Skills
Claude Code v2.1.100: Bash Permission Bypass Fix Prevents Arbitrary Code Execution via Backslash-Escaped Flags
Claude Code v2.1.100 patches a security vulnerability where backslash-escaped flags in Bash tool calls could bypass permission checks and be auto-allowed as read-only, enabling arbitrary code execution. Additional fixes include an infinite loop where the rate-limit options dialog would repeatedly auto-open and crash sessions, --resume causing full prompt-cache misses for users with deferred tools or MCP servers, and Edit/Write failing with 'File content has changed' when PostToolUse format-on-save hooks rewrite files between edits. New additions include X-Claude-Code-Session-Id header for proxy session aggregation and .jj/.sl VCS directory exclusions for Jujutsu/Sapling users.
↳ Follow the thread