chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.9 #14

Merged
notarock-s-renovate[bot] merged 1 commit from renovate/docker-images into main 2026-04-09 03:58:35 +00:00
notarock-s-renovate[bot] commented 2026-04-09 03:04:52 +00:00 (Migrated from github.com)

This PR contains the following updates:

Package Type Update Change
ghcr.io/openclaw/openclaw (source) final patch 2026.4.82026.4.9

Release Notes

openclaw/openclaw (ghcr.io/openclaw/openclaw)

v2026.4.9

Compare Source

Changes
  • Memory/dreaming: add a grounded REM backfill lane with historical rem-harness --path, diary commit/reset flows, cleaner durable-fact extraction, and live short-term promotion integration so old daily notes can replay into Dreams and durable memory without a second memory stack. Thanks @​mbelinky.
  • Control UI/dreaming: add a structured diary view with timeline navigation, backfill/reset controls, traceable dreaming summaries, and a grounded Scene lane with promotion hints plus a safe clear-grounded action for staged backfill signals. (#​63395) Thanks @​mbelinky.
  • QA/lab: add character-vibes evaluation reports with model selection and parallel runs so live QA can compare candidate behavior faster.
  • Plugins/provider-auth: let provider manifests declare providerAuthAliases so provider variants can share env vars, auth profiles, config-backed auth, and API-key onboarding choices without core-specific wiring.
  • iOS: pin release versioning to an explicit CalVer in apps/ios/version.json, keep TestFlight iteration on the same short version until maintainers intentionally promote the next gateway version, and add the documented pnpm ios:version:pin -- --from-gateway workflow for release trains. (#​63001) Thanks @​ngutman.
Fixes
  • Browser/security: re-run blocked-destination safety checks after interaction-driven main-frame navigations from click, evaluate, hook-triggered click, and batched action flows, so browser interactions cannot bypass the SSRF quarantine when they land on forbidden URLs. (#​63226) Thanks @​eleqtrizit.
  • Security/dotenv: block runtime-control env vars plus browser-control override and skip-server env vars from untrusted workspace .env files, and reject unsafe URL-style browser control override specifiers before lazy loading. (#​62660, #​62663) Thanks @​eleqtrizit.
  • Gateway/node exec events: mark remote node exec.started, exec.finished, and exec.denied summaries as untrusted system events and sanitize node-provided command/output/reason text before enqueueing them, so remote node output cannot inject trusted System: content into later turns. (#​62659) Thanks @​eleqtrizit.
  • Plugins/onboarding auth choices: prevent untrusted workspace plugins from colliding with bundled provider auth-choice ids during non-interactive onboarding, so bundled provider setup keeps operator secrets out of untrusted workspace plugin handlers unless those plugins are explicitly trusted. (#​62368) Thanks @​pgondhi987.
  • Security/dependency audit: force basic-ftp to 5.2.1 for the CRLF command-injection fix and bump Hono plus @hono/node-server in production resolution paths.
  • Android/pairing: clear stale setup-code auth on new QR scans, bootstrap operator and node sessions from fresh pairing, prefer stored device tokens after bootstrap handoff, and pause pairing auto-retry while the app is backgrounded so scan-once Android pairing recovers reliably again. (#​63199) Thanks @​obviyus.
  • Matrix/gateway: wait for Matrix sync readiness before marking startup successful, keep Matrix background handler failures contained, and route fatal Matrix sync stops through channel-level restart handling instead of crashing the whole gateway. (#​62779) Thanks @​gumadeiras.
  • Slack/media: preserve bearer auth across same-origin files.slack.com redirects while still stripping it on cross-origin Slack CDN hops, so url_private_download image attachments load again. (#​62960) Thanks @​vincentkoc.
  • Reply/doctor: use the active runtime snapshot for queued reply runs, resolve reply-run SecretRefs before preflight helpers touch config, surface gateway OAuth reauth failures to users, and make openclaw doctor call out exact reauth commands. (#​62693, #​63217) Thanks @​mbelinky.
  • Control UI: guard stale session-history reloads during fast session switches so the selected session and rendered transcript stay in sync. (#​62975) Thanks @​scoootscooob.
  • Gateway/chat: suppress exact and streamed ANNOUNCE_SKIP / REPLY_SKIP control replies across live chat updates and history sanitization so internal agent-to-agent control tokens no longer leak into user-facing gateway chat surfaces. (#​51739) Thanks @​Pinghuachiu.
  • Auto-reply/NO_REPLY: strip glued leading NO_REPLY tokens before reply normalization and ACP-visible streaming so silent sentinel text no longer leaks into user-visible replies while preserving substantive NO_REPLY ... text. Thanks @​frankekn.
  • Sessions/routing: preserve established external routes on inter-session announce traffic so sessions_send follow-ups do not steal delivery from Telegram, Discord, or other external channels. (#​58013) Thanks @​duqaXxX.
  • Gateway/sessions: clear auto-fallback-pinned model overrides on /reset and /new while still preserving explicit user model selections, including legacy sessions created before override-source tracking existed. (#​63155) Thanks @​frankekn.
  • Slack/ACP: treat Slack ACP block replies as visible delivered output so OpenClaw stops re-sending the final fallback text after Slack already rendered the reply. (#​62858) Thanks @​gumadeiras.
  • Slack/partial streaming: key turn-local dedupe by dispatch kind and keep the final fallback reply path active when preview finalization fails so stale preview text cannot suppress the actual final answer. (#​62859) Thanks @​gumadeiras.
  • Matrix/doctor: migrate legacy channels.matrix.dm.policy: "trusted" configs back to compatible DM policies during openclaw doctor --fix, preserving explicit allowFrom boundaries as allowlist and defaulting empty legacy configs to pairing. (#​62942) Thanks @​lukeboyett.
  • npm packaging: mirror bundled channel runtime deps, stage Nostr runtime deps, derive required root mirrors from manifests and built chunks, and test packed release tarballs without repo node_modules so fresh installs fail fast on missing plugin deps instead of crashing at runtime. (#​63065) Thanks @​scoootscooob.
  • QA/live auth: fail fast when live QA scenarios hit classified auth or runtime failure replies, including raw scenario wait paths, and sanitize missing-key guidance so gateway auth problems surface as actionable errors instead of timeouts. (#​63333) Thanks @​shakkernerd.
  • Providers/OpenAI: default missing reasoning effort to high on OpenAI Responses, WebSocket, and compatible completions transports, while still honoring explicit per-run reasoning levels.
  • Providers/Ollama: allow Ollama models using the native api: "ollama" path to optionally display thinking output when /think is set to a non-off level. (#​62712) Thanks @​hoyyeva.
  • Codex CLI: pass OpenClaw's system prompt through Codex's model_instructions_file config override so fresh Codex CLI sessions receive the same prompt guidance as Claude CLI sessions.
  • Auth/profiles: persist explicit auth-profile upserts directly and skip external CLI sync for local writes so profile changes are saved without stale external credential state.
  • Agents/timeouts: make the LLM idle timeout inherit agents.defaults.timeoutSeconds when configured, disable the unconfigured idle watchdog for cron runs, and point idle-timeout errors at agents.defaults.llm.idleTimeoutSeconds. Thanks @​drvoss.
  • Agents/failover: classify Z.ai vendor code 1311 as billing and 1113 as auth, including long wrapped 1311 payloads, so these errors stop falling through to generic failover handling. (#​49552) Thanks @​1bcMax.
  • QQBot/media-tags: support HTML entity-encoded angle brackets (&lt;/&gt;), URL slashes in attributes, and self-closing media tags so upstream <qqimg> payloads are correctly parsed and normalized. (#​60493) Thanks @​ylc0919.
  • Memory/dreaming: harden grounded backfill inputs, diary writes, status payloads, and diary action classification by preserving source-day labels, rejecting missing or symlinked targets cleanly, normalizing diary headings in gateway backfills, and tightening claim splitting plus diary source metadata. Thanks @​mbelinky.
  • Memory/dreaming: accept embedded heartbeat trigger tokens so light and REM dreaming still run when runtime wrappers include extra heartbeat text.
  • Android/manual connect: allow blank port input only for TLS manual gateway endpoints so standard HTTPS Tailscale hosts default to 443 without silently changing cleartext manual connects. (#​63134) Thanks @​Tyler-RNG.
  • Windows/update: add heap headroom to Windows pnpm build steps during dev updates so update preflight builds stop failing on low default Node memory.
  • Plugin SDK: export the channel plugin base and web-search config contract through the public package so plugins can use them without private imports.
  • Plugins/contracts: keep test-only helpers out of production contract barrels, load shared contract harnesses through bundled test surfaces, and harden guardrails so indirect re-exports and canonical *.test.ts files stay blocked. (#​63311) Thanks @​altaywtf.
  • Control UI/models: preserve provider-qualified refs for OpenRouter catalog models whose ids already contain slashes so picker selections submit allowlist-compatible model refs instead of dropping the openrouter/ prefix. (#​63416) Thanks @​sallyom.
  • Plugin SDK/command auth: split command status builders onto the lightweight openclaw/plugin-sdk/command-status subpath while preserving deprecated command-auth compatibility exports, so auth-only plugin imports no longer pull status/context warmup into CLI onboarding paths. (#​63174) Thanks @​hxy91819.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/openclaw/openclaw](https://openclaw.ai) ([source](https://redirect.github.com/openclaw/openclaw)) | final | patch | `2026.4.8` → `2026.4.9` | --- ### Release Notes <details> <summary>openclaw/openclaw (ghcr.io/openclaw/openclaw)</summary> ### [`v2026.4.9`](https://redirect.github.com/openclaw/openclaw/blob/HEAD/CHANGELOG.md#202649) [Compare Source](https://redirect.github.com/openclaw/openclaw/compare/v2026.4.8...v2026.4.9) ##### Changes - Memory/dreaming: add a grounded REM backfill lane with historical `rem-harness --path`, diary commit/reset flows, cleaner durable-fact extraction, and live short-term promotion integration so old daily notes can replay into Dreams and durable memory without a second memory stack. Thanks [@&#8203;mbelinky](https://redirect.github.com/mbelinky). - Control UI/dreaming: add a structured diary view with timeline navigation, backfill/reset controls, traceable dreaming summaries, and a grounded Scene lane with promotion hints plus a safe clear-grounded action for staged backfill signals. ([#&#8203;63395](https://redirect.github.com/openclaw/openclaw/issues/63395)) Thanks [@&#8203;mbelinky](https://redirect.github.com/mbelinky). - QA/lab: add character-vibes evaluation reports with model selection and parallel runs so live QA can compare candidate behavior faster. - Plugins/provider-auth: let provider manifests declare `providerAuthAliases` so provider variants can share env vars, auth profiles, config-backed auth, and API-key onboarding choices without core-specific wiring. - iOS: pin release versioning to an explicit CalVer in `apps/ios/version.json`, keep TestFlight iteration on the same short version until maintainers intentionally promote the next gateway version, and add the documented `pnpm ios:version:pin -- --from-gateway` workflow for release trains. ([#&#8203;63001](https://redirect.github.com/openclaw/openclaw/issues/63001)) Thanks [@&#8203;ngutman](https://redirect.github.com/ngutman). ##### Fixes - Browser/security: re-run blocked-destination safety checks after interaction-driven main-frame navigations from click, evaluate, hook-triggered click, and batched action flows, so browser interactions cannot bypass the SSRF quarantine when they land on forbidden URLs. ([#&#8203;63226](https://redirect.github.com/openclaw/openclaw/issues/63226)) Thanks [@&#8203;eleqtrizit](https://redirect.github.com/eleqtrizit). - Security/dotenv: block runtime-control env vars plus browser-control override and skip-server env vars from untrusted workspace `.env` files, and reject unsafe URL-style browser control override specifiers before lazy loading. ([#&#8203;62660](https://redirect.github.com/openclaw/openclaw/issues/62660), [#&#8203;62663](https://redirect.github.com/openclaw/openclaw/issues/62663)) Thanks [@&#8203;eleqtrizit](https://redirect.github.com/eleqtrizit). - Gateway/node exec events: mark remote node `exec.started`, `exec.finished`, and `exec.denied` summaries as untrusted system events and sanitize node-provided command/output/reason text before enqueueing them, so remote node output cannot inject trusted `System:` content into later turns. ([#&#8203;62659](https://redirect.github.com/openclaw/openclaw/issues/62659)) Thanks [@&#8203;eleqtrizit](https://redirect.github.com/eleqtrizit). - Plugins/onboarding auth choices: prevent untrusted workspace plugins from colliding with bundled provider auth-choice ids during non-interactive onboarding, so bundled provider setup keeps operator secrets out of untrusted workspace plugin handlers unless those plugins are explicitly trusted. ([#&#8203;62368](https://redirect.github.com/openclaw/openclaw/issues/62368)) Thanks [@&#8203;pgondhi987](https://redirect.github.com/pgondhi987). - Security/dependency audit: force `basic-ftp` to `5.2.1` for the CRLF command-injection fix and bump Hono plus `@hono/node-server` in production resolution paths. - Android/pairing: clear stale setup-code auth on new QR scans, bootstrap operator and node sessions from fresh pairing, prefer stored device tokens after bootstrap handoff, and pause pairing auto-retry while the app is backgrounded so scan-once Android pairing recovers reliably again. ([#&#8203;63199](https://redirect.github.com/openclaw/openclaw/issues/63199)) Thanks [@&#8203;obviyus](https://redirect.github.com/obviyus). - Matrix/gateway: wait for Matrix sync readiness before marking startup successful, keep Matrix background handler failures contained, and route fatal Matrix sync stops through channel-level restart handling instead of crashing the whole gateway. ([#&#8203;62779](https://redirect.github.com/openclaw/openclaw/issues/62779)) Thanks [@&#8203;gumadeiras](https://redirect.github.com/gumadeiras). - Slack/media: preserve bearer auth across same-origin `files.slack.com` redirects while still stripping it on cross-origin Slack CDN hops, so `url_private_download` image attachments load again. ([#&#8203;62960](https://redirect.github.com/openclaw/openclaw/issues/62960)) Thanks [@&#8203;vincentkoc](https://redirect.github.com/vincentkoc). - Reply/doctor: use the active runtime snapshot for queued reply runs, resolve reply-run SecretRefs before preflight helpers touch config, surface gateway OAuth reauth failures to users, and make `openclaw doctor` call out exact reauth commands. ([#&#8203;62693](https://redirect.github.com/openclaw/openclaw/issues/62693), [#&#8203;63217](https://redirect.github.com/openclaw/openclaw/issues/63217)) Thanks [@&#8203;mbelinky](https://redirect.github.com/mbelinky). - Control UI: guard stale session-history reloads during fast session switches so the selected session and rendered transcript stay in sync. ([#&#8203;62975](https://redirect.github.com/openclaw/openclaw/issues/62975)) Thanks [@&#8203;scoootscooob](https://redirect.github.com/scoootscooob). - Gateway/chat: suppress exact and streamed `ANNOUNCE_SKIP` / `REPLY_SKIP` control replies across live chat updates and history sanitization so internal agent-to-agent control tokens no longer leak into user-facing gateway chat surfaces. ([#&#8203;51739](https://redirect.github.com/openclaw/openclaw/issues/51739)) Thanks [@&#8203;Pinghuachiu](https://redirect.github.com/Pinghuachiu). - Auto-reply/NO\_REPLY: strip glued leading `NO_REPLY` tokens before reply normalization and ACP-visible streaming so silent sentinel text no longer leaks into user-visible replies while preserving substantive `NO_REPLY ...` text. Thanks [@&#8203;frankekn](https://redirect.github.com/frankekn). - Sessions/routing: preserve established external routes on inter-session announce traffic so `sessions_send` follow-ups do not steal delivery from Telegram, Discord, or other external channels. ([#&#8203;58013](https://redirect.github.com/openclaw/openclaw/issues/58013)) Thanks [@&#8203;duqaXxX](https://redirect.github.com/duqaXxX). - Gateway/sessions: clear auto-fallback-pinned model overrides on `/reset` and `/new` while still preserving explicit user model selections, including legacy sessions created before override-source tracking existed. ([#&#8203;63155](https://redirect.github.com/openclaw/openclaw/issues/63155)) Thanks [@&#8203;frankekn](https://redirect.github.com/frankekn). - Slack/ACP: treat Slack ACP block replies as visible delivered output so OpenClaw stops re-sending the final fallback text after Slack already rendered the reply. ([#&#8203;62858](https://redirect.github.com/openclaw/openclaw/issues/62858)) Thanks [@&#8203;gumadeiras](https://redirect.github.com/gumadeiras). - Slack/partial streaming: key turn-local dedupe by dispatch kind and keep the final fallback reply path active when preview finalization fails so stale preview text cannot suppress the actual final answer. ([#&#8203;62859](https://redirect.github.com/openclaw/openclaw/issues/62859)) Thanks [@&#8203;gumadeiras](https://redirect.github.com/gumadeiras). - Matrix/doctor: migrate legacy `channels.matrix.dm.policy: "trusted"` configs back to compatible DM policies during `openclaw doctor --fix`, preserving explicit `allowFrom` boundaries as `allowlist` and defaulting empty legacy configs to `pairing`. ([#&#8203;62942](https://redirect.github.com/openclaw/openclaw/issues/62942)) Thanks [@&#8203;lukeboyett](https://redirect.github.com/lukeboyett). - npm packaging: mirror bundled channel runtime deps, stage Nostr runtime deps, derive required root mirrors from manifests and built chunks, and test packed release tarballs without repo `node_modules` so fresh installs fail fast on missing plugin deps instead of crashing at runtime. ([#&#8203;63065](https://redirect.github.com/openclaw/openclaw/issues/63065)) Thanks [@&#8203;scoootscooob](https://redirect.github.com/scoootscooob). - QA/live auth: fail fast when live QA scenarios hit classified auth or runtime failure replies, including raw scenario wait paths, and sanitize missing-key guidance so gateway auth problems surface as actionable errors instead of timeouts. ([#&#8203;63333](https://redirect.github.com/openclaw/openclaw/issues/63333)) Thanks [@&#8203;shakkernerd](https://redirect.github.com/shakkernerd). - Providers/OpenAI: default missing reasoning effort to `high` on OpenAI Responses, WebSocket, and compatible completions transports, while still honoring explicit per-run reasoning levels. - Providers/Ollama: allow Ollama models using the native `api: "ollama"` path to optionally display thinking output when `/think` is set to a non-off level. ([#&#8203;62712](https://redirect.github.com/openclaw/openclaw/issues/62712)) Thanks [@&#8203;hoyyeva](https://redirect.github.com/hoyyeva). - Codex CLI: pass OpenClaw's system prompt through Codex's `model_instructions_file` config override so fresh Codex CLI sessions receive the same prompt guidance as Claude CLI sessions. - Auth/profiles: persist explicit auth-profile upserts directly and skip external CLI sync for local writes so profile changes are saved without stale external credential state. - Agents/timeouts: make the LLM idle timeout inherit `agents.defaults.timeoutSeconds` when configured, disable the unconfigured idle watchdog for cron runs, and point idle-timeout errors at `agents.defaults.llm.idleTimeoutSeconds`. Thanks [@&#8203;drvoss](https://redirect.github.com/drvoss). - Agents/failover: classify Z.ai vendor code `1311` as billing and `1113` as auth, including long wrapped `1311` payloads, so these errors stop falling through to generic failover handling. ([#&#8203;49552](https://redirect.github.com/openclaw/openclaw/issues/49552)) Thanks [@&#8203;1bcMax](https://redirect.github.com/1bcMax). - QQBot/media-tags: support HTML entity-encoded angle brackets (`&lt;`/`&gt;`), URL slashes in attributes, and self-closing media tags so upstream `<qqimg>` payloads are correctly parsed and normalized. ([#&#8203;60493](https://redirect.github.com/openclaw/openclaw/issues/60493)) Thanks [@&#8203;ylc0919](https://redirect.github.com/ylc0919). - Memory/dreaming: harden grounded backfill inputs, diary writes, status payloads, and diary action classification by preserving source-day labels, rejecting missing or symlinked targets cleanly, normalizing diary headings in gateway backfills, and tightening claim splitting plus diary source metadata. Thanks [@&#8203;mbelinky](https://redirect.github.com/mbelinky). - Memory/dreaming: accept embedded heartbeat trigger tokens so light and REM dreaming still run when runtime wrappers include extra heartbeat text. - Android/manual connect: allow blank port input only for TLS manual gateway endpoints so standard HTTPS Tailscale hosts default to `443` without silently changing cleartext manual connects. ([#&#8203;63134](https://redirect.github.com/openclaw/openclaw/issues/63134)) Thanks [@&#8203;Tyler-RNG](https://redirect.github.com/Tyler-RNG). - Windows/update: add heap headroom to Windows `pnpm build` steps during dev updates so update preflight builds stop failing on low default Node memory. - Plugin SDK: export the channel plugin base and web-search config contract through the public package so plugins can use them without private imports. - Plugins/contracts: keep test-only helpers out of production contract barrels, load shared contract harnesses through bundled test surfaces, and harden guardrails so indirect re-exports and canonical `*.test.ts` files stay blocked. ([#&#8203;63311](https://redirect.github.com/openclaw/openclaw/issues/63311)) Thanks [@&#8203;altaywtf](https://redirect.github.com/altaywtf). - Control UI/models: preserve provider-qualified refs for OpenRouter catalog models whose ids already contain slashes so picker selections submit allowlist-compatible model refs instead of dropping the `openrouter/` prefix. ([#&#8203;63416](https://redirect.github.com/openclaw/openclaw/issues/63416)) Thanks [@&#8203;sallyom](https://redirect.github.com/sallyom). - Plugin SDK/command auth: split command status builders onto the lightweight `openclaw/plugin-sdk/command-status` subpath while preserving deprecated `command-auth` compatibility exports, so auth-only plugin imports no longer pull status/context warmup into CLI onboarding paths. ([#&#8203;63174](https://redirect.github.com/openclaw/openclaw/issues/63174)) Thanks [@&#8203;hxy91819](https://redirect.github.com/hxy91819). </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43Ni4yIiwidXBkYXRlZEluVmVyIjoiNDMuNzYuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
les_clankeurs/openclaw-image-2!14
No description provided.