v2.1.113

Source: Anthropic Claude Code Date: 2026-04-17 URL: https://github.com/anthropics/claude-code/releases/tag/v2.1.113

Summary

Architecture and security release. The CLI now spawns a native Claude Code binary instead of bundled JavaScript — a structural shift in how the tool is distributed and executed. Security tightening: sandbox.network.deniedDomains setting, macOS /private/{etc,var,tmp,home} treated as dangerous removal targets, bash deny rules extended to commands wrapped in env/sudo/watch/ionice/setsid, and Bash(find:*) allow rules no longer auto-approve find -exec/-delete. Also ships: readline-style Ctrl+A/Ctrl+E in multiline input, stalled subagent timeout (10 min, clear error), /ultrareview launch performance improvements, and several scrolling/display/URL-clickability fixes.

Implications

The native binary spawn change is the most structurally significant: moving from bundled JS to a native binary changes the update surface, startup latency, and sandboxing characteristics. This is consistent with the bfs/ugrep native tool embedding in v2.1.117 — Anthropic is progressively moving the CLI away from pure JS runtime. The security hardening across three vectors (network deny, filesystem path guards, bash wrapping bypass) in a single release suggests a coordinated security audit pass, not reactive patching. Stalled subagent timeout (10 min, clear error vs. hanging) is directly relevant to anyone running long agentic tasks.