According to a 1M AI News report, on March 3, the open-source AI Agent framework OpenClaw released version v2026.3.2, including several new features, security enhancements, and over 150 bug fixes, with contributions from 93 developers. In terms of major features, this version added a native PDF analysis tool, with support for Anthropic and Google as PDF processing backends, configurable extraction fallback policies, and page/size limits; the SecretRef credential reference mechanism extended to 64 targets, covering the runtime collector, planning/execution/audit end-to-end, and unresolved references will now immediately error on active interfaces; a new STT (Speech-to-Text) API was added to support transcription of audio files through configured service providers; Telegram message streaming switched default to “partial” mode to enable real-time preview; and the provider directory added the MiniMax-M2.5-highspeed model.
This version includes four breaking changes: the default tool configuration for new installations switched from a broad programming toolset to a “messaging” configuration; ACP scheduling is now enabled by default; the plugin HTTP route registration API changed from registerHttpHandler to requiring explicit declaration of authentication in registerHttpRoute; and Zalo Personal no longer depends on external CLI binaries, using a pure JS runtime instead. In terms of security, issues such as Gateway loopback WebSocket hardening, plugin route registration deduplication prevention, Webhook pre-authentication parsing, and skill workspace symbolic link escape protection were addressed.
