chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.9 #14
No reviewers
Labels
No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
les_clankeurs/openclaw-image-2!14
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/docker-images"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2026.4.8→2026.4.9Release Notes
openclaw/openclaw (ghcr.io/openclaw/openclaw)
v2026.4.9Compare Source
Changes
rem-harness --path, diary commit/reset flows, cleaner durable-fact extraction, and live short-term promotion integration so old daily notes can replay into Dreams and durable memory without a second memory stack. Thanks @mbelinky.providerAuthAliasesso provider variants can share env vars, auth profiles, config-backed auth, and API-key onboarding choices without core-specific wiring.apps/ios/version.json, keep TestFlight iteration on the same short version until maintainers intentionally promote the next gateway version, and add the documentedpnpm ios:version:pin -- --from-gatewayworkflow for release trains. (#63001) Thanks @ngutman.Fixes
.envfiles, and reject unsafe URL-style browser control override specifiers before lazy loading. (#62660, #62663) Thanks @eleqtrizit.exec.started,exec.finished, andexec.deniedsummaries as untrusted system events and sanitize node-provided command/output/reason text before enqueueing them, so remote node output cannot inject trustedSystem:content into later turns. (#62659) Thanks @eleqtrizit.basic-ftpto5.2.1for the CRLF command-injection fix and bump Hono plus@hono/node-serverin production resolution paths.files.slack.comredirects while still stripping it on cross-origin Slack CDN hops, sourl_private_downloadimage attachments load again. (#62960) Thanks @vincentkoc.openclaw doctorcall out exact reauth commands. (#62693, #63217) Thanks @mbelinky.ANNOUNCE_SKIP/REPLY_SKIPcontrol replies across live chat updates and history sanitization so internal agent-to-agent control tokens no longer leak into user-facing gateway chat surfaces. (#51739) Thanks @Pinghuachiu.NO_REPLYtokens before reply normalization and ACP-visible streaming so silent sentinel text no longer leaks into user-visible replies while preserving substantiveNO_REPLY ...text. Thanks @frankekn.sessions_sendfollow-ups do not steal delivery from Telegram, Discord, or other external channels. (#58013) Thanks @duqaXxX./resetand/newwhile still preserving explicit user model selections, including legacy sessions created before override-source tracking existed. (#63155) Thanks @frankekn.channels.matrix.dm.policy: "trusted"configs back to compatible DM policies duringopenclaw doctor --fix, preserving explicitallowFromboundaries asallowlistand defaulting empty legacy configs topairing. (#62942) Thanks @lukeboyett.node_modulesso fresh installs fail fast on missing plugin deps instead of crashing at runtime. (#63065) Thanks @scoootscooob.highon OpenAI Responses, WebSocket, and compatible completions transports, while still honoring explicit per-run reasoning levels.api: "ollama"path to optionally display thinking output when/thinkis set to a non-off level. (#62712) Thanks @hoyyeva.model_instructions_fileconfig override so fresh Codex CLI sessions receive the same prompt guidance as Claude CLI sessions.agents.defaults.timeoutSecondswhen configured, disable the unconfigured idle watchdog for cron runs, and point idle-timeout errors atagents.defaults.llm.idleTimeoutSeconds. Thanks @drvoss.1311as billing and1113as auth, including long wrapped1311payloads, so these errors stop falling through to generic failover handling. (#49552) Thanks @1bcMax.</>), URL slashes in attributes, and self-closing media tags so upstream<qqimg>payloads are correctly parsed and normalized. (#60493) Thanks @ylc0919.443without silently changing cleartext manual connects. (#63134) Thanks @Tyler-RNG.pnpm buildsteps during dev updates so update preflight builds stop failing on low default Node memory.*.test.tsfiles stay blocked. (#63311) Thanks @altaywtf.openrouter/prefix. (#63416) Thanks @sallyom.openclaw/plugin-sdk/command-statussubpath while preserving deprecatedcommand-authcompatibility exports, so auth-only plugin imports no longer pull status/context warmup into CLI onboarding paths. (#63174) Thanks @hxy91819.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.