OpenClaw v2026.3.11 landed on March 12, 2026, with 60 contributors delivering a critical security patch, a major iOS interface refresh, and new multimodal memory capabilities.
WebSocket Hijacking Fix
The headline change enforces browser origin validation for all browser-originated connections, regardless of whether proxy headers are present. This closes a cross-site WebSocket hijacking path in trusted-proxy mode that could have granted untrusted origins operator.admin access — a significant security risk for publicly exposed instances.
iOS Home Redesign
The iOS app receives a redesigned home interface with a bundled welcome screen, live agent overview, and a docked toolbar replacing the previous floating controls. Updated chats now open in the main session rather than synthetic sessions, improving conversation continuity.
Multimodal Memory Search
Memory search gains image and audio indexing via Gemini's embedding model, with configurable output dimensions and automatic reindexing. This means agents can now recall and reference visual and audio content from past interactions.
Platform Improvements
- macOS: Model picker and persistent thinking-level selections across relaunches
- Ollama: First-class setup supporting Local or Cloud+Local modes with curated model suggestions
- Discord: Auto-thread archiving duration configuration
- Telegram: Preview delivery lifecycle improvements and HTML message chunking
- Agents: Strip leaked model control tokens (GLM-5, DeepSeek) from user-facing text
OpenClaw Launch users on the latest Docker image automatically receive these security fixes and improvements.