This release adds 2 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+13 more
Affected surfaces
Summary
AI summarySwitched default TLS profile to Safari26/Mac and added plain client fallback for blocked impersonated TLS connections.
Full changelog
Changed
- Default TLS profile: switched from Chrome145/Win to Safari26/Mac — highest pass rate across Cloudflare-protected sites
- Plain client fallback: when impersonated TLS gets connection error or 403, automatically retries without impersonation. Fixes ycombinator.com, producthunt.com, and similar sites that reject forged TLS fingerprints
Fixed
- Reddit scraping:
.jsonendpoint now uses plain HTTP client (TLS fingerprint was getting blocked)
Added
- YouTube transcript extraction infrastructure in webclaw-core (caption track parsing, timed text XML parser) — will be wired up when cloud API launches
Test results: 9/10 previously-failing sites now pass without proxy. StockX passes with proxy rotation.
Full changelog: https://github.com/0xMassi/webclaw/blob/main/CHANGELOG.md
Full Changelog: https://github.com/0xMassi/webclaw/compare/v0.1.1...v0.1.2
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About 0xMassi/webclaw
Web content extraction for AI agents. 10 tools: scrape, crawl, map, batch, extract, summarize, diff, brand, search, research. TLS fingerprinting bypasses anti-bot without a browser. 67% fewer tokens than raw HTML. `npx create-webclaw` auto-configures Claude, Cursor, Windsurf, Codex, OpenCode.
Related context
Beta — feedback welcome: [email protected]