OpenClaw v2026.4.21 landed early this morning — a focused patch release that updates the default image-generation model, closes a meaningful security gap in owner command enforcement, and sharpens fallback visibility for image providers. Here is what changed and why it matters.
GPT-Image-2 Is Now the Default
The bundled image-generation provider and live media smoke tests now default to gpt-image-2. Alongside the model bump, OpenClaw advertises newer 2K and 4K size hints in image-generation docs and tool metadata, so agents can request sharper output without custom configuration.
If you were already using a pinned model or a different provider, nothing changes for you — the default only applies to installations that were using the bundled provider without an explicit override.
Owner Command Security Fix
A permission bypass in the auth/commands layer has been patched (#69774, thanks @drobison00). The previous behavior allowed non-owner senders to reach owner-only commands through a permissive fallback: if enforceOwnerForCommands=true was set but commands.ownerAllowFrom was left unset, a wildcard allowFrom or an empty owner-candidate list was treated as sufficient authorization.
The fix requires a genuine owner identity match — either an owner-candidate match or internal operator.admin — before owner-enforced commands execute. If you run a multi-user or shared gateway and have enforceOwnerForCommands enabled, this update is worth applying promptly.
Better Image Fallback Visibility
Failed provider/model candidates are now logged at warn level before automatic provider fallback triggers. Previously, if your primary image provider failed silently and a downstream provider succeeded, the gateway log gave no indication that anything went wrong. With this change, OpenAI image failures (and equivalent failures from any provider) will appear in the log even when a later fallback provider produces a result.
This is especially useful in multi-provider setups where silent fallback can mask configuration problems or quota exhaustion.
Plugins/Doctor Recovery Improvements
The doctor command can now repair bundled plugin runtime dependencies from doctor paths, allowing packaged installs to recover missing channel or provider dependencies without running a broad core dependency install. Useful on constrained environments or setups where dependency resolution is restricted.
Other Fixes in This Build
- Slack — Thread aliases are now preserved in runtime outbound sends, so generic runtime sends stay in the intended Slack thread when the caller supplies
threadTs(#62947, thanks @bek91). - Browser — Invalid
axaccessibility refs are now rejected immediately inactpaths rather than waiting for the full browser action timeout (#69924, thanks @Patrick-Erichsen). - npm install — The deprecated
node-domexceptionchain pulled through Pi/Google runtime dependencies is now suppressed via a rootpackage.jsonoverride (thanks @vincentkoc).
Upgrading
npm install -g openclaw@latest
Or use the built-in update command:
openclaw update
Full release notes are available on the GitHub releases page.