Claude Code 2.1.69: Security Fixes, Memory Leaks, Voice Expansion

TL;DR

• Fixed critical security issue with nested skill discovery loading from gitignored directories
• Patched macOS keychain corruption affecting OAuth MCP servers and credential loss
• Added 10 new languages for Voice STT (20 total), `/claude-api` skill, and numeric keypad support
• Resolved multiple memory leaks in long sessions and fixed stash clearing on message submit

New

• /claude-api skill — Build applications with the Claude API and Anthropic SDK directly in Claude Code
• Voice STT expansion — Added Russian, Polish, Turkish, Dutch, Ukrainian, Greek, Czech, Danish, Swedish, Norwegian (20 languages total)
• Numeric keypad support — Select interview question options using the numeric keypad, not just the number row
• /remote-control naming — Pass optional --name argument to set custom session titles visible in claude.ai/code
• Effort level display — Logo and spinner now show active effort setting (e.g., "with low effort")
• Agent name in terminal — Terminal title displays agent name when using claude --agent
• Ctrl+U in bash mode — Exit bash on empty prompt, matching escape and backspace
• /reload-plugins command — Activate pending plugin changes without restarting
• InstructionsLoaded hook — Fires when CLAUDE.md or .claude/rules/*.md files load into context
• Weaker network isolation (macOS) — sandbox.enableWeakerNetworkIsolation setting allows Go tools (gh, gcloud, terraform) to verify TLS with custom MITM proxy
• Git instructions control — includeGitInstructions setting and CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS env var remove built-in commit/PR workflow instructions

Fixed

• Nested skill security vulnerability — Skill discovery no longer loads from gitignored directories like node_modules
• macOS keychain corruption — Fixed OAuth metadata blobs overflowing stdin buffer, causing stale credentials and repeated /login prompts
• MCP trust dialog — Per-server approval dialog now shows on first run instead of silently enabling all .mcp.json servers
• Credentials losing subscription type — .credentials.json no longer shows "Claude API" when profile endpoint transiently fails during token refresh
• Stash cleared on message submit — Ctrl+S stash no longer clears when submitting while Claude is working
• Ctrl+O freezing — Transcript toggle no longer hangs for seconds in long sessions with many file edits
• Plan mode feedback input — Now supports multi-line text with backslash+Enter and Shift+Enter
• Ghost dotfiles on Linux — .bashrc, HEAD, etc. no longer appear as untracked files after sandboxed Bash commands
• Shift+Enter in Ghostty over SSH — No longer prints [27;2;13~ instead of inserting newline
• claude remote-control crash — Fixed "bad option: --sdk-url" error on npm installs
• Deprecated Opus model resolution — --model claude-opus-4-0 and --model claude-opus-4-1 now resolve to current versions
• /stats crash — Fixed crash when transcript files contain missing or malformed timestamps
• Worktree duplicates — CLAUDE.md, slash commands, agents, and rules no longer duplicate when running from nested worktree
• Plugin hooks not firing — Stop/SessionEnd/etc hooks now fire after /plugin operations
• Duplicate plugin hooks — Hooks no longer silently drop when two plugins use same ${CLAUDE_PLUGIN_ROOT}/... template
• Forked agent API errors — Fixed 400 errors when resuming sessions interrupted mid-tool-batch
• Orphaned tool result error — Fixed "unexpected tool_use_id" error when resuming conversations starting with orphaned tool result
• Nested teammates spawning — Teammates no longer accidentally spawn nested teammates via Agent tool's name parameter
• Symlink bypass vulnerability — Writing new files through symlinked parent directory no longer escapes working directory in acceptEdits mode
• Interactive tools auto-allowed — AskUserQuestion and similar tools no longer bypass permission prompts when listed in skill's allowed-tools
• Multi-GB memory spike on commit — Fixed when committing with large untracked binary files
• Escape not interrupting turn — Fixed when input box has draft text; use Up arrow to pull queued messages back
• Android Remote Control crash — Fixed crash when running local slash commands (/voice, /cost)
• Slow startup with many skills — Improved performance when many skills/plugins installed
• Conditional rules not loading — Fixed .claude/rules/*.md with paths: frontmatter and nested CLAUDE.md not loading in print mode
• Skill descriptions with colons — Fixed failing to load from SKILL.md frontmatter (e.g., "Triggers include: X, Y, Z")
• Project skills missing from list — Skills without description: frontmatter now appear in available skills list
• Literal nul file on Windows — Fixed when model uses CMD-style 2>nul redirection in Git Bash
• Tab/arrow keys in Settings — Now cycle tabs when /config search box is focused but empty
• RTL text rendering — Fixed Arabic, Hebrew, Persian text rendering reversed in VSCode chat panel

Breaking Changes

• --model claude-opus-4-0 and --model claude-opus-4-1 now resolve to current Opus versions instead of deprecated ones — update scripts if pinning to legacy versions
• Sandbox now blocks non-allowed domains automatically when allowManagedDomainsOnly is enabled — no bypass prompt shown

Update with brew upgrade claude-code or download from code.claude.com.

Source: Claude Code