mirror of
https://github.com/openclaw/openclaw.git
synced 2026-02-09 05:19:32 +08:00
161 lines
13 KiB
XML
161 lines
13 KiB
XML
<?xml version="1.0" standalone="yes"?>
|
|
<rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0">
|
|
<channel>
|
|
<title>OpenClaw</title>
|
|
<item>
|
|
<title>2026.2.2</title>
|
|
<pubDate>Tue, 03 Feb 2026 17:04:17 -0800</pubDate>
|
|
<link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
|
|
<sparkle:version>8809</sparkle:version>
|
|
<sparkle:shortVersionString>2026.2.2</sparkle:shortVersionString>
|
|
<sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
|
|
<description><![CDATA[<h2>OpenClaw 2026.2.2</h2>
|
|
<h3>Changes</h3>
|
|
<ul>
|
|
<li>Feishu: add Feishu/Lark plugin support + docs. (#7313) Thanks @jiulingyun (openclaw-cn).</li>
|
|
<li>Web UI: add Agents dashboard for managing agent files, tools, skills, models, channels, and cron jobs.</li>
|
|
<li>Memory: implement the opt-in QMD backend for workspace memory. (#3160) Thanks @vignesh07.</li>
|
|
<li>Security: add healthcheck skill and bootstrap audit guidance. (#7641) Thanks @Takhoffman.</li>
|
|
<li>Config: allow setting a default subagent thinking level via <code>agents.defaults.subagents.thinking</code> (and per-agent <code>agents.list[].subagents.thinking</code>). (#7372) Thanks @tyler6204.</li>
|
|
<li>Docs: zh-CN translations seed + polish, pipeline guidance, nav/landing updates, and typo fixes. (#8202, #6995, #6619, #7242, #7303, #7415) Thanks @AaronWander, @taiyi747, @Explorer1092, @rendaoyuan, @joshp123, @lailoo.</li>
|
|
</ul>
|
|
<h3>Fixes</h3>
|
|
<ul>
|
|
<li>Security: require operator.approvals for gateway /approve commands. (#1) Thanks @mitsuhiko, @yueyueL.</li>
|
|
<li>Security: Matrix allowlists now require full MXIDs; ambiguous name resolution no longer grants access. Thanks @MegaManSec.</li>
|
|
<li>Security: enforce access-group gating for Slack slash commands when channel type lookup fails.</li>
|
|
<li>Security: require validated shared-secret auth before skipping device identity on gateway connect.</li>
|
|
<li>Security: guard skill installer downloads with SSRF checks (block private/localhost URLs).</li>
|
|
<li>Security: harden Windows exec allowlist; block cmd.exe bypass via single &. Thanks @simecek.</li>
|
|
<li>fix(voice-call): harden inbound allowlist; reject anonymous callers; require Telnyx publicKey for allowlist; token-gate Twilio media streams; cap webhook body size (thanks @simecek)</li>
|
|
<li>Media understanding: apply SSRF guardrails to provider fetches; allow private baseUrl overrides explicitly.</li>
|
|
<li>fix(webchat): respect user scroll position during streaming and refresh (#7226) (thanks @marcomarandiz)</li>
|
|
<li>Telegram: recover from grammY long-poll timed out errors. (#7466) Thanks @macmimi23.</li>
|
|
<li>Agents: repair malformed tool calls and session transcripts. (#7473) Thanks @justinhuangcode.</li>
|
|
<li>fix(agents): validate AbortSignal instances before calling AbortSignal.any() (#7277) (thanks @Elarwei001)</li>
|
|
<li>Media understanding: skip binary media from file text extraction. (#7475) Thanks @AlexZhangji.</li>
|
|
<li>Onboarding: keep TUI flow exclusive (skip completion prompt + background Web UI seed); completion prompt now handled by install/update.</li>
|
|
<li>TUI: block onboarding output while TUI is active and restore terminal state on exit.</li>
|
|
<li>CLI/Zsh completion: cache scripts in state dir and escape option descriptions to avoid invalid option errors.</li>
|
|
<li>fix(ui): resolve Control UI asset path correctly.</li>
|
|
<li>fix(ui): refresh agent files after external edits.</li>
|
|
<li>Docs: finish renaming the QMD memory docs to reference the OpenClaw state dir.</li>
|
|
<li>Tests: stub SSRF DNS pinning in web auto-reply + Gemini video coverage. (#6619) Thanks @joshp123.</li>
|
|
</ul>
|
|
<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
|
|
]]></description>
|
|
<enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.2.2/OpenClaw-2026.2.2.zip" length="22519052" type="application/octet-stream" sparkle:edSignature="a6viD+aS5EfY/RkPIPMfoQQNkJCk6QTdV5WobXFxyYwURskUm8/nXTHVXsCh1c5+0WKUnmlDIyf0i+6IWiavAA=="/>
|
|
</item>
|
|
<item>
|
|
<title>2026.2.1</title>
|
|
<pubDate>Mon, 02 Feb 2026 03:53:03 -0800</pubDate>
|
|
<link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
|
|
<sparkle:version>8650</sparkle:version>
|
|
<sparkle:shortVersionString>2026.2.1</sparkle:shortVersionString>
|
|
<sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
|
|
<description><![CDATA[<h2>OpenClaw 2026.2.1</h2>
|
|
<h3>Changes</h3>
|
|
<ul>
|
|
<li>Docs: onboarding/install/i18n/exec-approvals/Control UI/exe.dev/cacheRetention updates + misc nav/typos. (#3050, #3461, #4064, #4675, #4729, #4763, #5003, #5402, #5446, #5474, #5663, #5689, #5694, #5967, #6270, #6300, #6311, #6416, #6487, #6550, #6789)</li>
|
|
<li>Telegram: use shared pairing store. (#6127) Thanks @obviyus.</li>
|
|
<li>Agents: add OpenRouter app attribution headers. Thanks @alexanderatallah.</li>
|
|
<li>Agents: add system prompt safety guardrails. (#5445) Thanks @joshp123.</li>
|
|
<li>Agents: update pi-ai to 0.50.9 and rename cacheControlTtl -> cacheRetention (with back-compat mapping).</li>
|
|
<li>Agents: extend CreateAgentSessionOptions with systemPrompt/skills/contextFiles.</li>
|
|
<li>Agents: add tool policy conformance snapshot (no runtime behavior change). (#6011)</li>
|
|
<li>Auth: update MiniMax OAuth hint + portal auth note copy.</li>
|
|
<li>Discord: inherit thread parent bindings for routing. (#3892) Thanks @aerolalit.</li>
|
|
<li>Gateway: inject timestamps into agent and chat.send messages. (#3705) Thanks @conroywhitney, @CashWilliams.</li>
|
|
<li>Gateway: require TLS 1.3 minimum for TLS listeners. (#5970) Thanks @loganaden.</li>
|
|
<li>Web UI: refine chat layout + extend session active duration.</li>
|
|
<li>CI: add formal conformance + alias consistency checks. (#5723, #5807)</li>
|
|
</ul>
|
|
<h3>Fixes</h3>
|
|
<ul>
|
|
<li>Plugins: validate plugin/hook install paths and reject traversal-like names.</li>
|
|
<li>Telegram: add download timeouts for file fetches. (#6914) Thanks @hclsys.</li>
|
|
<li>Telegram: enforce thread specs for DM vs forum sends. (#6833) Thanks @obviyus.</li>
|
|
<li>Streaming: flush block streaming on paragraph boundaries for newline chunking. (#7014)</li>
|
|
<li>Streaming: stabilize partial streaming filters.</li>
|
|
<li>Auto-reply: avoid referencing workspace files in /new greeting prompt. (#5706) Thanks @bravostation.</li>
|
|
<li>Tools: align tool execute adapters/signatures (legacy + parameter order + arg normalization).</li>
|
|
<li>Tools: treat <code>"*"</code> tool allowlist entries as valid to avoid spurious unknown-entry warnings.</li>
|
|
<li>Skills: update session-logs paths from .clawdbot to .openclaw. (#4502)</li>
|
|
<li>Slack: harden media fetch limits and Slack file URL validation. (#6639) Thanks @davidiach.</li>
|
|
<li>Lint: satisfy curly rule after import sorting. (#6310)</li>
|
|
<li>Process: resolve Windows <code>spawn()</code> failures for npm-family CLIs by appending <code>.cmd</code> when needed. (#5815) Thanks @thejhinvirtuoso.</li>
|
|
<li>Discord: resolve PluralKit proxied senders for allowlists and labels. (#5838) Thanks @thewilloftheshadow.</li>
|
|
<li>Tlon: add timeout to SSE client fetch calls (CWE-400). (#5926)</li>
|
|
<li>Memory search: L2-normalize local embedding vectors to fix semantic search. (#5332)</li>
|
|
<li>Agents: align embedded runner + typings with pi-coding-agent API updates (pi 0.51.0).</li>
|
|
<li>Agents: ensure OpenRouter attribution headers apply in the embedded runner.</li>
|
|
<li>Agents: cap context window resolution for compaction safeguard. (#6187) Thanks @iamEvanYT.</li>
|
|
<li>System prompt: resolve overrides and hint using session_status for current date/time. (#1897, #1928, #2108, #3677)</li>
|
|
<li>Agents: fix Pi prompt template argument syntax. (#6543)</li>
|
|
<li>Subagents: fix announce failover race (always emit lifecycle end; timeout=0 means no-timeout). (#6621)</li>
|
|
<li>Teams: gate media auth retries.</li>
|
|
<li>Telegram: restore draft streaming partials. (#5543) Thanks @obviyus.</li>
|
|
<li>Onboarding: friendlier Windows onboarding message. (#6242) Thanks @shanselman.</li>
|
|
<li>TUI: prevent crash when searching with digits in the model selector.</li>
|
|
<li>Agents: wire before_tool_call plugin hook into tool execution. (#6570, #6660) Thanks @ryancnelson.</li>
|
|
<li>Browser: secure Chrome extension relay CDP sessions.</li>
|
|
<li>Docker: use container port for gateway command instead of host port. (#5110) Thanks @mise42.</li>
|
|
<li>fix(lobster): block arbitrary exec via lobsterPath/cwd injection (GHSA-4mhr-g7xj-cg8j). (#5335) Thanks @vignesh07.</li>
|
|
<li>Security: sanitize WhatsApp accountId to prevent path traversal. (#4610)</li>
|
|
<li>Security: restrict MEDIA path extraction to prevent LFI. (#4930)</li>
|
|
<li>Security: validate message-tool filePath/path against sandbox root. (#6398)</li>
|
|
<li>Security: block LD*/DYLD* env overrides for host exec. (#4896) Thanks @HassanFleyah.</li>
|
|
<li>Security: harden web tool content wrapping + file parsing safeguards. (#4058) Thanks @VACInc.</li>
|
|
<li>Security: enforce Twitch <code>allowFrom</code> allowlist gating (deny non-allowlisted senders). Thanks @MegaManSec.</li>
|
|
</ul>
|
|
<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
|
|
]]></description>
|
|
<enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.2.1/OpenClaw-2026.2.1.zip" length="22458919" type="application/octet-stream" sparkle:edSignature="kA/8VQlVdtYphcB1iuFrhWczwWKgkVZMfDfQ7T9WD405D8JKTv5CZ1n8lstIVkpk4xog3UhrfaaoTG8Bf8DMAQ=="/>
|
|
</item>
|
|
<item>
|
|
<title>2026.1.30</title>
|
|
<pubDate>Sat, 31 Jan 2026 14:29:57 +0100</pubDate>
|
|
<link>https://raw.githubusercontent.com/openclaw/openclaw/main/appcast.xml</link>
|
|
<sparkle:version>8469</sparkle:version>
|
|
<sparkle:shortVersionString>2026.1.30</sparkle:shortVersionString>
|
|
<sparkle:minimumSystemVersion>15.0</sparkle:minimumSystemVersion>
|
|
<description><![CDATA[<h2>OpenClaw 2026.1.30</h2>
|
|
<h3>Changes</h3>
|
|
<ul>
|
|
<li>CLI: add <code>completion</code> command (Zsh/Bash/PowerShell/Fish) and auto-setup during postinstall/onboarding.</li>
|
|
<li>CLI: add per-agent <code>models status</code> (<code>--agent</code> filter). (#4780) Thanks @jlowin.</li>
|
|
<li>Agents: add Kimi K2.5 to the synthetic model catalog. (#4407) Thanks @manikv12.</li>
|
|
<li>Auth: switch Kimi Coding to built-in provider; normalize OAuth profile email.</li>
|
|
<li>Auth: add MiniMax OAuth plugin + onboarding option. (#4521) Thanks @Maosghoul.</li>
|
|
<li>Agents: update pi SDK/API usage and dependencies.</li>
|
|
<li>Web UI: refresh sessions after chat commands and improve session display names.</li>
|
|
<li>Build: move TypeScript builds to <code>tsdown</code> + <code>tsgo</code> (faster builds, CI typechecks), update tsconfig target, and clean up lint rules.</li>
|
|
<li>Build: align npm tar override and bin metadata so the <code>openclaw</code> CLI entrypoint is preserved in npm publishes.</li>
|
|
<li>Docs: add pi/pi-dev docs and update OpenClaw branding + install links.</li>
|
|
</ul>
|
|
<h3>Fixes</h3>
|
|
<ul>
|
|
<li>Security: restrict local path extraction in media parser to prevent LFI. (#4880)</li>
|
|
<li>Gateway: prevent token defaults from becoming the literal "undefined". (#4873) Thanks @Hisleren.</li>
|
|
<li>Control UI: fix assets resolution for npm global installs. (#4909) Thanks @YuriNachos.</li>
|
|
<li>macOS: avoid stderr pipe backpressure in gateway discovery. (#3304) Thanks @abhijeet117.</li>
|
|
<li>Telegram: normalize account token lookup for non-normalized IDs. (#5055) Thanks @jasonsschin.</li>
|
|
<li>Telegram: preserve delivery thread fallback and fix threadId handling in delivery context.</li>
|
|
<li>Telegram: fix HTML nesting for overlapping styles/links. (#4578) Thanks @ThanhNguyxn.</li>
|
|
<li>Telegram: accept numeric messageId/chatId in react actions. (#4533) Thanks @Ayush10.</li>
|
|
<li>Telegram: honor per-account proxy dispatcher via undici fetch. (#4456) Thanks @spiceoogway.</li>
|
|
<li>Telegram: scope skill commands to bound agent per bot. (#4360) Thanks @robhparker.</li>
|
|
<li>BlueBubbles: debounce by messageId to preserve attachments in text+image messages. (#4984)</li>
|
|
<li>Routing: prefer requesterOrigin over stale session entries for sub-agent announce delivery. (#4957)</li>
|
|
<li>Extensions: restore embedded extension discovery typings.</li>
|
|
<li>CLI: fix <code>tui:dev</code> port resolution.</li>
|
|
<li>LINE: fix status command TypeError. (#4651)</li>
|
|
<li>OAuth: skip expired-token warnings when refresh tokens are still valid. (#4593)</li>
|
|
<li>Build: skip redundant UI install step in Dockerfile. (#4584) Thanks @obviyus.</li>
|
|
</ul>
|
|
<p><a href="https://github.com/openclaw/openclaw/blob/main/CHANGELOG.md">View full changelog</a></p>
|
|
]]></description>
|
|
<enclosure url="https://github.com/openclaw/openclaw/releases/download/v2026.1.30/OpenClaw-2026.1.30.zip" length="22458594" type="application/octet-stream" sparkle:edSignature="77/GuEcruKGgu2CJyMq+OVwzaJ2v1VzRQC9NmOirKO3uH5Nn5HaoouwrOHnOanrzlD4OvPW0FS5GH2E4Ntu4CQ=="/>
|
|
</item>
|
|
</channel>
|
|
</rss> |