Security

OpenClaw v2026.5.28-beta.2 delivers major stability and safety improvements across agent runtime recovery, channel delivery, mobile/chat surfaces, and provider coverage. Key enhancements include steadier subagent workspace separation, safer session identity handling across multiple channels (Matrix, Slack, Discord, Teams, etc.), broader mobile UI refresh, stricter input validation, expanded provider support (Claude Opus 4.8, Fal Krea, NVIDIA models), and faster CLI/auth failure detection with clearer recovery paths.

OpenClaw v2026.5.28-beta.1 delivers major stability and safety improvements across agent runtime recovery, channel delivery, mobile/chat surfaces, CLI/auth tooling, and performance optimization. Key enhancements include steadier subagent workspace separation, safer session identity handling across plugins and messaging platforms, broader mobile UI refresh with state preservation, faster CLI failure modes with clearer recovery guidance, and reduced repeated work in hot paths through improved caching. The release also expands documentation, adds ClawHub plugin features, and strengthens QA/E2E validation with bounded logging and cross-OS artifact handling.

crewAI 1.14.6a2 release introduces enhanced security for environment variable handling in StdioTransport, improves planning configuration and observation handling, and fixes critical bugs in structured output, checkpointing, and MongoDB dependencies. The release includes comprehensive documentation updates for checkpointing, Agent Control Plane, and secrets management. Key improvements focus on preventing data leaks, enabling proper checkpoint restoration, and correcting package dependencies.

OpenClaw v2026.5.26 is a major release focused on performance, reliability, and security. Key improvements include faster Gateway startup through caching, transcript-backed meeting summaries as a core feature, production-ready channels (Telegram, iMessage, WhatsApp, Discord, Signal), enhanced voice/Talk capabilities with real-time inspection, and stronger content boundaries with SSRF policy enforcement. The release also hardens installation/update paths, improves observability with Activity tabs and OpenTelemetry spans, and stabilizes provider integrations.

OpenClaw v2026.5.26-beta.2 introduces significant performance improvements through caching and transcript-backed architecture, expands production-ready channels (Telegram, iMessage, WhatsApp, Discord, Signal), enhances voice and real-time Talk capabilities with better inspection and control, strengthens security boundaries across content handling and authentication, and improves observability with new Activity tab and OpenTelemetry spans. The release hardens installation/update paths and adds reaction approval support across mobile platforms.

OpenClaw v2026.5.26-beta.1 delivers significant performance improvements through reply optimization and metadata caching, enhances voice and multi-channel capabilities with realtime Talk inspection and improved channel support (Telegram, iMessage, WhatsApp, Discord, Signal), strengthens agent safety with better auth and sandbox handling, and introduces new observability features including Activity tabs and OpenTelemetry LLM spans. The release also replaces Sharp with Rastermill for image processing, adds transcript capture support, and hardens installation/update reliability across Windows, macOS, and Docker platforms.

OpenClaw v2026.5.24-beta.2 introduces significant performance optimizations across Gateway, caching, and lazy-loading mechanisms, while expanding real-time capabilities for Discord voice and WebUI interactions. New features include iMessage thumb-approval reactions, adaptive image compression, a Meeting Notes plugin for Discord voice capture, and enhanced CLI/onboarding workflows. The release also includes extensive documentation improvements, diagnostics enhancements for observability, and Plugin SDK modernization with deprecated target helpers.

OpenClaw v2026.5.22-beta.1 is a comprehensive release focused on documentation improvements, performance optimizations, and QA enhancements. Key updates include reducing package size by excluding documentation assets, improving model listing performance by ~4,100x through auth-state pre-warming, adding session pagination to the chat UI, and expanding QA-Lab test coverage with new runtime parity scenarios. The release also refines plugin SDK capabilities, updates dependencies including protobufjs to 8.4.0, and clarifies configuration guidance across multiple integrations (WhatsApp, Telegram, Discord, xAI/Grok, etc.).

Claude Code v2.1.149 introduces enhanced usage analytics with per-category breakdowns, improved keyboard navigation in diff views, and GFM task list rendering. The release includes enterprise features for MCP connectors and fixes numerous security vulnerabilities in PowerShell execution, sandbox permissions, and file system operations. Additionally, UI/UX improvements address transcript freezing, argument hints, and feedback reporting for better debugging in long sessions.

OpenClaw v2026.5.20 is a maintenance and feature release that enhances Discord voice session handling with context awareness, adds device-code OAuth for xAI, introduces a bundled Policy plugin for workspace conformance checks, and includes numerous bug fixes across CLI tasks, provider integrations, and agent configurations. Key improvements focus on security (symlink validation, plaintext secret warnings), reliability (task maintenance tracking, image timeouts, hook timeouts), and user experience (model pinning clarity, typing indicators, Discord button preservation).

OpenClaw v2026.5.20-beta.2 introduces significant improvements to Discord voice sessions with context-aware profile integration, adds device-code OAuth for xAI provider authentication, implements a bundled Policy plugin for workspace conformance checks, and includes numerous bug fixes across CLI tasks, Codex app-server, provider integrations, and agent message handling. The release enhances security by removing legacy skill-file compatibility paths and warning about plaintext secrets in configuration, while improving stability through better error handling, timeout management, and diagnostic reporting.

crewAI v1.14.6a1 introduces a Skills Repository with registry, cache, CLI, and SDK integration, along with categorized release notes for enterprise users. The release includes critical bug fixes for RuntimeState serialization, a security update for the idna dependency (GHSA-65pc-fj4g-8rjx), and fixes for JSX rendering issues in the Steps component. Documentation has been updated to reflect the new version.

OpenClaw v2026.5.16-beta.4 introduces security audit suppressions, improved subagent handoff workflows, new media generation providers (fal, OpenRouter), enhanced Control UI with quota usage display, Mac app remote preconfiguration, xAI Grok OAuth support, and localized CLI setup for multiple languages. The release includes significant fixes for memory scanning, provider authentication, gateway performance, and various platform-specific issues across Slack, Telegram, WhatsApp, and GitHub Copilot integrations.

OpenClaw v2026.5.12 is a maintenance release focused on dependency externalization, UI improvements, and stability fixes. Key changes include externalizing AWS Bedrock and plugin dependencies to reduce bloat, adding persistent auto-scroll controls in the UI, implementing ACP fallback backends, and fixing numerous issues across Telegram, Slack, authentication, and session management. The release addresses 40+ bug fixes spanning security, performance, and user experience improvements.

OpenClaw v2026.5.12-beta.7 introduces significant improvements to dependency management by externalizing AWS SDK and plugin dependencies, enhances user experience with persistent auto-scroll controls and ACP fallback backends, and fixes critical issues across Telegram polling, security sandboxing, provider authentication, media handling, and session management. The release addresses 30+ bugs and improvements spanning CLI, gateway, plugins, and multiple integrations while maintaining backward compatibility through deprecated package aliases.

OpenClaw v2026.5.12-beta.8 introduces significant improvements to dependency management by externalizing AWS SDK and plugin dependencies, enhances user control with persistent auto-scroll modes in the UI, adds fallback runtime backends for ACP, and fixes numerous issues across Telegram integration, session management, security sandboxing, and media handling. The release focuses on performance optimization, security hardening, and improved reliability across multiple subsystems including CLI, gateway, and agent spawning.

OpenClaw v2026.5.12-beta.6 is a comprehensive bug-fix and security-hardening release addressing 50+ issues across messaging channels, agent sessions, gateway protocols, plugin management, and authentication. Key improvements include fixing iMessage media handling, agent-to-agent messaging reliability, OAuth token exchange for GitHub Copilot, plugin dependency management, and enforcing stricter security controls for device pairing and proxy access. The release prioritizes stability in multi-agent communication, transcript redaction consistency, and dependency isolation while maintaining backward compatibility.

OpenClaw v2026.5.12-beta.5 is a comprehensive bug-fix release addressing gateway protocol improvements, security hardening, plugin dependency management, channel integrations (WhatsApp, Telegram, Discord, WeCom), session transcript redaction, and agent execution reliability. Key fixes include OAuth token exchange for Copilot, device pairing approval requirements, media size enforcement across plugins, and LLM idle watchdog timeout escalation. The release improves stability across multiple integrations while strengthening security controls for trusted proxies, admin scopes, and sensitive data redaction.

OpenClaw v2026.5.12-beta.4 is a maintenance release addressing runtime issues, authentication flows, and provider integrations. Key fixes include resolving MODULE_NOT_FOUND errors in Codex migrations, improving WhatsApp/Telegram message handling, and normalizing Google Gemini model IDs. The release also enhances session management, adds per-agent tool policies, and improves error messaging across multiple channels and providers.

crewAI 1.14.5a5 is a pre-release update that deprecates CrewAgentExecutor in favor of AgentExecutor, improves Daytona sandbox tools, and addresses multiple security vulnerabilities in dependencies. The release includes bug fixes for HITL workflows, logging enhancements, and comprehensive documentation updates including migration guides for state restoration and crew-to-flow transitions.