Claude Code v2.1.149 just dropped — and alongside the usual bugfixes, it brings some notable new features and, more importantly, critical security patches.
/usage now shows what’s eating your limit
The most visible new feature: /usage now provides a per-category breakdown. You can see at a glance how much of your limit is consumed by skills, subagents, plugins, and individual MCP servers. If you’ve ever wondered why your limit runs out so fast — now you’ll know.
Security: Four critical fixes
The security patches in this release are the real headline:
PowerShell sandbox bypass: Built-in cd functions (cd.., cd\, cd~, X:) could change the working directory undetected. A subsequent command could then read files outside the workspace. Fixed.
Git worktree leak: The sandbox write allowlist in git worktrees was covering the entire main repository root instead of only the shared .git directory. This left hooks/ and config writable — a potential attack vector.
Stale variable tracking: The permission parser trusted stale values for PWD, OLDPWD, and DIRSTACK across cd/pushd/popd. This could lead to incorrect permission decisions.
Windows clipboard exposure: Clipboard writes were exposing copied content in process command-line arguments visible to EDR/SIEM telemetry. Also fixed selections over 22KB not reaching the clipboard.
Other improvements
/diffdetail view is now keyboard-scrollable (arrows, j/k, PgUp/PgDn)- Markdown output renders GFM task list checkboxes instead of plain bullets
- Enterprise: new
allowAllClaudeAiMcpsmanaged setting for cloud MCP connectors /feedbackreports now include conversation history from before context compaction
A solid release overall. The security fixes alone justify an immediate update — especially for Windows and PowerShell users.
Sources: Claude Code v2.1.149 Release Notes