Visual Studio Code 1.123.2 addresses a critical security flaw that allowed automated file approvals to bypass path expansion checks, enhancing the editor's safety against poorly written scripts. The update mandates full directory resolution before granting write access, treating shell tilde and Windows environment paths as untrusted until resolved. Users should restart their workspace after updating to ensure extensions adopt the new stricter validation and avoid false write denials. This update not only improves security but also maintains compatibility with both POSIX and Windows environments, ensuring smoother terminal command workflows

Visual Studio Code 1.123.2 Patches a Dangerous Path Expansion Flaw

Visual Studio Code 1.123.2 plugs a security hole that let automated file approvals bypass path expansion checks. The editor now forces full directory resolution before granting write access, which stops poorly written scripts from slipping through ambiguous shell tilde and Windows environment variables. Terminal command auto approval will validate the expanded destination instead of trusting broken absolute path logic. Restart the workspace after updating to ensure extensions adopt the stricter validation without throwing false write denials.

Visual Studio Code 1.123.2 Patches a Dangerous Path Expansion Flaw @ NT Compatible