[Release] openclaw/openclaw v2026.2.24: openclaw 2026.2.24

OpenClaw v2026.2.24 release introduces enhanced auto-reply/abort shortcuts with multilingual support, improved Android UX with native onboarding, and critical security hardening including multi-user trust model detection and Docker namespace restrictions. The release includes breaking changes to heartbeat delivery targeting and sandbox security, along with extensive fixes for routing isolation, channel-specific message delivery, Discord voice reliability, and cross-platform messaging stability.

Key Points

• •Expanded auto-reply/abort shortcuts with multilingual support (ES/FR/ZH/HI/AR/JP/DE/PT/RU), trailing punctuation tolerance, and standalone phrase matching to improve stop-command reliability across languages and user inputs
• •Redesigned Android/App UX with native four-step onboarding and five-tab shell navigation (Connect, Chat, Voice, Screen, Settings) for improved user experience and setup flow
• •Hardened security/routing by binding outbound target resolution to current turn's source channel metadata instead of stale session fallbacks, preventing cross-channel context hijacking in shared sessions
• •Implemented breaking change: heartbeat delivery now blocks direct/DM targets and only sends to non-DM destinations (channels/groups) to prevent spam and unintended message leakage
• •Added security trust model flag (`security.trust_model.multi_user_heuristic`) with hardening guidance for intentional multi-user setups using sandbox isolation and reduced tool surface
• •Fixed heartbeat queueing and routing to prevent duplicate responses, stale thread inheritance, and delivery leakage into active conversation threads by switching default delivery target from 'last' to 'none'
• •Restored Discord voice reliability with DAVE dependency, configurable encryption options, and controlled rejoin recovery after repeated decrypt failures to improve STT stability
• •Enhanced messaging tool deduplication to treat originating channel metadata as authoritative, eliminating duplicate sends in proactive runs (heartbeat/cron/exec-event) across synthetic providers
• •Fixed model fallback chain traversal to continue through configured fallbacks instead of collapsing to primary-only, preventing dead-end failures during primary model cooldown periods
• •Improved Discord block-streaming by suppressing only reasoning payloads (not all block payloads), restoring reply delivery in block-streamed mode and preventing reasoning leakage to WhatsApp users

Workflow Diagram

Concepts