Download Latest Version OpenClaw-2026.2.3.dSYM.zip (33.5 MB)
Email in envelope

Get an email when there's a new version of OpenClaw

Home / v2026.2.1
Name Modified Size InfoDownloads / Week
Parent folder
OpenClaw-2026.2.1.dmg 2026-02-02 17.7 MB
40 40 weekly downloads
OpenClaw-2026.2.1.zip 2026-02-02 22.5 MB
263 263 weekly downloads
openclaw 2026.2.1 source code.tar.gz 2026-02-02 18.7 MB
3 3 weekly downloads
openclaw 2026.2.1 source code.zip 2026-02-02 21.2 MB
5 5 weekly downloads
README.md 2026-02-02 4.2 kB
6 6 weekly downloads
Totals: 5 Items   80.1 MB 317

Changes

  • Docs: onboarding/install/i18n/exec-approvals/Control UI/exe.dev/cacheRetention updates + misc nav/typos. (#3050, [#3461], [#4064], [#4675], [#4729], [#4763], [#5003], [#5402], [#5446], [#5474], [#5663], [#5689], [#5694], [#5967], [#6270], [#6300], [#6311], [#6416], [#6487], [#6550], [#6789])
  • Telegram: use shared pairing store. (#6127) Thanks @obviyus.
  • Agents: add OpenRouter app attribution headers. Thanks @alexanderatallah.
  • Agents: add system prompt safety guardrails. (#5445) Thanks @joshp123.
  • Agents: update pi-ai to 0.50.9 and rename cacheControlTtl -> cacheRetention (with back-compat mapping).
  • Agents: extend CreateAgentSessionOptions with systemPrompt/skills/contextFiles.
  • Agents: add tool policy conformance snapshot (no runtime behavior change). (#6011)
  • Auth: update MiniMax OAuth hint + portal auth note copy.
  • Discord: inherit thread parent bindings for routing. (#3892) Thanks @aerolalit.
  • Gateway: inject timestamps into agent and chat.send messages. (#3705) Thanks @conroywhitney, @CashWilliams.
  • Gateway: require TLS 1.3 minimum for TLS listeners. (#5970) Thanks @loganaden.
  • Web UI: refine chat layout + extend session active duration.
  • CI: add formal conformance + alias consistency checks. (#5723, [#5807])

Fixes

  • Plugins: validate plugin/hook install paths and reject traversal-like names.
  • Telegram: add download timeouts for file fetches. (#6914) Thanks @hclsys.
  • Telegram: enforce thread specs for DM vs forum sends. (#6833) Thanks @obviyus.
  • Streaming: flush block streaming on paragraph boundaries for newline chunking. (#7014)
  • Streaming: stabilize partial streaming filters.
  • Auto-reply: avoid referencing workspace files in /new greeting prompt. (#5706) Thanks @bravostation.
  • Tools: align tool execute adapters/signatures (legacy + parameter order + arg normalization).
  • Tools: treat "*" tool allowlist entries as valid to avoid spurious unknown-entry warnings.
  • Skills: update session-logs paths from .clawdbot to .openclaw. (#4502)
  • Slack: harden media fetch limits and Slack file URL validation. (#6639) Thanks @davidiach.
  • Lint: satisfy curly rule after import sorting. (#6310)
  • Process: resolve Windows spawn() failures for npm-family CLIs by appending .cmd when needed. (#5815) Thanks @thejhinvirtuoso.
  • Discord: resolve PluralKit proxied senders for allowlists and labels. (#5838) Thanks @thewilloftheshadow.
  • Tlon: add timeout to SSE client fetch calls (CWE-400). (#5926)
  • Memory search: L2-normalize local embedding vectors to fix semantic search. (#5332)
  • Agents: align embedded runner + typings with pi-coding-agent API updates (pi 0.51.0).
  • Agents: ensure OpenRouter attribution headers apply in the embedded runner.
  • Agents: cap context window resolution for compaction safeguard. (#6187) Thanks @iamEvanYT.
  • System prompt: resolve overrides and hint using session_status for current date/time. (#1897, [#1928], [#2108], [#3677])
  • Agents: fix Pi prompt template argument syntax. (#6543)
  • Subagents: fix announce failover race (always emit lifecycle end; timeout=0 means no-timeout). (#6621)
  • Teams: gate media auth retries.
  • Telegram: restore draft streaming partials. (#5543) Thanks @obviyus.
  • Onboarding: friendlier Windows onboarding message. (#6242) Thanks @shanselman.
  • TUI: prevent crash when searching with digits in the model selector.
  • Agents: wire before_tool_call plugin hook into tool execution. (#6570, [#6660]) Thanks @ryancnelson.
  • Browser: secure Chrome extension relay CDP sessions.
  • Docker: use container port for gateway command instead of host port. (#5110) Thanks @mise42.
  • fix(lobster): block arbitrary exec via lobsterPath/cwd injection (GHSA-4mhr-g7xj-cg8j). (#5335) Thanks @vignesh07.
  • Security: sanitize WhatsApp accountId to prevent path traversal. (#4610)
  • Security: restrict MEDIA path extraction to prevent LFI. (#4930)
  • Security: validate message-tool filePath/path against sandbox root. (#6398)
  • Security: block LD/DYLD env overrides for host exec. (#4896) Thanks @HassanFleyah.
  • Security: harden web tool content wrapping + file parsing safeguards. (#4058) Thanks @VACInc.
  • Security: enforce Twitch allowFrom allowlist gating (deny non-allowlisted senders). Thanks @MegaManSec.
Source: README.md, updated 2026-02-02