OpenClaw May 2026 release notes: 4.24 through 5.4

By Linas Valiukas · May 6, 2026

May 2026 was a rough one for self-hosters. Six releases shipped between April 24 and May 5. Five of them broke something. One pruned 1,617 files from your install during npm postinstall. One broke Slack and Telegram. One broke crons and MCP plugins. One reported the wrong version when you ran openclaw --version. The sixth, 2026.5.4, is the first version since 2026.4.23 that the community broadly agrees is safe to run.

Here's everything that shipped, what each release broke, and what 5.4 actually got right. Picks up where the April release notes left off.

The baseline: 2026.4.22 / 2026.4.23 (last quiet week)

The last two patches of April were boring in a good way. Bug fixes, small adapter tweaks, no breaking changes. If you were running 2026.4.23 on April 23, your gateway was probably stable, your channels were working, and your bills were coming in roughly where you expected them.

On April 24 that ended.

v2026.4.24 (April 24): the day three things landed at once

A big release with a small disaster baked into the npm package. Three things shipped:

• DeepSeek V4 Flash and V4 Pro joined the bundled catalog, with V4 Flash set as the new onboarding default for fresh installs. At $0.14/M input and $0.28/M output, V4 Flash is genuinely cheap. The release also fixed DeepSeek thinking and replay behavior on follow-up tool-call turns, which had been silently swallowing intermediate reasoning since v4.3.
• The Claude OAuth adapter was re-sanctioned. Anthropic walked back the April 4 cutoff for CLI usage, with conditions. We have a separate writeup of what changed and why your $20 sub still won't save you.
• A postinstall script that quietly destroyed your install. The postinstall-bundled-plugins.mjs script ran on npm install and deleted files it had no business deleting. The npm tarball ships with 4,116 JS files. After postinstall ran, 2,499 remained. 1,617 files just gone. You'd see ERR_MODULE_NOT_FOUND for restart-sentinel services, codex/provider, and a dozen other modules. Tracked in GitHub issues #72042, #71986, and #72040.

The packaging bug isn't new. It's the same pattern that surfaced on 3.22, 3.24, 4.3 through 4.5, and 4.21. A recurring postinstall regression that the team keeps re-introducing whenever the bundle layout shifts. The fix on every machine: stop the gateway, npm uninstall -g openclaw, npm cache clean --force, then pin to [email protected] until the next stable.

v2026.4.27 (April 27): packaging fixed, memory database not so much

Three days later, 2026.4.27 fixed the postinstall script. Most people who upgraded got a working gateway again. A subset got a worse problem: an empty memory database. After updating, multiple users reported that their agent had forgotten everything. 30+ second response times for trivial questions. "Discussing with an agent who knows exactly nothing," as one user put it.

The migration script touched the memory-search index but didn't always reindex correctly. If your memory.db is showing zero rows after the upgrade, the official advice is to restore from your most recent memory.db.snapshot and run openclaw memory reindex --force. If you don't have a snapshot, you've lost your agent's history. Take that as the lesson it is.

Also in 4.27, quietly: the openai-codex provider got OAuth login. You could now run openclaw onboard, pick openai-codex, and sign in with your ChatGPT account. Sam Altman went public about it the same week. Plus at $20/month and Pro at $100/month now cover OpenClaw usage at flat rates, with GPT-5.5 access included. The contrast with the Anthropic side of the month is hard to miss.

v2026.4.29 (April 29): the bad one

Two days after 4.27, the team shipped 2026.4.29. The release thread on Reddit picked up the title "the idiot developers at openclaw blew another release." Three serious regressions hit at once.

• CPU spin to 100%. A node process would pin a single core indefinitely on some installs, with no obvious trigger. Restarting the gateway didn't help. Several users reported their server fans audible from across the room.
• Slack and Telegram bundled channels failed to load. Logs showed [channels] failed to load bundled channel slack: Cannot find module '@slack/web-api' and [channels] failed to load bundled channel telegram: Cannot find module 'grammy'. The channels appeared healthy in the dashboard but every message returned "Something went wrong while processing your request."
• Codex catalog endpoint timed out. Anyone using the new ChatGPT OAuth provider saw 20-second delays before every response. Trace logs broke down to 11 seconds in model-resolution, 5 in auth, 4 in attempt-dispatch. The cause: chatgpt.com/backend-api/codex returning a Cloudflare bot challenge that the OpenClaw client couldn't satisfy.

A few users gave up and downgraded to 2026.2.6 because they couldn't find a working version closer. Two days of the sub were just rollback advice.

v2026.5.0 (May 1): the version bump

Three days into the 4.29 fallout, the team jumped to 5.0. The changelog called it an "internal architecture refresh" and "the foundation for the upcoming subscribe-style sensing layer." For most users, 5.0 looked like 4.29 minus the worst CPU bug, plus a new provider plugin layout that broke a lot of community plugins again.

Skipping a major version to escape a bad point release is a tell. The team needed the namespace clean. The actual user-visible payoff didn't show up until 5.4.

If you're still on 4.23 reading this: do not upgrade to 5.0 directly. Wait for 5.4.

v2026.5.2 (May 2): crons, MCP plugins, Discord

There was a 5.1 in between. It was a 6-hour release that the team yanked when crash reports came in. Most people skipped from 5.0 to 5.2 without noticing.

5.2 was supposed to clean up 5.0's plugin migration. It introduced new problems instead.

• MCP plugins stopped registering. Custom MCP tool plugins that worked perfectly on 4.23 still appeared in the dashboard, you could toggle them on and off, but the agent couldn't actually call them. Instead the LLM hallucinated parameters and burned 5x the tokens trying. Multiple Reddit threads with the same shape.
• Cron registration broke from CLI. A bash script that ran openclaw cron add in a loop, working fine on 4.23, started throwing device pairing errors on 5.2. Even when run directly on the machine where the device was paired.
• Discord channels went silent. Bot permissions intact, channels appeared healthy, emojis worked. The bot just didn't talk. The only Discord channel that responded was one not inside a category. The 5.0 channel rewrite assumed certain category metadata fields and didn't fall back when they were missing.
• WhatsApp plugin disabled itself. Users got a "plugin disabled" notice with no explanation. The fix was a manual openclaw plugins enable whatsapp, but the dashboard didn't surface this.

v2026.5.3 / 5.3-slim (May 4): the version that lied about its version

5.3 came out to fix 5.2's plugin and cron breakage. It mostly fixed those, but introduced a smaller and weirder bug: openclaw --version on 2026.5.3 returned 2026.4.27. The build pipeline forgot to bump the version constant compiled into the binary. Functionally harmless. Operationally a nightmare for anyone trying to triage which version their fleet is actually running.

A "slim" variant shipped a few hours later, intended as a smaller install. Users reported it was still broken in the same ways as the regular 5.3, and the version-string bug carried through to it as well. By this point most people on Reddit had given up on the 5.x train and pinned 2026.4.23 again.

v2026.5.4 (May 5): hallelujah

The first 5.x release the community broadly likes. Posts started showing up the morning of May 5 with titles like "2026.5.4 Hallelujah!" and "OC stopped melting my CPU finally." Install went smoothly. Startup time minimal. Quiet CPU.

The new stuff in 5.4 is small but earns its keep:

• /steer. Redirects an agent's current task without starting a new session. If your agent is researching the wrong thing, you can steer it without losing the context it has already gathered. Saves the tokens you'd spend re-priming a fresh session.
• /side. Starts a side conversation inside the same session. Ask a quick unrelated question without derailing the main task. The agent maintains both threads.
• Auto-reply queue interrupt priority. /new and /reset now jump the queue. Before this, a fresh start would queue behind whatever the agent was working on. Now the agent stops immediately and accepts the new instruction.
• Codex catalog timeout fix. The Cloudflare-blocked endpoint that was adding 20+ seconds to every ChatGPT OAuth request got a proper fallback path. codex.useFallbackCatalog is now a real config flag the schema accepts.
• MCP plugin registration repaired. Custom MCP tools register and resolve properly again. If you held off through 5.2 and 5.3, this is the version where your stack works again.
• Cron CLI device pairing. The script-based openclaw cron add path no longer throws spurious pairing errors when the device is already authenticated.

Discord category routing got fixed too. WhatsApp re-enables itself on upgrade.

The Sam Altman footnote

Around the same time the 4.x packaging mess was unfolding, Sam Altman posted that ChatGPT subscriptions now work in OpenClaw. The flow is straightforward: openclaw onboard, pick openai-codex, sign in with your ChatGPT account through OAuth, and your $20/month Plus or $100/month Pro plan covers Codex usage at the flat subscription rate. GPT-5.5 included.

Anthropic spent the past two months tightening the OAuth path for OpenClaw users (cutting subscriptions on April 4, partially walking it back on April 24, leaving the ToS language hostile). OpenAI took the opposite tack on the same timeline. If you're a personal-agent user who just wants flat-rate access to a frontier model, the math now leans toward Codex.

Worth noting: the Cloudflare codex catalog block is a real friction point if you're behind any kind of corporate network or VPN. Test the OAuth flow before you commit. We have a longer post on this coming.

The upgrade math

If you're sitting on 2026.4.23 and looking at 2026.5.4, here's what's between you and a clean upgrade:

• Read six changelogs (4.24, 4.27, 4.29, 5.0, 5.2, 5.3, 5.4)
• Check your memory.db snapshot exists and is recent, in case the 4.27 reindex bug bites
• Back up your providers.toml, plugin configs, and any custom MCP definitions
• Stop your gateway cleanly before the upgrade (the postinstall race conditions need this)
• Skip every intermediate version. Go straight from 4.23 to 5.4. The intermediate releases are landmines.
• Re-test every messaging channel after the upgrade. Discord category routing changed, WhatsApp may need a manual enable, Telegram bundled deps may not be where 5.0 expected.
• Re-register custom MCP tools if they were silently dropped
• Verify openclaw --version actually shows 2026.5.4 and not 2026.4.27 (the 5.3 bug shouldn't carry over but worth checking)
• Tune your codex catalog fallback if you're on ChatGPT OAuth

Reddit's reporting 4-8 hours for a clean upgrade if your config isn't too custom. Longer if you'd built your stack around the 4.x plugin layout.

Skip the treadmill

The packaging bug, the empty memory database, the silent Discord channels, the codex catalog timeout, the version that reported the wrong version. You wouldn't have seen any of those if you ran your agent on TryOpenClaw.ai. The bad releases never reached the customer fleet. We test, we wait, we roll forward when something works. 4.23 ran on our infrastructure for two extra weeks because nothing in the 4.24 to 5.3 window cleared the bar. 5.4 deployed yesterday.

That's the deal. You use the agent. We absorb the 1,617 missing files, the broken crons, the dead Discord channels, the version-string regressions. $39/month, flat, no API bill surprises. Join the waitlist.