Unclaimed project
Are you a maintainer of openclaw? Claim this project to take control of your public changelog and roadmap.
Changelog
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
aiassistantcrustaceanmoltyopenclawown-your-data+1
Last updated about 2 hours ago
Back to changelogNew
openclaw 2026.2.2
Changes
- Feishu: add Feishu/Lark plugin support + docs. (#7313) Thanks @jiulingyun (openclaw-cn).
- Web UI: add Agents dashboard for managing agent files, tools, skills, models, channels, and cron jobs.
- Memory: implement the opt-in QMD backend for workspace memory. (#3160) Thanks @vignesh07.
- Security: add healthcheck skill and bootstrap audit guidance. (#7641) Thanks @Takhoffman.
- Config: allow setting a default subagent thinking level via
agents.defaults.subagents.thinking (and per-agent agents.list[].subagents.thinking). (#7372) Thanks @tyler6204.
- Docs: zh-CN translations seed + polish, pipeline guidance, nav/landing updates, and typo fixes. (#8202, #6995, #6619, #7242, #7303, #7415) Thanks @AaronWander, @taiyi747, @Explorer1092, @rendaoyuan, @joshp123, @lailoo.
Fixes
- Security: require operator.approvals for gateway /approve commands. (#1) Thanks @mitsuhiko, @yueyueL.
- Security: Matrix allowlists now require full MXIDs; ambiguous name resolution no longer grants access. Thanks @MegaManSec.
- Security: enforce access-group gating for Slack slash commands when channel type lookup fails.
Security: require validated shared-secret auth before skipping device identity on gateway connect.Security: guard skill installer downloads with SSRF checks (block private/localhost URLs).Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek.fix(voice-call): harden inbound allowlist; reject anonymous callers; require Telnyx publicKey for allowlist; token-gate Twilio media streams; cap webhook body size (thanks @simecek)Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly.fix(webchat): respect user scroll position during streaming and refresh (#7226) (thanks @marcomarandiz)Telegram: recover from grammY long-poll timed out errors. (#7466) Thanks @macmimi23.Agents: repair malformed tool calls and session transcripts. (#7473) Thanks @justinhuangcode.fix(agents): validate AbortSignal instances before calling AbortSignal.any() (#7277) (thanks @Elarwei001)Media understanding: skip binary media from file text extraction. (#7475) Thanks @AlexZhangji.Onboarding: keep TUI flow exclusive (skip completion prompt + background Web UI seed); completion prompt now handled by install/update.TUI: block onboarding output while TUI is active and restore terminal state on exit.CLI/Zsh completion: cache scripts in state dir and escape option descriptions to avoid invalid option errors.fix(ui): resolve Control UI asset path correctly.fix(ui): refresh agent files after external edits.Docs: finish renaming the QMD memory docs to reference the OpenClaw state dir.Tests: stub SSRF DNS pinning in web auto-reply + Gemini video coverage. (#6619) Thanks @joshp123.