Skip to main content
โ† Back to Blog

9 April 2026

OpenClaw v2026.4.9

ReleaseOpenClawDreamingSecurityAndroid

v2026.4.9 just shipped. Four focused areas this cycle: the dreaming system gets a major upgrade, security hardening against SSRF and node exec injection, new character-vibes QA evaluation framework, and a complete overhaul of Android device pairing. Here's what changed.

Dreaming: REM Backfill & Diary Timeline UI

The experimental dreaming system introduced in v2026.4.5 now supports REM backfillโ€” agents can retroactively process and consolidate memories from past conversations during idle periods. Think of it as your agent "sleeping on it" and waking up with better recall.

  • REM backfill pipeline โ€” scans recent conversation history during idle cycles, identifies unprocessed memories, and promotes them through the dream consolidation pipeline
  • Dream Diary timeline UI โ€” new visual timeline in Control UI showing when your agent dreamed, what memories were consolidated, and the conceptual tags generated
  • Configurable dream depth โ€” control how far back the backfill reaches (default: 48h) and how aggressively memories are promoted
  • Dream metrics โ€” track consolidation counts, memory promotion rates, and dream cycle durations in the dashboard

The diary UI is accessible via /dreamingin the Control panel or the new "Dreams" tab in agent settings. Each dream entry shows the source conversations, the memories extracted, and how they connect to existing knowledge.

SSRF & Node Exec Injection Hardening

Critical security hardening in this release. Two vectors patched:

  • SSRF blocklist expansion โ€” extended coverage for IPv4-mapped IPv6 addresses, DNS rebinding via dual-stack resolvers, and cloud metadata endpoints (169.254.169.254, fd00::/8). The blocklist now catches ~40 additional bypass patterns identified through fuzzing
  • Node exec injection guard โ€” new sandbox layer around tool execution that prevents prompt-injected payloads from breaking out of the agent tool sandbox into host-level child_process calls. All tool exec paths now run through a validated allowlist
  • URL validation at parse time โ€” URLs are now validated immediately on parse rather than at request time, closing a TOCTOU window where a valid URL could be swapped for a malicious one between validation and fetch

If you run self-hosted OpenClaw, update immediately. These are defence-in-depth fixes โ€” no known exploits in the wild, but the attack surface is now significantly smaller.

Character-Vibes QA Evals

New evaluation framework for testing whether your agent actually sounds like the character you configured. Character-vibes QA runs automated conversation probes against your agent's persona and scores responses on consistency, tone, vocabulary, and behavioral alignment.

  • Vibe scoring โ€” 0-100 score across four dimensions: voice consistency, emotional range, knowledge boundaries, and refusal patterns
  • Drift detection โ€” alerts when your agent's responses start diverging from the configured persona (common after long conversations or memory accumulation)
  • Probe library โ€” built-in set of adversarial and edge-case prompts designed to test character boundaries (e.g., "break character" attempts, out-of-domain questions, emotional manipulation)
  • CI integration โ€” run openclaw eval --character in your pipeline to gate deployments on persona quality

This is particularly useful for music industry agents on Agentbot where persona consistency matters โ€” your DJ agent shouldn't suddenly start talking like a customer support bot.

Android Pairing Overhaul

Complete rewrite of the Android device pairing flow. Previous implementation had reliability issues with WebSocket handshake on certain Android WebView versions and Samsung Internet.

  • QR-first pairing โ€” scan a QR code from the Control UI to pair your Android device instantly. Falls back to manual token entry
  • Persistent connection โ€” paired devices now maintain connection through app backgrounding and network switches via a lightweight heartbeat protocol
  • Push notification bridge โ€” agent messages can now trigger Android push notifications even when the app is closed
  • Samsung Internet fix โ€” resolved a WebSocket upgrade header issue specific to Samsung Internet 24+ that caused pairing to silently fail

Updating

All Agentbot managed containers auto-update on next deploy cycle. Self-hosted operators:

docker pull ghcr.io/openclaw/openclaw:latest
openclaw --version  # should show 2026.4.9

Run openclaw doctor --fix after updating to ensure all config paths are migrated. No breaking changes in this release.

Previous: v2026.4.5 โ†’Solana Integrations โ†’$AGENTBOT Token โ†’
ONLINE
ยฉ 2026 Agentbot