Three days after the last major update, Anthropic follows up with Claude Code 2.1.107. This time, a security fix stands out — along with features that meaningfully improve the workflow for power users.
The Security Fix
Most important point first: Anthropic fixed a vulnerability in the Bash tool where a backslash-escaped flag could be auto-allowed as read-only, leading to arbitrary code execution. On top of that, a bypass in compound Bash commands that could circumvent forced permission prompts was also closed.
Sounds technical? It is. But it shows that Anthropic takes agent security seriously. When a tool can automatically execute shell commands, the permission boundary needs to be airtight. Briefly, it wasn’t.
Worktree Support
New is the EnterWorktree tool, which lets Claude Code switch into an existing Git worktree of the current repository. For anyone working with parallel feature branches, this is a real win — Claude can now navigate between different working copies without leaving the main repo.
Background Plugin Monitors
Plugins can now define background monitors that automatically activate at session start or on skill invocation. This opens the door for plugins that continuously watch states — build status, test results, deployment pipelines. The feature is still young, but the potential is significant.
Other Improvements
The /doctor command got a new layout with status icons and can now auto-fix reported issues at the press of a key. WebFetch now strips style and script contents from pages so CSS-heavy sites no longer exhaust the content budget. And Write tool performance on large files improved by 60 percent.
Bottom Line
Over 30 releases in five weeks — Claude Code remains the fastest-iterating developer tool on the market. The security fix alone justifies an update. The new features make the day-to-day with Claude Code a bit smoother.
Sources: