OpenClaw v2026.5.28: Security Hardening, 4,100× /models Speed, and Discord Delivery Fixes
OpenClaw shipped v2026.5.28 today (May 28, 2026), a release focused on two fronts that the community has been loudly requesting: security hardening and raw performance.
The headline numbers
4,100× speedup on the /models endpoint. What was taking up to 30 seconds under normal load now responds in under 10ms. The root cause: repeated bundled-channel boundary checks on every call. The fix reuses process-stable channel catalog reads and rotates gateway watch CPU cycles. Every skill invocation, new session, and model-routing decision touches this endpoint — the fix is felt everywhere, not just in benchmarks.
Security boundaries
This release hardens OpenClaw’s partial sandbox model against real-world attack paths:
- Group prompt text is kept out of the system prompt
- Repeated-dot hostnames are normalized before processing
- Side-effecting command wrappers and unsafe Node runtime env overrides are blocked
- No-auth Tailscale exposure is rejected at the gateway level
- Node/device-role approvals now require explicit admin authority
- Browser snapshot reads honor SSRF policy
- Stale device tokens are rejected outright
The release notes explicitly credit community contributors — @eleqtrizit and @pgondhi987 among them — for the security work.
Channel delivery improvements
- Telegram: sendMessage actions now use durable outbound delivery (no more vanishing messages under load)
- Discord: guild requester checks are tighter; recovered tool-warning artifacts are kept out of successful replies
- Matrix: mention previews and final messages are stricter
- Google Chat: thread sends in DMs are stopped cold
- QQBot: fallback approval buttons now honor slash-command auth
Codex app-server reliability
Codex runtime models resolve first, workspace memory routes through tools, and shared app-server clients survive startup and spawned-helper failures. Native hook relay generations survive restarts and rotate on fresh fallbacks — no more false runtime live switches.
Provider and model coverage
- OpenAI-compatible embedding providers are now core
- DeepInfra catalog browsing loads the full credential-aware model set
- Pixverse adds video generation and API region selection
- VLLM thinking params are wired
- Claude CLI OAuth overlays load for PI auth profiles
- Bare direct Anthropic model IDs work without extra config
What’s notable
The Claw Chain CVE advisory (CVE-2026-44115, CVE-2026-44118, CVE-2026-43527, CVE-2026-43582) dropped this week, and v2026.5.28 is the patch target. If you’re running a production deployment, this release should be treated as mandatory. Update and rotate API keys stored in the gateway.