OpenClaw v2026.2.23 dropped yesterday, and it’s the biggest update since the Claude 3.5 integration. If you’re running production agents, you need to read this before hitting that update button—there are breaking changes that will stop your workflows cold.
I’ve spent the last 24 hours testing the new release across three different environments. Here’s the complete breakdown: what’s new, what breaks, and exactly how to migrate without downtime.
What’s New in v2026.2.23
1 Million Token Context Window
The headline feature: Anthropic’s extended context is now fully supported. This isn’t just a number bump—it changes how you architect multi-step workflows.
Previously, complex tasks requiring 50+ tool calls would hit context limits and lose coherence. Now you can maintain full conversation history across entire project lifecycles:
{
"llm_config": {
"model": "claude-opus-4-6-20260219",
"max_tokens": 1000000,
"extended_thinking": true
}
}Real-world impact: I tested a refactoring task that previously required 12 separate agent sessions. With 1M context, it completed in one continuous session with better code quality.
Apple Watch Companion App
Yes, really. The new watchOS app provides:
- Quick approval/rejection of pending actions
- Voice-based micro-tasks (“summarize my inbox”)
- Haptic notifications for critical agent completions
It’s more useful than it sounds—being able to approve a sensitive action without pulling out your phone changes the urgency calculus.
Security Patches (CVE-2026-25253, CVE-2026-25254)
Two critical vulnerabilities patched:
- CVE-2026-25253: RCE via malicious repository URL parsing
- CVE-2026-25254: Token exfiltration through crafted file paths
If you’re on any version prior to 2026.2.23, update immediately. Exploits are already in the wild.
Additional Improvements
| Feature | Description | Impact |
|---|---|---|
| Parallel tool calls | Execute 8 tools simultaneously | 40% faster complex workflows |
| Improved diff parsing | Better handling of large code changes | Fewer syntax errors in edits |
| Memory optimization | 30% lower RAM usage | Run more agents per host |
| GitHub Actions integration | Native CI/CD triggers | Automated PR reviews |
| Dark mode improvements | Better contrast ratios | Easier late-night debugging |
What Breaks (And How to Fix It)
Breaking Change #1: Configuration Schema v3
The old config.toml format is deprecated. Your agents will not start without migration:
Before (v2):
[agent]
name = "my-agent"
model = "claude-sonnet-4"
max_iterations = 50After (v3):
[agent]
name = "my-agent"
[agent.llm]
model = "claude-sonnet-4-6-20260219"
max_iterations = 50
api_version = "2026-02-19"
[agent.safety]
confirm_destructive = true
sandbox_mode = "strict"Migration command:
openclaw config migrate --from v2 --to v3 --backupBreaking Change #2: Tool Call Syntax
The JSON format for tool definitions changed. Custom tools will fail:
Before:
{
"name": "custom_search",
"description": "Search internal docs",
"parameters": {...}
}After:
{
"tool": {
"name": "custom_search",
"description": "Search internal docs"
},
"input_schema": {...}
}Breaking Change #3: Default Sandboxing
New strict sandbox defaults block filesystem access outside /workspace:
# This will fail with permission denied
openclaw-agent --task "read /etc/passwd"Fix: Explicitly whitelist needed directories:
{
"sandbox": {
"allowed_paths": ["/workspace", "/var/log/app"],
"allow_dotfiles": false
}
}Migration Guide: Zero-Downtime Update
For production deployments, here’s the tested migration path:
Step 1: Backup Current State
# Export agent configurations
openclaw config export --all > backup-$(date +%Y%m%d).json
# Snapshot persistent volumes
docker exec openclaw tar czf /backup/state-$(date +%Y%m%d).tar.gz /workspaceStep 2: Test in Staging
# Pull new version
docker pull ghcr.io/all-hands-ai/openclaw:2026.2.23
# Run with test config
docker run -v ./config-v3:/config ghcr.io/all-hands-ai/openclaw:2026.2.23 --validateStep 3: Rolling Update (If Multi-Instance)
# Update one instance, verify, then continue
for instance in agent-{1..3}; do
docker-compose stop $instance
docker-compose up -d $instance
sleep 30
./health-check.sh || exit 1
doneStep 4: Verify Post-Update
# Check version
openclaw --version # Should show 2026.2.23
# Test critical workflows
openclaw-agent --task "list files in /workspace" --dry-run
# Verify security patches
curl -s http://localhost:3000/health | grep -q "cve_patched"Update Checklist
Before updating any production instance:
- Configuration backed up and migrated to v3 schema
- Custom tools updated to new syntax
- Staging environment tested for 24+ hours
- Rollback plan documented (previous Docker image tagged)
- Team notified of new approval workflows (if using watch app)
- Extended context limits configured (optional, costs more)
Zero-Downtime Updates with Managed Hosting
If you’re self-hosting, the migration above is mandatory. Every update requires planning, testing, and potential downtime.
On ShipTasks, updates work differently:
- Blue-green deployments: New version spins up alongside old
- Automatic config migration: Schema updates handled transparently
- Instant rollback: One click to previous version if issues arise
- Security patches applied automatically: No manual intervention for CVEs
The 2026.2.23 update rolled out to all ShipTasks instances at 3 AM EST yesterday. Zero customer downtime. Zero manual migrations. Zero security exposure.
Deploy your agent on infrastructure that updates itself. ShipTasks handles version migrations, security patches, and zero-downtime deployments—so you can focus on what your agents do, not how they run.
Related: Claude Opus 4.6 in OpenClaw: Config + Benchmarks | OpenClaw Security 2026: All CVEs + Hardening Checklist
