OpenClaw v2026.3.23
Stability & Polish Patch
13
Fixes
0
Breaking Changes
Security
Hardened
Chrome MCP attach timing & CDP loopback reuse
Chrome MCP treated initial handshake as ready immediately → user-profile timeouts & repeated consent churn on macOS attach flows.
CDP loopback miss → immediate relaunch detection → second-run browser regressions on slower headless Linux.
Wait for usable state after attach before signalling ready → no more consent churn or timeouts. #52930
Reuse running loopback after short reachability miss → second-run start/open works reliably. #53004
Skill browsing now stays authenticated on macOS
Honor macOS auth config & XDG auth paths for saved ClawHub credentials so openclaw skills stays signed in.
Read local ClawHub login from Application Support path & still honor XDG on macOS for both default and XDG setups.
Resolve local auth token for gateway skill browsing & switch browse-all to search — stops 429s & empty lists.
Discord components & Slack blocks are optional again — #52970 / #52962
message({
action: 'send',
channel: 'discord',
// components REQUIRED →
// pin/react fails schema!
components: { ... }
})
pin, unpin, react flows all failed validation. Feishu media attachments silently dropped.
message({
action: 'pin',
channel: 'discord',
// components optional →
// all flows pass schema ✓
})
// Feishu media → outbound path ✓
Discord components & Slack blocks optional. Feishu file/image sends routed correctly.
openrouter/auto bootstrap no longer recurses indefinitely — #53035
openrouter/auto pricing refresh called itself recursively during gateway bootstrap, causing a stack overflow before cached pricing could populate.
OpenRouter auto routes can now populate cached pricing correctly and usage.cost is reported accurately again.
Anyone using openrouter/auto as their routing model saw $0.00 cost on all requests and potential gateway hangs at startup.
Deterministic 422 errors eliminated — #52599
Bundled Mistral max-token defaults were set to context-window size — the full context limit.
Persisted provider configs from older installs carried these inflated values, causing Mistral 422 rejects on every request.
Lowered bundled Mistral max-token defaults to safe output budgets.
openclaw doctor --fix now repairs old persisted configs automatically — no manual edits required.
web_search now uses the active runtime provider instead of stale/default selection. #53020
Agent turns consistently hit the provider you actually configured.
Exec approvals • Gateway auth • Canvas routes
Shell-wrapper positional-argv allowlist now rejects single-quoted $0/$n tokens, disallows newline-separated exec, and still accepts exec -- carrier forms.
Canvas routes now require authentication. Agent session reset requires admin scope. Anonymous canvas access and non-admin reset requests fail closed.
Three independent hardening points closing different attack surfaces: CLI injection, API auth bypass, and admin privilege escalation.
Probe false-negatives • Supervision lock crash-loop
Before: Successful gateway handshakes timed out as unreachable while post-connect detail RPCs were still loading on slow devices.
After: Slow devices report a reachable RPC failure instead of a false-negative dead gateway.
Before: Lock conflicts under launchd/systemd caused duplicate processes to exit as failures, crash-looping the supervisor.
After: Duplicate process enters a retry wait while the healthy gateway owns the lock — no more crash-loops.
Startup crash eliminated • Bundled plugins preserved
Root cause: Duplicate resolveMatrixAccountStringValues runtime-API exports under Jiti caused a Cannot redefine property crash at startup.
Fix: Deduplicated exports — bundled Matrix installs start cleanly.
Before: Previously released bundled plugins and Control UI assets were stripped from npm publishes.
After: Bundled plugins & UI assets are preserved in npm publishes. Release checks now fail if shipped artifacts are missing.
Pure stability patch — safe to upgrade immediately
npm update -g openclaw
Then run: openclaw doctor --fix