Skills
Claude Code v2.1.153 Security Fix: Subagent Frontmatter MCP Servers Now Respect --strict-mcp-config, Enterprise Policies, and Managed Settings
Critical security fix released May 28. MCP servers defined in Agent tool frontmatter were ignoring --strict-mcp-config, --bare mode, remote mode, and enterprise managed MCP allow/deny policies. Separately, custom API gateways were receiving user Anthropic OAuth credentials instead of the gateway's own token. Both patched in v2.1.153. Enterprises running managed Claude Code should update immediately.
↳ Follow the thread