Skip to content
OpenClaw VPS
Archived update

This post is kept for reference, but it is not part of the main hosted OpenClaw VPS blog feed.

OpenClaw 2026.4.9: What Shipped

OpenClaw 2026.4.9 update: what shipped in this release and what matters for OpenClaw VPS operators.

Jason Cochran
April 9, 2026
#openclaw#update#release-notes

This post covers what shipped in v2026.4.9.

What shipped

  • Memory/dreaming: add a grounded REM backfill lane with historical rem-harness --path, diary commit/reset flows, cleaner durable-fact extraction, and live short-term promotion integration so old daily notes can replay into Dreams and durable memory without a second memory stack. Thanks @mbelinky.
  • Control UI/dreaming: add a structured diary view with timeline navigation, backfill/reset controls, traceable dreaming summaries, and a grounded Scene lane with promotion hints plus a safe clear-grounded action for staged backfill signals. (#63395) Thanks @mbelinky.
  • QA/lab: add character-vibes evaluation reports with model selection and parallel runs so live QA can compare candidate behavior faster.
  • Plugins/provider-auth: let provider manifests declare providerAuthAliases so provider variants can share env vars, auth profiles, config-backed auth, and API-key onboarding choices without core-specific wiring.
  • iOS: pin release versioning to an explicit CalVer in apps/ios/version.json, keep TestFlight iteration on the same short version until maintainers intentionally promote the next gateway version, and add the documented pnpm ios:version:pin -- --from-gateway workflow for release trains. (#63001) Thanks @ngutman.
  • Browser/security: re-run blocked-destination safety checks after interaction-driven main-frame navigations from click, evaluate, hook-triggered click, and batched action flows, so browser interactions cannot bypass the SSRF quarantine when they land on forbidden URLs. (#63226) Thanks @eleqtrizit.
  • Security/dotenv: block runtime-control env vars plus browser-control override and skip-server env vars from untrusted workspace .env files, and reject unsafe URL-style browser control override specifiers before lazy loading. (#62660, #62663) Thanks @eleqtrizit.
  • Gateway/node exec events: mark remote node exec.started, exec.finished, and exec.denied summaries as untrusted system events and sanitize node-provided command/output/reason text before enqueueing them, so remote node output cannot inject trusted System: content into later turns. (#62659) Thanks @eleqtrizit.
  • Plugins/onboarding auth choices: prevent untrusted workspace plugins from colliding with bundled provider auth-choice ids during non-interactive onboarding, so bundled provider setup keeps operator secrets out of untrusted workspace plugin handlers unless those plugins are explicitly trusted. (#62368) Thanks @pgondhi987.
  • Security/dependency audit: force basic-ftp to 5.2.1 for the CRLF command-injection fix and bump Hono plus @hono/node-server in production resolution paths.
  • Android/pairing: clear stale setup-code auth on new QR scans, bootstrap operator and node sessions from fresh pairing, prefer stored device tokens after bootstrap handoff, and pause pairing auto-retry while the app is backgrounded so scan-once Android pairing recovers reliably again. (#63199) Thanks @obviyus.
  • Matrix/gateway: wait for Matrix sync readiness before marking startup successful, keep Matrix background handler failures contained, and route fatal Matrix sync stops through channel-level restart handling instead of crashing the whole gateway. (#62779) Thanks @gumadeiras.
  • Slack/media: preserve bearer auth across same-origin files.slack.com redirects while still stripping it on cross-origin Slack CDN hops, so urlprivatedownload image attachments load again. (#62960) Thanks @vincentkoc.
  • Reply/doctor: use the active runtime snapshot for queued reply runs, resolve reply-run SecretRefs before preflight helpers touch config, surface gateway OAuth reauth failures to users, and make openclaw doctor call out exact reauth commands. (#62693, #63217) Thanks @mbelinky.
  • Control UI: guard stale session-history reloads during fast session switches so the selected session and rendered transcript stay in sync. (#62975) Thanks @scoootscooob.
  • Gateway/chat: suppress exact and streamed ANNOUNCESKIP / REPLYSKIP control replies across live chat updates and history sanitization so internal agent-to-agent control tokens no longer leak into user-facing gateway chat surfaces. (#51739) Thanks @Pinghuachiu.

Source

Official OpenClaw release notes for v2026.4.9

Get the free guide

The 10 Costly Mistakes Hosting Your AI Assistant on DIY VPS — plus a short series on migration, self-audit, and when to pay for managed.

Ready to run OpenClaw without infrastructure headaches?

Start your free 7-day Pro trial on OpenClaw VPS and get a production-ready bot online with managed hosting, updates, and support.

Start your free 7-day Pro trialWhy OpenClaw VPS
Share this post

Related Posts

Claude Opus 4.7: What It Means for Personal AI Assistants

Claude Opus 4.7 is Anthropic's latest Opus model, built for long-running asynchronous agents and carrying forward the coding and agentic focus of Opus 4.6.

OpenClaw Founder Joins OpenAI: What It Means for OpenClaw VPS Users

Peter Steinberger said on February 14, 2026 that he is joining OpenAI and OpenClaw will move to an independent foundation. Here is the practical breakdown for OpenClaw VPS users.

OpenClaw News — March 2026: Dashboard V2, Fast Mode, and High-Velocity Iteration

March brought major operator-facing UX updates (Dashboard V2), fast-mode controls across surfaces, and continued reliability/security follow-through at high release speed.

Back to Blog