Claude Code v2.1.210–211: Bidirectional-Override Security Patch and Subagent Stream Flag
Anthropic
Claude Code shipped two releases on July 14–15. v2.1.210: adds elapsed-time counter in tool summaries; fixes isolation:worktree subagents running git commands against the main repo; auto mode defaults to Sonnet 5 for external sessions. v2.1.211: adds --forward-subagent-text flag / CLAUDE_CODE_FORWARD_SUBAGENT_TEXT env var to include subagent output in stream-json; patches permission previews to neutralize bidirectional-override, zero-width, and look-alike quote characters (prompt-injection mitigation); fixes auto mode overriding hook ask decisions for unsandboxed Bash; fixes file upload validation (DOS device suffixes, trailing dots, hard links).
Why it matters
The bidirectional-override neutralization closes a UI-spoofing prompt-injection class where malicious file content could disguise a dangerous command as harmless in permission dialogs. The worktree fix is critical for CI pipelines using isolation:worktree subagents.
Importance: 2/5
Security patch for prompt-injection via bidi-override in permission previews; worktree git isolation fix; official GitHub releases