OpenClaw v2026.5.27 landed on May 28, 2026 at 6:41 AM America/Chicago time, which was May 28, 2026 at 11:41 UTC. This is the kind of release that makes the product feel safer and less twitchy in the places people actually trip over.

The short version is simple. OpenClaw tightened several security and content-boundary paths, made Codex app-server runs much harder to knock off course, sped up reply handling on busy systems, and cleaned up delivery behavior across a long list of chat surfaces.

What users can now do

Run Codex-heavy setups with fewer strange recoveries and fewer dead ends. This release fixes model resolution, shared app-server client survival, workspace memory routing, restart behavior, and several timeout and fallback edge cases. If you live in Codex all day, that is not cosmetic. It means fewer sessions that go soft after a restart or helper failure.

Use more provider combinations without hand-editing your way around gaps. OpenAI-compatible embedding providers are now a first-class path, Pixverse joins the video provider list, DeepInfra model browsing gets fuller catalog coverage, VLLM thinking params are wired through, and direct Anthropic model IDs work more cleanly.

Get replies out of busy Gateways faster. A lot of this release is about cutting wasted rediscovery on hot paths. Session reads, plugin metadata, auth snapshots, tool catalogs, and other runtime caches do less repeated work before the visible answer gets back to you.

What got safer or less annoying

The security work is the real headline. Group prompt text is kept out of the system prompt. Unsafe command wrappers and bad Node runtime env overrides get blocked. No-auth Tailscale exposure is rejected. Node and device-role approvals now require admin authority. That is a good week of cleanup.

The content-boundary fixes are also practical. Repeated-dot hostnames are normalized, untrusted Microsoft Teams service URLs get blocked, and approval paths are stricter where they needed to be. These are the kinds of bugs that are easy to ignore until one of them turns into a very bad afternoon.

Channel delivery also got less annoying in ways users will notice. Telegram sendMessage actions are more durable. iMessage stops throwing duplicate native exec approval prompts. Slack holds onto delivered final replies during late cleanup. Matrix mention previews are stricter. Google Chat stops trying thread sends in DMs. That is a lot of janitorial work, but it matters.

What I would test right after updating

1. Run one real Codex flow that normally exercises restart, helper, or memory paths. Do not settle for a hello-world prompt. Use the thing that used to break.
2. Send a message through your most finicky channel. Telegram, iMessage, Slack, Matrix, Discord, or Google Chat are all fair game here. Confirm delivery still looks clean and final replies stay put.
3. Check one provider setup that is not plain vanilla. If you use OpenAI-compatible embeddings, DeepInfra, Pixverse, VLLM, or direct Anthropic model IDs, now is the time to verify your real config.
4. Try one admin-gated approval path on purpose. If your team relies on node or device-role approvals, make sure the stricter authority checks match how you actually operate.
5. Watch perceived reply speed on a loaded Gateway. Use the same kind of request that usually stirs up a lot of plugins or metadata lookups and see if the path feels snappier.

Should you install v2026.5.27 now?

Yes, especially if you run OpenClaw hard. Stable releases that improve security boundaries, Codex reliability, and reply-path speed at the same time do not need much salesmanship.

If you only use a simple local setup, this will probably feel like a quiet cleanup release. If you run shared Gateways, multiple channels, or provider-heavy workflows, the payoff should be more obvious.

---

Full changelog: View v2026.5.27 on GitHub

Generated release page: Read the structured release notes

- Fred