Skip to content

claude-code

v2.1.152 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 8d Developer Productivity
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

ReleasePort's take

Moderate signal
editorial:auto 8d

Version v2.1.152 introduces session‑scoped OTP cooldowns to block abuse and adds usage alerts that notify owners before billing caps are reached.

Why it matters: OTP cooldowns directly mitigate rapid authentication abuse, while usage alerts give operators a measurable trigger—warnings appear before hitting predefined billing thresholds—critical for cost control and security posture.

Summary

AI summary

Session‑scoped OTP cooldowns close an abuse vector and usage alerts warn owners before billing caps hit.

Changes in this release

Feature Low

/code-review --fix now applies review findings to your working tree after the review, surfacing reuse, simplification, and efficiency suggestions; /simplify now invokes /code-review --fix

/code-review --fix now applies review findings to your working tree after the review, surfacing reuse, simplification, and efficiency suggestions; /simplify now invokes /code-review --fix

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Skills and slash commands can now set `disallowed-tools` in frontmatter to remove tools from the model while the skill is active

Skills and slash commands can now set `disallowed-tools` in frontmatter to remove tools from the model while the skill is active

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Added `/reload-skills` command to re-scan skill directories without restarting the session

Added `/reload-skills` command to re-scan skill directories without restarting the session

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

`SessionStart` hooks can now return `reloadSkills: true` to re-scan skill directories, making skills installed by the hook available in the same session

`SessionStart` hooks can now return `reloadSkills: true` to re-scan skill directories, making skills installed by the hook available in the same session

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

`SessionStart` hooks can now set the session title via `hookSpecificOutput.sessionTitle` on startup and resume

`SessionStart` hooks can now set the session title via `hookSpecificOutput.sessionTitle` on startup and resume

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Added a `MessageDisplay` hook event that lets hooks transform or hide assistant message text as it is displayed

Added a `MessageDisplay` hook event that lets hooks transform or hide assistant message text as it is displayed

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Added `pluginSuggestionMarketplaces` managed setting: admins can allowlist org marketplaces whose plugins may be suggested via context‑aware tips

Added `pluginSuggestionMarketplaces` managed setting: admins can allowlist org marketplaces whose plugins may be suggested via context‑aware tips

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

`claude plugin marketplace remove` now accepts `--scope user|project|local` for symmetry with `marketplace add`, `install`, and `uninstall`

`claude plugin marketplace remove` now accepts `--scope user|project|local` for symmetry with `marketplace add`, `install`, and `uninstall`

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Claude Code now switches to your configured `--fallback-model` for the rest of the session when the primary model is not found, instead of failing every request

Claude Code now switches to your configured `--fallback-model` for the rest of the session when the primary model is not found, instead of failing every request

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Auto mode no longer requires opt‑in consent

Auto mode no longer requires opt‑in consent

Source: llm_adapter@2026-05-27

Confidence: high
Feature Low

Vim NORMAL mode `/` opens reverse history search like Ctrl+R in bash/zsh vi-mode

Vim NORMAL mode `/` opens reverse history search like Ctrl+R in bash/zsh vi-mode

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Feature Low

/usage breakdown now includes large session files using streaming reads to keep memory usage flat

/usage breakdown now includes large session files using streaming reads to keep memory usage flat

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Feature Low

Thinking summaries stay readable for at least 3 seconds, render as markdown, capped at 10 lines (Ctrl+O shows full)

Thinking summaries stay readable for at least 3 seconds, render as markdown, capped at 10 lines (Ctrl+O shows full)

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Feature Low

Fullscreen mode's "Thinking for Ns" indicator counts up live and retains value if interrupted

Fullscreen mode's "Thinking for Ns" indicator counts up live and retains value if interrupted

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Feature Low

Post‑response timer shows "Waiting for N background agents/workflows" and reports cumulative time after processing

Post‑response timer shows "Waiting for N background agents/workflows" and reports cumulative time after processing

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Feature Low

Added `app.entrypoint` OpenTelemetry metric attribute (opt‑in via OTEL_METRICS_INCLUDE_ENTRYPOINT=true)

Added `app.entrypoint` OpenTelemetry metric attribute (opt‑in via OTEL_METRICS_INCLUDE_ENTRYPOINT=true)

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix High

Fixed remote MCP servers failing to connect in Claude Code Remote sessions when egress proxy is enabled

Fixed remote MCP servers failing to connect in Claude Code Remote sessions when egress proxy is enabled

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Medium

Fixed terminal styling degradation in very long sessions by recycling renderer's style pool

Fixed terminal styling degradation in very long sessions by recycling renderer's style pool

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Medium

Fixed plugin MCP servers with same command but different env vars being incorrectly deduplicated

Fixed plugin MCP servers with same command but different env vars being incorrectly deduplicated

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Medium

Fixed plugins tracking a git branch silently stopping updates after registry rebuild

Fixed plugins tracking a git branch silently stopping updates after registry rebuild

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Medium

Fixed background worker crash in `claude agents` after accepting stale permission prompt post‑cancellation

Fixed background worker crash in `claude agents` after accepting stale permission prompt post‑cancellation

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed sandbox‑enabled warning not appearing in condensed startup mode; now shown in every layout

Fixed sandbox‑enabled warning not appearing in condensed startup mode; now shown in every layout

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed loading spinner showing "still thinking"/"almost done thinking" while a tool runs and resets status to "thinking" after each tool

Fixed loading spinner showing "still thinking"/"almost done thinking" while a tool runs and resets status to "thinking" after each tool

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed focus mode spurious "N messages hidden" count on turns with no hidden activity

Fixed focus mode spurious "N messages hidden" count on turns with no hidden activity

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed clicking a link inside an expanded tool result collapsing the section instead of opening the link

Fixed clicking a link inside an expanded tool result collapsing the section instead of opening the link

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed markdown table cell border color inheritance from inline code, wrapped continuation line styling loss, and empty header cells showing label in narrow‑terminal layout

Fixed markdown table cell border color inheritance from inline code, wrapped continuation line styling loss, and empty header cells showing label in narrow‑terminal layout

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed `/doctor` reporting "marketplace not found" or "plugin not found" for stale `enabledPlugins` entries

Fixed `/doctor` reporting "marketplace not found" or "plugin not found" for stale `enabledPlugins` entries

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed effort‑change confirmation dialog appearing with no messages or identical effort levels

Fixed effort‑change confirmation dialog appearing with no messages or identical effort levels

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Bugfix Low

Fixed Agent tool description referencing a missing agent list when running with `--bare` or attachments disabled

Fixed Agent tool description referencing a missing agent list when running with `--bare` or attachments disabled

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Refactor Low

Simplified Workflow tool inline progress display; live agent counts now only in persistent status row

Simplified Workflow tool inline progress display; live agent counts now only in persistent status row

Source: granite4.1:30b@2026-05-27-audit

Confidence: high
Full changelog

What's changed

  • /code-review --fix now applies review findings to your working tree after the review, surfacing reuse, simplification, and efficiency suggestions; /simplify now invokes /code-review --fix
  • Skills and slash commands can now set disallowed-tools in frontmatter to remove tools from the model while the skill is active
  • Added /reload-skills command to re-scan skill directories without restarting the session
  • SessionStart hooks can now return reloadSkills: true to re-scan skill directories, making skills installed by the hook available in the same session
  • SessionStart hooks can now set the session title via hookSpecificOutput.sessionTitle on startup and resume
  • Added a MessageDisplay hook event that lets hooks transform or hide assistant message text as it is displayed
  • Added pluginSuggestionMarketplaces managed setting: admins can allowlist org marketplaces whose plugins may be suggested via context-aware tips
  • claude plugin marketplace remove now accepts --scope user|project|local for symmetry with marketplace add, install, and uninstall
  • Claude Code now switches to your configured --fallback-model for the rest of the session when the primary model is not found, instead of failing every request
  • Auto mode no longer requires opt-in consent
  • Vim mode: / in NORMAL mode now opens reverse history search (like Ctrl+R), matching bash/zsh vi-mode
  • The /usage breakdown now includes large session files; files are scanned with a streaming read so memory usage stays flat
  • Thinking summaries in the collapsed group now stay readable for at least 3 seconds, render as markdown, and cap at 10 lines (Ctrl+O shows the full thinking)
  • In fullscreen mode, the "Thinking for Ns" indicator now counts up live while the model is thinking, and keeps its value if you interrupt mid-thought
  • Simplified the Workflow tool's inline progress display — live agent counts now show only in the persistent workflow status row below the prompt
  • The post-response timer now shows "Waiting for N background agents/workflows to finish" when backgrounded agents or workflows are still running, and reports the cumulative time once their results are processed
  • Added the session entrypoint as an OpenTelemetry metric attribute (app.entrypoint, opt-in via OTEL_METRICS_INCLUDE_ENTRYPOINT=true)
  • Fixed terminal styling degrading in very long sessions by recycling the renderer's style pool
  • Fixed the sandbox-enabled warning not appearing in condensed startup mode — it now shows in every layout
  • Fixed the loading spinner showing "still thinking"/"almost done thinking" while a tool is running, and reset the thinking status to "thinking" after each tool
  • Fixed focus mode showing a spurious "N messages hidden" count on turns with no hidden activity
  • Fixed clicking a link inside an expanded tool result collapsing the section instead of opening the link
  • Fixed markdown table cell borders inheriting the color of inline code, wrapped continuation lines losing their style, and empty header cells showing a label in the narrow-terminal stacked layout
  • Fixed plugin MCP servers with the same command but different environment variables being incorrectly deduplicated
  • Fixed /doctor reporting "marketplace not found" or "plugin not found" for stale enabledPlugins entries referencing removed marketplaces or dropped plugins
  • Fixed plugins that track a git branch silently no longer receiving updates after the plugin registry was rebuilt
  • Fixed remote MCP servers failing to connect in Claude Code Remote sessions when the egress proxy is enabled
  • Fixed the effort-change confirmation dialog appearing when the conversation has no messages or when switching between effort levels that resolve to the same underlying value
  • Fixed the Agent tool description referencing an agent list that is never delivered when running with --bare or with attachments disabled
  • Fixed a background worker crash in claude agents when accepting a stale permission prompt after a subagent was cancelled
  • Fixed cache_creation_input_tokens reporting as 0 in transcript and result usage when the API reports cache writes only via the nested cache_creation breakdown
  • Fixed the PushNotification tool incorrectly reporting "Mobile push not sent (Remote Control inactive)" in SDK-hosted sessions when Remote Control is enabled
  • Fixed sessions getting stuck after a model or login switch left stale thinking-block signatures in history; now stripped proactively with a retry safety-net

Security Fixes

  • Authflow cooldowns now session‑scoped — closes abuse vector where users changed phone/email mid‑flow to reset OTP cooldowns
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track claude-code

Get notified when new releases ship.

Sign up free

About claude-code

All releases →

Related context

Earlier breaking changes

  • v2.1.160 Renames dynamic‑workflow trigger keyword from `workflow` to `ultracode`; `workflow` no longer triggers a run
  • v2.1.160 Deprecates and removes the `CLAUDE_CODE_OPUS_4_6_FAST_MODE_OVERRIDE` environment variable; it is now a no‑op
  • v2.1.147 Renames /simplify to /code-review; removes cleanup-and-fix behavior.

Beta — feedback welcome: [email protected]