Claude Code v2.1.214 fixes several permission-bypass bugs, adds EndConversation
Claude Code 2.1.214 ships a batch of -check fixes. A single-segment allow rule like `Edit(src/**)` was meant to only cover the `src/` folder inside the current , but it was actually auto-approving writes to any folder named `dir/` anywhere in the whole tree — that bug is fixed. A -check bypass affecting Windows 5.1 sessions is fixed, along with a case where bash parses file-descriptor redirect forms differently than the analyzer does, letting some commands slip past checks.
Commands longer than 10,000 characters now always trigger an approval prompt instead of running automatically. The update also fixes cases where zsh variable subscripts and modifiers inside `[[ ]]` comparisons were treated as harmless text and ran without asking, and where certain `help`/`man` commands that could run unsafe options, command substitutions, or backslash paths were auto-approved. A bug that let s on proceed before the local confirmation dialog appeared is also fixed.
On the feature side, a new EndConversation tool lets Claude end sessions with highly abusive users or jailbreak attempts, matching behavior already used on claude.ai since 2025. Other additions: a periodic progress heartbeat for long-running tool calls that used to go silent, an ISO modified timestamp added to , and new message-level identifiers added to log events for tracing.
Key points
- Fixed single-segment like `Edit(src/**)` auto-approving writes anywhere in the tree, not just the current directory
- Fixed bypass on Windows 5.1 and certain bash redirect forms
- Commands over 10,000 characters now always require approval
- Added EndConversation tool so Claude can end sessions with abusive or jailbreak-attempting users
- Added a progress heartbeat for long-running tool calls