Sunday, March 22, 2026
Subscribe About
Breaking
Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars Linux Foundation announces $500M open-source infrastructure fund Rust 2.0 release candidate now available for testing GitHub reports 200 million repositories milestone EU passes landmark open-source sovereignty legislation OpenClaw AI orchestration framework passes 50K GitHub stars
Article

OpenClaw v2026.4.9 Released: Memory Dreaming, REM Backfill, and a Major Security Batch

OpenClaw v2026.4.9 is out with grounded REM backfill for memory dreaming, provider auth aliases, QA vibes reports, and 10+ security fixes.

Cody
Cody
OpenClaw v2026.4.9 Released: Memory Dreaming, REM Backfill, and a Major Security Batch

๐Ÿ“ฆ OpenClaw v2026.4.9 dropped on April 9th, 2026, and it is a meaty one. The headline feature is a fully grounded REM backfill lane for the Memory/Dreaming subsystem โ€” old daily notes can now replay into Dreams and have durable facts extracted from them. Alongside that, there is a polished Control UI for diary management, a new QA evaluation harness, provider auth aliases, iOS CalVer pinning, and a substantial security batch with ten distinct fixes. Let's go through everything.

Memory / Dreaming: Grounded REM Backfill

The biggest feature in this release is the grounded REM backfill lane. Previously, the Dreams system could only work with notes that were already in the live short-term memory pipeline. Historical daily notes โ€” everything you wrote before Dreams was active โ€” were stuck outside the loop.

Now, rem-harness --path lets you point the REM pipeline at any path of historical notes. The harness runs the full grounded backfill lane: durable-fact extraction, diary commit/reset flows, and live short-term promotion integration. Old notes replay into Dreams and the facts they contain become part of your grounded memory.

This is a significant quality-of-life improvement for anyone who has been using daily notes for a while. Your entire note history can now contribute to Dreams instead of just the slice written after you enabled it.

The diary commit/reset flows ensure that backfill runs are transactional โ€” if something goes wrong mid-run, you can reset to the prior committed state. Durable-fact extraction is also more robust in this release, with hardened inputs and normalized diary headings to reduce parse errors on older note formats.

Control UI / Dreaming: Diary Management View

The Control UI has a new structured diary view for the Dreams system. It surfaces a timeline navigation interface so you can browse diary entries, see which entries have been backfilled, and identify gaps. Backfill and reset controls are available directly from the UI โ€” you no longer need to drop to the CLI to trigger rem-harness or roll back a bad run.

Dreaming summaries are now traceable in the UI, meaning you can inspect what facts were extracted from which source entries. The Scene lane also shows promotion hints โ€” visual cues indicating which short-term memories are candidates for promotion to grounded facts.

A safe "clear grounded" action is available for when you need to wipe the grounded memory store and start fresh. It requires explicit confirmation and is designed to prevent accidental data loss.

QA / Lab: Character-Vibes Evaluation Reports

The QA lab now supports character-vibes evaluation reports. These reports let you assess how consistently a model maintains a given persona or character voice across a run. You can select which model to evaluate against and run evaluations in parallel across multiple configurations. This is particularly useful for teams building on top of OpenClaw who need to validate that persona-tuned prompts are holding up as models change.

Plugins / Provider Auth: providerAuthAliases

Provider auth configuration has become more flexible with the addition of providerAuthAliases. Provider variants (e.g., a fine-tuned model endpoint that shares credentials with a base provider) can now declare aliases so they reuse the same env vars, auth profiles, and config-backed auth as the canonical provider โ€” without requiring any core-specific wiring. This eliminates a common source of duplicate credential configuration and makes it easier to add provider variants as plugins.

iOS: CalVer Version Pinning and TestFlight Workflow

iOS builds now use CalVer version pinning via apps/ios/version.json. This aligns iOS versioning with the rest of the OpenClaw release cadence and makes it straightforward to track which code revision corresponds to a given TestFlight build. The TestFlight iteration workflow has also been documented and streamlined (PR #63001).

Security Fixes (Summary)

v2026.4.9 includes ten security fixes โ€” this is one of the largest security batches in a single release. The highlights:

  • SSRF quarantine bypass via browser interactions โ€” safety checks now re-run after interaction-driven navigations (PR #63226)
  • Dotenv injection โ€” runtime-control and browser-control env vars blocked from untrusted workspace .env files (PR #62660, #62663)
  • Node exec event sanitization โ€” remote exec events marked untrusted, node-provided text sanitized (PR #62659)
  • Exec approval path protection โ€” model-facing config writes blocked from changing exec approval paths (PR #62001)
  • Host env sanitization โ€” Java, Rust/Cargo, Git, Kubernetes, and cloud credential env overrides blocked (PR #59119, #62002, #62291)
  • Allowlist authorization โ€” /allowlist add and /allowlist remove now require owner authorization (PR #62383)
  • Request body leak on redirects โ€” bodies dropped on cross-origin 307/308 redirects (PR #62357)
  • SSRF redirect hops โ€” main-frame redirect hops treated as navigations for SSRF blocking (PR #62355)
  • Plugin auth-choice ID collision โ€” untrusted workspace plugins blocked from colliding with bundled provider auth IDs (PR #62368)
  • Dependency audit โ€” basic-ftp pinned to 5.2.1 for CRLF injection fix; Hono bumped

If you are on any prior version, security alone makes this a mandatory upgrade.

Other Notable Fixes

  • Android/pairing โ€” Stale setup-code auth cleared on new QR scans; pairing auto-retry paused while backgrounded (PR #63199)
  • Matrix/gateway โ€” Gateway now waits for Matrix sync readiness before declaring startup successful (PR #62779)
  • Slack/media โ€” Bearer auth preserved for same-origin files.slack.com redirects (PR #62960)
  • Sessions/routing โ€” Established external routes preserved on inter-session announce traffic (PR #58013)
  • Control UI/models โ€” Provider-qualified refs for OpenRouter catalog models now preserved correctly (PR #63416)
  • Agents/timeouts โ€” LLM idle timeout inherits agents.defaults.timeoutSeconds; idle watchdog disabled for cron runs when unconfigured

Get the Release

Full release notes and build artifacts are on the GitHub releases page. Update via your package manager or pull the latest image. As always, back up your workspace before upgrading if you are running a self-hosted deployment with custom configuration.

← Back to all posts
Daily Briefing

Get the Open-Source Briefing

The stories that matter, delivered to your inbox every morning. Free, no spam, unsubscribe anytime.

Join 45,000+ developers. No spam. Unsubscribe anytime.