Claude Code v2.1.51/v2.1.52: Remote Control, Security Fixes, and Plugin Improvements

Anthropic shipped two Claude Code releases on February 24, 2026. Version 2.1.51 is a substantial update with new features, security patches, and performance improvements, while v2.1.52 is a targeted hotfix for a Windows-specific VS Code crash.

New: Remote Control Subcommand

The headline addition in v2.1.51 is claude remote-control, a new subcommand that enables external build systems to serve local environments. The feature is available to all users and targets workflows where Claude Code needs to integrate with custom CI/CD pipelines or external tooling.

Two Security Vulnerabilities Patched

This release addresses two security issues in Claude Code’s hook system.

The first involves statusLine and fileSuggestion hook commands that could execute without workspace trust acceptance in interactive mode — a gap that could allow untrusted workspaces to run arbitrary hook logic.

The second is an HTTP hook vulnerability where header values could interpolate arbitrary environment variables. The fix introduces a mandatory allowedEnvVars list in hook configuration, restricting which variables can be accessed. Additionally, HTTP hooks are now routed through the sandbox network proxy when sandboxing is enabled, enforcing the domain allowlist.

Smarter Context Window Management

Tool results exceeding 50K characters (previously 100K) are now persisted to disk rather than kept in the conversation context. The lower threshold reduces context window consumption, which directly improves conversation longevity during extended coding sessions.

Plugin Ecosystem Updates

• Default git timeout for the plugin marketplace increased from 30s to 120s, configurable via CLAUDE_CODE_PLUGIN_GIT_TIMEOUT_MS
• Custom npm registries and specific version pinning now supported for npm-sourced plugins
• Fixed a crash in slash command autocomplete when a plugin’s SKILL.md description is a YAML array

BashTool Performance

BashTool now skips the login shell (-l flag) by default when a shell snapshot is available. Previously this required setting CLAUDE_BASH_NO_LOGIN=true — the optimization is now automatic.

Friendlier Model Picker

The /model command now displays human-readable labels like “Sonnet 4.5” instead of raw model IDs for pinned versions. When a newer version is available, it shows an upgrade hint.

v2.1.52: Windows VS Code Fix

Version 2.1.52 patches a crash affecting the VS Code extension on Windows, where users encountered a “command ‘claude-vscode.editor.openLast’ not found” error on launch.

Other Notable Fixes

• Duplicate control_response messages from WebSocket reconnects no longer cause API 400 errors
• New environment variables (CLAUDE_CODE_ACCOUNT_UUID, CLAUDE_CODE_USER_EMAIL, CLAUDE_CODE_ORGANIZATION_UUID) let SDK callers provide account info synchronously, eliminating a telemetry race condition