Skip to content

feat(kiloclaw): bump openclaw to version 2026.3.11#1053

Open
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
bump-openclaw-2026.3.11
Open

feat(kiloclaw): bump openclaw to version 2026.3.11#1053
kilo-code-bot[bot] wants to merge 1 commit intomainfrom
bump-openclaw-2026.3.11

Conversation

@kilo-code-bot
Copy link
Contributor

@kilo-code-bot kilo-code-bot bot commented Mar 12, 2026
edited
Loading

Summary

Bumps the pinned openclaw version in kiloclaw/Dockerfile from 2026.3.8 to 2026.3.11.

Verification

  • Dockerfile updated: openclaw@2026.3.8openclaw@2026.3.11
  • No other changes required (version pin only)

Visual Changes

N/A

Reviewer Notes

Reviewed the v2026.3.11 release notes. The following items may be relevant to our deployment:

Security fixes (action may be required)

  • Cross-site WebSocket hijacking patch (GHSA-5wcw-8jjv-m286): Gateway/WebSocket now enforces browser origin validation for all browser-originated connections regardless of proxy headers, in trusted-proxy mode. Our OPENCLAW_ALLOWED_ORIGINS env var is already configured correctly for production, but this is worth verifying — any unintended origin that was previously passing through trusted-proxy mode will now be blocked.

Breaking change

  • Cron/doctor: Isolated cron delivery has been tightened — cron jobs can no longer notify through ad hoc agent sends or fallback main-session summaries. If any configured cron jobs rely on the old fallback delivery path, they will silently stop delivering notifications after this upgrade. The release recommends running openclaw doctor --fix to migrate legacy cron storage and delivery metadata. This should be run on first boot after the image update.

Other notable changes

  • Gateway/Control UI auth: Dashboard auth tokens are now kept in session-scoped browser storage instead of localStorage. Users may need to re-authenticate in the Control UI after the upgrade.
  • Gateway/auth device-token retry: One trusted device-token retry is now allowed on shared-token mismatch. This should be benign for our deployment but is worth noting if token drift issues are investigated.
  • start-openclaw.sh / gateway config: Several gateway config schema fixes landed (Telegram, Discord, Signal unrecognized-key errors). If any of these were silently failing before, they will now work correctly.

@kilo-code-bot
Copy link
Contributor Author

kilo-code-bot bot commented Mar 12, 2026
edited
Loading

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)
  • kiloclaw/Dockerfile

Reviewed by gpt-5.4-20260305 · 70,045 tokens

@pandemicsyn pandemicsyn changed the title feat(kiloclaw): bump openclaw to version 2026.3.11 feat(kiloclaw): bump openclaw to version 2026.3.11 and summarize and gog to 0.12.0 Mar 12, 2026
@pandemicsyn pandemicsyn enabled auto-merge March 12, 2026 16:27
@kilo-code-bot kilo-code-bot bot force-pushed the bump-openclaw-2026.3.11 branch from 7d1c380 to f574e4c Compare March 13, 2026 00:15
@kilo-code-bot kilo-code-bot bot changed the title feat(kiloclaw): bump openclaw to version 2026.3.11 and summarize and gog to 0.12.0 feat(kiloclaw): bump openclaw to version 2026.3.11 Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pandemicsyn pandemicsyn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pandemicsyn