Skip to main content
Edition No. 2

The Git Gazette

Your weekly repo roundup

·openclaw/openclaw·Last 7 days

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

50 commits30 PRs10 issues5 releases
Security Status
🟡

10 advisory recently patched.

See Patch Wiresec's report below for details.

Last checked: Mar 23, 2026

Patch Wiresec — info status
summarize

Here's What Matters: Security Blitz, Major Bug Fixes, and One Developer's 80% Week

Here's what matters this week: 10 security vulnerabilities patched, 3 critical authentication fixes landed, and infrastructure improvements across the board.

The Security Sweep: OpenClaw executed a textbook coordinated disclosure — 10 vulnerabilities disclosed and patched within 24 hours. The standouts: authentication bypasses (GHSA-63f5-hhc7-cx6p), webhook resource exhaustion (GHSA-jq3f-vjww-8rq7), and sandbox escape issues (GHSA-wcxr-59v9-rxr8). All fixed in v2026.3.13.

Critical Bug Fixes: Three authentication nightmares got attention. ZAI API keys vanishing after configure wizard (#23347), Web UI sessions timing out with HTTP 401 after 10-15 minutes (#25663), and Aliyun ModelStudio throwing authentication errors despite valid keys (#51452). The session timeout issue has a workaround (F5 refresh), but no permanent fix yet.

Infrastructure Updates: @RichardCao's massive self-restart fix (#52319) prevents update failures. @frankekn's memory-core fix (#52639) prevents coupled tool failures. Multiple model compatibility fixes landed for Gemini 2.5 Flash (#51629) and various provider issues.

Development Health Check: @steipete dominated with 16/20 commits (80% contribution rate) — impressive output but raises bus factor concerns. v2026.3.13-1 recovery release fixed the botched v2026.3.13 tag.

Bottom line: Update to v2026.3.13 immediately for security fixes. Authentication issues are actively being tracked but not fully resolved.

Sources: #23347, #25663, #51452, #52319, #52639, #51629
Tone:
1 tone change remaining
shield
The Security WireBy Patch Wiresec

OpenClaw's Security Blitz: 10 Vulnerabilities Patched in 24-Hour Window

All hands, we've got multiple confirmed fixes. The AI assistant platform OpenClaw just executed a coordinated security response that would make SEAL Team Six proud — 10 vulnerabilities disclosed and patched within a single day. 🚨🚨

The most concerning finds were the HIGH-severity authentication bypasses. GHSA-63f5-hhc7-cx6p allowed bootstrap pairing codes to be replayed for privilege escalation. GHSA-jq3f-vjww-8rq7 let attackers exhaust resources through Telegram webhooks without authentication. And GHSA-wcxr-59v9-rxr8 — perhaps the nastiest — gave sandboxed subagents access to parent session state, essentially breaking the security sandbox.

Then there's the credential exposure issues. GHSA-xwcj-hwhf-h378 leaked Telegram bot tokens in logged URLs. GHSA-g2f6-pwvx-r275 enabled SCP command injection through unsanitized iMessage attachments. Classic input validation failures that could have been catastrophic in the wrong hands.

The silver lining? OpenClaw's security team executed textbook coordinated disclosure. All advisories dropped simultaneously on March 13-14, with patches already available. No sitting ducks, no extended exposure windows.

WIRESEC URGENCY: 🚨 (1/5) — Already patched

ACTION REQUIRED: If you're running OpenClaw ≤ 2026.3.12, update to 2026.3.13 immediately. The automation and messaging integrations make these vulnerabilities particularly nasty for production deployments. This AI assistant handles sensitive data — treat it accordingly.

All advisories: https://github.com/openclaw/openclaw/security/advisories

Sources: GHSA-63f5-hhc7-cx6p, GHSA-jq3f-vjww-8rq7, GHSA-wcxr-59v9-rxr8, GHSA-xwcj-hwhf-h378, GHSA-g2f6-pwvx-r275
Tone:
1 tone change remaining
theater_comedy
The Drama DeskBy Rita Conflictsón

Token Troubles and Ghosted API Keys: When Authentication Goes Rogue

DEVELOPING: The authentication drama at OpenClaw headquarters reached fever pitch this week, with three separate authentication sagas unfolding simultaneously across the repository floors.

First up: The Case of the Vanishing ZAI Key. Our star witness @chanxinzaiwo reported that their carefully entered API key simply evaporated after running the configure wizard (#23347). "Connection error," screamed the webchat UI, while the key sat somewhere in digital limbo. Classic case of configuration amnesia, folks.

But wait — there's more! @madrus brought us the thrilling "Token Timeout Tango" (#25663), where perfectly valid sessions suddenly throw HTTP 401 tantrums after a mere 10-15 minutes of inactivity. The plot twist? A simple F5 refresh magically resurrects the connection. @ClawBuilder swooped in with theories about WebSocket reconnection drama, because apparently our tokens are playing hard to get.

Meanwhile, @Arsnature2026 is living through "The Aliyun Paradox" (#51452) — their ModelStudio key works flawlessly in direct API calls but throws authentication fits when channeled through OpenClaw. It's giving "works on my machine" energy, but with extra existential dread.

The common thread? Authentication systems that seem to have trust issues. Will our heroes find their missing keys? Will tokens learn to stay connected? Tune in next week!

Sources: #23347, #25663, #51452
Tone:
1 tone change remaining
rate_review

A Fortnight of Reviews: When Bots Outnumber the Critics

This week's exhibition at the OpenClaw galleries presents a fascinating study in modern collaborative review dynamics — one observes no fewer than thirteen distinct pull requests, each adorned with the persistent commentary of our tireless mechanical colleague @chatgpt-codex-connector[bot], who appears to have achieved the remarkable feat of reviewing more commits than there are hours in the day.

Among the more substantial works, @RichardCao's ambitious #52319 stands as a tour de force of self-respawn architecture — a sprawling XL-sized meditation on the philosophical question of how software might gracefully restart itself without losing its essential identity. The piece wrestles with the profound challenge of process resurrection, treating pnpm versioned realpaths with the delicate care one might reserve for Ming porcelain.

Meanwhile, @frankekn's economical #52639 demonstrates that sometimes the most elegant solutions come in modest packages — a size-S gem that prevents coupled failure in memory tools with surgical precision. One particularly admires the architectural wisdom of registering memory tools independently; it bespeaks a mature understanding of fault isolation.

@sallyom's containerization efforts in #52651 deserve mention for their practical ambitions, though the work remains in its formative stages.

Perhaps most intriguingly, one notes the prevalence of "fix" prefixes across the collection — suggesting our gallery has evolved into something of a restoration workshop. Adequate.

Reference: openclaw/openclaw repository

Sources: #52319, #52639, #52651
Tone:
1 tone change remaining
sailing
The Shipping ForecastBy Captain Semver

Recovery Maneuvers Complete: Fleet Returns to Course After Release Channel Mishap

SHIPPING FORECAST, issued 0800 UTC: The OpenClaw fleet has successfully executed emergency recovery operations following a navigational incident in the v2026.3.13 shipping lane.

RECOVERY CONDITIONS: A rare Git tag collision forced Command to issue emergency release v2026.3.13-1 — the -1 suffix serving as maritime identification only, while the npm cargo manifest maintains standard v2026.3.13 designation. Harbor Master @onutc reports all vessels accounted for, with session token compaction repairs (@efe-arv) sealed and watertight.

RECENT WEATHER SYSTEMS: March brought steady patch-level activity — v2026.3.12 delivered Control UI dashboard overhauls (#41503, @BunsDev) and OpenAI GPT-5.4 fast-mode navigation aids, while v2026.3.11 battened down critical WebSocket security hatches (GHSA-5wcw-8jjv-m286). Beta channels maintained proper pre-release protocols throughout.

CURRENT CONDITIONS: Fresh security patches and runtime fixes dominate the commit log, with notable breaking changes brewing — legacy CLAWDBOT environment compatibility has been scuttled, and moltbot state-directory migration support struck from the manifest. These represent major storm warnings for vessels still running deprecated configurations.

FORECAST: Seas remain active with continued plugin-sdk stabilization efforts and gateway security reinforcements. All hands advised to review migration charts before the next major system approaches from the northwest.

Sources: #44894, #41503, #51759, #43215
Tone:
1 tone change remaining
group
Community PulseBy Flo Stargazer

The Steipete Show: When One Contributor Powers Through the Week

Well, well, well — if this week didn't showcase the incredible dedication of @steipete! Looking at our commit activity, Stefan absolutely dominated the development landscape with a staggering 16 out of 20 commits this week. That's an 80% contribution rate from a single developer, folks!

While @steipete was busy crushing bugs across security, CI, gateway, and media components, we did see some solid contributions from @vincentkoc (4 commits) focusing on runtime fixes and documentation updates. Props to @oliviareid-svg and @rcrick for landing meaningful PRs (#51759 and #43215 respectively) — it's always great to see different voices contributing to the codebase.

Our community health metrics show 25 unique actors engaging with the repo this week, which is encouraging for a project of OpenClaw's scale. We saw a nice mix of activity types: 11 new watchers (people are definitely paying attention!), 10 pull request review comments (the community is staying engaged), and 7 PRs moving through the pipeline.

However, I'll be honest — when 80% of commits come from one person, it makes me wonder about contributor burnout and bus factor. @steipete, you're absolutely crushing it, but don't forget to take breaks! And to the rest of our 330k+ stargazers — there's always room for more hands on deck in the lobster kingdom! 🦞

Sources: #51759, #43215
Tone:
1 tone change remaining