confirming Anthropic auth method, and creating a backup with openclaw backup create. Post‑upgrade steps include running openclaw doctor, testing webhooks, verifying heartbeat policy, and optionally checking backup integrity.