This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
ReleasePort's take
Moderate signalThe v2.1.140 release resolves several critical bugs: /goal no longer hangs with certain hook configurations, background service connections stay stable when idle, and managed settings now retry on 401 errors with refreshed tokens.
Why it matters: Patch immediately to eliminate hanging /goal commands, prevent idle‑service connection drops, and ensure managed settings recover from 401 failures; all issues are addressed in v2.1.140.
Summary
AI summaryFixed /goal hanging, background service connection drops, managed settings 401 retry failures, and several other bugs.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Agent tool subagent_type parameter accepts case- and separator-insensitive values Agent tool subagent_type parameter accepts case- and separator-insensitive values Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Plugins warn when default component folders ignored due to plugin.json configuration Plugins warn when default component folders ignored due to plugin.json configuration Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Agent color palette updated Agent color palette updated Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Performance | Medium |
/loop eliminates redundant wakeups for background tasks that notify on completion /loop eliminates redundant wakeups for background tasks that notify on completion Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
/goal command no longer hangs with disableAllHooks or allowManagedHooksOnly set /goal command no longer hangs with disableAllHooks or allowManagedHooksOnly set Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Settings hot-reload regression fixed for symlinked files causing spurious ConfigChange hooks Settings hot-reload regression fixed for symlinked files causing spurious ConfigChange hooks Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Background service startup timeout increased for enterprise endpoint security Background service startup timeout increased for enterprise endpoint security Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Remote managed settings now retry on 401 with force-refreshed token Remote managed settings now retry on 401 with force-refreshed token Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Fixed extraKnownMarketplaces auto-update policy persistence to known_marketplaces.json Fixed extraKnownMarketplaces auto-update policy persistence to known_marketplaces.json Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Windows event-loop stall fixed when missing executables trigger synchronous re-spawns Windows event-loop stall fixed when missing executables trigger synchronous re-spawns Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Read tool now accepts whitespace-padded and + -prefixed offset parameter strings Read tool now accepts whitespace-padded and + -prefixed offset parameter strings Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Fixed claude --bg connection drops when background service idles Fixed claude --bg connection drops when background service idles Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Terminal cursor remains at input caret when terminal loses focus Terminal cursor remains at input caret when terminal loses focus Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
`claude --bg` no longer fails with "connection dropped mid-request" when background service idles `claude --bg` no longer fails with "connection dropped mid-request" when background service idles Source: granite4.1:30b@2026-05-23-audit Confidence: low |
— |
Full changelog
What's changed
- Improved Agent tool
subagent_typematching to accept case- and separator-insensitive values (e.g."Code Reviewer"resolves tocode-reviewer) - Updated agent color palette
- Fixed
/goalsilently hanging whendisableAllHooksorallowManagedHooksOnlyis set — now shows a clear message instead of an indicator that never resolves - Fixed a regression in settings hot-reload where symlinked settings files caused misattributed change events and spurious
ConfigChangehooks - Fixed
claude --bgfailing with "connection dropped mid-request" when the background service was about to idle-exit - Fixed background service startup failing on machines with enterprise endpoint security by allowing more time
- Fixed remote managed settings not retrying on 401 — now retries once with a force-refreshed token
- Fixed managed
extraKnownMarketplacesauto-update policy not being persisted toknown_marketplaces.json - Fixed
/loopscheduling redundant wakeups to poll for background tasks that already notify on completion - Fixed a recurring event-loop stall on Windows when a missing executable (e.g.
gh) triggered synchronouswhere.exere-spawns on every check - Fixed
Readtool calls failing validation whenoffsetis passed as a whitespace-padded or+-prefixed string - Fixed native terminal cursor not staying at the input caret when the terminal loses focus
- Plugins now warn when a default component folder (e.g.
commands/) is silently ignored becauseplugin.jsonsets the matching key. Shown in/doctor,claude plugin list, and/plugin.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About claude-code
All releases →Related context
Related tools
Earlier breaking changes
- v2.1.160 Renames dynamic‑workflow trigger keyword from `workflow` to `ultracode`; `workflow` no longer triggers a run
- v2.1.160 Deprecates and removes the `CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE` environment variable; it is now a no‑op
- v2.1.147 Renames /simplify to /code-review; removes cleanup-and-fix behavior.
Beta — feedback welcome: [email protected]