Two days after the v2026.2.21 release, OpenClaw dropped another one. This time it's less about flashy features and more about the stuff that keeps your agent alive: security, stability, and not forgetting what it was doing mid-conversation.
Here's what landed in v2026.2.23.
The OpenClaw team went through 50 security advisories in one sweep. 38 were dismissed as not applicable or already mitigated. 12 required actual patches โ and they all got them.
This isn't the "we'll get to it" approach most open-source projects take with CVEs. This is a full audit, triage, and patch cycle compressed into a single release. If you're running OpenClaw in production (or deploying it for clients like we do at CodeClaw), this is the kind of hygiene that matters.
This one's subtle but critical. When conversations get long, OpenClaw compacts earlier messages to stay within context limits. That's normal. What wasn't normal: sometimes the compaction process itself would overflow, and the agent would lose track of what it was doing.
Imagine your agent is halfway through a complex research task, the context fills up, compaction kicks in, and... it forgets the task. Starts fresh. That's what compaction overflow looked like.
Fixed now. The recovery mechanism ensures that even when compaction hits edge cases, the agent retains its current task context. Your agent stays on track even in marathon conversations.
New provider: Kilo Gateway. This expands the list of model routing options available to OpenClaw. More gateways = more flexibility in how you route requests, manage costs, and handle failover.
If you're running multi-model setups (and you should be), having another gateway option is always welcome.
Moonshot (Kimi) now supports vision and video inputs through OpenClaw. Send an image, send a video โ Kimi can process both.
This matters if you're building agents that handle visual content: product photos, document scans, video summaries. Moonshot's pricing is competitive, and having vision+video support makes it a real option for multimodal workflows.
The exec tool โ the one that lets your agent run shell commands โ got hardened. Tighter sandboxing, better input validation, more restrictive defaults.
This is the kind of change where you don't notice it until something goes wrong. And now, fewer things will go wrong. If your agent has exec access (and many do for file management, git operations, or API calls), the hardening reduces the attack surface significantly.
If you're using ACP (Agent Communication Protocol) or OTEL (OpenTelemetry) for observability, secrets are now automatically redacted from logs and traces. API keys, tokens, passwords โ they won't show up in your telemetry data.
This is a "should have always been there" fix. If you're shipping traces to Datadog, Grafana, or any observability platform, you don't want credentials leaking into your log aggregator. Now they won't.
This is the one you need to act on. The allowFrom config โ which controls who can interact with your agent โ now only accepts user IDs. Usernames are no longer valid.
Why? Usernames can change. IDs can't. Accepting usernames meant someone could change their username and potentially bypass access controls. ID-only is more secure, even if it's slightly less convenient to configure.
What to do: Check your OpenClaw config. If allowFrom contains usernames instead of IDs, update them before upgrading. Your agent will reject non-ID values after the update.
Two releases in three days. This isn't a fluke โ it's the pace OpenClaw is setting. Security audits, stability fixes, new providers, hardening. All shipping daily.
For context: most AI agent frameworks ship monthly if you're lucky. OpenClaw is treating this like infrastructure software โ because that's what it is. Your AI agent is infrastructure. It deserves infrastructure-grade release velocity.
Upgrading is the same as always:
npm update -g openclaw
# Then restart your gateway
openclaw gateway restartIf you're new to OpenClaw, start with our complete setup guide. And if you want all of this managed for you โ security patches, config updates, the works โ that's literally what CodeClaw exists for.
CodeClaw keeps your OpenClaw agent patched, configured, and running. You focus on your business.
Get Started โ