Claude Discovery

← All discoveries

Close-up of a smartphone wrapped in a chain with a padlock, symbolizing strong security.
Photo by Towfiqu barbhuiya on Pexels
tool

Claude Code 2.1.214 closes a PowerShell permission bypass

2026-07-18 ยท source:

Claude Code 2.1.214 fixes four permission-check bugs, including nested-directory allow rules matching too broadly and a bypass in Windows PowerShell 5.1 sessions.

What it is

A patch release of Claude Code focused entirely on tightening the permission system rather than adding features.

What it does

It fixes single-segment allow rules like `Edit(src/**)` that were auto-approving writes to any `dir/` folder anywhere in the tree instead of just the current working directory, closes a permission-check bypass specific to Windows PowerShell 5.1, makes Bash checks fail closed on file-descriptor redirect forms the permission analyzer parses differently than bash itself, and forces a manual prompt for any command over 10,000 characters instead of letting length confuse the auto-approval logic.

Why it matters

Each of these bugs meant a rule you thought scoped Claude Code down was quietly wider than intended, which matters a lot more once you're running unattended sessions with auto mode or background agents from recent releases.

How to use it

Update via your normal Claude Code update channel; no config changes are needed since these are bug fixes to existing permission-rule syntax.

Go to source →
claude-codesecuritypermissions