OpenClaw 2026.2.1 Released with Security Hardening

Version 2026.2.1 Highlights

Security Improvements

• Slack Hardening: Hardened media fetch limits and Slack file URL validation
• Skills Path Update: Updated session-logs paths from .clawdbot to .openclaw

Bug Fixes

• Windows Compatibility: Resolved Windows spawn() failures for npm-family CLIs by appending .cmd when needed
• Discord PluralKit: Resolved PluralKit proxied senders for allowlists and labels
• Memory Search: L2-normalize local embedding vectors to fix semantic search

Agent Updates

• Aligned embedded runner + typings with pi-coding-agent API updates (pi 0.51.0)
• Ensured OpenRouter attribution headers apply in the embedded runner
• Capped context window resolution for compaction safeguard

Previous Release: 2026.1.30

Key features from the previous release:

• Shell Completion: Native autocompletion for Zsh, Bash, PowerShell, and Fish — auto-set up during onboarding

Security Note (v2026.1.29)

Important security changes introduced in v2026.1.29:

• Gateway auth is no longer optional: the "none" mode has been removed
• A token, password, or Tailscale Serve identity is now required
• Doctor warnings for exposed gateways
• Fail-closed defaults

Upgrade Recommendation

Recommended: This is a recommended upgrade for all users, especially for security improvements and Windows compatibility fixes.

Upgrade Instructions

# Using npm
npm update -g openclaw

# Or via GitHub
git pull origin main
pnpm install
pnpm build