chore(deps): update ghcr.io/openclaw/openclaw docker tag to v2026.4.21 #23
No reviewers
Labels
No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
les_clankeurs/openclaw-image-2!23
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/docker-images"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
2026.4.15→2026.4.21Release Notes
openclaw/openclaw (ghcr.io/openclaw/openclaw)
v2026.4.21Compare Source
Changes
gpt-image-2, and advertise the newer 2K/4K OpenAI size hints in image-generation docs and tool metadata.fireworks/accounts/fireworks/models/kimi-k2p6) to the bundled catalog and live-model priority list, while keeping Kimi thinking disabled for Fireworks K2.6 requests.ollama.com/api/tags, cap the discovered list at 500, and fall back to static suggestions when ollama.com is unavailable. (#68463) Thanks @BruceMacD./bot-approve, per-account resource stacks, credential backup/restore, shared media storage, and unified API/bridge/gateway modules. (#67960) Thanks @cxyhhhhh.setChannelRuntime. (#69782) Thanks @gumadeiras.Fixes
sessions_sendA2A ping-pong flow when a parent sends to its own background oneshot ACP child, preventing parent/child echo loops while preserving normal A2A delivery for non-parent senders. (#69817) Thanks @scotthuang.node-domexceptionalias into rootpackage.jsonoverrides, so npm installs stop surfacing the deprecatedgoogle-auth-library -> gaxios -> node-fetch -> fetch-blob -> node-domexceptionchain pulled through Pi/Google runtime deps. Thanks @vincentkoc.operator.admin) for owner-enforced commands instead of treating wildcard channelallowFromor empty owner-candidate lists as sufficient, so non-owner senders can no longer reach owner-only commands through a permissive fallback whenenforceOwnerForCommands=trueandcommands.ownerAllowFromis unset. (#69774) Thanks @drobison00.img-srcto'self' data:only, and make Control UI avatar helpers drop remotehttp(s)and protocol-relative URLs so the UI falls back to the built-in logo/badge instead of issuing arbitrary remote image fetches. Same-origin avatar routes (relative paths) anddata:image/...avatars still render. (#69773)status,health,channels list, andchannels statuson read-only channel metadata when Telegram, Slack, Discord, or third-party channel plugins are configured, avoiding full bundled plugin runtime imports on those cold paths. Fixes #69042. (#69479) Thanks @gumadeiras.file_urlvalues against the shared SSRF policy before forwarding to the NAS, rejecting malformed URLs, non-http(s)schemes, and private/blocked network targets so the NAS cannot be used as a confused deputy to fetch internal addresses. (#69784) Thanks @eleqtrizit.GET /avatar/<agentId>and?meta=1metadata) when auth is configured, matching the sibling assistant-media route, and propagate the existing gateway token through the UI avatar fetch (bearer header + authenticated blob URL) so authenticated dashboards still load local avatars. (#69775)gaxiosshim with a scoped SSRF-guarded transport, validate service-account auth endpoints against trusted Google URLs, and let the plugin own its stagedgaxiosauth runtime instead of patching process-wide globals or the root CLI startup path. Thanks @vincentkoc.$VAR,$?,$$,$1, and$@​inside unquoted heredocs during shell approval analysis, so these heredocs no longer pass allowlist review as plain text. (#69795) Thanks @drobison00.claude-opus-4.6toclaude-opus-4.7after GitHub removed Copilot support for 4.6. (#69818) Thanks @shakkernerd.writeFileoutside the workspace during local mirror updates. (#69797) Thanks @drobison00.agents.defaults.imageModel.primaryvalues likeollama/qwen2.5vl:7broute through the Ollama plugin instead of failing as unknown models. (#69816) Thanks @soloclz.openclaw infer image describe --model <provider/model>execute the explicit image model instead of skipping description when that model supports native vision.MINIMAX_CODE_PLAN_KEYare present, so/usagecan resolve MiniMax billing credentials through the provider plugin.assistantMsg.content.flatMap. (#69850) Thanks @fuller-stack-dev.v2026.4.20Compare Source
Changes
jobs-state.jsonsojobs.jsonstays stable for git-tracked job definitions. (#63105) Thanks @Feelw00.kimi-k2.6while keepingkimi-k2.5available for compatibility. (#69477) Thanks @scoootscooob.thinking.keep = "all"onmoonshot/kimi-k2.6, and strip it for other Moonshot models or requests where pinnedtool_choicedisables thinking. (#68816) Thanks @aniaan.systemPromptconfig into inbound contextGroupSystemPromptso configured group-specific behavioral instructions (for example threaded-reply and tapback conventions) are injected on every turn. Supports"*"wildcard fallback matching the existingrequireMentionpattern. Closes #60665. (#69198) Thanks @omarshahine.sanitizeForLog()by replacing the iterative control-character stripping loop with a single regex pass while preserving the existing ANSI-first sanitization behavior. (#67205) Thanks @bulutmuf.openclaw qa suiteandopenclaw qa telegramfail by default when scenarios fail, add--allow-failuresfor artifact-only runs, and tighten live-lane defaults for CI automation. (#69122) Thanks @joshavant.Fixes
security=fullplusask=offmode via the Python/Node script preflight hardening path, so promptless YOLO exec once again runs direct interpreter stdin and heredoc forms such asnode <<'NODE' ... NODE.openai-completionstransport overrides on default OpenAI/Codex and GitHub Copilot-compatible hosts back to the native Codex Responses transport while leaving custom proxies untouched. (#45304, #42194) Thanks @dyss1992 and @DeadlySilent.api: "anthropic-messages"defaulting to Anthropic-owned providers, soopenai-codexand other providers without an explicitapino longer get rewritten to the wrong transport. Fixes #64534.DevToolsActivePortattach failures as browser-connectivity errors instead of a generic "waiting for tabs" timeout, and point signed-out fallbacks toward the managedopenclawprofile.adaptivein/thinkautocomplete for provider/model pairs that actually support provider-managed adaptive thinking, so GPT/OpenAI models no longer advertise an Anthropic-only option.maxfor models that explicitly support provider max reasoning, and remap storedmaxsettings to the largest supported thinking mode when users switch to another model./thinklevels against each GPT model's supported reasoning efforts so/think offno longer becomes high reasoning or sends unsupportedreasoning.effort: "none"payloads.approvalIdwithout a resume token, and persist that id in approval wait state. (#69559) Thanks @kirkluokun.npm_execpathwhen repairing bundled plugin runtime dependencies and skip workspace-only package specs so npm-only install flags or local workspace links do not break packaged plugin startup.NODE_OPTIONSfor stdio servers while preserving ordinary credential and proxy env vars. (#69540) Thanks @drobison00./usr/bin/falseand/sbin/nologin, falling back toshso service-user exec runs no longer exit immediately. (#69308) Thanks @sk7n4k3d./newand/resetwhile preserving explicit user selections, so channel sessions stop staying pinned to runtime fallback choices. (#69419) Thanks @sk7n4k3d.estimatedCostUsdlike token counters so repeated persist paths no longer compound the same run cost by up to dozens of times. (#69403) Thanks @MrMiaigi./backend-api/codexendpoint soopenai-codex/gpt-5.4no longer hits the removed/backend-api/responsesalias. (#69336) Thanks @mzogithub./think offis active, so GPT reasoning models no longer receive unsupportedreasoning.effort: "none"requests. (#61982) Thanks @a-tokyo.pairing required. (#69431) Thanks @SARAMALI15792.baseUrlandmodelsso implicit local discovery can run before config validation rejects a minimal Ollama provider config. (#69370) Thanks @PratikRai0101.NO_REPLYpolicy per conversation type, so direct chats get a helpful rewritten reply while groups and internal deliveries can remain quiet. (#68644) Thanks @Takhoffman.messages.removeAckAfterReplywhen lifecycle status reactions are enabled, clearing or restoring the reaction after success/error using the configured hold timings. (#68067) Thanks @poiskgit.channels.telegram.pollingStallThresholdMs(also per-account) so long-running Telegram work gets more room before polling is treated as stalled. (#57737) Thanks @Vitalcheffe.getUpdatesprobe with a client-side timeout so a zombie socket cannot hang polling recovery before the runner watchdog starts. (#50368) Thanks @boticlaw.stopReason=errorturns with no output when no side effects ran, so non-frontier providers that briefly return empty error turns get another chance instead of ending the session early. (#68310) Thanks @Chased1k.delivery.mode: "none"runs as not requested even if the runner reportsdelivered: false, so no-delivery cron jobs no longer persist false delivery failures or errors. (#69285) Thanks @matsuri1987./api/v1/message/textsend timeout default from 10s to 30s, and add a configurablechannels.bluebubbles.sendTimeoutMs(also per-account) so macOS 26 setups where Private API iMessage sends stall for 60+ seconds no longer silently lose messages at the 10s abort. Probes, chat lookups, and health checks keep the shorter 10s default. Fixes #67486. (#69193) Thanks @omarshahine.info.iddiffers from the registered plugin slot id. The strict-match contract added in 2026.4.14 brokelossless-clawand other plugins whose internal engine id does not equal the slot id they are registered under, producing repeatedinfo.id must match registered idlane failures on every turn. Fixes #66601. (#66678) Thanks @GodsBoy.compaction_start/compaction_endso OpenClaw stays aligned withpi-coding-agent0.66.1 event naming. (#67713) Thanks @mpz4life.OPENCLAW_*keys from untrusted workspace.envfiles so workspace-local env loading fails closed for new runtime-control variables instead of silently inheriting them. (#473)gatewaytool's config mutation guard so model-drivenconfig.patchandconfig.applycannot rewrite operator-trusted paths (sandbox, plugin trust, gateway auth/TLS, hook routing and tokens, SSRF policy, MCP servers, workspace filesystem hardening) and cannot bypass the guard by editing per-agent sandbox, tools, or embedded-Pi overrides in place underagents.list[]. (#69377) Thanks @eleqtrizit.operator.read(or higher) for chat, agent, and tool-result event frames so pairing-scoped and node-role sessions no longer passively receive session chat content, and scope-gate unknown broadcast events by default. Plugin-definedplugin.*broadcasts are scoped to operator.write/admin, and status/transport events (heartbeat,presence,tick, etc.) remain unrestricted. Per-client sequence numbers preserve per-connection monotonicity. (#69373) Thanks @eleqtrizit.turn/completednotification, so follow-up messages after a Codex plugin reply stop queueing behind a stale lane lock. Fixes #67996. (#69072) Thanks @ayeshakhalid192007-dev.on-requestso Codex harness sessions do not start with overly permissive tool approvals. (#68721) Thanks @Lucenx9.channel: "last"targets from the gateway, show delivery previews incron list/show, and avoid duplicate fallback sends after direct message-tool delivery. (#69587) Thanks @obviyus.thinkingpayloads so stale session/thinkstate no longer silently re-enables reasoning on Kimi runs. (#68907) Thanks @frankekn.lastdelivery sentinel from being materialized into persisted cron delivery and failure-alert channel configs when jobs are created or edited. (#68829) Thanks @tianhaocui.--toolsallow-lists the same way as comma-separated input, socron addandcron editno longer persistexec read writeas one combined tool entry on Windows. (#68858) Thanks @chen-zhang-cs-code.profile="user"tool calls auto-route to a connected browser node or use explicittarget="node", while still honoring explicittarget="host"pinning. (#48677)BlueBubblesClientthat resolves the SSRF policy once at construction so image attachments stop getting blocked on localhost and reactions stop getting blocked on private-IP BB deployments. Fixes #34749 and #59722. (#68234) Thanks @omarshahine.heartbeat.target="last"through deferred wake queuing, gateway wake forwarding, and same-target wake coalescing so queued cron replies still return to the last active chat. (#69021) Thanks @obviyus.dm.allowFromandgroupAllowFromentries on inbound messages while keeping config removals authoritative, so Matrix allowlist changes no longer require a channel restart to add or revoke a sender. (#68546) Thanks @johnlanni.methodexplicitly on outbound text sends ("private-api"when available,"apple-script"otherwise), and prefer Private API on macOS 26 even for plain text. Fixes silent delivery failure on macOS setups without Private API where an omittedmethodlet BB Server fall back to version-dependent default behavior that silently drops the message (#64480), and the AppleScript-1700error on macOS 26 Tahoe plain text sends (#53159). (#69070) Thanks @xqing3.@bot:server /newtrigger the command path without requiring custom mention regexes. (#68570) Thanks @nightq and @johnlanni.PAIRING_REQUIREDdetails, remediation hints, and request ids so unapproved-device and scope-upgrade failures surface actionable recovery guidance in the CLI and Control UI. (#69227) Thanks @obviyus.openclaw doctor --fixno longer leaves pairing/auth setup failures unexplained. (#69210) Thanks @obviyus.delivery.mode: "none"message targets for isolated runs without inheriting implicitlastrouting, so agent-initiated Telegram sends keep their authored destination while baremode:nonejobs stay targetless. (#69153) Thanks @davehappyminion and @nikilster.delivery.mode: "none"account-only or thread-only configs from inheriting a stale implicit recipient, so isolated runs only resolve message routing when the job authored an explicittotarget. (#69163) Thanks @davehappyminion and @nikilster.openclaw tuireconnects no longer fail on transientchat.history unavailable during gateway startuperrors. (#69164) Thanks @shakkernerd.lovewhen an agent reacts with an emoji outside the iMessage tapback set (love/like/dislike/laugh/emphasize/question), so wider-vocabulary model reactions like👀still produce a visible tapback instead of failing the whole reaction request. Configured ack reactions still validate strictly via the newnormalizeBlueBubblesReactionInputStrictpath. (#64693) Thanks @zqchris.sms:targets, and never silently downgrade iMessage-available recipients. (#61781) Thanks @rmartin.allowFromuser IDs during setup instead of offering unsupported@usernameDM resolution, and point operators tofrom.id/getUpdatesfor discovery. (#69191) Thanks @obviyus.claude-opus-4.6and keep the bundled default model list aligned, so new Copilot setups no longer start on the oldergpt-4odefault. (#69207) Thanks @obviyus.ssh user@host. (#69215) Thanks @obviyus.fileorexecsecret sources; the send path now tolerates the runtime snapshot retaining an unresolved channel SecretRef when a boot-resolved token override is already available. (#68954) Thanks @openperf.openclaw devicesso broader reconnects no longer look like lost pairings. (#69221) Thanks @obviyus.Configuration
📅 Schedule: Branch creation - Every minute ( * * * * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.