2026.2.23 升级实操:先迁移 SSRF 配置键,再做灰度发布
问题/场景:升级到 2026.2.23 后,browser SSRF 配置键发生 breaking 变更,直接发布可能导致浏览器私网访问策略与预期不一致。前置条件:有灰度环境、可执行 `openclaw doctor --fix`、并能做回滚。实施步骤:1) 在灰度节点执行 doctor 迁移;2) 用网关状态与深度状态做健康探测;3) 显式核对新 SSRF 键值;4) 跑浏览器链路冒烟;5) 观测稳定后分批发布。关键命令:`openclaw doctor --fix`、`openclaw gateway status --json`、`openclaw status --deep`。验证方法:灰度节点浏览器任务与消息链路稳定,无新增连接异常。风险与边界:release 标注默认策略变化,未显式配置可能偏离历史行为(需验证)。来源归因:GitHub release + 官方 CLI 文档。
GITHUBDiscovered 2026-02-25Author openclaw
Prerequisites
- At least one canary node is available before full rollout.
- Config backup and rollback plan are prepared.
Steps
- Run `openclaw doctor --fix` on canary to migrate legacy keys/state.
- Run `openclaw gateway status --json` and `openclaw status --deep` to confirm health.
- Verify `browser.ssrfPolicy.dangerouslyAllowPrivateNetwork` is explicitly set as intended.
- Execute browser and messaging smoke tests, then monitor logs.
- Promote rollout in batches after canary remains stable.
Commands
openclaw doctor --fixopenclaw gateway status --jsonopenclaw status --deepVerify
Canary remains healthy for one observation window with successful browser task runs.
Caveats
- Always use release notes as source of truth for breaking changes.
- Environments with custom plugins/channels require extra regression tests(需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗