$git log --oneline
2026.3.7MINORβ BREAKINGReleased: 2026-03-07
ContextEngine Architecture + GPT-5.4 / Gemini Flash 3.1 + ClawJacked Fix
/** Pluggable context management, new model defaults, and a critical security vulnerability patched. */
#ContextEngine#GPT-5.4#Gemini#Security#Backup#Auth
whats_new.md
β¨ What's New
ContextEngine
New pluggable context management architecture with 7 lifecycle hooks. Full control over how context is compressed, assembled, and delivered to models. Enables custom middleware for context processing.
GPT-5.4 Support
GPT-5.4 added as a supported model with automatic default alias updates across all configured providers.
Gemini Flash 3.1
Google's Gemini Flash 3.1 model added to the provider catalog for ultra-fast inference at reduced cost.
Full Archive Backup
New complete backup function that archives all configurations, skills, memory, and session data for disaster recovery.
security_fixes.md
π Security Fixes
π‘ClawJacked vulnerability patched β prevented unauthorized session takeover via crafted WebSocket requests
π‘Enhanced gateway authentication validation for multi-device setups
π‘Improved rate limiting for failed authentication attempts
breaking_changes.md
β οΈ Breaking Changes
β If both gateway.auth.token AND gateway.auth.password are configured, you must explicitly set gateway.auth.mode to either 'token' or 'password' before upgrading. Failure to do so will cause startup failure.
upgrade.sh
π¦ Upgrade to 2026.3.7
# β οΈ Check auth config FIRST if using dual auth
$ cat ~/.openclaw/openclaw.config.yaml | grep auth
# npm global install
$ npm install -g openclaw@2026.3.7