Claude Code v2.1.214 Ships a Six-Bug Permission-Bypass Sweep, Including a `dir/**` Rule That Auto-Approved Writes Anywhere in the Tree
The July 18 release fixes six distinct ways Bash and Edit permission checks could be bypassed: single-segment `dir/**` allow rules like `Edit(src/**)` matched nested `dir/` directories anywhere in the repo rather than only `<cwd>/dir`; a PowerShell 5.1 session bypass; file-descriptor redirect forms bash parses differently than the permission analyzer; commands over 10,000 characters misjudged (they now always prompt); zsh variable subscripts and modifiers inside `[[ ]]` treated as inert text; and `help`/`man` commands auto-allowed despite being able to run unsafe options and command substitutions. If you rely on broad allow rules to run unattended agents, re-audit them today — the fix also changes `dir/**` hook `if:` conditions to match only `<cwd>/dir`, so any-depth matching now requires `**/dir/**`.
↳ Follow the thread