realvco Docs

v2026.3.11 — WebSocket Security Patch + Multimodal Memory

Released: March 12, 2026 Theme: Security patch + feature expansion Breaking Changes: 1 (Cron isolated delivery tightening)

Overview

v2026.3.11 opens with a critical security patch (WebSocket cross-site hijack, GHSA-5wcw-8jjv-m286) and also delivers multimodal memory indexing, Ollama one-stop onboarding, an iOS Home Canvas redesign, and comprehensive ACP protocol hardening. Fixes outnumber new features — quality and stability led this release.

Core Highlights

1. WebSocket Cross-Site Hijack Patch

GHSA-5wcw-8jjv-m286: in trusted-proxy mode, browser origin validation had a flaw that allowed untrusted origins to gain operator.admin privileges. The fix enforces origin validation for all browser connections. Upgrade immediately.

2. Multimodal Memory Indexing

Opt-in image and audio indexing for memorySearch.extraPaths:

  • Uses Gemini gemini-embedding-2-preview
  • Configurable output dimensions
  • Auto re-indexes on dimension change
  • AI companions now “remember” image and audio content

3. Ollama One-Stop Onboarding

New Local or Cloud + Local hybrid modes:

  • Browser-based cloud sign-in
  • Curated model recommendations
  • Skips unnecessary local pulls for cloud models
  • Local deployment is much easier

4. iOS Home Canvas Redesign

  • Welcome screen with real-time agent overview + auto-refresh
  • Floating controls replaced by a fixed toolbar
  • Small-screen adaptations
  • Chat opens straight into the correct main session

5. ACP Hardening

Over a dozen improvements that sharpen IDE client integration:

  • resumeSessionId resume support
  • Richer tool-streaming events
  • Image attachment forwarding
  • Graceful session restore degradation
  • Main session alias corrections

Breaking Changes

Cron isolated delivery tightening: cron jobs can no longer notify via ad-hoc agent send. Run openclaw doctor --fix to migrate legacy cron storage.

Technical Direction

Comprehensive Security Tightening

From WebSocket origin validation, SecretRef traversal protection, sandbox filesystem bridge, plugin runtime scope isolation, to EXTERNAL UNTRUSTED CONTENT boundary tagging — security hardening across the board.

ACP Protocol Maturation

Session resume, tool streaming, image attachments, graceful degradation — ACP graduates from experimental toward production-ready.

Notable Fixes

  • Model control token leak: GLM-5 and DeepSeek internal separators leaked into user-facing text
  • iOS foreground resume disconnect: stale sockets didn’t auto-reconnect when the app returned to foreground
  • Discord reply chunking: long replies split unexpectedly at line 17
  • Kimi coding tool call regression: tool calls downgraded to XML pseudo-calls instead of native tool_use
  • Auth cooldown expiry loop: stale counters caused prolonged cooldowns