CloudCodeTree LogoCloudCodeTree
AI NewsTutorialsAbout
CloudCodeTree Logo
CloudCodeTree
  • AI News
  • Tutorials
  • About
← Back to AI News
Claude Code 2.1.187: Block Credential Leaks in Sandboxes and Lock the Model Picker Org-Wide

Claude Code 2.1.187: Block Credential Leaks in Sandboxes and Lock the Model Picker Org-Wide

Chris Harper

2 min read

Jun 24, 2026 · 12:07 UTC

AI
Workflow
Claude Code
Developer Tools
Security

TL;DR: v2.1.187 lands two security controls — sandbox.credentials blocks shell commands from reading your API keys and secret env vars, and org model restrictions lock the model picker team-wide — plus a critical fix for MCP tool calls that were silently hanging for 5 minutes.

Released June 23, this update has more operational weight than its version number suggests.

sandbox.credentials — stop shells from reading your secrets

When Claude Code spawns bash commands, those subprocesses can inherit your shell's environment — which means your ANTHROPIC_API_KEY, AWS_SECRET_ACCESS_KEY, ~/.aws/credentials, and anything else in your env is readable. In automated or multi-agent contexts that's a wider attack surface than most teams realize.

The new sandbox.credentials setting shuts this door. Add it to your project-level settings:

{
  "sandbox": {
    "credentials": true
  }
}

With this enabled, sandboxed commands can't read credential-shaped env vars or dotfiles. Your agent can still run bash — it just can't leak secrets to whatever it spawns.

Org model restrictions — lock the picker for your whole team

Admins can now configure an allowlist of models via organization settings. When a user tries to select a restricted model — via the /model picker, --model flag, or ANTHROPIC_MODEL env var — they see "restricted by your organization's settings" instead of silently switching. Useful for enforcing cost caps or approved-model policies across a team.

Other fixes that matter

  • MCP timeout: remote MCP tool calls that hung silently for up to 5 minutes now abort immediately with an error. Configurable via CLAUDE_CODE_MCP_TOOL_IDLE_TIMEOUT env var.
  • Structured output loop: --json-schema and agent({schema}) no longer let the model re-call StructuredOutput after a successful response — follow-up turns reliably return structured output.
  • JetBrains flickering in IntelliJ, PyCharm, and WebStorm terminals is fixed.
  • Mouse click support in fullscreen mode — permission prompts, /model, /config menus now respond to clicks.
  • /btw ←/→ arrow navigation lets you step through earlier answers without retyping.

Update with claude update or npm i -g @anthropic-ai/claude-code.

Sources: Claude Code changelog, Releasebot Claude Code