Major Updates in Claude Code v2.1.166–v2.1.168
This page has been translated by machine translation. View original
This is Ishikawa from the Cloud Business Division. Here is a summary of the Claude Code updates for v2.1.166 ~ v2.1.168 (2026-06-05 ~ 2026-06-06). This round focuses on improved availability through fallback models, enhancements to permission controls, and fixes related to stability in business use.
Update Summary
The scope covers 3 versions (v2.1.166 ~ v2.1.168, 2026-06-05 ~ 2026-06-06). Specific changes are publicly available for v2.1.166, which includes new features, permission/security enhancements, and 14 bug fixes. Both v2.1.167 and v2.1.168 are described only as "bug fixes and reliability improvements," with no individual change details published. Overall, the main themes are ensuring availability through fallback models, strengthening permission controls such as deny rules and inter-session messaging, and fixes directly related to stability and cost in business use.
Highlights
- New Feature: A
fallbackModelsetting has been added that switches sequentially when the primary model is overloaded or unavailable (v2.1.166). - Security: Permission controls have been collectively strengthened, including glob pattern support in deny rules, hardening of inter-session messaging, and a fix for the issue where invalid entries in managed settings silently disabled policy enforcement (v2.1.166).
- Bug Fixes: Fixes were made for recurring errors and excess token consumption caused by unprocessable images, permanently stuck remote sessions, and 100% CPU usage by the
bg-pty-hostprocess on macOS (v2.1.166).
Target Versions and Period
| Version | Release Date |
|---|---|
| v2.1.166 | 2026-06-05 |
| v2.1.167 | 2026-06-06 |
| v2.1.168 | 2026-06-06 |
New Features
Fallback Model Configuration (fallbackModel)
A fallbackModel setting has been added that allows you to specify up to 3 fallback models to try in sequence when the primary model is overloaded or unavailable (v2.1.166). Additionally, --fallback-model can now also be applied to interactive sessions.
For example, if the primary model Opus 4.8 fails, it falls back to Opus 4.7, and if Opus 4.7 fails, it falls back to Sonnet 4.6.
claude --print \
--model claude-opus-4-8 \
--fallback-model claude-opus-4-7,claude-sonnet-4-6 \
"prompt"
Even when a model's responses are temporarily unstable, work can continue by automatically switching to an alternative model. This is beneficial in terms of availability when Claude Code is integrated into business workflows.
Security and Permission Controls
A set of permission control changes was included in v2.1.166. These are particularly impactful items for teams and organizations.
Glob Pattern Support in Deny Rules
Glob patterns can now be used in the tool name position of deny rules in permission settings (v2.1.166). Specifying "*" denies all tools, making it easier to adopt a whitelist-style operation where all tools are first prohibited and only those explicitly allowed are listed in allow rules. Additionally, allow rules now reject globs other than MCP, and a warning is issued at startup if unknown tool names are included in deny rules.
Hardening of Inter-Session Messaging
Messages relayed from other Claude sessions via SendMessage no longer carry user-level permissions (v2.1.166). The receiving side rejects relayed permission requests, and auto mode blocks them.
This is considered a countermeasure against the risk of a privileged session mistakenly treating instructions from another session as its own and executing them (the so-called "Confused Deputy" problem).
Bug Fixes for Managed Settings
Two fixes were made for enterprise-oriented managed settings (v2.1.166).
- A problem was fixed where a single invalid entry would silently disable enforcement of the remaining valid policies. Since this behavior caused policies to stop working unintentionally, this is an important fix for organizations enforcing governance.
- A problem was fixed where
allowedMcpServers/deniedMcpServerspredicates would fail to match when using${VAR}references.
Improvements and Developer Experience
- Expanded scope for disabling thinking:
MAX_THINKING_TOKENS=0,--thinking disabled, and per-model thinking toggles can now disable thinking for models that think by default via the Claude API (behavior for third-party providers is unchanged) (v2.1.166). - Fallback retry on non-retryable errors: When the API returns an unexpected non-retryable error, a single retry will now be attempted with a fallback model. Authentication, rate limits, request size, and communication errors will still surface immediately as before (v2.1.166).
- Improved
claude updatebehavior: The target version is now displayed before downloading (previously it proceeded silently) (v2.1.166). - Filtering in
claude agents: Entering a URL in the list now filters to sessions whose initial prompt contains that URL (v2.1.166).
Fixes (Major Items)
A selection of fixes primarily related to stability and usability.
- Fixed image processing errors and token waste: An issue where sending an unprocessable image repeatedly triggered "image could not be processed" errors and consumed excess tokens (v2.1.166).
- Fixed permanent stalling of remote sessions: An issue where a temporary backend interruption during worker registration at startup would permanently halt remote sessions (v2.1.166).
- Fixed
bg-pty-host100% CPU usage: An issue on macOS where an orphanedclaude --bg-pty-hostprocess would continue consuming 100% CPU after the daemon exited while connected (v2.1.166). - Fixed flickering in JetBrains IDE terminals: Resolved in IntelliJ, PyCharm, WebStorm, and others from version 2026.1 onwards by enabling synchronized output (v2.1.166).
- Fixed PowerShell command validation hang: An issue on Windows where, if a child of a terminated process held an output pipe, command validation would hang far beyond the time limit (v2.1.166).
- Fixed crash loop for agents on worktrees: An issue where reopening a background agent that had entered a git worktree from
claude agentswould repeatedly crash with "No conversation found" (v2.1.166). - In addition, numerous minor bugs have been fixed, including Shift+non-ASCII character input, authentication after
/voicetoggle, duplicate transcript display,/doctordiagnostic results, cursor position during multi-line input, and line spacing in task lists (v2.1.166).
About v2.1.167 / v2.1.168
Both v2.1.167 (2026-06-06) and v2.1.168 (2026-06-06) are listed in the CHANGELOG only as "Bug fixes and reliability improvements," with no specific change details published. This article focuses primarily on v2.1.166, for which content has been confirmed.
Breaking Changes and Deprecations
There are no breaking changes or deprecations within the scope of v2.1.166 ~ v2.1.168. However, please note that since the handling of permissions in inter-session messaging (SendMessage) has changed, permission requests via relayed messages will be rejected in workflows where multiple sessions are linked for automated execution.
Closing
Within this scope, v2.1.166 includes enhancements to availability and permission controls such as fallback models and glob support for deny rules, along with fixes related to stability in image processing, remote sessions, PowerShell, and macOS. While specific details for v2.1.167 and v2.1.168 have not been published, reliability improvements continue.
In particular, if your team or organization is enforcing governance through managed settings, we recommend updating to v2.1.166 or later, where the issue of policy enforcement being silently disabled has been fixed. If any of the changes catch your interest, please update and check them out.
Recent Updates
References