Claude Code v2.1.209 to v2.1.210 Major Updates

Claude Code v2.1.209 to v2.1.210 Major Updates

Here is a summary of the update contents for Claude Code v2.1.209 to v2.1.210. The focus is on improved reliability for background agents and enhanced security for sub-agents and sandboxes. Below we introduce related bug fixes and improvements.
2026.07.15

This page has been translated by machine translation. View original

This is Ishikawa from the Cloud Business Division. Here is a summary of the Claude Code updates for v2.1.209 and v2.1.210 (both released on July 14, 2026).

Update Summary

This covers 2 versions (v2.1.209 / v2.1.210, released July 14, 2026) with 34 changes. Of these, 23 are bug fixes, and only 1 is a new feature addition. Many of the changes relate to fixes around background agents (claude agents) and changes to how sub-agent, sandbox, and permission handling works.

Notable Updates

  • New Feature: A live elapsed time counter has been added to collapsed tool summary lines (v2.1.210)
  • Bug Fix: An issue was fixed where sub-agents with isolation: 'worktree' could execute git-modifying commands against the main repository checkout instead of their own worktree (v2.1.210)
  • Security: The Agent tool has been hardened against indirect prompt injection via content read by sub-agents, and an issue where .claude/* symlinks appearing later were not reflected in the sandbox write-deny list has also been fixed (v2.1.210)

Target Versions and Period

Version Release Date
v2.1.209 2026-07-14
v2.1.210 2026-07-14

New Features

  • A live elapsed time counter has been added to collapsed tool summary lines. This ensures that long-running tool calls no longer appear to be stuck, allowing you to confirm that time is progressing (v2.1.210)

Security

Here is a summary of changes related to sub-agent, sandbox, and permission handling.

  • The Agent tool has been hardened against indirect prompt injection via content read by sub-agents (v2.1.210)
  • An issue was fixed where .claude/* symlinks appearing later were not reflected in the sandbox write-deny list (v2.1.210)
  • An issue was fixed where the ultracode keyword opt-in was being triggered by non-human input such as webhook payloads and relayed PR comments (v2.1.210)
  • An issue was fixed where rendered text fragments were being mixed into crash telemetry when UI components returned content outside of styled text elements (v2.1.210)
  • As an improvement to auto mode, the permission classifier now uses Sonnet 5 as the default for external sessions. It is validated on the first request of a session and then fixed for the duration of the session. This is presented as an improvement related to permission determination rather than a vulnerability fix (v2.1.210)

Improvements

  • The message for Bash/PowerShell tools when a command times out and is automatically moved to the background has been improved, allowing the model to distinguish between a hang and an explicit request for background execution (v2.1.210)
  • Memory writes that would cause the MEMORY.md index to exceed the read limit now result in an explicit error instead of being silently truncated (v2.1.210)
  • The agent footer hint now displays the number of background agents waiting for input. When the count changes, it is briefly highlighted in color (v2.1.210)
  • In screen reader mode, permission mode changes when toggling with Shift+Tab are now announced (v2.1.210)
  • In the agent view, the original session that was navigated to with ← is now kept explicitly indicated even after the selection is moved by mouse hover or arrow keys (v2.1.210)
  • Chart color validation in the bundled dataviz skill has been improved to be based on perceptual OKLab color differences, with color vision diversity thresholds readjusted (v2.1.210)

Fixes (Major Items)

Here is a selection focusing on fixes related to stability and usability.

  • Fixed sub-agent with worktree isolation modifying the main repository: Sub-agents with isolation: 'worktree' could execute git-modifying commands against the main repository checkout instead of their own isolated worktree (v2.1.210)
  • Fixed claude attach failures during session transitions: Failures with "job not found" and "agent is still starting" could occur. Attach now waits for the daemon to settle, and terminal resizes during a slow attach are applied after completion (v2.1.210)
  • Fixed hook timeouts being misreported as user rejections: When a hook callback timed out, the model was told the user had rejected it, causing unattended sessions to stop and wait indefinitely (v2.1.210)
  • Fixed plugin-provided MCP servers being discarded: This occurred when MCP servers were re-synced during a session (v2.1.210)
  • Fixed plan approval overwriting plan files: Plan approval without edits was displaying "(edited by user)" and overwriting the plan file with an old snapshot (v2.1.210)
  • Fixed $1/$2 disappearing in skills and commands: Unmatched positional placeholders were being silently removed. They are now preserved as-is (v2.1.210)
  • Fixed background worker crash loops: These occurred when a client reset its connection to the background service (v2.1.210)
  • Fixed git worktree lock residuals: Force-killed background sessions were leaving locks permanently. A periodic sweep now releases locks whose owning process has disappeared (v2.1.210)
  • In addition, numerous minor bugs have been fixed, including dialog display issues for /model and similar in claude agents background sessions (v2.1.209), paste markers being mixed into external editors, "No matches found" display during Grep pagination, and --effort ultracode specification being dropped, among others.

Note that while this is not a bug fix, Fable will be temporarily displayed as unavailable in the advisor picker as a temporary measure until a server-side issue causing Fable advisor failures is resolved (v2.1.210).

Deprecations

A startup warning has been added for permission rules written as Write(path), NotebookEdit(path), and Glob(path) (v2.1.210). You are advised to use Edit(path) or Read(path) instead.

The CHANGELOG only mentions the addition of the warning and this replacement guidance, and does not state that existing configurations will stop working. However, if you are using these rules in settings.json or elsewhere, a warning will appear at startup, so you may want to consider updating them.

Closing

v2.1.209 and v2.1.210 were released on the same day. With only 1 new feature addition, this is a release centered on changes related to the reliability of background agents and the safety of sub-agent and sandbox handling. If you are running sub-agents in parallel using isolation: 'worktree' or operating unattended sessions with hooks, relevant fixes are included.

If you have Write(path) / NotebookEdit(path) / Glob(path) written in your permission rules, warnings will now appear at startup. If any of the changes are of interest, try updating and checking them out.

References

https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md

https://code.claude.com/docs/en/changelog


Claudeならクラスメソッドにお任せください

クラスメソッドは、Anthropic社とリセラー契約を締結しています。各種製品ガイドから、業種別の活用法、フェーズごとのお悩み解決などサービス支援ページにまとめております。まずはご覧いただき、お気軽にご相談ください。

サービス詳細を見る

Share this article

AI白書