Security & Stability
OpenClaw 2026.5.20 is a refinement release that focuses on tightening the security boundary of the exec approval runtime and ensuring core dependencies like Codex are up to date for the best developer experience.
Security: Strict Skill Loading
We have removed the legacy compatibility path for skill execution. This move reinforces the security model of the approval runtime.
- Required Read Tool: Skill files must now be explicitly loaded via the
readtool to be recognized by the auto-allow logic. - Better Auditing: By enforcing a single path for skill loading, it's easier to audit which files are being executed.
- No More Guessing: The approval runtime no longer attempts to guess if a command is part of a skill based on old heuristics.
Codex Upgrade: 0.132.0
The bundled Codex harness has been bumped to version 0.132.0.
- Modern Model Catalog: Updated documentation and model-list descriptors for the app-server.
- Performance: Improvements in how Codex handles dynamic tool terminal diagnostics.
- Watchdog Timers: Image generation via Codex now has a 120s default watchdog, preventing generic 30s timeouts.
Task Maintenance & Diagnostics
Managing long-running tasks is now more transparent for developers and administrators.
- Detailed JSON Logs: Maintenance commands now explain their backing decisions (backing-session, cron, CLI, or wedged-subagent state).
- Doctor Hardening: Improved warnings for plaintext secrets in configuration and better handling of stale thinking formats.
- Plugin Perf: Faster plugin discovery by threading results through the registry instead of redundant filesystem walks.
Notable Fixes
- Exec Approvals: Fixed manual
/approvedecisions to properly route through the trusted runtime. - xAI OAuth: Device-code login is now available for remote/headless setups.
- WhatsApp: Updated Baileys to 7.0.0-rc12 for better connection reliability.
- Cron Stability: Scheduled jobs now run on a dedicated wake lane, preventing background tasks from blocking main chat.
Upgrade Guide
Who should upgrade?
- Users utilizing the Codex coding harness
- Developers working on skills or plugins
- Administrators managing complex cron schedules and subagents
How to Upgrade
Run the standard update command:
openclaw update
FAQ
What changed with Exec Approvals?
The legacy compatibility path for skill loading has been removed. Skill files must now be loaded using the 'read' tool to be automatically allowed by the exec approval runtime, ensuring better security and auditability.
What's new in Codex 0.132.0?
The bundled Codex harness has been updated to the latest version, providing better model-list documentation and improved performance for coding tasks.
How do the new task maintenance logs help?
The 'openclaw tasks maintenance --json' command now provides detailed reasons for maintenance decisions, explaining exactly why specific sessions or subagents are being retained or reconciled.
How do I upgrade to 2026.5.20?
Run 'openclaw update' in your terminal. As always, ensure you have a backup of your configuration before performing major updates.
Need help from people who already use this stuff?
Join the OpenClaw Community
Get help with your setup, share your agent workflows, and stay up to date with the latest releases in our profit-lab community.