diff --git a/CHANGELOG.md b/CHANGELOG.md index d81be27..4415e55 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +### Documentation + +- **Claude Code Releases tracking**: Updated to v2.1.69 (from v2.1.66) + - v2.1.69: InstructionsLoaded hook, 4 security fixes (nested skills/symlink bypass/trust dialog/sandbox), 15+ memory leak fixes, Voice STT 20 languages, ${CLAUDE_SKILL_DIR}, /reload-plugins + - v2.1.68: ultrathink keyword re-introduced, Opus 4.6 medium effort default, Opus 4/4.1 removed from first-party API + + +### Added + +- **OpenClaw security hardening — documentation personnelle (boldguy/obsidian)** — 4 fichiers créés après audit de sécurité (score 5/10 → objectif 8+/10). (1) `securisation-openclaw.md` : guide complet 5 niveaux — gateway bind loopback + token 32 chars, exec allowlist + filesystem denied paths, memory-lancedb reconfiguré avec Ollama local (nomic-embed-text, `dimensions: 768` obligatoire car `config.ts:66-72` throw pour modèle non-OpenAI sans ce champ), Cloudflare Access Zero Trust sur `webhook.bruniaux.com`, DM Policy iMessage (pairing ou allowlist), docker-compose hardened. (2) `checklist-openclaw.md` : 5 sections à cocher (pré-install, réseau, sandbox, mémoire/données, channels) + monitoring mensuel. (3) `scripts/verify-openclaw-security.sh` : script bash 8 checks automatisés (port binding, config JSON, Ollama, connexions OpenAI actives, scan injection sessions, audit built-in, FileVault). (4) `rapport-audit-openclaw.md` : section Addendum avec findings complémentaires (Ollama local support vérifié dans `config.ts:10,147`, guide 3-tier communauté, DM Policy modes). Point clé de l'audit : `memory-lancedb` envoie les embeddings vers OpenAI par défaut — reconfigurer avec `baseUrl: "http://localhost:11434/v1"` + `dimensions: 768` pour rester 100% local. + ### Fixed - **Remote Control §9.22 — bugs iOS documentés et workarounds** (`guide/ultimate-guide.md:20075`) — troubleshooting enrichi suite à tests terrain (iPhone, mars 2026). Bug confirmé : scan QR code ouvre l'app Claude mais la session n'apparaît pas dans la liste (Research Preview, reproductible sur iOS, documenté par MacStories). Deux workarounds fiables ajoutés : (1) `claude.ai/code` dans Safari — session visible directement, (2) URL copiée depuis le terminal et collée dans Safari. Note explicative ajoutée dans la table de troubleshooting avec référence MacStories. diff --git a/guide/claude-code-releases.md b/guide/claude-code-releases.md index a724601..a56cbce 100644 --- a/guide/claude-code-releases.md +++ b/guide/claude-code-releases.md @@ -10,13 +10,13 @@ tags: [reference, release] > **Full details**: [github.com/anthropics/claude-code/CHANGELOG.md](https://github.com/anthropics/claude-code/blob/main/CHANGELOG.md) > **Machine-readable**: [claude-code-releases.yaml](../machine-readable/claude-code-releases.yaml) -**Latest**: v2.1.66 | **Updated**: 2026-03-04 +**Latest**: v2.1.69 | **Updated**: 2026-03-05 --- ## Quick Jump -- [2.1.x Series (January-March 2026)](#21x-series-january-march-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command, HTTP hooks, worktree config sharing +- [2.1.x Series (January-March 2026)](#21x-series-january-march-2026) — Worktree isolation, background agents, ConfigChange hook, Fast mode Opus 4.6, 1M context, claude.ai MCP connectors, remote-control, auto-memory, /copy command, HTTP hooks, worktree config sharing, ultrathink re-introduced, InstructionsLoaded hook, 4 security fixes - [2.0.x Series (Nov 2025 - Jan 2026)](#20x-series-november-2025---january-2026) — Opus 4.5, Claude in Chrome, Background agents - [Breaking Changes Summary](#breaking-changes-summary) - [Milestone Features](#milestone-features) @@ -25,6 +25,38 @@ tags: [reference, release] ## 2.1.x Series (January-March 2026) +### v2.1.69 (2026-03-04) + +- **Security**: Fixed nested skill discovery loading skills from gitignored directories like `node_modules` — critical security fix +- **Security**: Fixed symlink bypass allowing writes outside working directory in `acceptEdits` mode +- **Security**: Fixed trust dialog silently enabling all `.mcp.json` servers on first run (per-server approval now required) +- **Security**: Fixed sandbox not blocking non-allowed domains when `allowManagedDomainsOnly` is enabled +- **New**: `InstructionsLoaded` hook event fires when CLAUDE.md or `.claude/rules/*.md` files are loaded into context +- **New**: `agent_id`, `agent_type`, `worktree` fields added to all hook events (subagent tracking, worktree metadata) +- **New**: `${CLAUDE_SKILL_DIR}` variable for skills to reference their own installation directory in SKILL.md content +- **New**: `/reload-plugins` command to activate pending plugin changes without restarting Claude Code +- **New**: Voice STT expanded to 20 languages (+10: Russian, Polish, Turkish, Dutch, Ukrainian, Greek, Czech, Danish, Swedish, Norwegian) +- **New**: `sandbox.enableWeakerNetworkIsolation` setting (macOS) for Go tools (gh, gcloud, terraform) behind MITM proxy +- **New**: `includeGitInstructions` setting (and `CLAUDE_CODE_DISABLE_GIT_INSTRUCTIONS` env var) to remove built-in commit/PR instructions from system prompt +- **New**: `oauth.authServerMetadataUrl` config option for MCP servers with custom OAuth discovery +- **New**: `pluginTrustMessage` in managed settings for organization-specific plugin trust context +- **New**: Optional `--name` argument for `/remote-control` to set a custom session title visible in claude.ai/code +- **Changed**: Sonnet 4.5 users on Pro/Max/Team auto-migrated to Sonnet 4.6 +- **Changed**: `/resume` picker now shows most recent prompt instead of first one +- **Fixed**: 15+ memory leaks — React Compiler memoCache, REPL render scopes (~35MB over 1000 turns), teammate history pinning, hook event accumulation +- **Fixed**: ~16MB baseline memory reduction (deferred Yoga WASM preloading) +- **Fixed**: MCP binary content (PDFs, Office docs, audio) now saved to disk with correct extension instead of raw base64 in context +- **Fixed**: Startup performance — skills/plugins loading, worktree git subprocess, macOS keychain, managed settings +- **Fixed**: Escape not interrupting running turn when input box has draft text +- **Fixed**: Duplicate CLAUDE.md, slash commands, agents, and rules when running from nested worktree +- **Fixed**: macOS keychain corruption with multiple OAuth MCP servers (stdin buffer overflow) + +### v2.1.68 (2026-03-04) + +- **Changed**: Opus 4.6 now defaults to medium effort for Max and Team subscribers (sweet spot between speed and thoroughness) +- **New**: Re-introduced `ultrathink` keyword to enable high effort for the next turn specifically +- **Breaking**: Opus 4 and Opus 4.1 removed from Claude Code on first-party API — users auto-migrated to Opus 4.6 + ### v2.1.66 (2026-03-04) - **Fixed**: Reduced spurious error logging @@ -675,6 +707,9 @@ tags: [reference, release] | Version | Key Features | |---------|--------------| +| **v2.1.69** | InstructionsLoaded hook, 4 security fixes, 15+ memory fixes, Voice STT 20 languages | +| **v2.1.68** | ultrathink re-introduced, Opus 4.6 medium effort default, Opus 4/4.1 removed | +| **v2.1.63** | HTTP hooks, worktree config sharing, /simplify + /batch bundled commands | | **v2.1.32** | Opus 4.6, Agent teams preview, Automatic memory | | **v2.1.18** | Customizable keyboard shortcuts with /keybindings | | **v2.1.16** | New task management system with dependency tracking | @@ -700,4 +735,4 @@ tags: [reference, release] --- -*Last updated: 2026-02-13 | [Back to main guide](./ultimate-guide.md)* +*Last updated: 2026-03-05 | [Back to main guide](./ultimate-guide.md)* diff --git a/machine-readable/claude-code-releases.yaml b/machine-readable/claude-code-releases.yaml index 8cf47bd..8c21066 100644 --- a/machine-readable/claude-code-releases.yaml +++ b/machine-readable/claude-code-releases.yaml @@ -3,8 +3,8 @@ # Purpose: Track Claude Code product releases for documentation sync # Maintained: Manual updates when new releases are announced -latest: "2.1.66" -updated: "2026-03-04" +latest: "2.1.69" +updated: "2026-03-05" # ════════════════════════════════════════════════════════════════ # RELEASES (newest first, condensed highlights only) @@ -15,6 +15,25 @@ releases: # 2.1.x Series (January-March 2026) # ───────────────────────────────────────────────────────────── + - version: "2.1.69" + date: "2026-03-04" + highlights: + - "⭐ Security: fixed nested skills loading from node_modules, symlink bypass outside workdir, trust dialog silently enabling all servers, sandbox not blocking non-allowed domains" + - "⭐ Hooks: new InstructionsLoaded event (CLAUDE.md/.rules files) + agent_id, agent_type, worktree fields added to all hook events" + - "${CLAUDE_SKILL_DIR} variable for skills to reference their own directory + /reload-plugins command (no restart needed)" + - "Voice STT expanded to 20 languages (+10: Russian, Polish, Turkish, Dutch, Ukrainian, Greek, Czech, Danish, Swedish, Norwegian)" + - "15+ memory leak fixes; ~16MB baseline reduction; faster startup (worktree, macOS, MCP); improved MCP binary content (PDFs/Office saved to disk)" + - "Sonnet 4.5 users on Pro/Max/Team auto-migrated to Sonnet 4.6" + breaking: [] + + - version: "2.1.68" + date: "2026-03-04" + highlights: + - "Opus 4.6 now defaults to medium effort for Max and Team subscribers" + - "Re-introduced 'ultrathink' keyword to enable high effort for the next turn" + breaking: + - "Opus 4 and Opus 4.1 removed from Claude Code first-party API — auto-migrated to Opus 4.6" + - version: "2.1.66" date: "2026-03-04" highlights: @@ -707,8 +726,11 @@ breaking_summary: - "Heredoc delimiter command smuggling prevention (v2.1.38)" installation: - "npm installations deprecated - use native installer (v2.1.15)" + models: + - "Opus 4 and Opus 4.1 removed from Claude Code first-party API — auto-migrated to Opus 4.6 (v2.1.68)" behavior: - "ultrathink/think keywords now cosmetic only — thinking default with Opus 4.5 (v2.0.67)" + - "ultrathink keyword re-introduced — now enables high effort for next turn (v2.1.68)" syntax: - "Indexed argument syntax changed: $ARGUMENTS.0 → $ARGUMENTS[0] (v2.1.19)" @@ -716,6 +738,8 @@ breaking_summary: # MILESTONE FEATURES (quick reference) # ════════════════════════════════════════════════════════════════ milestones: + "2.1.69": "InstructionsLoaded hook, ${CLAUDE_SKILL_DIR}, 4 security fixes, 15+ memory fixes, Voice STT 20 languages" + "2.1.68": "ultrathink re-introduced, Opus 4.6 medium effort default, Opus 4/4.1 removed" "2.1.63": "HTTP hooks, worktree config sharing, /simplify + /batch bundled commands" "2.1.36": "Fast mode for Opus 4.6" "2.1.32": "Opus 4.6, Agent teams preview, Automatic memory"