OpenClaw Releases 2026.2.23 Released With Security Updates and New AI features

OpenClaw, the open-source personal AI assistant with over 215,000 GitHub stars, has released version 2026.2.23, emphasizing robust security hardening alongside advanced AI integrations.

This update addresses multiple vulnerabilities and introduces features like Claude Opus 4.6 support, making it a timely boost for privacy-focused users deploying AI gateways locally across macOS, Windows, and Linux.

A key highlight is the addition of optional HTTP security headers, including Strict-Transport-Security for direct HTTPS deployments, complete with validation, tests, and documentation to mitigate man-in-the-middle risks.

Developers also hardened session maintenance via “openclaw sessions cleanup,” introducing disk-budget controls and safer transcript handling to prevent storage overflows and data leaks.

Notably, a breaking change shifts the browser SSRF policy to “trusted-network” mode by default, requiring explicit configuration for private network users can migrate legacy settings with “openclaw doctor –fix.”

Several fixes target configuration and execution risks. Sensitive dynamic keys like env.* are now redacted in config snapshots, preserving restore behavior while blocking exposure.

Obfuscated commands trigger explicit approval before execution, and ACP client permissions demand trusted tool IDs with scoped read approvals to thwart unauthorized file access.

Skills packaging rejects symlink escapes and XSS-vulnerable prompts in image galleries, while OTEL diagnostics redact API keys from logs before export.

These measures collectively fortify OpenClaw against prompt injection, SSRF, stored XSS, and credential leaks in production environments.

Security Fix	Description	Impact
SSRF Policy	Defaults to trusted-network; migrates legacy allowPrivateNetwork	Prevents unauthorized internal requests
Config Redaction	Hides env.* and skills.env.* in snapshots	Stops sensitive key exposure
Exec Security	Detects/blocks obfuscated commands	Mitigates injection attacks
Skills XSS	Escapes user inputs in HTML output	Blocks stored cross-site scripting
OTEL Redaction	Scrubs keys from diagnostics	Protects telemetry in observability

AI Enhancements and Fixes

On the AI front, Providers gain first-class Kilo Gateway support with kilocode/anthropic/claude-opus-4.6 as default, including auth, onboarding, and cache handling.

Vercel AI Gateway now normalizes shorthand Claude refs, while tools/web_search adds Moonshot “kimi” provider with improved citation extraction.

Media understanding expands with native Moonshot video support and refactored execution for better URL/header precedence.

Agents benefit from per-agent params overrides for cacheRetention and bootstrap caching to minimize prompt invalidations.

Fixes extend context pruning to Moonshot/Kimi, resolve model resolution for defaults, and enhance overflow detection for better failover on 502/503 errors.[query] Prompt caching docs clarify retention behaviors across Bedrock/OpenRouter, aiding optimized deployments.

This release of OpenClaw v2026.2.23, tagged just hours ago by steipete, includes contributions from dozens of developers and underscores OpenClaw’s rapid evolution as a secure, multi-model AI hub for messaging apps like WhatsApp and Telegram

With fixes for Telegram polling, WhatsApp group policies, and provider-specific quirks (e.g., Anthropic OAuth betas), it ensures stable operations amid growing ecosystem demands.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post OpenClaw Releases 2026.2.23 Released With Security Updates and New AI features appeared first on Cyber Security News.