OpenClaw v2026.3.11 Patches WebSocket Hijacking Flaw, Adds iOS Home Canvas
What Happened
OpenClaw released version 2026.3.11 on March 12, addressing a security vulnerability in WebSocket connection handling and introducing several user-facing features. The security fix (GHSA-5wcw-8jjv-m286) enforces browser origin validation for all browser-originated WebSocket connections regardless of proxy header presence, closing a cross-site WebSocket hijacking path in trusted-proxy mode that could have granted unauthorized operator-level admin access.
Beyond the security patch, the release introduces an iOS Home Canvas feature with a bundled welcome screen showing live agent overview that auto-refreshes on connect and reconnect, replacing floating controls with a docked toolbar. The macOS chat UI received an integrated model picker and persistent thinking-level selections across app relaunches. Onboarding was improved with first-class Ollama setup supporting Local and Cloud modes, a new OpenCode Go provider, and streamlined Gemini memory search with multimodal image and audio indexing. The memory and embedding system now supports Gemini's gemini-embedding-2-preview model with configurable output dimensions and automatic reindexing when dimensions change.
Why It Matters
The WebSocket vulnerability fix is particularly timely given that security researchers have documented over 135,000 OpenClaw instances exposed on the public internet. The trusted-proxy mode flaw could have allowed attackers to gain admin access to exposed instances through malicious websites. This continues a pattern of rapid security patching that has defined OpenClaw's 2026 release cycle, reflecting both the platform's growing attack surface and the development team's responsiveness. The iOS Home Canvas feature signals OpenClaw's push toward mobile-first agentic experiences.
What's Next
With the WebSocket hijacking vector now closed, attention will likely shift to the broader challenge of securing the growing deployment base. The Gemini embedding support and multimodal memory indexing hint at increasingly sophisticated context management capabilities in future releases.