Claude Code v2.1.166 to v2.1.168 Major Updates

This is Ishikawa from the Cloud Business Division. Here is a summary of Claude Code updates from v2.1.166 to v2.1.168 (2026-06-05 to 2026-06-06). This round focuses on improved availability through fallback models, enhanced permission controls, and fixes related to stability in business use.

Update Summary

This covers 3 versions (v2.1.166 to v2.1.168, 2026-06-05 to 2026-06-06). Specific changes are publicly available for v2.1.166, which includes new features, permission/security enhancements, and 14 bug fixes. Both v2.1.167 and v2.1.168 are described only as "bug fixes and reliability improvements," with no individual change details published. Overall, the key themes are ensuring availability through fallback models, strengthening permission controls such as deny rules and cross-session messaging, and fixes directly related to stability and cost in business use.

Highlighted Updates

• New Feature: A fallbackModel configuration has been added that switches sequentially to alternative models when the primary model is overloaded or unavailable (v2.1.166).
• Security: Permission controls have been comprehensively strengthened with glob pattern support in deny rules, more robust cross-session messaging, and a fix for an issue where invalid entries in managed settings were silently disabling policy enforcement (v2.1.166).
• Bug Fixes: Fixed recurring errors and excess token consumption caused by unprocessable images, permanently stuck remote sessions, and 100% CPU usage by bg-pty-host processes on macOS (v2.1.166).

Target Versions and Period

New Features

Fallback Model Configuration (fallbackModel)

A fallbackModel setting has been added that lets you specify up to 3 fallback models to try in sequence when the primary model is overloaded or unavailable (v2.1.166). In addition, --fallback-model can now also be applied to interactive sessions.

For example, if the primary model Opus 4.8 fails, it can fall back to Opus 4.7, and if Opus 4.7 fails, it can fall back to Sonnet 4.6.

claude --print \
  --model claude-opus-4-8 \
  --fallback-model claude-opus-4-7,claude-sonnet-4-6 \
  "prompt"

Even in situations where model responses are temporarily unstable, work can continue by automatically switching to an alternative model. This is beneficial in terms of availability when Claude Code is integrated into business workflows.

Security and Permission Controls

v2.1.166 includes a batch of changes to permission controls. These are items that have a significant impact for teams and organizations.

Glob Pattern Support in Deny Rules

Glob patterns can now be used in the tool name position of deny rules in permission settings (v2.1.166). Specifying "*" denies all tools, making it easier to adopt a whitelist-style approach where all tools are first prohibited and only those to be permitted are explicitly specified via allow rules. In addition, allow rules now reject globs other than MCP, and a warning is now displayed at startup if deny rules contain unknown tool names.

More Robust Cross-Session Messaging

Messages relayed from other Claude sessions via SendMessage no longer carry user-level permissions (v2.1.166). The receiving session rejects relayed permission requests, and they are blocked in auto mode.

This is considered a countermeasure against the risk of a session with permissions mistakenly executing instructions from another session as if they came from the user themselves (the so-called "Confused Deputy" problem).

Managed Settings Bug Fixes

Two fixes were made to managed settings for enterprise use (v2.1.166).

• Fixed an issue where a single invalid entry would silently disable the enforcement of all remaining valid policies. Since this was behavior where policies could become ineffective unintentionally, this is an important fix for organizations enforcing governance.
• Fixed an issue where allowedMcpServers / deniedMcpServers predicates would not match when using ${VAR} references.

Improvements and Developer Experience

• Expanded scope for disabling thinking: MAX_THINKING_TOKENS=0, --thinking disabled, and per-model thinking toggles can now disable thinking even for models that think by default via the Claude API (behavior with third-party providers is unchanged) (v2.1.166).
• Fallback retry on non-retryable errors: When the API returns an unexpected non-retryable error, a single retry attempt is now made with the fallback model. Authentication, rate limit, request size, and communication errors will still surface immediately as before (v2.1.166).
• Improved claude update behavior: The target version is now displayed before downloading (previously, the process proceeded silently) (v2.1.166).
• Filtering in claude agents: Entering a URL in the list now filters sessions to those whose first prompt contains that URL (v2.1.166).

Fixes (Key Items)

A selection of fixes related to stability and usability.

• Fixed image processing errors and token waste: An issue where sending an unprocessable image repeatedly triggered "image could not be processed" errors, consuming excess tokens (v2.1.166).
• Fixed permanently stuck remote sessions: An issue where remote sessions would become permanently stuck if the backend was temporarily interrupted during worker registration at startup (v2.1.166).
• Fixed bg-pty-host 100% CPU usage: An issue on macOS where an orphaned claude --bg-pty-host process continued consuming 100% CPU after the daemon exited while connected (v2.1.166).
• Fixed flickering in JetBrains IDE terminals: Resolved in IntelliJ, PyCharm, WebStorm, and others on 2026.1 and later by enabling synchronized output (v2.1.166).
• Fixed PowerShell command validation hanging: An issue on Windows where command validation would hang far beyond the time limit when children of a terminated process held the output pipe (v2.1.166).
• Fixed crash loop for agents on worktrees: An issue where reopening a background agent that had entered a git worktree from claude agents would repeatedly crash with "No conversation found" (v2.1.166).
• Numerous other minor bugs have been fixed, including Shift+non-ASCII character input, authentication after /voice toggle, duplicate transcript display, /doctor diagnostic results, cursor position during multi-line input, and line spacing in task lists (v2.1.166).

About v2.1.167 / v2.1.168

v2.1.167 (2026-06-06) and v2.1.168 (2026-06-06) are both described in the CHANGELOG only as "Bug fixes and reliability improvements," with no specific change details published. This article focuses primarily on v2.1.166, for which the contents can be confirmed.

Breaking Changes and Deprecations

There are no breaking changes or deprecations in the range of v2.1.166 to v2.1.168. However, since the handling of permissions in cross-session messaging (SendMessage) has changed, please note that permission requests via relayed messages will be rejected in workflows that automate execution by linking multiple sessions.

In Closing

In this range of updates, v2.1.166 brought enhancements to availability and permission controls such as fallback models and glob support in deny rules, along with stability fixes related to image processing, remote sessions, PowerShell, and macOS. While specific details for v2.1.167 and v2.1.168 have not been published, reliability improvements continue.

Especially for teams and organizations enforcing governance through managed settings, we recommend updating to v2.1.166 or later, as it fixes the issue where policy enforcement was being silently disabled. If any of the changes interest you, please try updating and see for yourself.

References

https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md

https://code.claude.com/docs/en/changelog