Security

OpenClaw v2026.4.29-beta.4 introduces significant enhancements across messaging, memory, provider coverage, and reliability. Key additions include active-run steering by default, a people-aware wiki with provenance views, NVIDIA provider onboarding, and improved gateway/channel reliability. Security improvements include OpenGrep scanning and sharper GHSA triage policies, while multiple channel fixes address Slack, Telegram, Discord, WhatsApp, and Teams edge cases.

OpenClaw v2026.4.29 is a major release introducing active-run steering for messaging, people-aware memory wiki with provenance tracking, expanded provider coverage (NVIDIA, Bedrock), and enhanced reliability across gateway, channels, and security. Key improvements include opt-in follow-up commitments with heartbeat delivery, per-conversation Active Memory filters, faster model manifest paths, and comprehensive channel fixes for Slack, Telegram, Discord, WhatsApp, and Teams. Security enhancements add OpenGrep scanning and safer exec/pairing handling.

OpenClaw v2026.4.29-beta.2 introduces significant enhancements across messaging, memory, provider coverage, and reliability. Key additions include active-run steering for messaging, a people-aware wiki with provenance tracking, NVIDIA provider onboarding, and improved channel resilience across Slack, Telegram, Discord, and others. Security improvements include OpenGrep scanning and stricter tool-scope handling, while operational reliability focuses on slow-host startup diagnostics and session recovery.

OpenClaw v2026.4.27 introduces major enhancements across Codex Computer Use setup, new provider integrations (DeepInfra, Tencent Yuanbao, QQBot), and a shift toward manifest-first plugin metadata architecture. Key improvements include GPU passthrough for Docker sandboxes, authenticated node presence tracking for iOS/Android, outbound proxy routing, and comprehensive reliability fixes across Telegram, Slack, and gateway startup. The release emphasizes reducing boot overhead through manifest-driven plugin discovery and model catalogs.

crewAI v1.14.4a1 is a pre-release update focusing on bug fixes and documentation improvements. Key fixes address LLM chat failures, message state management in executors, trained-agent file handling, multimodal input support, and JSON serialization issues. The release includes new documentation for sandbox tools (E2B, Daytona), Vertex AI setup, and You.com MCP integration, plus security updates to litellm.

OpenClaw v2026.4.26 introduces major enhancements to real-time communication, plugin architecture, and migration tooling. Key additions include a generic browser real-time transport contract, Cerebras provider integration, asymmetric embedding support for memory search, and bundled importers for Claude and Hermes configurations. The release also includes numerous stability fixes for gateway operations, plugin discovery, and device token handling.

Claude Code v2.1.119 introduces persistent settings management, enhanced PR/merge-request support across multiple platforms, improved hook functionality with execution timing, parallel MCP server connections, and numerous bug fixes. Key improvements include better permission handling for PowerShell, refined Vim mode behavior, enhanced slash command UI, and fixes for clipboard handling, OAuth flows, and plugin management. The release also adds environment variables for customization and improves OpenTelemetry observability with additional event metadata.

Claude Code v2.1.118 introduces vim visual mode selection, consolidates `/cost` and `/stats` into `/usage`, enables custom themes with JSON editing, and allows hooks to invoke MCP tools directly. The release includes significant improvements to MCP OAuth authentication, auto mode configuration with defaults merging, and numerous bug fixes across WSL integration, plugin management, credential handling, and remote sessions.

Google ADK Python v2.0.0-beta.1 marks the transition to Beta phase with significant architectural improvements. Key additions include a full Workflow graph orchestration system with NodeRunner for execution isolation, explicit ReAct loop nodes for agent execution, and Human-in-the-loop resumption capabilities. The release also addresses a critical RCE vulnerability in YAML configuration handling and optimizes performance for single-turn LLM agents.

crewAI 1.14.3a3 introduces e2b support and Azure credential fallback functionality while addressing a critical security vulnerability in lxml. The release achieves a ~29% improvement in cold start time through lazy-loading optimizations of MCP SDK and event types. Documentation updates include removal of pricing FAQs across all locales.

OpenClaw v2026.4.21 release updates the default image-generation provider to gpt-image-2 with enhanced 2K/4K size hints, fixes critical security and functionality issues including owner command enforcement, thread preservation in Slack, and dependency resolution in plugin installations. Key improvements address authentication bypass vulnerabilities, logging visibility for provider failures, and npm dependency chain optimization.

Google ADK Python v1.32.0 release addresses critical security vulnerabilities and improves SDK compatibility. Key updates include blocking RCE attacks via nested YAML configurations, upgrading the Vertex SDK version, disabling bound tokens for MCP tools, and fixing web OAuth flow and trace view functionality. This release prioritizes security hardening and stability improvements for the AI agent development platform.

Claude Code v2.1.116 delivers significant performance improvements, enhanced user experience features, and critical bug fixes. Key updates include 67% faster session resumption for large files, improved MCP startup performance, smoother terminal scrolling, and a more informative thinking spinner. The release also strengthens security measures, fixes terminal rendering issues across multiple platforms, and resolves API stability problems.

Claude Code v2.1.113 introduces a native binary CLI replacing bundled JavaScript, enhances security with improved sandbox controls and bash rule matching, and fixes numerous UI/UX issues including fullscreen scrolling, multiline input navigation, and markdown rendering. Key improvements include faster /ultrareview with parallelization, better subagent error handling with 10-minute timeouts, and expanded Remote Control client capabilities. The release also addresses critical bugs in session management, MCP tool handling, and cross-platform compatibility.

crewAI 1.14.2 introduces checkpoint management features including resume, diff, and prune commands with lineage tracking and forking capabilities. The release enhances LLM token tracking with reasoning and cache tokens, improves CLI ergonomics for deploy validation and template management, and fixes multiple security vulnerabilities across dependencies. Key improvements include scoped streaming handlers to prevent data contamination, recursive glob for checkpoint discovery, and better HITL (Human-in-the-Loop) resume event handling.

langchain-core version 1.3.0a3 is released with improvements to streaming metadata, chat model invocation parameters, SSRF security hardening, and various bug fixes. Key updates include checkpoint namespace behavior preservation for backwards compatibility, enhanced traceable metadata for chat models and LLMs, and fixes for OpenAI responses API conversion. The release includes dependency updates (pytest 9.0.3) and security patches for CVE-2026-4539 related to Pygments.

OpenClaw v2026.4.15 is a major release featuring Claude Opus 4.7 as the default Anthropic model, new Google Gemini text-to-speech support, a Model Auth status card for OAuth health monitoring, cloud storage support for LanceDB memory, and GitHub Copilot embedding provider integration. The release includes numerous stability fixes across gateway tools, agent replay recovery, Docker builds, Matrix E2EE, memory management, and channel integrations, plus packaging improvements to reduce bundle size and plugin runtime dependencies.

LangChain Core version 1.2.30 has been released with security improvements and bug fixes. The primary change includes hardening of private SSRF (Server-Side Request Forgery) utilities to enhance security. This is a patch release following version 1.2.29, focusing on stability and protection against potential security vulnerabilities.

Claude Code v2.1.110 introduces significant UI/UX improvements including a new `/tui` command for flicker-free fullscreen rendering, push notification capabilities, and enhanced plugin management. The release includes numerous bug fixes addressing MCP server reliability, session management, and performance issues, plus improvements to command accessibility from Remote Control clients and better handling of distributed tracing.

crewAI 1.14.2rc1 is a release candidate that addresses critical bug fixes and security vulnerabilities. The release includes fixes for cyclic JSON schema handling in MCP tool resolution and security patches for python-multipart and pypdf dependencies. This maintenance release ensures improved stability and security for the crewAI framework.