Claude Code v2.1.162 to v2.1.165 Major Updates
This page has been translated by machine translation. View original
This is Ishikawa from the Cloud Business Division. Here is a summary of the Claude Code updates for v2.1.162 / v2.1.163 / v2.1.165 (2026/6/3 – 2026/6/5; v2.1.164 was not published to npm).
Update Summary
This covers 3 versions (v2.1.162 / v2.1.163 / v2.1.165, 2026/6/3 – 2026/6/5) with a total of 51 changes. The highlights include multiple security fixes that close loopholes in permission rules, the addition of admin settings to enforce version ranges across an organization, stabilization of claude agents (background agents), and fixes for claude -p (headless execution). No breaking changes or deprecations were noted.
Notable Updates
- New features: Admin settings
requiredMinimumVersion/requiredMaximumVersionto enforce the allowed range of Claude Code versions (v2.1.163); Stop / SubagentStop hooks can now returnadditionalContextto continue a turn (v2.1.163) - Bug fixes:
claude -phanging indefinitely when background commands do not terminate (v2.1.163); "ANTHROPIC_API_KEY required" error in Bedrock / Vertex / Microsoft Foundry +CI=trueenvironments (v2.1.163) - Security: Permission rules not being applied to pre-approved domains in WebFetch (v2.1.162); deny rules targeting
~/being bypassed via$HOMEreferences (v2.1.163); organization-managed permission rules sometimes not being applied (v2.1.163)
Target Versions and Timeline
| Version | Release Date |
|---|---|
| v2.1.162 | 2026-06-03 |
| v2.1.163 | 2026-06-04 |
| v2.1.165 | 2026-06-05 |
v2.1.164 was not published to npm. Also, the CHANGELOG for v2.1.165 contains only "Bug fixes and reliability improvements" with no individual entries.
New Features
Ability to enforce version ranges via admin settings (v2.1.163)
requiredMinimumVersion and requiredMaximumVersion have been added to managed settings. If the Claude Code version falls outside the allowed range, startup itself is rejected and users are directed to an approved version.
Managed settings are a mechanism for organization administrators to distribute policies that cannot be overridden by users. They are placed at /Library/Application Support/ClaudeCode/ on macOS, /etc/claude-code/ on Linux/WSL, and C:\Program Files\ClaudeCode\ on Windows.
The existing minimumVersion setting "prevents auto-updates or claude update from installing a version older than the specified one," whereas the new requiredMinimumVersion / requiredMaximumVersion blocks startup itself if the version is out of range. This is a setting intended for organizations that want to restrict usage to verified versions only. Note that as of the time of writing, these settings have not yet appeared on the official documentation settings page, so please check for future documentation updates for details.
Stop / SubagentStop hooks can now return additionalContext (v2.1.163)
The Stop and SubagentStop hooks can now return hookSpecificOutput.additionalContext. This allows feedback to be passed to Claude to continue the turn without being treated as a hook error.
Previously, Stop / SubagentStop hooks offered a way to prevent stopping by returning decision: "block" and reason, and additionalContext was only supported for certain hook events such as SessionStart and UserPromptSubmit. This change makes it possible in Stop / SubagentStop hooks as well to "pass only additional context and let the work continue, without taking the form of an error or block." For example, it becomes easier to write hooks that pass validation results to Claude before stopping and have it continue its work.
Other new features
- A
/plugin listcommand has been added to display installed plugins.--enabled/--disabledfilters are also available (v2.1.163) - A
waitingForfield has been added to the output ofclaude agents --json, making it possible to programmatically retrieve what a waiting session is blocked on (e.g., a permission prompt) (v2.1.162) - A "copy with c" shortcut has been added to
/btw, allowing the raw Markdown of a response to be copied to the clipboard with formatting preserved (v2.1.163) - A
\$escape syntax has been added to Skills command bodies for writing a literal$before a number (v2.1.163)
Security-Related Fixes
Four fixes have been made for cases where permission rules were being applied more loosely than intended. Since all of these fixes ensure that restrictions that were previously bypassed via certain paths are now correctly applied, operations that previously passed through without issue may now trigger permission prompts or be denied after updating.
- Fixed permission rules not being applied to pre-approved domains in WebFetch (v2.1.162): Explicit
WebFetch(domain:...)deny / ask / allow rules now take precedence over domains that are automatically allowed by default. - Fixed permission rules not matching on Windows (v2.1.162): Fixed an issue where rules would not match at all for paths using backslash notation (
~\,\\server\share) or differing in case, and an issue where Read deny rules would not hide files from Glob / Grep results. - Fixed organization-managed permission rules sometimes not being applied (v2.1.163): Fixed an issue where, if managed settings were fetched while starting up in a new config directory, the organization-managed permission rules would not be applied for the entire session.
- Fixed deny rules targeting
~/being bypassed via$HOMEreferences (v2.1.163): Fixed an issue where deny rules for home directory paths such asRead(~/Desktop/**)would not block Bash commands that referenced the path via$HOME.
Improvements
- Clicking a slash command in the autocomplete menu now inserts it into the prompt instead of executing it immediately. Press Enter to execute. This prevents unintended immediate execution (v2.1.162)
- The startup display has been tidied up. Notifications are now grouped by importance and less noisy, startup warnings have been rewritten to be concise with specific remediation steps, and unnecessary startup messages such as "Claude in Chrome enabled" have been removed. Also, warnings for deep links and pre-filled prompts are now pinned below the input field until the user takes action (v2.1.162)
- Background service startup and
claude updatevalidation now wait for endpoint security products to finish scanning new binaries instead of failing after 5 seconds. This is a relevant improvement for update failures in environments where binary scanning takes time (v2.1.162) - Background agent sessions are now updated to new Claude Code versions in the background, so there is no longer a need to wait for a cold restart when opening a session after an update (v2.1.163)
- stdio MCP servers now receive the same
CLAUDE_CODE_SESSION_IDas hooks and Bash when using--resume. This makes it easier to implement MCP servers that manage logs or state keyed by session ID (v2.1.163) - Following the editor rebranding, the name "Windsurf" has been changed to "Devin Desktop" in the
/idemenu,/terminal-setup, and/scroll-speed. Cognition announced on June 2, 2026 that Windsurf had been rebranded to Devin Desktop (see the company blog in the references), and this change follows suit (v2.1.162) - Other minor usability improvements include a confirmation display when selecting
/effortto preserve the default (v2.1.162), making the Remote Control a persistent footer pill (v2.1.162), and clarification of description text in the/menu (v2.1.163).
Fixes (Major)
A selection of fixes related to stability and usability:
- Fixed
claude -phanging indefinitely: Fixed an issue where the process would not exit even after outputting the final result when backgrounded commands did not terminate. After stdin closes, background shells are terminated approximately 5 seconds after the result. This fix is relevant to headless execution from CI or scripts (v2.1.163) - Fixed API key error with Bedrock / Vertex / Microsoft Foundry: Fixed an issue where
claude -pwould fail with an "ANTHROPIC_API_KEY required" error in environments whereCI=trueand no Anthropic API key is set. This is relevant for users accessing Claude Code via Amazon Bedrock, Google Vertex AI, or Microsoft Foundry from CI (v2.1.163) - Fixed startup hang with non-writable config directory: Fixed an issue where startup would silently hang when the config directory was read-only. Claude Code now starts with an in-memory config and displays a startup error (v2.1.162)
- Fixed Grep / Glob being ignored when specified with
--tools: Fixed an issue in native builds with embedded search where explicitly specifying Grep / Glob via--toolswould be silently ignored. Dedicated search tools are now provided (v2.1.162) - Fixed interruption loss in SDK sessions: Fixed an issue in stream-json / SDK sessions where interruptions (Esc) immediately after a turn started would be silently discarded and the turn would continue executing (v2.1.162)
- Fixed MCP timeout settings under 1 second breaking tool calls: Fixed an issue where per-server
timeoutsettings below 1000ms would be rounded up to a 1-second watchdog, causing all tool calls to be interrupted. Values below 1000ms are now ignored and fall back toMCP_TOOL_TIMEOUTor the default (v2.1.162) - Fixed LSP workspaceSymbol returning no results: The
queryparameter is now accepted and passed to the language server (v2.1.162) - Fixed conversation loss when backgrounding: Fixed an issue where backgrounding a session via the ← key while the background service was unable to start would silently lose the conversation. The session now remains in the list as a failed entry and can be resumed by pressing Enter (v2.1.162)
- Fixed regression overwriting
$TMPDIR: Fixed an issue (a regression from v2.1.154) where$TMPDIRwas being overwritten to/tmp/claude-{uid}for all commands, not just sandboxed ones, causing failures in bazel and Go workflows under EDR protection (v2.1.163) - Fixed EEXIST error on Windows: Fixed an issue where Bash commands would fail with "EEXIST: file already exists" when the session-env directory had a read-only attribute or was located inside OneDrive (v2.1.163)
- Fixed background tasks being lost after an update: Fixed an issue where, upon re-attaching after a Claude Code update,
claude agentsbackground sessions would lose their running background tasks (v2.1.163) - Fixed keyboard becoming unresponsive after pasting: Fixed an issue where keyboard input would become permanently unresponsive if the terminal discarded the paste end marker (v2.1.163)
- Fixed hook
if: "Bash(...)"conditions firing incorrectly: Fixed an issue where conditions would incorrectly fire for all Bash commands containing$()or$VAR. Conditions now correctly match commands within subshells and backticks (v2.1.163) - Additionally, numerous minor bugs have been fixed, including display width and attachment issues in
claude agents, image paste, API 400 errors with strings containing emoji, and display corruption after panel dialogs (v2.1.162–v2.1.163). Note that the CHANGELOG for v2.1.165 contains only "Bug fixes and reliability improvements" with no individual entries.
Closing
The key highlights of this range of updates were security fixes closing loopholes in permission rules and the addition of version control via requiredMinimumVersion / requiredMaximumVersion. For those managing Claude Code in an organization, we recommend testing before deploying, keeping in mind that permission rule enforcement has become stricter. Fixes relevant to those using claude -p in CI or accessing Claude Code via Bedrock / Vertex / Microsoft Foundry are also included. If any of the changes catch your attention, try updating and checking them out.
Recent Updates
References