Gemini CLI v0.41.0: Real-Time Voice Mode, Gemma 4 Support, and Stricter Security
Gemini CLI v0.41.0 shipped on May 5 with a /voice command for real-time spoken interaction, experimental Gemma 4 support, mandatory workspace trust in headless environments, and over 40 bug fixes.
Google shipped Gemini CLI v0.41.0 on May 5, adding real-time voice interaction, experimental Gemma 4 model support, and a round of security tightening that makes the tool safer to run in CI and headless environments. Patch releases v0.41.1 and v0.41.2 followed the same day and the day after, both fixing a tool approval race condition that could cause status reporting to break under load.
Voice Mode
The headline feature is a /voice command that lets you speak instead of type. Gemini CLI streams audio from your microphone to the Gemini Live API and returns a transcript, so you can describe a task aloud and have the CLI act on it. Both cloud and local processing backends are supported for the speech recognition step.
The preview release v0.42.0-preview.2, which shipped May 6, polished the voice UI with a wave animation and a microphone icon indicator, and added privacy warnings for the Gemini Live backend.
Gemma 4 Support
Experimental support for Gemma 4 models landed in this release. Gemma 4 lets teams run Gemini CLI against a local model rather than routing requests to Google’s cloud. The previous release (v0.40.0, April 28) had added streamlined Gemma local model setup; v0.41.0 extends that to include the newer Gemma 4 model family.
Security Changes
Two security-relevant changes shipped in this release.
First, workspace trust is now enforced in headless mode. Before v0.41.0, Gemini CLI running in a CI pipeline or headless environment would load .env files without verifying whether the workspace had been explicitly trusted. That created an attack surface: a malicious repository could pre-load environment variables to influence CLI behavior. The fix makes workspace trust verification mandatory before any .env content is loaded in headless contexts.
Second, shell command validation got a new allowlist layer. The update restricts which shell commands the CLI can execute without approval by default, preventing unauthorized commands from slipping through in --yolo mode or similar configurations. This follows April’s emergency CVSS 10.0 patch (v0.39.1) that fixed a remote code execution bug in CI workflows.
Memory and Performance
The auto-memory scratchpad now persists across turns, meaning skills extracted from a session don’t disappear between conversation turns. Earlier versions could lose in-progress memory context if a session ran long enough to trigger a scratchpad flush.
Startup speed improved by moving experiment and quota fetching to async calls rather than blocking on them during initialization. Boot slowness was a recurring complaint in the issue tracker after v0.40.0 introduced additional startup checks.
Context
v0.41.0 is the latest stable release. The preview track is at v0.42.0-preview.2. The stable release involved 19 contributors, with two making their first contributions to the project.
Sources: Gemini CLI v0.41.0 release notes — geminicli.com, Gemini CLI releases on GitHub, Gemini CLI preview release v0.42.0-preview.2