openclaw v2026.6.5-beta.3 release notes: what's new & changelog

openclaw v2026.6.5-beta.3 delivers a new bundled web-search provider, significant transparency improvements for iOS voice interactions, and critical security hardening for the Gateway and MCP transports.

Key Changes

New Features and Integrations

• Parallel Web-Search Provider: Parallel is now a bundled web_search provider. It provides LLM-optimized dense excerpts and is configurable via the PARALLEL_API_KEY environment variable or plugins.entries.parallel.config.webSearch.apiKey config. It supports custom base URL overrides for proxying (e.g., via Cloudflare AI Gateway).
• iOS Talk Transparency: The iOS app now distinguishes between the configured voice mode and the active runtime mode. When gateway realtime voice fails, the app surfaces a visible fallback banner and detailed diagnostics, clearly indicating when it has transitioned to native iOS speech recognition and TTS.
• GitHub-backed ClawHub Skills: Users can now install ClawHub skills backed by GitHub repositories. The system resolves installs through the ClawHub API, downloads pinned GitHub commits, and maintains install-policy checks.
• Matrix Voice and Threads: Matrix now supports inbound audio preflight, allowing voice notes to be transcribed before the mention gate. Additionally, thread reads and replies are now thread-aware, using Matrix relations pagination to preserve thread context.

Security Hardening

• Gateway Tool Gating: Access to owner-only core tools (such as gateway, cron, and nodes) is now strictly gated. Non-owner identity-bearing callers are denied access to these tools even if they are explicitly included in the gateway.tools.allow list.
• MCP Transport Guardrails: MCP HTTP, SSE, and Streamable HTTP requests are now routed through the shared SSRF-guarded fetch path. Redirect targets are re-evaluated independently per hop to prevent SSRF attacks via redirects to private or internal targets.
• Global Config Protection: Agent-facing gateway config mutations can no longer persistently rewrite global prompt overlays or the global default model.

Stability and Performance

• Anthropic Session Recovery: Extended-thinking sessions now recover after prompt-cache expiry or Gateway restarts. This is achieved by deferring stream start events until message_start is received, allowing pre-generation signature errors to trigger existing recovery retries.
• MCP Tool Result Coercion: Non-text/image MCP tool-result blocks (such as resource_link, resource, and audio) are now coerced to text at the materialize boundary. This prevents Anthropic 400 errors and session poisoning caused by malformed image blocks.
• SQLite State Migration: Several runtime states have been migrated from ad hoc JSON files to SQLite for improved durability, including auth profiles, Memory Core dreaming state, Matrix crypto sidecars, and Memory Wiki import-run metadata.
• TUI Optimistic Messaging: Outbound user messages in the TUI are now stabilized across history reloads, runId reassignments, and aborts, preventing messages from disappearing or jumping position.

Impact

For Users

• Improved Search Options: Users gain a high-accuracy, agent-optimized search option with the addition of Parallel.
• Better Mobile Diagnostics: iOS users will no longer experience silent failures during voice interactions; the new fallback banner provides immediate feedback and a path to fix the issue on the gateway.
• More Reliable Sessions: Anthropic users with extended thinking enabled will see fewer permanent session stalls after gateway restarts or cache expiries.

For Developers and Operators

• Tighter Security: The Gateway is now more resilient against unauthorized tool invocation and SSRF via MCP redirects.
• Easier Maintenance: The migration of state to SQLite reduces the risk of file corruption and simplifies backup/restore processes.
• Reduced Resource Leakage: A fix to MCP lease release prevents the linear accumulation of MCP server processes during cron agent execution.

FAQ

What's new in v2026.6.5-beta.3?

This release introduces the Parallel web-search provider, iOS Talk fallback banners, GitHub-backed ClawHub skill installation, and Matrix voice/thread support, alongside significant security hardening for the Gateway and MCP transports.

Are there any breaking changes?

Yes, there are security-related breaking changes: non-owner callers can no longer access owner-only core tools via the Gateway, and MCP HTTP redirects to private/internal targets are now blocked. Additionally, agent-driven mutations of global prompt overlays and default models are now rejected.

How do I upgrade?

Upgrade via npm using npm install openclaw@2026.6.5-beta.3. Legacy cron JSON stores will be automatically migrated to SQLite during the doctor config preflight.