OpenClaw 3.12

Dashboard v2 & Fast Mode

Version v2026.3.12 β€” March 13, 2026

10
Security Fixes
6
Major Features
8
Critical Fixes

πŸŽ›οΈ Control UI Dashboard v2

The biggest feature in 3.12

Modular Views

Overview, Chat, Config, Agent, Session β€” each with dedicated UI

Command Palette

Quick access to all actions with keyboard shortcuts

Mobile Bottom Tabs

Optimized navigation for mobile devices

Slash Commands

Inline commands, search, export, pinned messages

Complete UI refresh β€” Modern, responsive, and powerful
Access via Control UI in your OpenClaw instance

⚑ Fast Mode for GPT-5.4 & Claude

πŸ’¬
/fast command
πŸ–₯️
TUI toggle
πŸŽ›οΈ
Control UI
πŸ”§
ACP config

Session-level fast toggles:

  • Maps to OpenAI/Anthropic service_tier requests
  • Configurable per session for flexible workflows
  • Available across all interfaces: CLI, TUI, Control UI, ACP
  • Optimized for speed-critical tasks

Performance boost when you need it most

πŸ”Œ Provider Plugin Architecture

Ollama
Plugin
vLLM
Plugin
SGLang
Plugin

What changed:

  • Ollama, vLLM, and SGLang moved to plugin system
  • Provider-owned onboarding and discovery
  • Cleaner core architecture
  • Easier to add new providers

Extensible by design β€” Build your own provider plugins

☸️ Kubernetes Support

πŸ“¦
Raw Manifests
πŸ”§
Kind Setup
πŸ“š
Deployment Docs

Starter K8s install path:

  • Production-ready Kubernetes manifests included
  • Kind (Kubernetes in Docker) setup for local development
  • Comprehensive deployment documentation
  • Scale OpenClaw across your cluster

Enterprise-ready β€” Deploy OpenClaw at scale

πŸ”§ Developer Features

sessions_yield

New tool for orchestrators to end current turn immediately and carry hidden follow-up payload

Perfect for complex multi-turn workflows

Slack Block Kit

Support for channelData.slack.blocks in agent replies

Rich interactive messages in Slack

Enhanced developer workflows and platform integrations

πŸ”’ Security Overview

10 security fixes in this release

3
Exec Security
3
Auth & Access
4
Isolation & Sandbox

Critical areas addressed:

  • Device pairing and bootstrap token security
  • Workspace plugin trust model
  • Exec approval and obfuscation detection
  • Command authorization and scope management
  • Browser profile isolation
  • Agent spawning and sandbox visibility

πŸ”’ Security Deep Dive (Part 1)

Device Pairing (GHSA-pcqg-f7rg-xfvv)

βœ… Short-lived bootstrap tokens β€” no more embedded credentials in QR codes

Workspace Plugins

βœ… Disabled implicit auto-load β€” requires explicit trust

Exec Approvals (GHSA-pcqg-f7rg-xfvv)

βœ… Escape invisible Unicode in approval prompts

Exec Detection (GHSA-9r3v-37xh-2cf6)

βœ… Normalize Unicode before obfuscation checks

πŸ”’ Security Deep Dive (Part 2)

Exec Allowlist (GHSA-f8r2-vg7x-gh8m)

βœ… Preserve POSIX case sensitivity

Commands (GHSA-r7vr-gr74-94p8)

βœ… Require sender ownership for /config and /debug

Gateway Auth (GHSA-rqpp-rjj8-7wv8)

βœ… Clear unbound client-declared scopes

Browser.request (GHSA-vmhq-cqm9-6p7q)

βœ… Block persistent profile create/delete

πŸ”§ Major Fixes

Kimi Coding

Native Anthropic tool format restored β€” proper tool calling support

TUI

No more duplicate assistant replies in terminal interface

Telegram Model Picker

Persistent selections fixed β€” your model choice now sticks

Cron Delivery

No duplicate proactive messages after restart

Subagent completion: 90s timeout, no duplicate announces

πŸ› οΈ Platform Fixes

Mattermost

Fixed duplicate delivery with block streaming β€” clean message delivery

Windows Native Update

Portable Git support β€” easier updates on Windows

Sandbox Write

Fixed empty file bug β€” reliable file operations in sandbox

Agent Spawning (GHSA-2rqg-gjgv-84jm)

Reject public workspace override β€” security hardening

session_status (GHSA-wcxr-59v9-rxr8): Enforce sandbox visibility guards

πŸ’‘ What This Means for Users

πŸŽ›οΈ
Better UI
⚑
Faster
πŸ”’
Safer
πŸ”Œ
Extensible
  • Dashboard v2: Modern, responsive Control UI with modular views
  • Fast Mode: Speed boost for GPT-5.4 & Claude when you need it
  • Security: 10 fixes across device pairing, exec, auth, and isolation
  • Plugins: Extensible provider architecture for custom integrations
  • Kubernetes: Enterprise-ready deployment at scale
  • Stability: Critical fixes for Kimi, TUI, Telegram, Cron, and more

⚠️ Upgrade Recommendations

Security Fixes

10 security fixes β€” upgrade recommended for all users

Priority areas:

  • Device pairing: Bootstrap token security improvements
  • Workspace plugins: Explicit trust model now required
  • Exec security: Unicode normalization and approval escaping
  • Command auth: Sender ownership enforcement
  • Sandbox isolation: Visibility and workspace override protection

Review your workspace plugins and exec allowlists after upgrading

Upgrade to 3.12

OpenClaw v2026.3.12

Dashboard v2, Fast Mode, 10 security fixes, and major stability improvements

Update command:

npm install -g openclaw@latest

Full release notes: github.com/openclaw/openclaw

Documentation: docs.openclaw.com