OpenClaw v2026.3.8 shipped on March 8 with contributions from 43 developers. Its a reliability and hardening release. Not flashy, but the kind that matters most in production.
Backup CLI
New openclaw backup create and openclaw backup verify commands let self-hosters archive their agent state locally. Grab everything or use --only-config for a config-only snapshot.
ACP Provenance
Think of it as caller ID for agent-to-agent communication. When another agent or system talks to yours, ACP provenance metadata lets your agent verify who initiated the conversation.
Three modes: --provenance off, meta, or meta+receipt. Most individual users wont touch this directly. But for multi-agent setups, this reduces spoofed identities in agent workflows. Spoofed agent identities are how multi-agent pipelines get poisoned with bad data or unauthorized instructions.
12+ Security Patches
SSRF protections, script execution sandboxing, and download-tool pinning. The kind of stuff you want your infrastructure to get quietly better at.
Full release notes: https://clawhosters.com/blog/posts/openclaw-v2026-3-8-backup-cli-security-update
Top comments (0)