[Release] openclaw/openclaw v2026.4.21: openclaw 2026.4.21

OpenClaw v2026.4.21 release updates the default image-generation provider to gpt-image-2 with enhanced 2K/4K size hints, fixes critical security and functionality issues including owner command enforcement, thread preservation in Slack, and dependency resolution in plugin installations. Key improvements address authentication bypass vulnerabilities, logging visibility for provider failures, and npm dependency chain optimization.

Key Points

• •Default image-generation provider switched to gpt-image-2 with advertised 2K/4K OpenAI size hints in docs and tool metadata
• •Fixed bundled plugin runtime dependencies via doctor paths to enable recovery of missing channel/provider dependencies without broad core installs
• •Enhanced logging for failed image provider/model candidates at warn level before automatic fallback to improve visibility in gateway logs
• •Critical security fix: owner-enforced commands now require explicit owner identity match instead of accepting wildcard allowFrom or empty owner-candidate lists
• •Slack thread preservation fixed for generic runtime sends when threadTs is supplied by caller
• •Browser accessibility validation improved by rejecting invalid ax<N> refs immediately instead of waiting for timeout
• •npm dependency chain optimized by mirroring node-domexception alias into root package.json overrides to eliminate deprecated Google auth library chain

Workflow Diagram

Concepts