Claw Crew logo
Claw Crew
DEJoin Community
Release Notes

5 min read

OpenClaw 2026.5.12: Modular Installs & Messaging Hardening

Leaner runtimes, resilient messaging, and deeper Codex/OpenAI integration.

Efficiency & Resilience

OpenClaw 2026.5.12 is a major step forward in modular architecture and messaging durability. By externalizing heavy dependency cones and isolating messaging workers, we've made OpenClaw faster to install and harder to wedge under load.

Modular Runtimes: Leaner and Faster

The core OpenClaw installation is now significantly smaller. We've moved several large provider dependency cones into their own modular packages.

  • Externalized Providers: WhatsApp, Slack, Amazon Bedrock, and Anthropic Vertex no longer pull their SDKs into the core install. They are now fetched only when the respective plugins are installed.
  • Plugin Optimization: Plugin installs and updates are now more robust with improved pnpm 11 support and better peer-dependency preservation.

Telegram: Isolated Polling & Spooling

Messaging resilience, particularly for Telegram, has seen a massive overhaul to prevent stalls and formatting loss.

  • Isolated Worker: Telegram ingress now runs in its own worker with a durable local spool, ensuring that Bot API polling continues even if the main event loop is busy with heavy tasks.
  • Formatting Preservation: Rendered HTML formatting is now correctly preserved through lazy cron delivery, ensuring links and bold text stay clickable and readable.
  • Group Media Handling: Safer handling of group media when requireMention is active, preventing unnecessary download failures.

Security & Provenance Hardening

A comprehensive security pass ensures better isolation and credential safety.

  • Sandbox Roots: The Windows USERPROFILE is now included in blocked home roots to protect credential-bearing files like .ssh or .openclaw.
  • Credential Resolution: Provider API keys are now resolved through structured environment SecretRefs, preventing unrelated environment variables from accidentally being treated as credentials.
  • Auth Safety: Crashed OAuth refreshes no longer wedge lock files, thanks to new dead-owner stale file lock reclamation.

Codex & UI Enhancements

  • Media Tools: Codex/OpenAI paths are smoother with auth-profile-backed media tools and better app-server fallback behavior.
  • Auto-Scroll: The Control UI and WebChat now feature a persisted auto-scroll mode selector (follow streaming, stay at bottom, or manual).
  • UI Responsiveness: Reply delivery and streaming auto-scroll have been improved across all interfaces (WebChat, TUI, and Control UI).

Upgrade Guide

Who should upgrade?

  • Users looking for a leaner installation and faster startup
  • Operators running high-traffic Telegram channels
  • Security-conscious users managing sensitive credentials

How to Upgrade

# Update to 2026.5.12
openclaw update

# Verify your installation
openclaw doctor

For the full technical breakdown and a list of all contributors, visit the official release page on GitHub.

FAQ

What does 'modular installs' mean for my setup?

Dependency cones for providers like WhatsApp, Slack, Amazon Bedrock, and Anthropic Vertex have been moved out of the core runtime. This means your initial install is leaner, and you only pull in those specific libraries when you actually install and use those plugins.

How has Telegram polling improved?

Telegram ingress has been moved to an isolated worker with a durable local spool. This keeps Bot API polling alive even during main event-loop stalls, making the gateway significantly more resilient to high-load scenarios.

What are the security improvements in this release?

We've implemented a broad security hardening pass across the gateway, browser tools, and sandbox. This includes blocking home roots in the sandbox on Windows and resolving provider API keys through structured environment SecretRefs to prevent accidental credential exposure.

How do I upgrade to the latest version?

Simply run 'openclaw update' from your terminal. If you are using specific plugins like Slack or WhatsApp, ensure you follow any post-update migration prompts to pull in the now-modularized dependencies.

Need help from people who already use this stuff?

Join the OpenClaw Community

Get help with your setup, share your agent workflows, and stay up to date with the latest releases in our profit-lab community.

Join My AI Agent Profit LabSee the community page

Related reading

OpenClaw 2026.5.7 Stability

Hardened messaging and CLI improvements for channels and crons.

Using MCP Servers

How to extend OpenClaw with Model Context Protocol servers.

Security Best Practices

Detailed guide for securing your agent gateway and sandboxing.