AI News

OpenClaw v2026.3.2 Released: High-Density Update Highlights (Capability Expansions + Key Fixes + Upgrade Risks)

This release is very large (Changes 20 + Breaking 4 + Fixes 176). This article keeps all core additions and breaking changes, and curates a set of high-value fixes to balance information density with readability.

Mar 3, 2026 · GitHub Release · Article

OpenClaw v2026.3.2 is a very large update. Here are the most important items to look at first.

Highlights (Start Here)

  • New first-class PDF tool: Supports native PDF capabilities for Anthropic/Google. Non-native models automatically fall back, making it suitable for document-understanding workflows.
  • Model capability upgrades: Adds MiniMax-M2.5-highspeed and remains compatible with the legacy MiniMax-M2.5-Lightning configuration.
  • Unified cross-channel sending: sendPayload covers Discord/Slack/WhatsApp/Zalo and more. Multimedia and text chunking fallbacks are more reliable.
  • Better operability: Adds openclaw config validate --json, so configuration errors can be found and pinpointed before startup.
  • Major security and stability hardening: Fix coverage spans the gateway, plugin routing, webhooks, SSRF defenses, sandbox boundaries, browser/CDP, session locks, cron, and other critical paths.

Core Additions (Capabilities)

  • Expands the Secrets system to a broader credentials surface: SecretRef covers 64 targets; the openclaw secrets plan/apply/audit flow is more complete; unresolved references in active surfaces fail fast.
  • sessions_spawn adds inline attachments (base64/utf8), plus attachment limits and lifecycle cleanup.
  • Telegram default streaming policy changes to partial, and enhances private-chat sendMessageDraft preview streaming and the voice-mention precheck toggle.
  • The diffs tool supports PDF output and quality parameters (fileQuality/fileScale/fileMaxWidth).
  • Memory retrieval supports memorySearch.provider/fallback = ollama, enabling Ollama embeddings.
  • @openclaw/zalouser switches to in-process zca-js, removing the external CLI transport dependency.
  • Stronger plugin extension surface: exposes channelRuntime, adds api.runtime.stt.transcribeAudioFile(...), runtime.system.requestHeartbeatNow(...), runtime.events.* subscriptions, and other missing interfaces.
  • Enhanced message lifecycle hooks: adds message:transcribed and message:preprocessed, and enriches message:sent context (isGroup, groupId).

Upgrade Notes (Breaking)

  • New installs default to tools.profile=messaging, and no longer enable broad coding/system tools by default.
  • ACP dispatch is now enabled by default; to disable it, explicitly set acp.dispatch.enabled=false.
  • Plugin SDK removes api.registerHttpHandler(...); migrate to api.registerHttpRoute(...).
  • @openclaw/zalouser no longer depends on openzca/zca-cli. After upgrading, it is recommended to run openclaw channels login --channel zalouser to refresh the session.

Curated Key Fixes (By Theme)

  • Security: Plugin HTTP routes now require explicit auth, and add protection against route-ownership conflicts.

  • Security: ws:// defaults to loopback-only; plaintext on private networks requires explicitly setting OPENCLAW_ALLOW_INSECURE_PRIVATE_WS=1.

  • Security: Webhook entrypoint enforces “authenticate before reading body”, and adds body/time budgets to prevent slow requests from dragging the system down.

  • Security: Hardens gateway path canonicalization to prevent authentication bypass via deeply encoded paths.

  • Security: Strengthens SSRF protections and DNS pinning across flows such as web_fetch.

  • Security: sessions_spawn runtime=acp and sandbox inheritance boundaries change to fail-closed.

  • Security: writeFileWithinRoot uses more robust atomic writes plus post-write verification to reduce symlink/race risks.

  • Security: Unifies and hardens skills archive extraction, filling in tar safety boundaries.

  • Security: Improves prompt-injection defenses to suppress pollution from forged system-message markers.

  • Security: Tightens config backup permissions to 0600 and cleans up historical .bak.* exposure.

  • Sandbox: Mounts /workspace as read-only in non-rw scenarios; tools.fs.workspaceOnly also applies to local root paths for images/PDFs.

  • Sandbox: More robust Docker enablement logic and bootstrap rollback, reducing failures in “half-configured” states.

  • Channel stability: Fixes Feishu multi-bot mention routing to reduce false triggers.

  • Channel stability: Aligns Feishu /new, /reset, and the before_reset session-memory hook behavior.

  • Channel stability: Fixes Feishu topic routing and root-reply anchoring (thread_id/root_id handling is more robust).

  • Channel stability: Fixes private-chat pairing reply targets (chat:<chat_id>) and improves private-chat route detection.

  • Channel stability: Feishu default account selection now follows channels.feishu.defaultAccount more strictly.

  • Channel stability: Fixes Feishu inbound ordering, debouncing, and probe fallbacks to reduce drops/duplicates under bursty traffic.

  • Telegram: Fixes a crash when the token is missing (token.trim()); adds fallback handling for overlong (64-byte) model button callbacks.

  • Telegram: Forum system messages no longer bypass requireMention.

  • Slack: Adapts startup registration for Bolt 4.6+; authentication failures become fail-fast to avoid useless retries.

  • Slack: Optimizes thread-context injection, session routing, and inbound debouncing to reduce context bloat and routing confusion.

  • Discord: More accurate voice-attachment mention prechecks; restores parallel dispatch while preserving per-channel ordering.

  • Synology Chat/Twilio: Improves webhook compatibility, signature validation, receipts, and routing stability.

  • Browser/CDP: Better startup diagnostics (including stderr and no-sandbox hints); timeout settings now truly follow --timeout.

  • Browser/CDP: cdpReady now requires a successful Browser.getVersion, reducing “false healthy” states.

  • Browser/CDP: Stability fixes for startup readiness, reconnect tolerance, relay re-attach after disconnects, stale tab cleanup, and more.

  • Browser/CDP: Improves remote profile ownership checks and proxy-environment (NO_PROXY) compatibility.

  • Browser: Optimizes the default profile strategy (preferring openclaw) and supports profile-level attachOnly.

  • Gateway/UI: Under controlUiBasePath, webhook/POST route passthrough and 405 behavior are more consistent, reducing accidental blocking.

  • Sessions: Fixes PID reuse and stale lockfiles in Sessions/Lock recovery, reducing false deadlocks.

  • Sessions: Improves session-store cache invalidation (refreshes even when mtime is the same but size differs).

  • Cron: Moves the session reaper into finally to avoid long-term non-cleanup after exceptions.

  • Cron: Suppresses HEARTBEAT_OK noise leaking into user sessions.

  • Cron: Automatically migrates legacy schedule/command/timeout storage format, reducing post-upgrade error loops.

  • Hooks: Deduplicates after_tool_call triggers and fills in sessionKey/agentId; improves toolCallId/runId association accuracy.

  • OpenAI: Guards against empty WS tool-call call_id to avoid 400s; /v1/chat/completions respects x-openclaw-message-channel.

  • Models & operations: Earlier injection of config.env.vars, fixes Codex usage tags, adds heartbeat hot-reload for model configs, and aligns LanceDB embeddings dimensions.

Source

Comments

Replies are public immediately and may be moderated for policy violations.

Max 1000 characters.