CloudCodeTree LogoCloudCodeTree
AI NewsTutorialsAbout
CloudCodeTree Logo
CloudCodeTree
  • AI News
  • Tutorials
  • About
← Back to AI News
Claude Code 2.1.211: Unicode Security Fix, Subagent Text Streaming, and Session Crash Fixes

Claude Code 2.1.211: Unicode Security Fix, Subagent Text Streaming, and Session Crash Fixes

Chris Harper

2 min read

Jul 16, 2026 · 04:03 UTC

AI
News
Claude Code
Agents

Claude Code 2.1.211 (July 15) patches a Unicode prompt-spoofing vector in permission previews, adds streaming visibility into subagent thinking for CI pipelines, and fixes a session-logout regression that hit multi-machine setups.

Three changes worth knowing:

Permission-prompt security. The UI now strips bidirectional-override, zero-width, and look-alike quote characters from tool descriptions before displaying them. These Unicode tricks can make a permission request render as "Allow file read" while the underlying call does something else — a real attack surface when running third-party MCP servers or processing external content. File upload validation also blocks DOS device suffixes and hard links.

--forward-subagent-text. Pass this flag (or set CLAUDE_CODE_FORWARD_SUBAGENT_TEXT=1) when running with --output-format stream-json to include each subagent's text blocks and thinking steps in the outer NDJSON stream. Useful for CI pipelines and dashboards that want a single consolidated stream from the entire agent swarm.

Session crash fixes. Multiple Claude Code sessions on the same machine no longer log out simultaneously after the machine wakes from sleep. Subagents spawned with explicit --model overrides no longer silently revert to the parent session's model on resume.

Why it matters: The Unicode fix closes a real prompt-injection channel that was invisible to users. The --forward-subagent-text flag makes multi-agent observability measurably easier to wire up in CI.

Sources: Claude Code Changelog — code.claude.com