How We Hit the SSRF Landmine in OpenClaw 2026.4.2 and Fixed It Across 13 Nodes

How We Hit the SSRF Landmine in OpenClaw 2026.4.2 and Fixed It Across 13 Nodes April 4, 2026 turned into our cluster-wide migration day — switching all OpenClaw nodes from Anthropic models to openai-codex/gpt-5.4 . The trigger was a policy change on Anthropic's side that cut off third-party harness access to subscription quota. Running rough numbers on March usage: full Opus would run ~$4,700/month, Sonnet ~$945/month. Not sustainable, so we pivoted to Codex via existing ChatGPT Plus. The model switch alone wasn't the hard part. To run gpt-5.4 stably, OpenClaw needed to be on 2026.3.3 or later. We validated 2026.4.2 on one node first, then rolled it out to all 13. That's where the SSRF protection blindsided us. Symptom: Bot Goes Silent After Upgrade In 2026.4.2, internal connections to Mattermost are blocked by default. The symptom is straightforward — after the upgrade, bots stop responding entirely. The logs show: SsrFBlockedError: Blocked hostname or private/internal/special-use IP