Cloudflare product changelog

API deprecations - Cloudflare DWeb Resolver

Tue, 01 Jul 2025 00:00:00 GMT

Deprecation date: July 1, 2025

The Cloudflare DWeb Resolver experiment is ending.

Deprecated APIs:

DoH resolver on resolver.cloudflare-eth.com

API deprecations - Firewall Rules API and Filters API

Sun, 15 Jun 2025 00:00:00 GMT

Deprecation date: June 15, 2025

The Firewall Rules API and the Filters API are deprecated, since Firewall Rules was deprecated in favor of WAF custom rules. Refer to Firewall Rules to WAF custom rules migration for more information about this change.

Deprecated APIs:

GET /zones/:zone_id/firewall/rules
POST /zones/:zone_id/firewall/rules
PATCH /zones/:zone_id/firewall/rules
PUT /zones/:zone_id/firewall/rules
DELETE /zones/:zone_id/firewall/rules
GET /zones/:zone_id/firewall/rules/:rule_id
PATCH /zones/:zone_id/firewall/rules/:rule_id
PUT /zones/:zone_id/firewall/rules/:rule_id
DELETE /zones/:zone_id/firewall/rules/:rule_id
GET /zones/:zone_id/filters
POST /zones/:zone_id/filters
PUT /zones/:zone_id/filters
DELETE /zones/:zone_id/filters
GET /zones/:zone_id/filters/:filter_id
PUT /zones/:zone_id/filters/:filter_id
DELETE /zones/:zone_id/filters/:filter_id

Replacement: WAF custom rules

API deprecations - WAF managed rules APIs (previous version)

Sun, 15 Jun 2025 00:00:00 GMT

Deprecation date: June 15, 2025

The APIs for managing WAF managed rules (previous version) — namely for managing packages, rule groups, rules, and overrides — are deprecated in favor of WAF Managed Rules. Refer to WAF Managed Rules migration for more information about this change.

Deprecated APIs:

GET /zones/:zone_id/firewall/waf/packages
GET /zones/:zone_id/firewall/waf/packages/:package_id
PATCH /zones/:zone_id/firewall/waf/packages/:package_id
GET /zones/:zone_id/firewall/waf/packages/:package_id/groups
GET /zones/:zone_id/firewall/waf/packages/:package_id/groups/:group_id
PATCH /zones/:zone_id/firewall/waf/packages/:package_id/groups/:group_id
GET /zones/:zone_id/firewall/waf/packages/:package_id/rules
GET /zones/:zone_id/firewall/waf/packages/:package_id/rules/:rule_id
PATCH /zones/:zone_id/firewall/waf/packages/:package_id/rules/:rule_id
GET /zones/:zone_id/firewall/waf/overrides
POST /zones/:zone_id/firewall/waf/overrides
GET /zones/:zone_id/firewall/waf/overrides/:override_id
PUT /zones/:zone_id/firewall/waf/overrides/:override_id
DELETE /zones/:zone_id/firewall/waf/overrides/:override_id

Replacement: WAF Managed Rules (new version)

API deprecations - Rate Limiting API (previous version)

Sun, 15 Jun 2025 00:00:00 GMT

Deprecation date: June 15, 2025

The Rate Limiting API is deprecated, since the previous version of rate limiting rules was deprecated in favor of the new rate limiting rules based on the Ruleset Engine. Refer to Rate limiting (previous version) deprecation notice for more information about this change.

Deprecated API:

GET /zones/:zone_id/rate_limits
POST /zones/:zone_id/rate_limits
GET /zones/:zone_id/rate_limits/:rate_limit_id
PUT /zones/:zone_id/rate_limits/:rate_limit_id
DELETE /zones/:zone_id/rate_limits/:rate_limit_id

Replacement: Rate limiting rules (new version)

wrangler - 4.15.2

Thu, 15 May 2025 00:00:00 GMT

Patch Changes

#9257 33daa09 Thanks @penalosa! - Relax R2 bucket validation for pages dev commands
#9256 3b384e2 Thanks @penalosa! - Move the Analytics Engine simulator implementation from JSRPC to a Wrapped binding. This fixes a regression introduced in https://github.com/cloudflare/workers-sdk/pull/8935 that preventing Analytics Engine bindings working in local dev for Workers with a compatibility date prior to JSRPC being enabled.
Updated dependencies [3b384e2]:
- miniflare@4.20250508.2
- @cloudflare/unenv-preset@2.3.2

wrangler - 4.15.1

Thu, 15 May 2025 00:00:00 GMT

Patch Changes

#9248 07f4010 Thanks @vicb! - fix unenv version mismatch
#9219 ea71df3 Thanks @vicb! - bump unenv to 2.0.0-rc.17
#9246 d033a7d Thanks @edmundhung! - fix: strip CF-Connecting-IP header within fetch

In v4.15.0, Miniflare began stripping the CF-Connecting-IP header via a global outbound service, which led to a TCP connection regression due to a bug in Workerd. This PR patches the fetch API to strip the header during local wrangler dev sessions as a temporary workaround until the underlying issue is resolved.
Updated dependencies [f61a08e, ea71df3, d033a7d]:
- @cloudflare/unenv-preset@2.3.2
- miniflare@4.20250508.1

wrangler - 4.15.0

Tue, 13 May 2025 00:00:00 GMT

Minor Changes

#8794 02f0699 Thanks @eastlondoner! - This adds support for more accurate types for service bindings when running wrangler types. Previously, running wrangler types with a config including a service binding would generate an Env type like this:
```
interface Env {
    SERVICE_BINDING: Fetcher;
}
```
This type was "correct", but didn't capture the possibility of using JSRPC to communicate with the service binding. Now, running wrangler types -c wrangler.json -c ../service/wrangler.json (the first config representing the current Worker, and any additional configs representing service bound Workers) will generate an Env type like this:
```
interface Env {
    SERVICE_BINDING: Service<import("../service/src/index").Entrypoint>;
}
```
#8716 63a6504 Thanks @ItsWendell! - add --metafile flag to generate esbuild metadata file during build
#9122 f17ee08 Thanks @avenceslau! - Unhide wrangler workflows delete command

Patch Changes

#9168 6b42c28 Thanks @dario-piotrowicz! - remove experimental MixedModeConnectionString type

remove the experimental MixedModeConnectionString type which is now exposed by Miniflare instead
#7914 37af035 Thanks @andyjessop! - fix(miniflare): strip CF-Connecting-IP header from all outbound requests
#9161 53ba97d Thanks @lambrospetrou! - Fix d1 info command showing read_replication: [object Object]
#9165 91d0c40 Thanks @vicb! - validate r2 bucket names
#9183 f6f1a18 Thanks @dario-piotrowicz! - add remote option to initial bindings

add the remote option (initial implementation gated behind --x-mixed-mode) for the following bindings: service, kv, r2, d1, queue and workflow
#9149 415520e Thanks @penalosa! - Implement mixed mode proxy server & client
Updated dependencies [37af035, ceeb375, 349cffc, 362cb0b, 2cc8197, 6b42c28]:
- miniflare@4.20250508.0

wrangler - 4.14.4

Thu, 08 May 2025 00:00:00 GMT

Patch Changes

#9124 d0d62e6 Thanks @dario-piotrowicz! - make that unstable_startWorker can correctly throw configuration errors

make sure that unstable_startWorker can throw configuration related errors when:
- the utility is called
- the worker's setConfig is called with the throwErrors argument set to true
additionally when an error is thrown when unstable_startWorker is called make sure that the worker is properly disposed (since, given the fact that it is not returned by the utility the utility's caller wouldn't have any way to dispose it themselves)

wrangler - 4.14.3

Wed, 07 May 2025 00:00:00 GMT

Patch Changes

#9158 826c5e8 Thanks @petebacondarwin! - fix CallSite.toString() not to throw
#9159 c6b3f10 Thanks @petebacondarwin! - bump esbuild version to fix regression in 0.25.0
#8985 078c568 Thanks @gabivlj! - wrangler deploy is able to deploy new container versions
#9162 8c3cdc3 Thanks @petebacondarwin! - Do not report "d1 execute" command file missing error to Sentry
Updated dependencies [df5d1f6, 4672bda, c6b3f10]:
- miniflare@4.20250507.0

wrangler - 4.14.2

Tue, 06 May 2025 00:00:00 GMT

Patch Changes

#9118 1cd30a5 Thanks @dario-piotrowicz! - fix: remove outdated js-doc comment for unstable_startDevWorker's entrypoint
#9120 11aa362 Thanks @dario-piotrowicz! - Add experimental_startMixedModeSession no-op utility

This experimental utility has no effect. More details will be shared as we roll out its functionality.
#7423 2be85d7 Thanks @penalosa! - Make sure custom build logging output is more clearly signposted, and make sure it doesn't interfere with the interactive dev session output.
#9112 3fe85d4 Thanks @penalosa! - Warn if the Node.js version is below Node.js 20

wrangler - 4.14.1

Thu, 01 May 2025 00:00:00 GMT

Patch Changes

#9085 cdc88d8 Thanks @petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.
#9095 508a1a3 Thanks @petebacondarwin! - wrangler login put custom callback host and port into the auth URL
#9113 82e220e Thanks @dario-piotrowicz! - Add x-mixed-mode flag

This experimental flag currently has no effect. More details will be shared as we roll out its functionality.
Updated dependencies [357d42a]:
- miniflare@4.20250428.1

wrangler - 3.114.8

Thu, 01 May 2025 00:00:00 GMT

Patch Changes

#9086 a2a56c8 Thanks @petebacondarwin! - Do not include .wrangler and Wrangler config files in additional modules

Previously, if you added modules rules such as **/*.js or **/*.json, specified no_bundle: true, and the entry-point to the Worker was in the project root directory, Wrangler could include files that were not intended, such as .wrangler/tmp/xxx.js or the Wrangler config file itself. Now these files are automatically skipped when trying to find additional modules by searching the file tree.
#9037 d0d0025 Thanks @CarmenPopoviciu! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.
#9093 2f2f7ba Thanks @CarmenPopoviciu! - fix: Validate input file for Vectorize inserts
Updated dependencies [fc04292, a01adca]:
- miniflare@3.20250408.1

wrangler - 4.14.0

Tue, 29 Apr 2025 00:00:00 GMT

Minor Changes

#8981 3b60131 Thanks @Caio-Nogueira! - Adds support for waitForEvent step type
#9083 137d2da Thanks @penalosa! - Support Tail Workers in local dev

Patch Changes

#8975 9bf55aa Thanks @Caio-Nogueira! - Adds missing waiting status on the wrangler workflow instances list command
#9048 0b4d22a Thanks @garvit-gupta! - fix: Validate input file for Vectorize inserts
Updated dependencies [d2ecc76, 137d2da]:
- miniflare@4.20250428.0

wrangler - 4.13.2

Fri, 25 Apr 2025 00:00:00 GMT

Patch Changes

Updated dependencies [2c50115]:
- miniflare@4.20250424.1

wrangler - 4.13.1

Thu, 24 Apr 2025 00:00:00 GMT

Patch Changes

#8983 f5ebb33 Thanks @Caio-Nogueira! - Remove open-beta disclaimer from workflows commands
#8990 6291fa1 Thanks @emily-shen! - fix: When generating Env types, set type of version metadata binding to WorkerVersionMetadata. This means it now correctly includes the timestamp field.
#8966 234afae Thanks @penalosa! - Internal refactor to use the createCommand utility
Updated dependencies [fc47c79, 0838f1b]:
- miniflare@4.20250424.0

wrangler - 4.13.0

Wed, 23 Apr 2025 00:00:00 GMT

Minor Changes

#8640 5ce70bd Thanks @kentonv! - Add support for defining props on a Service binding.

In your configuration file, you can define a service binding with props:

{
    "services": [
        {
            "binding": "MY_SERVICE",
            "service": "some-worker",
            "props": { "foo": 123, "bar": "value" }
        }
    ]
}

These can then be accessed by the callee:

import { WorkerEntrypoint } from "cloudflare:workers";

export default class extends WorkerEntrypoint {
    fetch() {
        return new Response(JSON.stringify(this.ctx.props));
    }
}

#8771 0cfcfe0 Thanks @dario-piotrowicz! - feat: add config.keep_names option

Adds a new option to Wrangler to allow developers to opt out of esbuild's keep_names option (https://esbuild.github.io/api/#keep-names). By default, Wrangler sets this to true

This is something developers should not usually need to care about, but sometimes keep_names can create issues, and in such cases they will be now able to opt-out.

Example wrangler.jsonc:
```
{
    "name": "my-worker",
    "main": "src/worker.ts",
    "keep_names": false
}
```

Patch Changes

#9024 c409318 Thanks @IRCody! - Correctly handle 0 length responses to wrangler containers list.
Updated dependencies [5ce70bd, 3f0adf3]:
- miniflare@4.20250422.0

wrangler - 4.12.1

Tue, 22 Apr 2025 00:00:00 GMT

Patch Changes

#8935 41f095b Thanks @penalosa! - Internal refactor to move local analytics engine support from Wrangler to Miniflare
Updated dependencies [2a7749b, 41f095b]:
- miniflare@4.20250417.0

wrangler - 3.114.7

Tue, 22 Apr 2025 00:00:00 GMT

Patch Changes

#8955 b7eba92 Thanks @workers-devprod! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.
#8928 8bcb257 Thanks @dario-piotrowicz! - fix redirected config env validation breaking wrangler pages commands

a validation check has recently been introduced to make wrangler error on deploy commands when an environment is specified and a redirected configuration is in use (the reason being that redirected configurations should not include any environment), this check is problematic with pages commands where the "production" environment is anyways set by default, to address this the validation check is being relaxed here on pages commands

wrangler - 4.12.0

Thu, 17 Apr 2025 00:00:00 GMT

Minor Changes

#8316 69864b4 Thanks @gnekich! - introduce callback-host and callback-port param for wrangler login command

Patch Changes

#8889 eab7ad9 Thanks @penalosa! - When Wrangler encounters an error, if the Bun runtime is detected it will now warn users that Wrangler does not officially support Bun.
#8673 5de2b9a Thanks @IRCody! - Add containers {info, list, delete} subcommands.
Updated dependencies [62c40d7]:
- miniflare@4.20250416.0

wrangler - 4.11.1

Tue, 15 Apr 2025 00:00:00 GMT

Patch Changes

#8950 bab1724 Thanks @edmundhung! - fix: include telemetry-related environment variables in release builds
#8903 085a565 Thanks @emily-shen! - disable eslint in generated types file
Updated dependencies [511be3d]:
- miniflare@4.20250410.1

wrangler - 4.11.0

Tue, 15 Apr 2025 00:00:00 GMT

Minor Changes

#8890 c912b99 Thanks @edmundhung! - update esbuild version to 0.25
#8711 4cc036d Thanks @CarmenPopoviciu! - Add the Pages deployment id to the JSON output for wrangler pages deployment list
#8244 84ecfe9 Thanks @CarmenPopoviciu! - feat: Add debug logs to capture assets upload status, specifically:
- which asset files were read from the file system
- which files were successfully uploaded

Patch Changes

#8885 f2802f9 Thanks @CarmenPopoviciu! - Disambiguate the "No files to upload. Proceeding with deployment..." message
#8924 d2b44a2 Thanks @dario-piotrowicz! - fix redirected config env validation breaking wrangler pages commands

a validation check has recently been introduced to make wrangler error on deploy commands when an environment is specified and a redirected configuration is in use (the reason being that redirected configurations should not include any environment), this check is problematic with pages commands where the "production" environment is anyways set by default, to address this the validation check is being relaxed here on pages commands
Updated dependencies [f5413c5]:
- miniflare@4.20250410.0

wrangler - 3.114.6

Mon, 14 Apr 2025 00:00:00 GMT

Patch Changes

#8783 7bcf352 Thanks @petebacondarwin! - Improve error message when request to obtain membership info fails

Wrangler now informs user that specific permission might be not granted when fails to obtain membership info. The same information is provided when Wrangler is unable to fetch user's email.
#8866 db673d6 Thanks @edmundhung! - improve error message when redirected config contains environments

this change improves that validation error message that users see when a redirected config file contains environments, by:
- cleaning the message formatting and displaying the offending environments in a list
- prompting the user to report the issue to the author of the tool which has generated the config
#8600 91cf028 Thanks @workers-devprod! - add validation to redirected configs in regards to environments

add the following validation behaviors to wrangler deploy commands, that relate to redirected configs (i.e. config files specified by .wrangler/deploy/config.json files):
- redirected configs are supposed to be already flattened configurations without any environment (i.e. a build tool should generate redirected configs already targeting specific environments), so if wrangler encounters a redirected config with some environments defined it should error
- given the point above, specifying an environment (--env=my-env) when using redirected configs is incorrect, so these environments should be ignored and a warning should be presented to the user

wrangler - 4.10.0

Thu, 10 Apr 2025 00:00:00 GMT

Minor Changes

#8807 dcce2ec Thanks @LuisDuarte1! - Promote workflows commands to stable

Patch Changes

#8883 5388447 Thanks @penalosa! - fix: Only log requests to the Wrangler dev server once
Updated dependencies [b7ac367, 5388447]:
- miniflare@4.20250409.0

API deprecations - Eligible Zones For Account Custom Nameservers

Sun, 23 Mar 2025 00:00:00 GMT

Deprecation date: March 23, 2025

Users can now add custom nameservers that are not part of a zone managed within their account. As a result, any zone is eligible for custom nameservers, regardless of whether it is managed by Cloudflare. Given this change, an endpoint to check for eligible zones is no longer relevant and is therefore being deprecated.

Deprecated APIs:

GET /accounts/:account_id/custom_ns/availability

API deprecations - Zone Setting: cname_flattening

Fri, 21 Mar 2025 00:00:00 GMT

Deprecation date: March 21, 2025

The Zone Settings API endpoints for managing zone-level CNAME flattening are deprecated. Instead, use the Show DNS Settings and Update DNS Settings endpoints to manage this setting.

Changes via the old endpoints will be reflected in the new ones, and vice versa, so there is no need to migrate existing zones. However, future API calls must use DNS Settings instead of the Zone Settings endpoints.

Note that, with the deprecated zone setting, values "off" and "apex" have the same behavior. These are represented as {"flatten_all_cnames": false} in the new API. The zone setting "on" corresponds to {"flatten_all_cnames": true} in the new API.

Affected APIs:

GET /zones/:zone_id/settings
PATCH /zones/:zone_id/settings

Deprecated APIs:

GET /zones/:zone_id/settings/cname_flattening
PATCH /zones/:zone_id/settings/cname_flattening

API deprecations - Account Settings: default_nameservers and use_account_custom_ns_by_default

Fri, 14 Mar 2025 00:00:00 GMT

Deprecation date: March 14, 2025

The fields "default_nameservers" and "use_account_custom_ns_by_default" within the "settings" object of accounts are deprecated. Instead, use the Show DNS Settings and Update DNS Settings endpoints to manage this setting. This setting is available in the new API as .zone_defaults.nameservers.type, with allowed values "cloudflare.standard", "cloudflare.standard.random", "custom.account" and "custom.tenant".

Affected APIs:

GET /accounts
POST /accounts
GET /accounts/:account_id
PUT /accounts/:account_id

API deprecations - DNS Records API: Changes to Filter Parameters

Fri, 21 Feb 2025 00:00:00 GMT

Deprecation date: February 21, 2025

The following URL parameters for filtering DNS records are deprecated:

name=contains:value
Instead, use the supported name.contains=value syntax.
name=starts_with:value
Instead, use the supported name.startswith=value syntax.
name=ends_with:value
Instead, use the supported name.endswith=value syntax.
name=one,two,three (searching for one of multiple possible names, separated by commas)
Instead, make multiple requests, one for each possible name. Alternatively, if only querying the name field, the ?match=any&name=one&name=two&name=three syntax can be used instead. This syntax has an extended deprecation date of May 23, 2025.
content=contains:value
Instead, use the supported content.contains=value syntax.
content=starts_with:value
Instead, use the supported content.startswith=value syntax.
content=ends_with:value
Instead, use the supported content.endswith=value syntax.
content=one,two,three (searching for one of multiple possible contents, separated by commas)
Instead, make multiple requests, one for each possible content. Alternatively, if only querying the content field, the ?match=any&content=one&content=two&content=three syntax can be used instead. This syntax has an extended deprecation date of May 23, 2025.
type=contains:value
Searching for substrings of a type name will no longer be supported. Instead, please search for an exact type name, such as type=CNAME. If the input value is a free-text search from a human user, consider using the search parameter instead.

None of the parameters being deprecated were ever officially supported per our API documentation.

Affected APIs:

GET /zones/:zone_id/dns_records

DNS - Removal of unused DNS record meta fields

Mon, 03 Feb 2025 00:00:00 GMT

Cloudflare is removing five fields from the meta object of DNS records. These fields have been unused for more than a year and are no longer set on new records. This change may take up to four weeks to fully roll out. The affected fields are:

the auto_added boolean
the managed_by_apps boolean and corresponding apps_install_id
the managed_by_argo_tunnel boolean and corresponding argo_tunnel_id

Security Center - 2025-02-03

Mon, 03 Feb 2025 00:00:00 GMT

Security Center now has a role called Brand Protection. This role gives you access to the Brand Protection feature on the API and Cloudflare dashboard. Brand Protection role also gives you access to the Investigate platform, where you can consume the Threat Intel API and URL scanner API calls.

WAF - Scheduled for 2025-02-10

Mon, 03 Feb 2025 00:00:00 GMT

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Description	Comments
2025-02-03	2025-02-10	Log	100708	Aviatrix Network - Remote Code Execution - CVE:CVE-2024-50603	This is a New Detection
2025-02-03	2025-02-10	Log	100709	Next.js - Remote Code Execution - CVE:CVE-2024-46982	This is a New Detection
2025-02-03	2025-02-10	Log	100710	Progress Software WhatsUp Gold - Directory Traversal - CVE:CVE-2024-12105	This is a New Detection
2025-02-03	2025-02-10	Log	100711	WordPress - Remote Code Execution - CVE:CVE-2024-56064	This is a New Detection
2025-02-03	2025-02-10	Log	100712	WordPress - Remote Code Execution - CVE:CVE-2024-9047	This is a New Detection
2025-02-03	2025-02-10	Log	100713	FortiOS - Auth Bypass - CVE:CVE-2022-40684	This is a New Detection

Browser Rendering - Increased limits

Fri, 31 Jan 2025 00:00:00 GMT

Increased the limits on the number of concurrent browsers, and browsers per minute from 2 to 10.

Stream - Expanded Language Support for Generated Captions

Thu, 30 Jan 2025 00:00:00 GMT

Eleven new languages are now supported for transcription when using generated captions, available for free for video stored in Stream.

Rules - New Snippets code editor

Wed, 29 Jan 2025 00:00:00 GMT

The new Snippets code editor is now live, allowing users to edit both Snippets code and rules from a single page. This update simplifies the workflow and introduces features such as code formatting, refactoring, and auto-complete. The updated editor is available within the Snippets interface.

Hyperdrive - Hyperdrive automatically configures your Cloudflare Tunnel to connect to your private database.

Tue, 28 Jan 2025 00:00:00 GMT

When creating a Hyperdrive configuration for a private database, you only need to provide your database credentials and set up a Cloudflare Tunnel within the private network where your database is accessible.

Hyperdrive will automatically create the Cloudflare Access, Service Token and Policies needed to secure and restrict your Cloudflare Tunnel to the Hyperdrive configuration.

Refer to documentation on how to configure Hyperdrive to connect to a private database.

Zero Trust WARP Client - WARP client for macOS (version 2025.1.447.1)

Tue, 28 Jan 2025 00:00:00 GMT

A new beta release for the macOS WARP client is now available on the Downloads page. This release contains only improvements.

Note: If using macOS Sequoia, Cloudflare recommends the use of macOS 15.2 or later. With macOS 15.2, Apple addressed several issues that may have caused the WARP client to not behave as expected when used with macOS 15.0.x.

Changes and improvements

Improved command line interface for Access for Infrastructure with added function for filtering and ordering.
Fixed client connectivity issues when switching between managed network profiles that use different WARP protocols.
Improved OS version posture checks on macOS for greater reliability and availability.
Added support for WARP desktop to use additional DoH endpoints to help reduce NAT congestion.
Improved WireGuard connection stability on reconnections.
Added additional HTTP/3 QUIC connectivity test to warp-diag.

Known issues

macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.2 or later.

Zero Trust WARP Client - WARP client for Windows (version 2025.1.447.1)

Tue, 28 Jan 2025 00:00:00 GMT

A new beta release for the Windows WARP client is now available on the Downloads page. This release contains only improvements.

Changes and improvements

Improved command line interface for Access for Infrastructure with added function for filtering and ordering.
Fixed client connectivity issues when switching between managed network profiles that use different WARP protocols.
Added support for WARP desktop to use additional DoH endpoints to help reduce NAT congestion.
Improved Windows multi-user feature with minor bug fixes and optimizations.
Improved connectivity check reliability in certain split tunnel configurations.
Improved reading of device DNS settings at connection restart.
Improved WARP connectivity in environments with virtual machine interfaces.
Improved WireGuard connection stability on reconnections.
Improved reliability of device posture checks for OS Version, Unique Client ID, Domain Joined, Disk Encryption, and Firewall attributes.
Added additional HTTP/3 QUIC connectivity test to warp-diag.

Known issues

DNS resolution may be broken when the following conditions are all true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around this issue, reconnect the WARP client by toggling off and back on.

DNS - Zone IDs and names on individual DNS records

Mon, 27 Jan 2025 00:00:00 GMT

Records returned by the API will no longer contain the zone_id and zone_name fields. This change may take up to four weeks to fully roll out. The affected fields were deprecated with an End of Life (EOL) date of November 30, 2024.

Load Balancing - Update to Cloudflare Tunnel Steering

Fri, 24 Jan 2025 00:00:00 GMT

Introduced changes to the resolution of proxied domains that are backed by Cloudflare Tunnels on the same zone. These changes correct how orange-clouded records are steered to Cloudflare Tunnels via Cloudflare Load Balancers.

DLP - Source code confidence levels

Thu, 23 Jan 2025 00:00:00 GMT

DLP now supports setting a confidence level for source code profiles.

Access - Access Applications support private hostnames/IPs and reusable Access policies.

Tue, 21 Jan 2025 00:00:00 GMT

Cloudflare Access self-hosted applications can now be defined by private IPs, private hostnames (on port 443) and public hostnames. Additionally, we made Access policies into their own object which can be reused across multiple applications. These updates involved significant updates to the overall Access dashboard experience. The updates will be slowly rolled out to different customer cohorts. If you are an Enterprise customer and would like early access, reach out to your account team.

WAF - 2025-01-21

Tue, 21 Jan 2025 00:00:00 GMT

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Managed Rulesets		100303	Command Injection - Nslookup	Log	Block	This was released as
Cloudflare Managed Rulesets		100534	Web Shell Activity	Log	Block	This was released as

Security Center - 2025-01-20

Mon, 20 Jan 2025 00:00:00 GMT

On the URL scanner, customers who search for a report will now get a list of all reports related to that specific hostname. A hash is also available in the security report. By selecting the hash, the dashboard will list reports containing the same hash.

Zero Trust WARP Client - WARP download repository

Fri, 17 Jan 2025 00:00:00 GMT

Microsoft is retiring the App Center which customers previously used to download Windows and macOS WARP client releases. As a result, Cloudflare has launched a new Downloads page where you can find WARP client downloads for all operating systems, version history, and release notes.

API Shield - API Authentication Posture

Thu, 16 Jan 2025 00:00:00 GMT

Customers will see per-endpoint authentication details inside API Shield's Endpoint Management for zones with configured session identifiers.

Load Balancing - Update to Pool Health Monitoring

Thu, 16 Jan 2025 00:00:00 GMT

We made changes to how we resolve and monitor proxied origins to assess pool health. Our analysis indicates no impact to customer configurations or operations. Contact customer support if you notice any unexpected behavior.

DLP - Payload log match visibility

Wed, 15 Jan 2025 00:00:00 GMT

When viewing decrypted payload log matches, DLP now provides more context by listing multiple DLP matches and the matching DLP profile.

D1 - D1 will begin enforcing its free tier limits from the 10th of February 2025.

Mon, 13 Jan 2025 00:00:00 GMT

D1 will begin enforcing the daily free tier limits from 2025-02-10. These limits only apply to accounts on the Workers Free plan.

From 2025-02-10, if you do not take any action and exceed the daily free tier limits, queries to D1 databases via the Workers API and/or REST API will return errors until limits reset daily at 00:00 UTC.

To ensure uninterrupted service, upgrade your account to the Workers Paid plan from the plans page. The minimum monthly billing amount is $5. Refer to Workers Paid plan and D1 limits.

For better insight into your current usage, refer to your billing metrics for rows read and rows written, which can be found on the D1 dashboard or GraphQL API.

WAF - 2025-01-13

Mon, 13 Jan 2025 00:00:00 GMT

Ruleset	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Managed Rulesets	100704	Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953	Log	Block	New Detection
Cloudflare Managed Rulesets	100705	Sentry - SSRF	Log	Block	New Detection
Cloudflare Managed Rulesets	100706	Apache Struts - Remote Code Execution - CVE:CVE-2024-53677	Log	Block	New Detection
Cloudflare Managed Rulesets	100707	FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990	Log	Block	New Detection
Cloudflare Managed Rulesets	100007C_BETA	Command Injection - Common Attack Commands		Disabled

Rules - New Rules Overview page

Thu, 09 Jan 2025 00:00:00 GMT

The new Rules Overview interface consolidates Cloudflare Rules products into a single, intuitive page, simplifying navigation and rule management. Key features include:

Unified interface: Manage all rules in one place — no more navigating through multiple menu tabs.
Search across rules: Quickly locate specific rules.
Clear rule order: View and manage rules by their execution sequence for streamlined configuration.
Enhanced visibility: Instantly view the filter (conditions) and action (outcome) for every rule.
Faster debugging: Use Trace directly from the zone-level interface for simple, quick troubleshooting.

The new page is available in the Cloudflare dashboard at Rules > Overview.

Zero Trust WARP Client - WARP client for Windows (version 2024.12.760.0)

Thu, 09 Jan 2025 00:00:00 GMT

A new GA release for the Windows WARP client is now available on the Downloads page. This release contains only a hotfix from the 2024.12.554.0 release.

Changes and improvements:

Fixed an issue that could prevent clients with certain split tunnel configurations from connecting.

Known issues:

DNS resolution may be broken when the following conditions are all true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around this issue, reconnect the WARP client by toggling off and back on.

Cache - Smart Tiered Cache for Load balancing

Wed, 08 Jan 2025 00:00:00 GMT

Smart Tiered Cache will now select a common single best Upper Tier for an entire Load Balancing Pool based on Origin performance measurements, increasing the cache HIT ratio.

Gateway - Bring your own resolver IP (BYOIP) for DNS locations

Wed, 08 Jan 2025 00:00:00 GMT

Enterprise users can now provide an IP address for a private DNS resolver to use with DNS locations. Gateway supports bringing your own IPv4 and IPv6 addresses.

D1 - D1 Worker API request latency decreases by 40-60%.

Tue, 07 Jan 2025 00:00:00 GMT

D1 lowered end-to-end Worker API request latency by 40-60% by eliminating redundant network round trips for each request.

p50, p90, and p95 request latency aggregated across entire D1 service. These latencies are a reference point and should not be viewed as your exact workload improvement.

For each request to a D1 database, at least two network round trips were eliminated. One round trip was due to a bug that is now fixed. The remaining removed round trips are due to avoiding creating a new TCP connection for each request when reaching out to the datacenter hosting the database.

The removal of redundant network round trips also applies to D1's REST API. However, the REST API still depends on Cloudflare's centralized datacenters for authentication, which reduces the relative performance improvement.

WAF - 2025-01-06

Mon, 06 Jan 2025 00:00:00 GMT

Ruleset	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	100678	Pandora FMS - Remote Code Execution - CVE:CVE-2024-11320	Log	Block	New Detection
Cloudflare Specials	100679	Palo Alto Networks - Remote Code Execution - CVE:CVE-2024-0012, CVE:CVE-2024-9474	Log	Block	New Detection
Cloudflare Specials	100680	Ivanti - Command Injection - CVE:CVE-2024-37397	Log	Block	New Detection
Cloudflare Specials	100681	Really Simple Security - Auth Bypass - CVE:CVE-2024-10924	Log	Block	New Detection
Cloudflare Specials	100682	Magento - XXE - CVE:CVE-2024-34102	Log	Block	New Detection
Cloudflare Specials	100683	CyberPanel - Remote Code Execution - CVE:CVE-2024-51567	Log	Block	New Detection
Cloudflare Specials	100684	Microsoft SharePoint - Remote Code Execution - CVE:CVE-2024-38094, CVE:CVE-2024-38024, CVE:CVE-2024-38023	Log	Block	New Detection
Cloudflare Specials	100685	CyberPanel - Remote Code Execution - CVE:CVE-2024-51568	Log	Block	New Detection
Cloudflare Specials	100686	Seeyon - Remote Code Execution	Log	Block	New Detection
Cloudflare Specials	100687	WordPress - Remote Code Execution - CVE:CVE-2024-10781, CVE:CVE-2024-10542	Log	Block	New Detection
Cloudflare Specials	100688	ProjectSend - Remote Code Execution - CVE:CVE-2024-11680	Log	Block	New Detection
Cloudflare Specials	100689	Palo Alto GlobalProtect - Remote Code Execution - CVE:CVE-2024-5921	Log	Block	New Detection
Cloudflare Specials	100690	Ivanti - Remote Code Execution - CVE:CVE-2024-37404	Log	Block	New Detection
Cloudflare Specials	100691	Array Networks - Remote Code Execution - CVE:CVE-2023-28461	Log	Block	New Detection
Cloudflare Specials	100692	CyberPanel - Remote Code Execution - CVE:CVE-2024-51378	Log	Block	New Detection
Cloudflare Specials	100693	Symfony Profiler - Auth Bypass - CVE:CVE-2024-50340	Log	Block	New Detection
Cloudflare Specials	100694	Citrix Virtual Apps - Remote Code Execution - CVE:CVE-2024-8069	Log	Block	New Detection
Cloudflare Specials	100695	MSMQ Service - Remote Code Execution - CVE:CVE-2023-21554	Log	Block	New Detection
Cloudflare Specials	100696	Nginxui - Remote Code Execution - CVE:CVE-2024-49368	Log	Block	New Detection
Cloudflare Specials	100697	Apache ShardingSphere - Remote Code Execution - CVE:CVE-2022-22733	Log	Block	New Detection
Cloudflare Specials	100698	Mitel MiCollab - Auth Bypass - CVE:CVE-2024-41713	Log	Block	New Detection
Cloudflare Specials	100699	Apache Solr - Auth Bypass - CVE:CVE-2024-45216	Log	Block	New Detection

AI Gateway - DeepSeek

Thu, 02 Jan 2025 00:00:00 GMT

Configuration: Added DeepSeek as a new provider.

Load Balancing - Load Balancing with the China Network

Fri, 20 Dec 2024 00:00:00 GMT

You can now enable load balancers to be deployed to the China Network. Refer to the documentation for more details.

Vectorize - Added support for index name reuse

Fri, 20 Dec 2024 00:00:00 GMT

Vectorize now supports the reuse of index names within the account. An index can be created using the same name as an index that is in a deleted state.

API Shield - Automatically applied endpoint risk labels

Thu, 19 Dec 2024 00:00:00 GMT

API Shield now automatically labels endpoints with risks due to authentication status and sensitive data detection.

Digital Experience Monitoring - Remote captures

Thu, 19 Dec 2024 00:00:00 GMT

Admins can now collect packet captures (PCAPs) and WARP diagnostic logs from end user devices. For more information, refer to Remote captures.

Email Security - Email Security reclassification tab

Thu, 19 Dec 2024 00:00:00 GMT

Customers can now have more transparency about their team and user submissions. The new Reclassification tab in the Zero Trust dashboard will allow customers to have a full understanding of what submissions they have made and what the outcomes of those submissions are.

Email Security - Email Security expanded folder scanning

Thu, 19 Dec 2024 00:00:00 GMT

Microsoft 365 customers can now choose to scan all folders or just the inbox when deploying via the Graph API.

Pages - Cloudflare GitHub App Permissions Update

Thu, 19 Dec 2024 00:00:00 GMT

Cloudflare is requesting updated permissions for the Cloudflare GitHub App to enable features like automatically creating a repository on your GitHub account and deploying the new repository for you when getting started with a template. This feature is coming out soon to support a better onboarding experience.
- Requested permissions:
  - Repository Administration (read/write) to create repositories.
  - Contents (read/write) to push code to the created repositories.
- Who is impacted:
  - Existing users will be prompted to update permissions when GitHub sends an email with subject "[GitHub] Cloudflare Workers & Pages is requesting updated permission" on December 19th, 2024.
  - New users installing the app will see the updated permissions during the connecting repository process.
- Action: Review and accept the permissions update to use upcoming features. If you decline or take no action, you can continue connecting repositories and deploying changes via the Cloudflare GitHub App as you do today, but new features requiring these permissions will not be available.
- Questions? Visit #github-permissions-update in the Cloudflare Developers Discord.

Cloudflare Tunnel - Tunnel diagnostic logs

Thu, 19 Dec 2024 00:00:00 GMT

The latest cloudflared build 2024.12.2 introduces the ability to collect all the diagnostic logs needed to troubleshoot a cloudflared instance. For more information, refer to Diagnostic logs.

Vectorize - Added support for range queries in metadata filters

Thu, 19 Dec 2024 00:00:00 GMT

Vectorize now supports $lt, $lte, $gt, and $gte clauses in metadata filters.

Zero Trust WARP Client - Cloudflare One Agent for iOS (version 1.8)

Thu, 19 Dec 2024 00:00:00 GMT

A new GA release for the iOS Cloudflare One Agent is now available in the iOS App Store. This release includes support for an exciting new capability, per-app VPN. This release also includes fixes and minor improvements.

Changes and improvements:

Added support for per-app VPN configuration.
Fixed issue where some users could not connect unless they rotated their keys after an update.
Fixed a potential crash when connecting to the tunnel.

Zero Trust WARP Client - Cloudflare One Agent for Android (version 2.3)

Thu, 19 Dec 2024 00:00:00 GMT

A new GA release for the Android Cloudflare One Agent is now available in the Google Play Store. This release includes support for an exciting new capability, per-app VPN. This release also includes fixes and minor improvements.

Changes and improvements:

Added support for per-app VPN configuration.
Fixed an issue where the WARP tunnel is connected immediately when Auto connect is greater than 0.
Fixed an issue where rapidly changing service modes resulted in a crash.

Zero Trust WARP Client - WARP client for Linux (version 2024.12.554.0)

Thu, 19 Dec 2024 00:00:00 GMT

A new GA release for the Linux WARP client is now available in the package repository. This release includes fixes and minor improvements.

Changes and improvements:

Consumers can now set the tunnel protocol using warp-cli tunnel protocol set <protocol>.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Improved captive portal support by disabling the firewall during captive portal login flows.
Improved reliability of connection establishment logic under degraded network conditions.
Improved reconnection speed when a Cloudflare server is in a degraded state.
Improved captive portal detection on certain public networks.
Reduced connectivity interruptions on WireGuard Split Tunnel Include mode configurations.
Fixed connectivity issues switching between managed network profiles with different configured protocols.
QLogs are now disabled by default and can be enabled with warp-cli debug qlog enable. The QLog setting from previous releases will no longer be respected.

Zero Trust WARP Client - WARP client for Windows (version 2024.12.554.0)

Thu, 19 Dec 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains improvements to support custom Gateway certificate installation in addition to the changes and improvements included in version 2024.12.492.0.

Changes and improvements:

Adds support for installing all available custom Gateway certificates from an account to the system store.
Users can now get a list of installed certificates by running warp-cli certs.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Zero Trust WARP Client - WARP client for macOS (version 2024.12.554.0)

Thu, 19 Dec 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains improvements to support custom Gateway certificate installation in addition to the changes and improvements included in version 2024.12.492.0.

Changes and improvements:

Adds support for installing all available custom Gateway certificates from an account to the system store.
Users can now get a list of installed certificates by running warp-cli certs.

Known issues:

macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.2 or later.

Workers - 2024-12-19

Thu, 19 Dec 2024 00:00:00 GMT

Cloudflare GitHub App Permissions Update
- Cloudflare is requesting updated permissions for the Cloudflare GitHub App to enable features like automatically creating a repository on your GitHub account and deploying the new repository for you when getting started with a template. This feature is coming out soon to support a better onboarding experience.
- Requested permissions:
  - Repository Administration (read/write) to create repositories.
  - Contents (read/write) to push code to the created repositories.
- Who is impacted:
  - Existing users will be prompted to update permissions when GitHub sends an email with subject "[GitHub] Cloudflare Workers & Pages is requesting updated permission" on December 19th, 2024.
  - New users installing the app will see the updated permissions during the connecting repository process.
- Action: Review and accept the permissions update to use upcoming features. If you decline or take no action, you can continue connecting repositories and deploying changes via the Cloudflare GitHub App as you do today, but new features requiring these permissions will not be available.
- Questions? Visit #github-permissions-update in the Cloudflare Developers Discord.

Workflows - Better instance control, improved queued logic, and step limit increased

Thu, 19 Dec 2024 00:00:00 GMT

Workflows can now be terminated and pause instances from a queued state and the ID of an instance is now exposed via the WorkflowEvent parameter.

Also, the mechanism to queue instances was improved to force miss-behaved queued instances to be automatically errored.

Workflows now allow you to define up to 1024 steps in a single Workflow definition, up from the previous limit of 512. This limit will continue to increase during the course of the open beta.

Cloudflare Fundamentals - Use account owned tokens to manage other account owned tokens

Wed, 18 Dec 2024 00:00:00 GMT

Cloudflare's token management now allows users to set up a primary account owned token where they can manage all other account owned tokens.

Refer to Account owned tokens documentation for more details.

WAF - Improved VPN Managed List

Wed, 18 Dec 2024 00:00:00 GMT

Customers can now effectively manage incoming traffic identified as originating from VPN IPs. Customers with compliance restrictions can now ensure compliance with local laws and regulations. Customers with CDN restrictions can use the improved VPN Managed List to prevent unauthorized access from users attempting to bypass geographical restrictions. With the new VPN Managed List enhancements, customers can improve their overall security posture to reduce exposure to unwanted or malicious traffic.

Zero Trust WARP Client - WARP client for macOS (version 2024.12.492.0)

Wed, 18 Dec 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Consumers can now set the tunnel protocol using warp-cli tunnel protocol set <protocol>.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Improved captive portal support by disabling the firewall during captive portal login flows.
Improved reliability of connection establishment logic under degraded network conditions.
Improved reconnection speed when a Cloudflare server is in a degraded state.
Improved captive portal detection on certain public networks.
Fixed an issue where admin override displayed an incorrect override end time.
Reduced connectivity interruptions on WireGuard Split Tunnel Include mode configurations.
Fixed connectivity issues switching between managed network profiles with different configured protocols.
QLogs are now disabled by default and can be enabled with warp-cli debug qlog enable. The QLog setting from previous releases will no longer be respected.

Known issues:

macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.2 or later.

Zero Trust WARP Client - WARP client for Windows (version 2024.12.492.0)

Wed, 18 Dec 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Consumers can now set the tunnel protocol using warp-cli tunnel protocol set <protocol>.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Improved captive portal support by disabling the firewall during captive portal login flows.
Improved captive portal detection on certain public networks.
Improved reconnection speed when a Cloudflare server is in a degraded state.
Fixed an issue where WARP may fail to remove certificates from the user store in Device Information Only mode.
Ensured at most one Powershell instance is opened when fetching the device serial number for posture checks.
Fixed an issue to prevent the daemon from following Windows junctions created by non-admin users that could be used to delete files as SYSTEM user and potentially gain SYSTEM user privileges.
Improved reliability of connection establishment logic under degraded network conditions.
Fixed an issue that caused high memory usage when viewing connection statistics for extended periods of time.
Improved WARP connectivity in environments with virtual interfaces from VirtualBox, VMware, and similar tools.
Reduced connectivity interruptions on WireGuard Split Tunnel Include mode configurations.
Fixed connectivity issues switching between managed network profiles with different configured protocols.
QLogs are now disabled by default and can be enabled with warp-cli debug qlog enable. The QLog setting from previous releases will no longer be respected.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

AI Gateway - AI Gateway Dashboard

Tue, 17 Dec 2024 00:00:00 GMT

Updated dashboard to view performance, costs, and stats across all gateways.

Magic Transit - BGP support for Cloudflare Network Interconnect (CNI)

Tue, 17 Dec 2024 00:00:00 GMT

Magic Transit customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic Transit routing table.

Magic WAN - Magic WAN Connector configurable health checks

Tue, 17 Dec 2024 00:00:00 GMT

Health check rate on Magic WAN Connector IPsec tunnels are now configurable.

Magic WAN - BGP support for Cloudflare Network Interconnect (CNI)

Tue, 17 Dec 2024 00:00:00 GMT

Magic WAN customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic WAN table.

Cloudflare Network Interconnect - BGP support for Cloudflare Network Interconnect (CNI)

Tue, 17 Dec 2024 00:00:00 GMT

Magic WAN and Magic Transit customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic WAN or Magic Transit routing table.

Cloudflare Fundamentals - Cloudflare API docs are now automatically generated

Mon, 16 Dec 2024 00:00:00 GMT

Cloudflare's API documentation is now being automatically generated based on OpenAPI Schemas, and we have retired our old documentation. The move to OpenAPI Schemas allows us to ensure greater consistency and quality across our API documentation. The documentation now also includes examples of how to call the API using curl or our SDKs.

Refer to the Cloudflare API documentation, or the blog post on our transition to OpenAPI for more information.

Zaraz - 2024-12-16

Mon, 16 Dec 2024 00:00:00 GMT

Consent Management: Allow forcing the consent modal language

Zaraz Debugger: Log the response status and body for server-side requests

Monitoring: Introduce "Advanced Monitoring" with new reports such as geography, user timeline, funnel, retention and more
Monitoring: Show information about server-side requests success rate

Zaraz Types: Update the zaraz-types package
Custom HTML Managed Component: Apply syntax highlighting for inlined JavaScript code

AI Gateway - Bug Fixes

Fri, 13 Dec 2024 00:00:00 GMT

Bug Fixes: Fixed Anthropic errors being cached.
Bug Fixes: Fixed env.AI.run() requests using authenticated gateways returning authentication error.

Zero Trust WARP Client - WARP client for Windows (version 2024.12.326.1)

Fri, 13 Dec 2024 00:00:00 GMT

A new beta release for the Windows WARP client is now available in the App Center. This release includes an exciting new capability, WARP support for multiple users on a shared Windows device. The release also contains minor fixes and improvements.

Changes and improvements:

Fixed connectivity issues switching between managed network profiles with different configured protocols.
Added support for multiple users on shared Windows 10 and Windows 11 devices. Once a user completes the Windows login, all traffic to Cloudflare will be attributed to the currently active Windows user account. Contact your Customer Success Manager to request participation in this beta.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Hyperdrive - Hyperdrive now caches queries in all Cloudflare locations decreasing cache hit latency by up to 90%

Wed, 11 Dec 2024 00:00:00 GMT

Hyperdrive query caching now happens in all locations where Hyperdrive can be accessed. When making a query in a location that has cached the query result, your latency may be decreased by up to 90%.

Refer to documentation on how Hyperdrive caches query results.

Rules - Snippets support in the Cloudflare provider for Terraform

Wed, 11 Dec 2024 00:00:00 GMT

You can now manage Snippets using Terraform. For more information, refer to Configure Snippets using Terraform.

WAF - Change the order of list items in IP Lists (for API and Terraform users)

Tue, 10 Dec 2024 00:00:00 GMT

Due to changes in the API implementation, the order of list items in an IP list obtained via API or Terraform may change, which may cause Terraform to detect a change in Terraform state. To fix this issue, resync the Terraform state or upgrade the version of your Terraform Cloudflare provider to version 4.44.0 or later.

API deprecations - Access applications: self_hosted_domains

Mon, 09 Dec 2024 00:00:00 GMT

Deprecation date: November 21, 2025

The self_hosted_domains field for Access applications is deprecated in favor of destinations to allow for more flexibility in defining different types of domains.

Before:

{
  // ...
  "self_hosted_domains": ["foo.example.com", "bar.example.com"]
}

After:

{
  // ...
  "destinations": [
    {
      "type": "public",
      "uri": "foo.example.com"
    },
    {
      "type": "public",
      "uri": "bar.example.com"
    }
  ]
}

The API will accept both fields until the deprecation date. If self_hosted_domains are provided, then they will be interpreted as public destinations. However, if destinations are provided, then self_hosted_domains will be ignored even if provided.

Additionally, the API will continue to return self_hosted_domains until the deprecation date. The field will contain the URIs of the subset of destinations that have type public.

Affected APIs:

GET /accounts/:account_id/access/apps
POST /accounts/:account_id/access/apps
GET /accounts/:account_id/access/apps/:app_id
PUT /accounts/:account_id/access/apps/:app_id
GET /zones/:zone_id/access/apps
POST /zones/:zone_id/access/apps
GET /zones/:zone_id/access/apps/:app_id
PUT /zones/:zone_id/access/apps/:app_id

Workflows - New queue instances logic

Mon, 09 Dec 2024 00:00:00 GMT

Introduction of a new mechanism to queue instances, which will prevent instances from getting stuck on queued status forever.

Cloudflare Fundamentals - Dashboard SCIM is now fully self-serve

Fri, 06 Dec 2024 00:00:00 GMT

Dashboard SCIM is now self-serve. Previously, users configuring SCIM required assistance from Cloudflare to configure SCIM to onboard users. Now, with account owned tokens, SCIM can be configured by Enterprise customers that use Okta or Microsoft Entra without any assistance from Cloudflare.

Refer to the SCIM documentation for more details.

Magic Cloud Networking - Download cloud onramp terraform

Thu, 05 Dec 2024 00:00:00 GMT

Customers can now generate customized terraform files for building cloud network on-ramps to Magic WAN. Magic Cloud can scan and discover existing network resources and generate the required terraform files to automate cloud resource deployment using their existing infrastructure-as-code workflows for cloud automation.

Zero Trust WARP Client - WARP client for Windows (version 2024.11.688.1)

Thu, 05 Dec 2024 00:00:00 GMT

A new beta release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Consumers can now set the tunnel protocol using warp-cli tunnel protocol set <protocol>.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Improved captive portal support by disabling the firewall during captive portal login flows.
Improved captive portal detection on certain public networks.
Improved reconnection speed when a Cloudflare server is in a degraded state.
Fixed an issue where WARP may fail to remove certificates from the user store in Device Information Only mode.
Ensured at most one Powershell instance is opened when fetching the device serial number for posture checks.
Fixed an issue to prevent the daemon from following Windows junctions created by non-admin users that could be used to delete files as SYSTEM user and potentially gain SYSTEM user privileges.
Improved reliability of connection establishment logic under degraded network conditions.
Fixed an issue that caused high memory usage when viewing connection statistics for extended periods of time.
Improved WARP connectivity in environments with virtual interfaces from VirtualBox, VMware, and similar tools.
Reduced connectivity interruptions on WireGuard Split Tunnel Include mode configurations.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Zero Trust WARP Client - WARP client for macOS (version 2024.11.688.1)

Thu, 05 Dec 2024 00:00:00 GMT

A new beta release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Note: If using macOS Sequoia, Cloudflare recommends the use of macOS 15.1 or later. With macOS 15.1, Apple addressed several issues that may have caused the WARP client to not behave as expected when used with macOS 15.0.x.

Changes and improvements:

Consumers can now set the tunnel protocol using warp-cli tunnel protocol set <protocol>.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Improved captive portal support by disabling the firewall during captive portal login flows.
Improved reliability of connection establishment logic under degraded network conditions.
Improved reconnection speed when a Cloudflare server is in a degraded state.
Improved captive portal detection on certain public networks.
Fixed an issue where admin override displayed an incorrect override end time.
Reduced connectivity interruptions on WireGuard Split Tunnel Include mode configurations.

Known issues:

macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.1 or later.

Access - SCIM GA for Okta and Microsoft Entra ID

Wed, 04 Dec 2024 00:00:00 GMT

Cloudflare's SCIM integrations with Okta and Microsoft Entra ID (formerly AzureAD) are now out of beta and generally available (GA) for all customers. These integrations can be used for Access and Gateway policies and Zero Trust user management. Note: This GA release does not include Dashboard SSO SCIM support.

Zero Trust WARP Client - Custom device posture integration

Wed, 04 Dec 2024 00:00:00 GMT

WARP now supports setting up custom device posture integrations using a third-party API of your choice.

R2 - 2024-12-03

Tue, 03 Dec 2024 00:00:00 GMT

Server-side Encryption with Customer-Provided Keys is now available to all users via the Workers and S3-compatible APIs.

Page Shield - Alerts based on customer-defined policies

Mon, 02 Dec 2024 00:00:00 GMT

You can now scope all of Page Shield's alert types to selected zones and their associated policies, alerting only on the resources that have been explicitly allowed.

API deprecations - Zone information in individual DNS records

Sat, 30 Nov 2024 00:00:00 GMT

Deprecation date: November 30, 2024

Currently, each individual DNS record returned by the API contains information about the zone it is on, specifically the zone ID and name.

{
  "result": [
    {
      // ...
      "zone_id": "ab922473c42f4e50819d7c1c9b81b16b",
      "zone_name": "example.com"
    }
  ],
  // ...
}

This information is redundant because both affected API routes are already within the zone scope. In particular, the zone ID will already be known to any user of these routes because it appears in the URL. The zone name can be retrieved by making a GET request to /zones/:zone_id if it is necessary.

After November 30th, 2024, Cloudflare will stop including the zone_id and zone_name fields on individual DNS records in API responses. These fields are currently ignored when sent to the API as part of a request body, so no changes to request bodies are required.

Modified API:

GET /zones/:zone_id/dns_records
POST /zones/:zone_id/dns_records
GET /zones/:zone_id/dns_records/:dns_record_id
PATCH /zones/:zone_id/dns_records/:dns_record_id
PUT /zones/:zone_id/dns_records/:dns_record_id

Workflows - Step limit increased

Sat, 30 Nov 2024 00:00:00 GMT

Workflows now allow you to define up to 512 steps in a single Workflow definition, up from the previous limit of 256. This limit will continue to increase during the course of the open beta.

If you have Workflows that need more steps, we recommend delegating additional work to other Workflows by triggering a new Workflow from within a step and passing any state as parameters to that Workflow instance.

AI Gateway - OpenRouter

Thu, 28 Nov 2024 00:00:00 GMT

Configuration: Added OpenRouter as a new provider.

DLP - Profile confidence levels

Mon, 25 Nov 2024 00:00:00 GMT

DLP profiles now support setting a confidence level to choose how tolerant its detections are to false positives based on the context of the detection. The higher a profile's confidence level is, the less false positives will be allowed. Confidence levels include Low, Medium, or High. DLP profile confidence levels supersede context analysis.

CASB - CASB and DLP with Cloud Data Extraction for AWS cloud environments

Fri, 22 Nov 2024 00:00:00 GMT

You can now use CASB to find security misconfigurations in your AWS cloud environment. You can also connect your AWS compute account to extract and scan your S3 buckets for sensitive data while avoiding egress fees.

Rules - Support for Cloudflare R2 object storage in Cloud Connector

Fri, 22 Nov 2024 00:00:00 GMT

You can now connect to R2 buckets in Cloud Connector.

Magic Cloud Networking - Import cloud resources for VMs and LBs

Thu, 21 Nov 2024 00:00:00 GMT

Cloud network discovery now includes cloud native virtual machine (VM) and load-balancer (LB) resources.

Magic Cloud Networking - Export resource catalog

Thu, 21 Nov 2024 00:00:00 GMT

Customers can export their resource catalog including all discovered resource metadata to a downloadable JSON file, suitable for offline analysis.

R2 - 2024-11-21

Thu, 21 Nov 2024 00:00:00 GMT

Sippy can now be enabled on buckets in jurisdictions (e.g., EU, FedRAMP).
Fixed an issue with Sippy where GET/HEAD requests to objects with certain special characters would result in error responses.

Workflows - Fixed create instance API in Workers bindings

Thu, 21 Nov 2024 00:00:00 GMT

You can now call create() without any arguments when using the Workers API for Workflows. Workflows will automatically generate the ID of the Workflow on your behalf.

This addresses a bug that caused calls to create() to fail when provided with no arguments.

Cache - Smart Tiered Cache for R2

Wed, 20 Nov 2024 00:00:00 GMT

R2 now automatically gets tiered cache if using Smart Tiered Cache. We select a data center close to your R2 storage bucket as a common Upper Tier cache.

Gateway - Category filtering in the network policy builder

Wed, 20 Nov 2024 00:00:00 GMT

Gateway users can now create network policies with the Content Categories and Security Risks traffic selectors. This update simplifies malicious traffic blocking and streamlines network monitoring for improved security management.

R2 - 2024-11-20

Wed, 20 Nov 2024 00:00:00 GMT

Oceania (OC) is now available as an R2 region.
The default maximum number of buckets per account is now 1 million. If you need more than 1 million buckets, contact Cloudflare Support.
Public buckets accessible via custom domain now support Smart Tiered Cache.

Workflows - Multiple Workflows in local development now supported

Wed, 20 Nov 2024 00:00:00 GMT

Local development with wrangler dev now correctly supports multiple Workflow definitions per script.

There is no change to production Workflows, where multiple Workflow definitions per Worker script was already supported.

AI Gateway - WebSockets API

Tue, 19 Nov 2024 00:00:00 GMT

Configuration: Added WebSockets API which provides a single persistent connection, enabling continuous communication.

AI Gateway - Authentication

Tue, 19 Nov 2024 00:00:00 GMT

Configuration: Added Authentication which adds security by requiring a valid authorization token for each request.

Hyperdrive - Hyperdrive now supports clear-text password authentication

Tue, 19 Nov 2024 00:00:00 GMT

When connecting to a database that requires secure clear-text password authentication over TLS, Hyperdrive will now support this authentication method.

Refer to the documentation to see all PostgreSQL authentication modes supported by Hyperdrive.

R2 - 2024-11-19

Tue, 19 Nov 2024 00:00:00 GMT

R2 bucket lifecycle command added to Wrangler. Supports listing, adding, and removing object lifecycle rules.

Zero Trust WARP Client - MASQUE GA

Tue, 19 Nov 2024 00:00:00 GMT

MASQUE as a device tunnel protocol option is now generally available (GA). Refer to Device tunnel protocol for configuration details and minimum WARP client requirements.

Zero Trust WARP Client - WARP client for macOS (version 2024.11.309.0)

Mon, 18 Nov 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
Fixed an issue with the WARP client becoming unresponsive during startup.
Extended warp-diag to collect system profiler firewall state as part of diagnostics.
Fixed an issue with the WARP client becoming unresponsive while handling LAN inclusion.
Fixed an issue where users were unable to connect with an IPC error message displayed in the UI.
Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.

Known issues:

macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.1 or later.

Zero Trust WARP Client - WARP client for Windows (version 2024.11.309.0)

Mon, 18 Nov 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
Fixed an issue with the WARP client becoming unresponsive during startup.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Zero Trust WARP Client - WARP client for Linux (version 2024.11.309.0)

Mon, 18 Nov 2024 00:00:00 GMT

A new GA release for the Linux WARP client is now available in the package repository. This release contains reliability improvements and general bug fixes.

Changes and improvements:

Fixed an issue where SSH sessions and other connections ould drop when a device that is using MASQUE changes its primary network interface.
Device posture client certificate checks now support PKCS#1.
Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
Reduced unnecessary log messages when resolv.conf has no owner.
Fixed an issue with warp-diag printing benign TLS certificate errors.
Fixed an issue with the WARP client becoming unresponsive during startup.
Extended diagnostics collection time in warp-diag to ensure logs are captured reliably.
Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.

Workers - 2024-11-18

Mon, 18 Nov 2024 00:00:00 GMT

Updated v8 to version 13.1.

Workers KV - Workers KV REST API bulk operations provide granular errors

Thu, 14 Nov 2024 00:00:00 GMT

The REST API endpoints for bulk operations (write, delete) now return the keys of operations that failed during the bulk operation. The updated response bodies are documented in the REST API documentation and contain the following information in the result field:

{
  "successful_key_count": number,
  "unsuccessful_keys": string[]
}

The unsuccessful keys are an array of keys that were not written successfully to all storage backends and therefore should be retried.

R2 - 2024-11-14

Thu, 14 Nov 2024 00:00:00 GMT

R2 bucket info command added to Wrangler. Displays location of bucket and common metrics.

WAF - Security Events pagination

Thu, 14 Nov 2024 00:00:00 GMT

Fixed an issue with pagination in Security Events' activity log where some pages were missing data. Also removed the total count from the activity log as these are only sampled logs.

Vectorize - Added support for $in and $nin metadata filters

Wed, 13 Nov 2024 00:00:00 GMT

Vectorize now supports $in and $nin clauses in metadata filters.

Workers - 2024-11-12

Tue, 12 Nov 2024 00:00:00 GMT

Fixes exception seen when trying to call deleteAll() during a SQLite-backed Durable Object's alarm handler.

Zaraz - 2024-11-12

Tue, 12 Nov 2024 00:00:00 GMT

Facebook Component: Update to version 21 of the API, and fail gracefully when e-commerce payload doesn't match schema

Zaraz Monitoring: Show all response status codes from the Zaraz server-side requests in the dashboard
Zaraz Debugger: Fix a bug that broke the display when Custom HTML included backticks
Context Enricher: It's now possible to programatically edit the Zaraz config itself, in addition to the system and client objects
Rocker Loader: Issues with using Zaraz next to Rocket Loader were fixed
Automatic Actions: The tools setup flow now fully supports configuring Automatic Actions
Bing Managed Component: Issues with setting the currency field were fixed
Improvement: The allowed size for a Zaraz config was increased by 250x
Improvement: The Zaraz runtime should run faster due to multiple code optimizations
Bugfix: Fixed an issue that caused the dashboard to sometimes show "E-commerce" option for tools that do not support it

R2 - 2024-11-08

Fri, 08 Nov 2024 00:00:00 GMT

R2 bucket dev-url command added to Wrangler. Supports enabling, disabling, and getting status of bucket's r2.dev public access URL.

Workers - 2024-11-08

Fri, 08 Nov 2024 00:00:00 GMT

Update SQLite to version 3.47.

Cache - Shard Cache by cache key

Thu, 07 Nov 2024 00:00:00 GMT

For custom cache keys, enterprise customers can now shard their cache using up to three values for previously restricted headers accept*, referer, and user-agent. Sharding the cache can improve cache HIT ratio and performance. However, overly sharding your cache, can have the opposite effect.

Cache - Versioning

Thu, 07 Nov 2024 00:00:00 GMT

Cache now supports versioned environments allowing customers to stage configurations and purge staged environments. Note that Cache Reserve is only supported for your production environment.

R2 - 2024-11-06

Wed, 06 Nov 2024 00:00:00 GMT

R2 bucket domain command added to Wrangler. Supports listing, adding, removing, and updating R2 bucket custom domains.

API Shield - Endpoint labels

Mon, 04 Nov 2024 00:00:00 GMT

Customers can now organize their endpoints by use case and custom labels in Endpoint Management for easy reference and future machine learning (ML) model training.

WAF - New table in Security Analytics and Security Events

Mon, 04 Nov 2024 00:00:00 GMT

Switched to a new, more responsive table in Security Analytics and Security Events.

DLP - Send entire HTTP requests to a Logpush destination

Fri, 01 Nov 2024 00:00:00 GMT

In addition to logging the payload from HTTP requests that matched a DLP policy in Cloudflare Logs, Enterprise users can now configure a Logpush job to send the entire HTTP request that triggered a DLP match to a storage destination. This allows long-term storage of full requests for use in forensic investigation.

R2 - 2024-11-01

Fri, 01 Nov 2024 00:00:00 GMT

Add minTLS to response of list custom domains endpoint.

Hyperdrive - New Hyperdrive configurations to private databases using Tunnels are validated before creation

Wed, 30 Oct 2024 00:00:00 GMT

When creating a new Hyperdrive configuration to a private database using Tunnels, Hyperdrive will verify that it can connect to the database to ensure that your Tunnel and Access application have been properly configured. This makes it easier to debug connectivity issues.

Refer to documentation on connecting to private databases for more information.

AI Gateway - Grok

Mon, 28 Oct 2024 00:00:00 GMT

Providers: Added Grok as a new provider.

R2 - 2024-10-28

Mon, 28 Oct 2024 00:00:00 GMT

Add get custom domain endpoint.

Vectorize - Improved query latency through REST API

Mon, 28 Oct 2024 00:00:00 GMT

Vectorize now has a significantly improved query latency through REST API:

Pages - Updating Bun version to 1.1.33 in V2 build system

Thu, 24 Oct 2024 00:00:00 GMT

Bun version is being updated from 1.0.1 to 1.1.33 in Pages V2 build system. This is a minor version change, please see details at Bun.
If you wish to use a previous Bun version, you can override default version.

Vectorize - Vectorize increased limits

Thu, 24 Oct 2024 00:00:00 GMT

Developers with a Workers Paid plan can:

Create 50,000 indexes per account, up from the previous 100 limit.
Create 50,000 namespaces per index, up from the previous 100 limt. This applies to both existing and newly created indexes.

Refer to Limits to learn about Vectorize's limits.

Rules - Simplified user interface for URL Rewrites with wildcard support

Wed, 23 Oct 2024 00:00:00 GMT

The new simplified user interface for URL Rewrites is now live, making it easier for users to configure URL rewrites with wildcard support. This update streamlines the process by eliminating the need for complex functions in rule creation. The updated user interface is available at Rules > Transform Rules > Rewrite URL. For more information, refer to the wildcard support documentation.

Zero Trust WARP Client - WARP client for macOS (version 2024.10.279.1)

Wed, 23 Oct 2024 00:00:00 GMT

A new beta release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.

Known issues:

Cloudflare is investigating temporary networking issues on macOS 15 (Sequoia) that affect some users and may occur on any version of the WARP client.

Zero Trust WARP Client - WARP client for Windows (version 2024.10.279.1)

Wed, 23 Oct 2024 00:00:00 GMT

A new beta release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Changes and improvements:

Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.

Known issues:

DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Workflows - Workflows is now in public beta!

Wed, 23 Oct 2024 00:00:00 GMT

Workflows, a new product for building reliable, multi-step workflows using Cloudflare Workers, is now in public beta. The public beta is available to any user with a free or paid Workers plan.

A Workflow allows you to define multiple, independent steps that encapsulate errors, automatically retry, persist state, and can run for seconds, minutes, hours or even days. A Workflow can be useful for post-processing data from R2 buckets before querying it, automating a Workers AI RAG pipeline, or managing user signup flows and lifecycle emails.

You can learn more about Workflows in our announcement blog, or start building in our get started guide.

R2 - 2024-10-21

Mon, 21 Oct 2024 00:00:00 GMT

Event notifications can now be configured for R2 buckets in jurisdictions (e.g., EU, FedRAMP).

Workers - 2024-10-21

Mon, 21 Oct 2024 00:00:00 GMT

Fixed encoding of WebSocket pong messages when talking to remote servers. Previously, when a Worker made a WebSocket connection to an external server, the server may have prematurely closed the WebSocket for failure to respond correctly to pings. Client-side connections were not affected.

API Shield - API Shield fields in Custom Rules

Fri, 18 Oct 2024 00:00:00 GMT

Customers can now use API Shield product feature fields in custom rules, referencing features such as JWT Validation, session identifiers, and Schema Validation.

SSL/TLS - New cloudflare_branding flag allows hostnames with over 64 characters for all CAs

Fri, 18 Oct 2024 00:00:00 GMT

To order certificates for hostnames longer than 64 characters, customers can now use the cloudflare_branding flag when ordering a certificate via API. Setting cloudflare_branding to true will cause sni.cloudflaressl.com to be used as the common name, while the long hostname is added as part of the subject alternative name (SAN).

AI Gateway - Vercel SDK

Thu, 17 Oct 2024 00:00:00 GMT

Added Vercel AI SDK. The SDK supports many different AI providers, tools for streaming completions, and more.

Gateway - Per-account Cloudflare root certificate

Thu, 17 Oct 2024 00:00:00 GMT

Gateway users can now generate unique root CAs for their Zero Trust account. Both generated certificate and custom certificate users must activate a root certificate to use it for inspection. Per-account certificates replace the default Cloudflare certificate, which is set to expire on 2025-02-02.

Cloudflare Tunnel - Simplifed WARP Connector deployment

Thu, 17 Oct 2024 00:00:00 GMT

You can now deploy WARP Connector using a simplified, guided workflow similar to cloudflared connectors. For detailed instructions, refer to the WARP Connector documentation.

DNS - Quote validation for TXT records added via dashboard

Tue, 15 Oct 2024 00:00:00 GMT

When creating TXT records via the dashboard you will now find:

Field validation errors if double quotes " are added inconsistently.
Automatically quoted TXT content upon save if no quotes exist in the record content field.

Workers - 2024-10-14

Mon, 14 Oct 2024 00:00:00 GMT

Updated v8 to version 13.0.

Gateway - Time-based policy duration

Thu, 10 Oct 2024 00:00:00 GMT

Gateway now offers time-based DNS policy duration. With policy duration, you can configure a duration of time for a policy to turn on or set an exact date and time to turn a policy off.

Cloudflare Tunnel - Bugfix for --grace-period

Thu, 10 Oct 2024 00:00:00 GMT

The new cloudflared build 2024.10.0 has a bugfix related to the --grace-period tunnel run parameter. cloudflared connectors will now abide by the specified waiting period before forcefully closing connections to Cloudflare's network.

Logs - 2024-10-08

Tue, 08 Oct 2024 00:00:00 GMT

Cloudflare has introduced new fields two Gateway-related datasets in Cloudflare Logs:
- Gateway HTTP: ApplicationIDs, ApplicationNames, CategoryIDs, CategoryNames, DestinationIPContinentCode, DestinationIPCountryCode, ProxyEndpoint, SourceIPContinentCode, SourceIPCountryCode, VirtualNetworkID, and VirtualNetworkName.
- Gateway Network: ApplicationIDs, ApplicationNames, DestinationIPContinentCode, DestinationIPCountryCode, ProxyEndpoint, SourceIPContinentCode, SourceIPCountryCode, TransportProtocol, VirtualNetworkID, and VirtualNetworkName.

DNS - API support for per-record CNAME flattening

Mon, 07 Oct 2024 00:00:00 GMT

Paid zones now have the option to flatten specific CNAME records. When using the API, specify the setting cname_flatten as true or false. Refer to the documentation for details.

Durable Objects - Alarms re-enabled in (beta) SQLite-backed Durable Object classes

Mon, 07 Oct 2024 00:00:00 GMT

The issue identified with alarms in beta Durable Object classes with a SQLite storage backend has been resolved and alarms have been re-enabled.

Gateway - Expanded Gateway log fields

Fri, 04 Oct 2024 00:00:00 GMT

Gateway now offers new fields in activity logs for DNS, network, and HTTP policies to provide greater insight into your users' traffic routed through Gateway.

Zero Trust WARP Client - WARP client for Linux (version 2024.9.346.0)

Thu, 03 Oct 2024 00:00:00 GMT

A new GA release for the Linux WARP client is now available in the package repository. This release contains minor fixes and minor improvements.

Notable updates:

Added target list to the warp-cli to enhance the user experience with the Access for Infrastructure SSH solution.
Added the ability to customize PCAP options in the warp-cli.
Added a list of installed applications in warp-diag.
Added a tunnel reset mtu subcommand to the warp-cli.
Added the ability for warp-cli to use the team name provided in the MDM file for initial registration.
Added a JSON output option to the warp-cli.
Added the ability to execute a PCAP on multiple interfaces with warp-cli.
Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).
Improved the performance of firewall operations when enforcing split tunnel configuration.
Fixed an issue where device posture certificate checks were unexpectedly failing.
Fixed an issue where the Linux GUI fails to open the browser login window when registering a new Zero Trust organization.
Fixed an issue where clients using service tokens failed to retry after a network change.
Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.

Zero Trust WARP Client - WARP client for Windows (version 2024.9.346.0)

Thu, 03 Oct 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Notable updates:

Added target list to the warp-cli to enhance the user experience with the Access for Infrastructure SSH solution.
Added pre-login configuration details to the warp-diag output.
Added a tunnel reset mtu subcommand to the warp-cli.
Added a JSON output option to the warp-cli.
Added the ability for warp-cli to use the team name provided in the MDM file for initial registration.
Added the ability to execute a PCAP on multiple interfaces with warp-cli and warp-dex.
Improved warp-dex default interface selection for PCAPs and changed warp-dex CLI output to JSON.
Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.

Zero Trust WARP Client - WARP client for macOS (version 2024.9.346.0)

Thu, 03 Oct 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

All customers running macOS Ventura 13.0 and above (including Sequoia) are advised to upgrade to this release. This release fixes an incompatibility with the firewall found on macOS Sonoma 14.4 and above that could result in the firewall being disabled.

Notable updates:

Added target list to the warp-cli to enhance the user experience with the Access for Infrastructure SSH solution.
Added a tunnel reset mtu subcommand to the warp-cli.
Added the ability for warp-cli to use the team name provided in the MDM file for initial registration.
Added a JSON output option to the warp-cli.
Added the ability to execute a PCAP on multiple interfaces with warp-cli and warp-dex.
Improved warp-dex default interface selection for PCAPs and changed warp-dex CLI output to JSON.
Improved application posture check compatibility with symbolically linked files.
Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.

Magic Firewall - New UI improvements

Wed, 02 Oct 2024 00:00:00 GMT

The dashboard now allows you to search custom rules using the rule name and/or ID. Additionally, the rule ID URL link has been added to Network Analytics. Go to Analytics & Logs > Network Analytics > Magic Firewall > Packet sample log > Search for Rule ID.

API deprecations - DNS Records: Error chains for DNS validation errors

Tue, 01 Oct 2024 00:00:00 GMT

Deprecation date: October 1, 2024

Cloudflare is making a minor change to the representation of certain errors when creating DNS records. Currently, when the DNS record to be created is invalid, an error similar to the following may be returned:

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 1004,
      "message": "DNS Validation Error",
      "error_chain": [
        {
          "code": 9999,
          "message": "This is an example."
        }
      ]
    }
  ],
  "messages": []
}

After October 1st, 2024, the error_chain will be omitted, returning the root cause directly without wrapping it in another "DNS Validation Error" error:

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 9999,
      "message": "This is an example."
    }
  ],
  "messages": []
}

Magic Cloud Networking - Cost visibility for managed cloud configuration

Tue, 01 Oct 2024 00:00:00 GMT

Customers can now see the cloud provider list price of discovered network resources and will be informed of total cost and delta cost when deploying managed configuration.

Magic Transit - Early access testing for BGP on CNI 2.0 circuits

Tue, 01 Oct 2024 00:00:00 GMT

Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.

Magic WAN - Early access testing for BGP on CNI 2.0 circuits

Tue, 01 Oct 2024 00:00:00 GMT

Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.

Cloudflare Network Interconnect - Early access testing for BGP on Direct CNI circuits

Tue, 01 Oct 2024 00:00:00 GMT

Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.

Gateway - File sandboxing

Mon, 30 Sep 2024 00:00:00 GMT

Gateway users on Enterprise plans can create HTTP policies with file sandboxing to quarantine previously unseen files downloaded by your users and scan them for malware.

Page Shield - New machine learning (ML) scores for detected scripts

Mon, 30 Sep 2024 00:00:00 GMT

In addition to the global integrity score, Page Shield now provides individual script scores (from 1 to 99) for the following malicious code detections: Magecart, Crypto mining, and Malware.

Durable Objects - Alarms disabled in (beta) SQLite-backed Durable Object classes

Fri, 27 Sep 2024 00:00:00 GMT

An issue was identified with alarms in beta Durable Object classes with a SQLite storage backend. Alarms have been temporarily disabled for only SQLite-backed Durable Objects while a fix is implemented. Alarms in Durable Objects with default, key-value storage backend are unaffected and continue to operate.

Magic WAN - Magic WAN Connector sends WARP client traffic to Internet

Fri, 27 Sep 2024 00:00:00 GMT

All Magic WAN Connectors now route WARP client traffic directly to the Internet, bypassing IPsec tunneling, to prevent double encapsulation of WARP traffic.

AI Gateway - Persistent logs

Thu, 26 Sep 2024 00:00:00 GMT

Logs: AI Gateway now has logs that persist, giving you the flexibility to store them for your preferred duration.

AI Gateway - Logpush

Thu, 26 Sep 2024 00:00:00 GMT

Logs: Securely export logs to an external storage location using Logpush.

AI Gateway - Pricing

Thu, 26 Sep 2024 00:00:00 GMT

Pricing: Added pricing for storing logs persistently.

AI Gateway - Evaluations

Thu, 26 Sep 2024 00:00:00 GMT

Configurations: Use AI Gateway’s Evaluations to make informed decisions on how to optimize your AI application.

Durable Objects - (Beta) SQLite storage backend & SQL API available on new Durable Object classes

Thu, 26 Sep 2024 00:00:00 GMT

The new beta version of Durable Objects is available where each Durable Object has a private, embedded SQLite database. When deploying a new Durable Object class, users can opt-in to a SQLite storage backend in order to access new SQL API and point-in-time-recovery API, part of Durable Objects Storage API.

You cannot enable a SQLite storage backend on an existing, deployed Durable Object class. Automatic migration of deployed classes from their key-value storage backend to SQLite storage backend will be available in the future.

During the initial beta, Storage API billing is not enabled for Durable Object classes using SQLite storage backend. SQLite-backed Durable Objects will incur charges for requests and duration. We plan to enable Storage API billing for Durable Objects using SQLite storage backend in the first half of 2025 after advance notice with the following pricing.

Cloudflare Fundamentals - Account owned tokens

Thu, 26 Sep 2024 00:00:00 GMT

Account owned tokens are now generally available. Unlike user-owned tokens, account owned tokens are tied with the Cloudflare account instead of the user that created them. This ensures that long term integrations like CI/CD are not broken if the user that set it up leaves your organization.

Refer to the Account owned tokens documentation or the blog post for more details.

Queues - Queues is GA, with higher throughput & consumer concurrency

Thu, 26 Sep 2024 00:00:00 GMT

Queues is now generally available.

The per-queue message throughput has increased from 400 to 5,000 messages per second. This applies to new and existing queues.

Maximum concurrent consumers has increased from 20 to 250. This applies to new and existing queues. Queues with no explicit limit will automatically scale to the new maximum. Review the consumer concurrency documentation to learn more.

R2 - 2024-09-26

Thu, 26 Sep 2024 00:00:00 GMT

Event notifications for R2 is now generally available. Event notifications now support higher throughput (up to 5,000 messages per second per Queue), can be configured in the dashboard and Wrangler, and support for lifecycle deletes.

Vectorize - Vectorize GA

Thu, 26 Sep 2024 00:00:00 GMT

Vectorize is now generally available

Zero Trust WARP Client - WARP client for macOS (version 2024.8.457.0)

Thu, 26 Sep 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Notable updates:

Added the ability to customize PCAP options in warp-cli.
Added a list of installed applications in warp-diag.
Added a summary of warp-dex traceroute results in its JSON output.
Improved the performance of firewall operations when enforcing Split Tunnels configuration.
Fixed an issue where the DNS logs were not being cleared when the user switched configurations.
Fixed an issue where clients using service tokens failed to retry after a network change.
Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
Fixed an issue which prevented the use of private IP ranges that overlapped with end users' home networks.
Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.

Known issues:

Cloudflare is investigating temporary networking issues on macOS 15 (Sequoia) that seem to affect some users.
Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.

Zero Trust WARP Client - WARP client for Windows (version 2024.8.458.0)

Thu, 26 Sep 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Notable updates:

Added the ability to customize PCAP options in warp-cli.
Added a list of installed applications in warp-diag.
Added a summary of warp-dex traceroute results in its JSON output.
Improved the performance of firewall operations when enforcing Split Tunnels configuration.
Reduced the time it takes for a WARP client update to complete.
Fixed an issue where clients using service tokens failed to retry the initial connection when there is no network connectivity on startup.
Fixed issues where incorrect DNS server addresses were being applied following reboots and network changes. Any incorrect static entries set by previous WARP versions must be manually reverted.
Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services enabled.
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

Workers AI - Workers AI Birthday Week 2024 announcements

Thu, 26 Sep 2024 00:00:00 GMT

Meta Llama 3.2 1B, 3B, and 11B vision is now available on Workers AI
@cf/black-forest-labs/flux-1-schnell is now available on Workers AI
Workers AI is fast! Powered by new GPUs and optimizations, you can expect faster inference on Llama 3.1, Llama 3.2, and FLUX models.
No more neurons. Workers AI is moving towards unit-based pricing
Model pages get a refresh with better documentation on parameters, pricing, and model capabilities
Closed beta for our Run Any* Model feature, sign up here
Check out the product announcements blog post for more information
And the technical blog post if you want to learn about how we made Workers AI fast

Workers - 2024-09-26

Thu, 26 Sep 2024 00:00:00 GMT

You can now connect your GitHub or GitLab repository to an existing Worker to automatically build and deploy your changes when you make a git push with Workers Builds.

API Shield - Fallthrough rule for Schema Validation 2.0

Wed, 25 Sep 2024 00:00:00 GMT

Customers can now enable the Fallthrough Action for Schema Validation 2.0 to block or log requests that do not match the endpoints listed in schemas protected by Schema Validation 2.0.

Calls - TURN service is generally available (GA)

Wed, 25 Sep 2024 00:00:00 GMT

Cloudflare Calls TURN service is generally available and helps address common challenges with real-time communication. For more information, refer to the blog post or TURN documentation.

Cloudflare Fundamentals - Terraform v5 SDK preview

Tue, 24 Sep 2024 00:00:00 GMT

The Terraform v5 Provider is now available as a preview. This new provider is automatically generated based on the OpenAPI Specifications for our REST API, and provides improved user experiences overall.

Refer to the Terraform documentation or the blog post for more details.

Cloudflare Fundamentals - API Documentation Preview

Tue, 24 Sep 2024 00:00:00 GMT

Cloudflare's API documentation is now available in preview with new automatically generated documentation. This documentation includes code snippets that refer to language-specific SDKs to make it easier to get started than ever.

Refer to the blog post for more details.

Magic Network Monitoring - Magic Network Monitoring free version available to all customers

Tue, 24 Sep 2024 00:00:00 GMT

The free version of Magic Network Monitoring (MNM) is now available to everyone with a Cloudflare account by default.

Security Center - 2024-09-23

Mon, 23 Sep 2024 00:00:00 GMT

Customers can now export all matches from a saved query. Select your Query name > select the three dots > Export matches.

Hyperdrive - The `node-postgres` (pg) driver is now supported for Pages applications using Hyperdrive.

Fri, 20 Sep 2024 00:00:00 GMT

The popular pg (node-postgres driver no longer requires the legacy node_compat mode, and can now be used in both Workers and Pages for connecting to Hyperdrive. This uses the new (improved) Node.js compatibility in Workers and Pages.

You can set compatibility_flags = ["nodejs_compat_v2"] in your wrangler.toml or via the Pages dashboard to benefit from this change. Visit the Hyperdrive documentation on supported drivers to learn more about the driver versions supported by Hyperdrive.

Rules - Automatic DNS Validation for Cloudflare Rules

Fri, 20 Sep 2024 00:00:00 GMT

The Cloudflare dashboard now automatically validates DNS records and Cloudflare for SaaS custom hostnames for rules targeting specific hostnames or URLs. To prevent misconfigured rules and ensure smoother deployments, you will get proactive warnings for missing or misconfigured DNS records and custom hostnames.

Workers - 2024-09-20

Fri, 20 Sep 2024 00:00:00 GMT

Workers now support the [handle_cross_request_promise_resolution] compatibility flag which addresses certain edge cases around awaiting and resolving promises across multiple requests.

Security Center - 2024-09-19

Thu, 19 Sep 2024 00:00:00 GMT

Customers can now create a security.txt file file to provide the security research team with a standardized way to report vulnerabilities.

SSL/TLS - SSL.com available with ACM and SSL for SaaS

Thu, 19 Sep 2024 00:00:00 GMT

SSL.com is one of the certificate authorities that Cloudflare partners with. SSL.com is now available as an option to customers with Advanced Certificate Manager (ACM) or SSL for SaaS. Consider our reference documentation for details.

Workers - 2024-09-19

Thu, 19 Sep 2024 00:00:00 GMT

Revamped Workers and Pages UI settings to simplify the creation and management of project configurations. For bugs and general feedback, please submit this form.

Page Shield - Page Shield's script monitor now available in Free plan

Wed, 18 Sep 2024 00:00:00 GMT

The Page Shield's script monitor feature is now available to all users, including users in the Free plan.

Page Shield - Page Shield policy changes now available in audit logs

Wed, 18 Sep 2024 00:00:00 GMT

Cloudflare Audit Logs now include entries for any changes to Page Shield's policies.

R2 - 2024-09-18

Wed, 18 Sep 2024 00:00:00 GMT

Add the ability to set and update minimum TLS version for R2 bucket custom domains.

Rules - Compression Rules available to all plans with Zstandard support

Tue, 17 Sep 2024 00:00:00 GMT

Compression Rules now support Zstandard compression and are available in all Cloudflare plans. Users in the Free plan will gradually get access throughout 2024.

Zaraz - 2024-09-17

Tue, 17 Sep 2024 00:00:00 GMT

Automatic Actions: E-commerce support is now integrated with Automatic Actions
Consent Management: Support styling the Consent Modal when CSP is enabled
Consent Management: Fix an issue that could cause tools to load before consent was granted when TCF is enabled
Zaraz Debugger: Remove redundant messages related to empty values
Amplitude Managed Component: Respect the EU endpoint setting

Vectorize - Vectorize is available on Workers Free plan

Mon, 16 Sep 2024 00:00:00 GMT

Developers with a Workers Free plan can:

Query up to 30 million queried vector dimensions / month per account.
Store up to 5 million stored vector dimensions per account.

Workers - 2024-09-16

Mon, 16 Sep 2024 00:00:00 GMT

Updated v8 to version 12.9.

API deprecations - Legacy DNS Settings Endpoints

Fri, 13 Sep 2024 00:00:00 GMT

Deprecation date: September 13, 2024

The dedicated endpoints for DNS settings use_apex_ns and secondary_overrides are being deprecated.

Instead, use the Show DNS Settings and Update DNS Settings endpoints to manage these settings.

Instead of the .../use_apex_ns endpoint, use the multi_provider field.
Instead of the .../secondary_overrides endpoint, use the secondary_overrides field.

Deprecated APIs:

GET /zones/:zone_id/dns_settings/use_apex_ns
PATCH /zones/:zone_id/dns_settings/use_apex_ns
GET /zones/:zone_id/dns_settings/secondary_overrides
PATCH /zones/:zone_id/dns_settings/secondary_overrides

Rules - Snippets now available in beta

Fri, 13 Sep 2024 00:00:00 GMT

Cloudflare Snippets have transitioned from alpha to beta.

Magic Firewall - New UI improvements

Thu, 12 Sep 2024 00:00:00 GMT

The dashboard now displays the order number of custom rules, and improved drag and drop functionality. You can also preview rules on a side panel without leaving the current page.

AI Gateway - Custom costs

Tue, 10 Sep 2024 00:00:00 GMT

Configuration: AI Gateway now allows you to set custom costs at the request level custom costs to requests, accurately reflect your unique pricing, overriding the default or public model costs.

Rules - wildcard_replace() function now supported in URL rewrites

Tue, 10 Sep 2024 00:00:00 GMT

You can now use the wildcard_replace() function in rewrite expressions of URL rewrites.

Durable Objects - New error message for overloaded Durable Objects

Sat, 07 Sep 2024 00:00:00 GMT

Introduced a new overloaded error message for Durable Objects: "Durable Object is overloaded. Too many requests for the same object within a 10 second window."

This error message does not replace other types of overload messages that you may encounter for your Durable Object, and is only returned at more extreme levels of overload.

Cache - New Cache Rules templates for one-click rule creation

Thu, 05 Sep 2024 00:00:00 GMT

The new Rules > Templates page in the Cloudflare dashboard provides one-click templates for creating cache rules, making it easy to optimize your caching strategy. Access these pre-built templates directly from each product's rule builder, and explore the Examples gallery in the developer documentation for real-world use cases.

Rules - New Rules Templates for one-click rule creation

Thu, 05 Sep 2024 00:00:00 GMT

The new Rules > Templates page in the Cloudflare dashboard allows you to create common rules with a single click, featuring dozens of pre-built templates. You can also access these templates directly from each product's rule builder. Also, explore the Examples gallery in the developer docs for real-world use cases and inspiration.

DLP - Exact Data Match multi-entry upload support

Tue, 03 Sep 2024 00:00:00 GMT

You can now upload files with multiple columns of data as Exact Data Match datasets. DLP can use each column as a separate existing detection entry.

Cloudflare Network Interconnect - Interconnect portal displays all available locations in a list

Mon, 02 Sep 2024 00:00:00 GMT

Customers can now see all available Direct CNI locations when searching for a Cloudflare site in the Interconnects interface.

WAF - Fixed occasional attack score mismatches

Thu, 29 Aug 2024 00:00:00 GMT

Fixed an issue causing score mismatches between the global WAF attack score and subscores. In certain cases, subscores were higher (not an attack) than expected while the global attack score was lower than expected (attack), leading to false positives.

API Shield - Increased capacity for Endpoint Management and Schema Validation

Wed, 28 Aug 2024 00:00:00 GMT

Endpoint Management and Schema Validation now support up to 10,000 saved and validated API endpoints.

Access - Reduce automatic seat deprovisioning minimum to 1 month, down from 2 months.

Mon, 26 Aug 2024 00:00:00 GMT

Admins can now configure Zero Trust seats to automatically expire after 1 month of user inactivity. The previous minimum was 2 months.

R2 - 2024-08-26

Mon, 26 Aug 2024 00:00:00 GMT

Added support for configuring R2 bucket custom domains via API.

Zero Trust WARP Client - WARP client for macOS (version 2024.8.309.1)

Mon, 26 Aug 2024 00:00:00 GMT

A new beta release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.

Notable updates:

Added the ability to customize PCAP options in warp-cli.
Added a list of installed applications in warp-diag.
Added a summary of warp-dex traceroute results in its JSON output.
Improved the performance of firewall operations when enforcing Split Tunnels configuration.
Fixed an issue where the DNS logs were not being cleared when the user switched configurations.
Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
Fixed an issue which prevented the use of private IP ranges that overlapped with end users' home networks.
Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has either of the following conditions:
- Magic WAN is enabled but does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Regional Services is enabled.

Zero Trust WARP Client - WARP client for Windows (version 2024.8.308.1)

Mon, 26 Aug 2024 00:00:00 GMT

A new beta release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.

Notable updates:

Added the ability to customize PCAP options in warp-cli.
Added a list of installed applications in warp-diag.
Added a summary of warp-dex traceroute results in its JSON output.
Improved the performance of firewall operations when enforcing Split Tunnels configuration.
Reduced the time it takes for a WARP client update to complete.
Fixed issues where incorrect DNS server addresses were being applied following reboots and network changes. Any incorrect static entries set by previous WARP versions must be manually reverted.
Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.

Known issues:

Using MASQUE as the tunnel protocol may be incompatible if your organization has either of the following conditions:
- Magic WAN is enabled but does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Regional Services is enabled.
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.

D1 - D1 alpha databases have stopped accepting SQL queries

Fri, 23 Aug 2024 00:00:00 GMT

Following the deprecation warning on 2024-04-30, D1 alpha databases have stopped accepting queries (you are still able to create and retrieve backups).

Requests to D1 alpha databases now respond with a HTTP 400 error, containing the following text:

You can no longer query a D1 alpha database. Please follow https://developers.cloudflare.com/d1/platform/alpha-migration/ to migrate your alpha database and resume querying.

You can upgrade to the new, generally available version of D1 by following the alpha database migration guide.

Zaraz - 2024-08-23

Fri, 23 Aug 2024 00:00:00 GMT

Automatic Actions: Automatic Event Tracking is now fully available
Consent Management: Fixed issues with rendering the Consent modal on iOS
Zaraz Debugger: Remove redundant messages related to __zarazEcommerce
Zaraz Debugger: Fixed bug that prevented the debugger to load when certain Custom HTML tools were used

Rules - Simplified UI for Single Redirects with wildcard support

Thu, 22 Aug 2024 00:00:00 GMT

The simplified UI for Single Redirects is now available to all users, making URL redirects easier and more intuitive. This update builds on the recent wildcard support in Ruleset Engine products. Access the new UI under Rules > Redirect Rules. Learn more about wildcard support and our open-source Rust crate in the blog post.

R2 - 2024-08-21

Wed, 21 Aug 2024 00:00:00 GMT

Sippy is now generally available. Metrics for ongoing migrations can now be found in the dashboard or via the GraphQL analytics API.

Rules - Cloud Connector now available to all customers

Tue, 20 Aug 2024 00:00:00 GMT

Cloud Connector (beta) is now available to all customers. For setup details, refer to the documentation, explore examples, and check out the blog post.

Bots - AI bots is now a managed rule

Mon, 19 Aug 2024 00:00:00 GMT

AI bots protection has been upgraded from a custom rule to a managed rule.

Hyperdrive - Improved caching for Postgres.js

Mon, 19 Aug 2024 00:00:00 GMT

Hyperdrive now better caches Postgres.js queries to reduce queries to the origin database.

Workers - 2024-08-19

Mon, 19 Aug 2024 00:00:00 GMT

Workers now support the allow_custom_ports compatibility flag which enables using the fetch() calls to custom ports.

Magic Firewall - Magic Firewall Analytics Rule Log Enhancement

Fri, 16 Aug 2024 00:00:00 GMT

Customers who create a rule in a disabled mode will see the rule as Log (rule disabled).

Rules - Cloud Connector now available to all free customers

Fri, 16 Aug 2024 00:00:00 GMT

Cloud Connector (beta) is now available to all free and a subset of paid customers. This rollout will be gradually extended to all Cloudflare users, simplifying multi-cloud management and enhancing integration with Cloudflare's Connectivity Cloud. For more information, refer to the blog post.

API deprecations - Brotli

Thu, 15 Aug 2024 00:00:00 GMT

Deprecation date: August 15, 2024

The Brotli setting and its API endpoints are deprecated. Brotli compression is available for all non-Enterprise zones, and it will be extended to Enterprise zones in the coming year.

Deprecated APIs:

GET /zones/:zone_id/settings/brotli
PATCH /zones/:zone_id/settings/brotli

Enterprise customers can override Cloudflare's default compression behavior using Compression Rules.

Stream - Full HD encoding for Portrait Videos

Thu, 15 Aug 2024 00:00:00 GMT

Stream now supports full HD encoding for portrait/vertical videos. Videos with a height greater than their width will now be constrained and prepared for adaptive bitrate renditions based on their width. No changes are required to benefit from this update. For more information, refer to the announcement.

Zero Trust WARP Client - WARP client for Linux (version 2024.6.497.0)

Thu, 15 Aug 2024 00:00:00 GMT

A new GA release for the Linux WARP client is now available in the package repository. This release includes some exciting new features. It also includes additional fixes and minor improvements.

New features:

The WARP client now supports operation on Ubuntu 24.04.
Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number).
TCP MSS clamping is now used where necessary to meet the MTU requirements of the tunnel interface. This will be especially helpful in Docker use cases.

Warning:

Ubuntu 16.04 and 18.04 are not supported by this version of the client.
This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of warp-cli -h.

Known issues:

There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Your account has Regional Services enabled.
The Linux client GUI does not yet support all GUI features found in the Windows and macOS clients. Future releases of the Linux client will be adding these GUI features.
The Zero Trust team name is not visible in the GUI if you upgraded from the previous GA release using an MDM tool.
Sometimes the WARP icon will remain gray (disconnected state) while in dark mode.

Workers - 2024-08-15

Thu, 15 Aug 2024 00:00:00 GMT

Updated v8 to version 12.8.
You can now use Promise.try() in Cloudflare Workers. Refer to tc39/proposal-promise-try for more context on this API that has recently been added to the JavaScript language.

Zaraz - 2024-08-15

Thu, 15 Aug 2024 00:00:00 GMT

Automatic Actions: Automatic Pageview tracking is now fully available
Google Analytics 4: Support Google Consent signals when using e-commerce tracking
HTTP Events API: Ignore bot score detection on the HTTP Events API endpoint
Zaraz Debugger: Show client-side network requests initiated by Managed Components

Magic Cloud Networking - GCP on-ramps

Wed, 14 Aug 2024 00:00:00 GMT

Magic Cloud Networking supports Google Cloud Platform.

Vectorize - Vectorize v1 is deprecated

Wed, 14 Aug 2024 00:00:00 GMT

With the new Vectorize storage engine, which supports substantially larger indexes (up to 5 million vector dimensions) and reduced query latencies, we are deprecating the original "legacy" (v1) storage subsystem.

To continue interacting with legacy (v1) indexes in wrangler versions after 3.71.0, pass the --deprecated-v1 flag.

For example: 'wrangler vectorize --deprecated-v1' flag to create, get, list, delete and insert vectors into legacy Vectorize v1 indexes. There is no currently no ability to migrate existing indexes from v1 to v2. Existing Workers querying or clients to use the REST API against legacy Vectorize indexes will continue to function.

Vectorize - Vectorize v2 in public beta

Wed, 14 Aug 2024 00:00:00 GMT

Vectorize now has a new underlying storage subsystem (Vectorize v2) that supports significantly larger indexes, improved query latency, and changes to metadata filtering.

Specifically:

Indexes can now support up to 5 million vector dimensions each, up from 200,000 per index.
Metadata filtering now requires explicitly defining the metadata properties that will be filtered on.
Reduced query latency: queries will now return faster and with lower-latency.
You can now return up to 100 results (topK), up from the previous limit of 20.

Workers - 2024-08-14

Wed, 14 Aug 2024 00:00:00 GMT

When using the nodejs_compat_v2 compatibility flag, the setImmediate(fn) API from Node.js is now available at the global scope.
The internal_writable_stream_abort_clears_queue compatibility flag will ensure that certain WritableStream abort() operations are handled immediately rather than lazily, ensuring that the stream is appropriately aborted when the consumer of the stream is no longer active.

Hyperdrive - Hyperdrive audit logs now available in the Cloudflare Dashboard

Tue, 13 Aug 2024 00:00:00 GMT

Actions that affect Hyperdrive configs in an account will now appear in the audit logs for that account.

Rules - Cloudflare Snippets limits have been upgraded

Mon, 12 Aug 2024 00:00:00 GMT

Cloudflare Snippets (alpha) now allow multiple subrequests depending on your plan. For more information, refer to the Availability.

Turnstile - 2024-08-12

Mon, 12 Aug 2024 00:00:00 GMT

Added [flexible] width widget size.
Added new dimensions for Turnstile's compact size.
Added a Feedback Report toggle on the widget's configuration.

Zaraz - 2024-08-12

Mon, 12 Aug 2024 00:00:00 GMT

Automatic Actions: New tools now support Automatic Pageview tracking
HTTP Events API: Respect Google consent signals

Stream - Hide Viewer Count in Live Streams

Fri, 09 Aug 2024 00:00:00 GMT

A new property hideLiveViewerCount has been added to Live Inputs to block access to the count of viewers in a live stream and remove it from the player. For more information, refer to Start a Live Stream.

Browser Rendering - Update puppeteer to 21.1.0

Thu, 08 Aug 2024 00:00:00 GMT

Rebased the fork on the original implementation up till version 21.1.0

Workers KV - New KV Analytics API

Thu, 08 Aug 2024 00:00:00 GMT

Workers KV now has a new metrics dashboard and analytics API that leverages the GraphQL Analytics API used by many other Cloudflare products. The new analytics API provides per-account and per-namespace metrics for both operations and storage, including latency metrics for read and write operations to Workers KV.

The legacy Workers KV analytics REST API will be turned off as of January 31st, 2025. Developers using this API will receive a series of email notifications prior to the shutdown of the legacy API.

Email Security - Email Security is live

Tue, 06 Aug 2024 00:00:00 GMT

Email Security is now live under Zero Trust.

Email Security - Microsoft Graph API deployment.

Tue, 06 Aug 2024 00:00:00 GMT

Customers using Microsoft Office 365 can set up Email Security via Microsoft Graph API.

Cloudflare Tunnel - cloudflared builds available in GitHub for Apple silicon

Tue, 06 Aug 2024 00:00:00 GMT

macOS users can now download cloudflared-arm64.pkg directly from GitHub, in addition to being available via Homebrew.

API deprecations - Auto Minify

Mon, 05 Aug 2024 00:00:00 GMT

Deprecation date: August 5, 2024

The Auto Minify API endpoints are deprecated since the Auto Minify feature was deprecated.

Deprecated APIs:

GET /zones/:zone_id/settings/minify
PATCH /zones/:zone_id/settings/minify

AI Gateway - Mistral AI

Fri, 02 Aug 2024 00:00:00 GMT

Providers: Added Mistral AI as a new provider.

Rules - Wildcard support added to Ruleset Engine products

Wed, 31 Jul 2024 00:00:00 GMT

Wildcards are now supported across our Ruleset Engine-based products, including Single Redirects, Cache Rules, Transform Rules, WAF, Waiting Room, and more:

You can now use the wildcard and strict wildcard operators with any string field in the Ruleset Engine, such as full URI, host, headers, cookies, user-agent, and country. For more details, refer to Operators and Wildcard matching.
In Single Redirects, the wildcard_replace() function allows you to use segments matched by the wildcard and strict wildcard operators in redirect URL targets. For more information, refer to Functions.

Gateway - UK NCSC indicator feed publicly available in Gateway

Tue, 30 Jul 2024 00:00:00 GMT

Gateway users on any plan can now use the PDNS threat intelligence feed provided by the UK National Cyber Security Centre (NCSC) in DNS policies.

Zero Trust WARP Client - WARP client for macOS (version 2024.6.474.0)

Tue, 30 Jul 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release contains fixes to improve the client; no new features are included.

Notable updates:

Fixed an issue which caused alternate network detection to fail if the beacon host was using TLS 1.2 without TLS Extended Master Secret (EMS) enabled.
Improved the stability of device profile switching based on alternate network detection.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.

Zero Trust WARP Client - WARP client for Windows (version 2024.6.473.0)

Tue, 30 Jul 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release contains fixes to improve the client; no new features are included.

Notable updates:

Fixed an issue which caused alternate network detection to fail if the beacon host was using TLS 1.2 without TLS Extended Master Secret (EMS) enabled.
Improved the stability of device profile switching based on alternate network detection.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.

D1 - Fixed bug in TypeScript typings for run() API

Fri, 26 Jul 2024 00:00:00 GMT

The run() method as part of the D1 Client API had an incorrect (outdated) type definition, which has now been addressed as of @cloudflare/workers-types version 4.20240725.0.

The correct type definition is stmt.run<T>(): D1Result, as run() returns the result rows of the query. The previously incorrect type definition was stmt.run(): D1Response, which only returns query metadata and no results.

AI Gateway - Google AI Studio

Tue, 23 Jul 2024 00:00:00 GMT

Providers: Added Google AI Studio as a new provider.

Stream - New Live Webhooks for Error States

Tue, 23 Jul 2024 00:00:00 GMT

Stream has added a new notification event for Live broadcasts to alert (via email or webhook) on various error conditions including unsupported codecs, bad GOP/keyframe interval, or quota exhaustion.

When creating/editing a notification, subscribe to live_input.errored to receive the new event type. Existing notification subscriptions will not be changed automatically. For more information, refer to Receive Live Webhooks.

Workers AI - Meta Llama 3.1 now available on Workers AI

Tue, 23 Jul 2024 00:00:00 GMT

Workers AI now suppoorts Meta Llama 3.1.

Zaraz - 2024-07-23

Tue, 23 Jul 2024 00:00:00 GMT

Embeds: Add support for server-side rendering of X (Twitter) and Instagram embeds
CSP Compliance: Remove eval dependency
Google Analytics 4 Managed Component: Allow customizing the document title and client ID fields
Custom HTML Managed Component: Scripts included in a Custom HTML will preserve their running order
Google Ads Managed Component: Allow linking data with Google Analytics 4 instances
TikTok Managed Component: Use the new TikTok Events API v2
Reddit Managed Component: Support custom events
Twitter Managed Component: Support setting the event_id, using custom fields, and improve conversion tracking
Bugfix: Cookie life-time cannot exceed one year anymore
Bugfix: Zaraz Debugger UI does not break when presenting really long lines of information

Security Center - 2024-07-22

Mon, 22 Jul 2024 00:00:00 GMT

Customers can now archive multiple Security Insights at the same time. Go to Security Center > Security Insights and select the insights to archive.

Cache - Generic tiered cache

Fri, 19 Jul 2024 00:00:00 GMT

Generic Global Tiered Cache topology leverages all Cloudflare data centers as upper-tier cache network. It now hashes content within a region reducing duplication in upper-tier caches, which increases cache HIT ratio.

Workers - 2024-07-19

Fri, 19 Jul 2024 00:00:00 GMT

Workers with the mTLS binding now support Gradual Deployments.

Workers - 2024-07-18

Thu, 18 Jul 2024 00:00:00 GMT

Added a new truncated flag to Tail Worker events to indicate when the event buffer is full and events are being dropped.

Magic WAN - Updates to High Availability on the Magic WAN Connector

Wed, 17 Jul 2024 00:00:00 GMT

The High Availability feature on Magic WAN Connector now supports additional failover conditions, DHCP lease syncing, and staggered upgrades.

Workers - 2024-07-17

Wed, 17 Jul 2024 00:00:00 GMT

Updated v8 to version 12.7.

API deprecations - DNS Records: 'locked' Field

Sun, 14 Jul 2024 00:00:00 GMT

Deprecation date: July 14, 2024

The "locked" field of DNS records in API responses is unused and has been guaranteed to always be false for more than a year. This deprecation means that the field will be omitted from API responses entirely. If received from a client, the field will continue to be ignored, just as it is today.

Modified API:

GET /zones/:zone_id/dns_records
POST /zones/:zone_id/dns_records
GET /zones/:zone_id/dns_records/:dns_record_id
PATCH /zones/:zone_id/dns_records/:dns_record_id
PUT /zones/:zone_id/dns_records/:dns_record_id

Gateway - Gateway DNS filter non-authenticated queries

Sun, 14 Jul 2024 00:00:00 GMT

Gateway users can now select which endpoints to use for a given DNS location. Available endpoints include IPv4, IPv6, DNS over HTTPS (DoH), and DNS over TLS (DoT). Users can protect each configured endpoint by specifying allowed source networks. Additionally, for the DoH endpoint, users can filter traffic based on source networks and/or authenticate user identity tokens.

Workers AI - New community-contributed tutorial

Thu, 11 Jul 2024 00:00:00 GMT

Added community contributed tutorial on how to create APIs to recommend products on e-commerce sites using Workers AI and Stripe.

Workers - 2024-07-11

Thu, 11 Jul 2024 00:00:00 GMT

Added community contributed tutorial on how to create custom access control for files in R2 using D1 and Workers.
Added community contributed tutorial on how to send form submissions using Astro and Resend.
Added community contributed tutorial on how to create a sitemap from Sanity CMS with Workers.

AI Gateway - Custom metadata

Wed, 10 Jul 2024 00:00:00 GMT

AI Gateway now supports adding custom metadata to requests, improving tracking and analysis of incoming requests.

AI Gateway - Logs

Tue, 09 Jul 2024 00:00:00 GMT

Logs are now available for the last 24 hours.

API Shield - API Discovery's hostname variables

Mon, 08 Jul 2024 00:00:00 GMT

Customers can now see when API Discovery groups similar subdomains with the same methods and paths, making it easy to discover and manage APIs that share many vanity domains or subdomains.

R2 - 2024-07-08

Mon, 08 Jul 2024 00:00:00 GMT

Added migration log for Super Slurper to the migration summary in the dashboard.

Workers - 2024-07-03

Wed, 03 Jul 2024 00:00:00 GMT

The node:crypto implementation now includes the scrypt(...) and scryptSync(...) APIs.
Workers now support the standard EventSource API.
Fixed a bug where when writing to an HTTP Response body would sometimes hang when the client disconnected (and sometimes throw an exception). It will now always throw an exception.

API Shield - Route API requests using API Routing

Tue, 02 Jul 2024 00:00:00 GMT

Customers can now route requests to different back-end services through API Routing, creating a unified front for their APIs distributed across otherwise disparate systems.

BYOIP - Address Maps for BYOIP and Static IPs

Tue, 02 Jul 2024 00:00:00 GMT

Address Maps is available via API and via dashboard. Address Maps allows customers with BYOIP prefixes or account-level Static IPs to specify which IP addresses should be mapped to DNS records when they are proxied through Cloudflare. Refer to the documentation for details.

Magic Cloud Networking - Closed beta launch

Mon, 01 Jul 2024 00:00:00 GMT

The Magic Cloud Networking closed beta release is available, with the managed cloud on-ramps feature.

Rules - Cloudflare Snippets now available to all paid customers

Mon, 01 Jul 2024 00:00:00 GMT

Cloudflare Snippets (alpha) are now available to all paid customers.

Workers - 2024-07-01

Mon, 01 Jul 2024 00:00:00 GMT

When using Gradual Deployments, you can now use version overrides to send a request to a specific version of your Worker.

API deprecations - Mobile redirect

Sun, 30 Jun 2024 00:00:00 GMT

Deprecation date: June 30, 2024

This endpoint and its related APIs are deprecated in favor of Single Redirects. Refer to Perform mobile redirects to migrate Mobile Redirect to Redirect Rules.

Deprecated API:

GET /zones/:zone_identifier/settings/mobile_redirect
PATCH /zones/:zone_identifier/settings/mobile_redirect

Replacement: Single Redirects

Zero Trust WARP Client - WARP client for macOS (version 2024.6.416.0)

Fri, 28 Jun 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.

New features:

Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number).

Additional changes and improvements:

Fixed a known issue where the certificate was not always properly left behind in /Library/Application Support/Cloudflare/installed_cert.pem.
Fixed an issue where re-auth notifications were not cleared from the UI when the user switched configurations.
Fixed a macOS firewall rule that allowed all UDP traffic to go outside the tunnel. Relates to TunnelVision (CVE-2024-3661).
Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.

Warning:

This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of warp-cli -h.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.

Zero Trust WARP Client - WARP client for Windows (version 2024.6.415.0)

Fri, 28 Jun 2024 00:00:00 GMT

A new GA release for the Windows WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.

New features:

Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
The ZT WARP client on Windows devices can now connect before the user completes their Windows login. This Windows pre-login capability allows for connecting to on-premise Active Directory and/or similar resources necessary to complete the Windows login.
The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number).

Additional changes and improvements:

Added a new Unable to Connect message to the UI to help in troubleshooting.
The upgrade window now uses international date formats.
Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
Fixed a known issue where the certificate was not always properly left behind in %ProgramData%\Cloudflare\installed_cert.pem.
Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.
Fixed an issue where a silent upgrade was causing certain files to be deleted if the target upgrade version is the same as the current version.

Warning:

This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of warp-cli -h.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.

Workers - 2024-06-28

Fri, 28 Jun 2024 00:00:00 GMT

Fixed a bug which caused Date.now() to return skewed results if called before the first I/O of the first request after a Worker first started up. The value returned would be offset backwards by the amount of CPU time spent starting the Worker (compiling and running global scope), making it seem like the first I/O (e.g. first fetch()) was slower than it really was. This skew had nothing to do with Spectre mitigations; it was simply a longstanding bug.

Radar - Change TCP connection tampering API endpoints to TCP Resets Timeouts

Thu, 27 Jun 2024 00:00:00 GMT

Changed the connection tampering summary and timeseries API endpoints to TCP resets timeouts summary and timeseries, respectively.

Zero Trust WARP Client - Cloudflare One Agent for iOS (version 1.4)

Thu, 27 Jun 2024 00:00:00 GMT

A new GA release for the iOS Cloudflare One Agent is now available in the iOS App Store.

Notable updates:

Fixed an issue with endpoint IP settings in MDM files
Cleaned up some erroneous links
Updated the Terms of Service

Workers AI - Introducing embedded function calling

Thu, 27 Jun 2024 00:00:00 GMT

A new way to do function calling with Embedded function calling
Published new @cloudflare/ai-utils npm package
Open-sourced ai-utils on Github

Gateway - Gateway DNS policy setting to ignore CNAME category matches

Tue, 25 Jun 2024 00:00:00 GMT

Gateway now offers the ability to selectively ignore CNAME domain categories in DNS policies via the Ignore CNAME domain categories setting in the policy builder and the ignore_cname_category_matches setting in the API.

AI Gateway - Custom cache key headers

Mon, 24 Jun 2024 00:00:00 GMT

AI Gateway now supports custom cache key headers.

Durable Objects - 2024-06-24

Mon, 24 Jun 2024 00:00:00 GMT

Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a .retryable: true property if the exception was likely due to a transient failure, or populated with an .overloaded: true property if the exception was due to overload.

Workers - 2024-06-24

Mon, 24 Jun 2024 00:00:00 GMT

Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a .retryable: true property if the exception was likely due to a transient failure, or populated with an .overloaded: true property if the exception was due to overload.

Magic WAN - ICMP support for traffic sourced from private IPs

Sun, 23 Jun 2024 00:00:00 GMT

Magic WAN will now support ICMP traffic sourced from private IPs going to the Internet via Gateway.

Zaraz - 2024-06-21

Fri, 21 Jun 2024 00:00:00 GMT

Dashboard: Add an option to disable the automatic Pageview event

Stream - Generated Captions to Open beta

Thu, 20 Jun 2024 00:00:00 GMT

Stream has introduced automatically generated captions to open beta for all subscribers at no additional cost. While in beta, only English is supported and videos must be less than 2 hours. For more information, refer to the product announcement and deep dive or refer to the captions documentation to get started.

Workers - 2024-06-20

Thu, 20 Jun 2024 00:00:00 GMT

We now prompt for extra confirmation if attempting to rollback to a version of a Worker using the Deployments API where the value of a secret is different than the currently deployed version. A ?force=true query parameter can be specified to proceed with the rollback.

Workers AI - Added support for traditional function calling

Wed, 19 Jun 2024 00:00:00 GMT

Function calling is now supported on enabled models
Properties added on models page to show which models support function calling

Workers - 2024-06-19

Wed, 19 Jun 2024 00:00:00 GMT

When using nodejs_compat compatibility flag, the buffer module now has an implementation of isAscii() and isUtf8() methods.
Fixed a bug where exceptions propagated from JS RPC calls to Durable Objects would lack the .remote property that exceptions from fetch() calls to Durable Objects have.

AI Gateway - Access an AI Gateway through a Worker

Tue, 18 Jun 2024 00:00:00 GMT

Workers AI now natively supports AI Gateway.

Page Shield - Cookie Monitor now available

Tue, 18 Jun 2024 00:00:00 GMT

Page Shield now captures HTTP cookies set and used by your web application. The list of detected cookies in available in the Cloudflare dashboard or via API.

Workers AI - Native support for AI Gateways

Tue, 18 Jun 2024 00:00:00 GMT

Workers AI now natively supports AI Gateway.

Zaraz - 2024-06-18

Tue, 18 Jun 2024 00:00:00 GMT

Amplitude Managed Component: Allow users to choose data center
Bing Managed Component: Fix e-commerce events handling
Google Analytics 4 Managed Component: Mark e-commerce events as conversions
Consent Management: Fix IAB Consent Mode tools not showing with purposes

D1 - HTTP API now returns a HTTP 429 error for overloaded D1 databases

Mon, 17 Jun 2024 00:00:00 GMT

Previously, D1's HTTP API returned a HTTP 500 Internal Server error for queries that came in while a D1 database was overloaded. These requests now correctly return a HTTP 429 Too Many Requests error.

D1's Workers API is unaffected by this change.

Risk score - Okta risk exchange

Mon, 17 Jun 2024 00:00:00 GMT

You can now exchange user risk scores with Okta to inform SSO-level policies.

API deprecations - Server-side Excludes

Fri, 14 Jun 2024 00:00:00 GMT

Deprecation date: June 14, 2024

The Server-side Excludes feature and its API endpoints are deprecated.

Deprecated APIs:

GET /zones/:zone_id/settings/server_side_exclude
PATCH /zones/:zone_id/settings/server_side_exclude

Page Shield - Added filter operators for scripts and connections

Fri, 14 Jun 2024 00:00:00 GMT

You can now filter scripts and connections in the Cloudflare dashboard using the does not contain operator. Pages associated with scripts and connections can be filtered by includes, starts with, and ends with.

Risk score - SentinelOne signal ingestion

Fri, 14 Jun 2024 00:00:00 GMT

You can now configure a predefined risk behavior to evaluate user risk score using device posture attributes from the SentinelOne integration.

R2 - 2024-06-12

Wed, 12 Jun 2024 00:00:00 GMT

Super Slurper now supports migrating objects up to 1TB in size.

Workers - 2024-06-12

Wed, 12 Jun 2024 00:00:00 GMT

Blob and Body objects now include a new bytes() method, reflecting recent additions to web standards.

beacon.min.js - 2024-06-11

Tue, 11 Jun 2024 00:00:00 GMT

Enhanced to include reporting of Server-Timing headers.

Stream - Updated response codes on requests for errored videos

Tue, 11 Jun 2024 00:00:00 GMT

Stream will now return HTTP error status 424 (failed dependency) when requesting segments, manifests, thumbnails, downloads, or subtitles for videos that are in an errored state. Previously, Stream would return one of several 5xx codes for requests like this.

Workers AI - Deprecation announcement for `@cf/meta/llama-2-7b-chat-int8`

Tue, 11 Jun 2024 00:00:00 GMT

We will be deprecating @cf/meta/llama-2-7b-chat-int8 on 2024-06-30.

Replace the model ID in your code with a new model of your choice:

@cf/meta/llama-3-8b-instruct is the newest model in the Llama family (and is currently free for a limited time on Workers AI).
@cf/meta/llama-3-8b-instruct-awq is the new Llama 3 in a similar precision to your currently selected model. This model is also currently free for a limited time.

If you do not switch to a different model by June 30th, we will automatically start returning inference from @cf/meta/llama-3-8b-instruct-awq.

R2 - 2024-06-07

Fri, 07 Jun 2024 00:00:00 GMT

Fixed an issue that prevented Sippy from copying over objects from S3 buckets with SSE set up.

Access - Scalability improvements to the App Launcher

Thu, 06 Jun 2024 00:00:00 GMT

Applications now load more quickly for customers with a large number of applications or complex policies.

R2 - 2024-06-06

Thu, 06 Jun 2024 00:00:00 GMT

R2 will now ignore the x-purpose request parameter.

Magic WAN - Application based prioritization

Wed, 05 Jun 2024 00:00:00 GMT

The Magic WAN Connector can now prioritize traffic on a per-application basis.

CASB - Atlassian Bitbucket integration

Mon, 03 Jun 2024 00:00:00 GMT

You can now scan your Bitbucket Cloud workspaces for a variety of contextualized security issues such as source code exposure, admin misconfigurations, and more.

DDoS protection - DDoS alerts now available for EU CMB customers

Mon, 03 Jun 2024 00:00:00 GMT

DDoS alerts are now available for EU Customer Metadata Boundary (CMB) customers. This includes all DDoS alert type (Standard and Advanced) for both HTTP DDoS attacks and L3/4 DDoS attacks.

Rules - Cloudflare Snippets now available to all Enterprise customers

Mon, 03 Jun 2024 00:00:00 GMT

Cloudflare Snippets (alpha) are now available to all Enterprise customers. Customers in other paid plans will gradually get access throughout 2024.

Workers - 2024-06-03

Mon, 03 Jun 2024 00:00:00 GMT

Workers with Smart Placement enabled now support Gradual Deployments.

API deprecations - Name-Related Data Fields on SRV (DNS) Records

Fri, 31 May 2024 00:00:00 GMT

Deprecation date: May 31, 2024

The name of an SRV record normally consists of three parts: the service (e.g., _xmpp), the protocol (e.g., _tcp), and the base name (example.com).

The complete name would then be, e.g., _xmpp._tcp.example.com.

When interacting with DNS records through the API, SRV records contain both a full name as well as a data map containing the individual components of the name:

{
  "name": "_xmpp._tcp.example.com",
  "data": {
    "service": "_xmpp",
    "proto": "_tcp",
    "name": "example.com",
    ...
  },
  ...
}

We are deprecating the service, proto and name fields within the data map in favor of the name field outside the data map, which is the same name field that's used by all other record types.

Before the end of life date, please ensure that:

when reading SRV records, you use only the name outside of the data map and ignore service, proto and name within the data map if they exist; and
when writing SRV records, you set the name outside of the data map and do not set service, proto or name within the data map.

After the end of life date, the API will stop producing the service, proto and name data fields, and if any of them are received from a client, an error will be returned.

This deprecation does not affect other SRV data fields not mentioned above (priority, weight, port, target) or data fields for any other record type other than SRV.

Modified API:

GET /zones/:zone_id/dns_records
POST /zones/:zone_id/dns_records
GET /zones/:zone_id/dns_records/:dns_record_id
PATCH /zones/:zone_id/dns_records/:dns_record_id
PUT /zones/:zone_id/dns_records/:dns_record_id

Magic WAN - WARP virtual IP addresses

Fri, 31 May 2024 00:00:00 GMT

Customers using Gateway to filter traffic to Magic WAN destinations will now see traffic from Cloudflare egressing with WARP virtual IP addresses (CGNAT range), rather than public Cloudflare IP addresses. This simplifies configuration and improves visibility for customers.

R2 - 2024-05-29

Wed, 29 May 2024 00:00:00 GMT

Added support for Infrequent Access storage class (beta).

Workers AI - Add new public LoRAs and note on LoRA routing

Wed, 29 May 2024 00:00:00 GMT

Added documentation on new public LoRAs.
Noted that you can now run LoRA inference with the base model rather than explicitly calling the -lora version

Hyperdrive - Increased configuration limits

Fri, 24 May 2024 00:00:00 GMT

You can now create up to 25 Hyperdrive configurations per account, up from the previous maximum of 10.

Refer to Limits to review the limits that apply to Hyperdrive.

R2 - 2024-05-24

Fri, 24 May 2024 00:00:00 GMT

Added create temporary access tokens endpoint.

CASB - Data-at-rest DLP for Box and Dropbox

Thu, 23 May 2024 00:00:00 GMT

You can now scan your Box and Dropbox files for DLP matches.

DLP - Data-at-rest DLP for Box and Dropbox

Thu, 23 May 2024 00:00:00 GMT

You can now scan your Box and Dropbox files for DLP matches.

WAF - Improved detection capabilities

Thu, 23 May 2024 00:00:00 GMT

WAF attack score now automatically detects and decodes Base64 and JavaScript (Unicode escape sequences) in HTTP requests. This update is available for all customers with access to WAF attack score (Business customers with access to a single field and Enterprise customers).

AI Gateway - AI Gateway is now GA

Wed, 22 May 2024 00:00:00 GMT

AI Gateway is moving from beta to GA.

beacon.min.js - 2024-05-22

Wed, 22 May 2024 00:00:00 GMT

Introducing new metric fields, transferSize and decodedBodySize are included.

Data Localization Suite - Expanded Regional Services for more precise data localization.

Wed, 22 May 2024 00:00:00 GMT

Added Austria, Brazil, France, Hong Kong, Italy, NATO, the Netherlands, Russia, Saudi Arabia, South Africa, Spain, Switzerland, and Taiwan. Some regions may not appear in the dropdown as they require Cloudflare approval. Contact your account team for more information.
Introduced Exclusive of Hong Kong and Macau, and Exclusive of Russia and Belarus options.
Launched the Cloudflare Green Energy region, using renewable-powered data centers.

Hyperdrive - Driver performance improvements

Wed, 22 May 2024 00:00:00 GMT

Compatibility improvements to how Hyperdrive interoperates with the popular Postgres.js driver have been released. These improvements allow queries made via Postgres.js to be correctly cached (when enabled) in Hyperdrive.

Developers who had previously set prepare: false can remove this configuration when establishing a new Postgres.js client instance.

Read the documentation on supported drivers to learn more about database driver interoperability with Hyperdrive.

Zero Trust WARP Client - WARP client for Windows (version 2024.5.310.1)

Wed, 22 May 2024 00:00:00 GMT

A new beta release for the Windows WARP client is now available in the App Center.

Notable updates:

Added a new Unable to Connect message to the UI to help in troubleshooting.
In the upgrade window, a change was made to use international date formats to resolve an issue with localization.
Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
Fixed a known issue where the certificate was not always properly left behind in %ProgramData%\Cloudflare\installed_cert.pem.
Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.

Zero Trust WARP Client - WARP client for macOS (version 2024.5.287.1)

Tue, 21 May 2024 00:00:00 GMT

A new beta release for the macOS WARP client is now available in the App Center

Notable updates:

Fixed a known issue where the certificate was not always properly left behind in /Library/Application Support/Cloudflare/installed_cert.pem.
Fixed an issue so that the reauth notification is cleared from the UI when the user switches configurations.
Fixed an issue by correcting the WARP client setting of macOS firewall rules. This relates to TunnelVision (CVE-2024-3661).
Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.

Known issues:

If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.

Digital Experience Monitoring - Last seen ISP

Mon, 20 May 2024 00:00:00 GMT

Admins can view the last ISP seen for a device by going to My Team > Devices. Requires setting up a traceroute test.

Workers AI - Add OpenAI compatible API endpoints

Fri, 17 May 2024 00:00:00 GMT

Added OpenAI compatible API endpoints for /v1/chat/completions and /v1/embeddings. For more details, refer to Configurations.

Workers - 2024-05-17

Fri, 17 May 2024 00:00:00 GMT

Updated v8 to version 12.6.

AI Gateway - 2024-05-16

Thu, 16 May 2024 00:00:00 GMT

Providers: Added Cohere and Groq as new providers.

Workers - 2024-05-15

Wed, 15 May 2024 00:00:00 GMT

The new fetch_standard_url compatibility flag will become active by default on June 3rd, 2024 and ensures that URLs passed into the fetch(...) API, the new Request(...) constructor, and redirected requests will be parsed using the standard WHATWG URL parser.
DigestStream is now more efficient and exposes a new bytesWritten property that indicates that number of bytes written to the digest.

Rules - Page Rules migration

Tue, 14 May 2024 00:00:00 GMT

The Page Rules migration guide is now available for users interested in transitioning to modern Rules features instead of Page Rules. Explore the guide for detailed instructions on migrating your configurations.

API Shield - Use JWT claims in Advanced Rate Limiting, Transform Rules, and as session IDs

Mon, 13 May 2024 00:00:00 GMT

Customers can now use the fields inside JSON Web Tokens (known as claims) as session identifiers in API Shield, to count values in Advanced Rate Limiting, and to send on useful information in Transform Rules.

Digital Experience Monitoring - DEX alerts

Mon, 13 May 2024 00:00:00 GMT

Admins can now set DEX alerts using Cloudflare Notifications. Three new DEX alert types:

Device connectivity anomaly
Test latency
Test low availability

Rules - New Configuration Rules setting for Web Analytics (RUM)

Mon, 13 May 2024 00:00:00 GMT

You can now turn off Cloudflare Web Analytics, also known as Real User Monitoring (RUM), for specific requests using a configuration rule.

Workers - 2024-05-13

Mon, 13 May 2024 00:00:00 GMT

Updated v8 to version 12.5.
A bug in the fetch API implementation would cause the content type of a Blob to be incorrectly set. The fix is being released behind a new blob_standard_mime_type compatibility flag.

Zero Trust WARP Client - Cloudflare One Agent for Android (version 1.7)

Fri, 10 May 2024 00:00:00 GMT

A new GA release for the Android Cloudflare One Agent is now available in the Google Play Store. This release fixes an issue where the user was not prompted to select the client certificate in the browser during Access registration.

AI Gateway - 2024-05-09

Thu, 09 May 2024 00:00:00 GMT

Added new endpoints to the REST API.

Zero Trust WARP Client - Crowdstrike posture checks for online status

Thu, 09 May 2024 00:00:00 GMT

Two new Crowdstrike attributes, Last Seen and State, are now available to be used as selectors in the Crowdstrike service provider integration.

Zero Trust WARP Client - WARP client for macOS (version 2024.3.444.0)

Wed, 08 May 2024 00:00:00 GMT

A new GA release for the macOS WARP client is now available in the App Center. This releases fixes an issue with how the WARP client sets macOS firewall rules and addresses the TunnelVision (CVE-2024-3661) vulnerability.

Workers - 2024-05-03

Fri, 03 May 2024 00:00:00 GMT

Fixed RPC to/from Durable Objects not honoring the output gate.
The internal_stream_byob_return_view compatibility flag can be used to improve the standards compliance of the ReadableStreamBYOBReader implementation when working with BYOB streams provided by the runtime (like in response.body or request.body). The flag ensures that the final read result will always include a value field whose value is set to an empty Uint8Array whose underlying ArrayBuffer is the same memory allocation as the one passed in on the call to read().
The Web platform standard reportError(err) global API is now available in workers. The reported error will first be emitted as an 'error' event on the global scope then reported in both the console output and tail worker exceptions by default.

Zaraz - 2024-05-03

Fri, 03 May 2024 00:00:00 GMT

Dashboard: Add setting for Google Consent mode default
Bugfix: Cookie values are now decoded
Bugfix: Ensure context enricher worker can access the context.system.consent object
Google Ads Managed Component: Add conversion linker on pageviews without sending a pageview event
Pinterest Conversion API Managed Component: Bugfix handling of partial e-commerce event payloads

API Shield - Build Sequence Mitigation rules via the Cloudflare dashboard

Tue, 30 Apr 2024 00:00:00 GMT

Customers can now build Sequence Mitigation rules with a new user interface inside the API Shield section of the Cloudflare dashboard.

D1 - D1 alpha databases will stop accepting live SQL queries on August 15, 2024

Tue, 30 Apr 2024 00:00:00 GMT

Previously deprecated alpha D1 databases need to be migrated by August 15, 2024 to accept new queries.

Refer to alpha database migration guide to migrate to the new, generally available, database architecture.

Rules - New Configuration Rules setting for Cloudflare Fonts

Mon, 29 Apr 2024 00:00:00 GMT

You can now turn on or off Cloudflare Fonts for specific requests using a configuration rule.

Access - Add option to bypass CORS to origin server

Sun, 28 Apr 2024 00:00:00 GMT

Access admins can defer all CORS enforcement to their origin server for specific Access applications.

Page Shield - Suggestions for the default directive

Fri, 26 Apr 2024 00:00:00 GMT

When creating a policy in the dashboard, default directive aggregates suggestions of monitored scripts and connections data, enabling defining default directive easier.

Workers - 2024-04-26

Fri, 26 Apr 2024 00:00:00 GMT

Updated v8 to version 12.4.

DDoS protection - Scheduled for 2024-04-29

Fri, 19 Apr 2024 00:00:00 GMT

Announcement Date	Change Date	Rule ID	Description	Previous Action	New Action	Notes
N/A	N/A	N/A	N/A	N/A	N/A	N/A

DDoS protection - 2024-04-19

Fri, 19 Apr 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
	HTTP requests with unusual HTTP headers or URI path (signature #66).	N/A	block

Zaraz - 2024-04-19

Fri, 19 Apr 2024 00:00:00 GMT

Instagram Managed Component: Improve performance of Instagram embeds
Mixpanel Managed Component: Include gclid and fbclid values in Mixpanel requests if available
Consent Management: Ensure consent platform is enabled when using IAB TCF compliant mode when there's at least one TCF-approved vendor configured
Bugfix: Ensure track data payload keys take priority over preset-keys when using enrich-payload feature for custom actions

beacon.min.js - 2024-04-17

Wed, 17 Apr 2024 00:00:00 GMT

Introducing new metric fields, deliveryType (dt) and navigationType (nt) are included.

DDoS protection - Network Analytics now supported for EU CMB customers

Wed, 17 Apr 2024 00:00:00 GMT

The Network Analytics dashboard is available to customers that have opted in to the EU Customer Metadata Boundary (CMB) solution. This also includes Network Analytics Logs (Logpush) and GraphQL API.

API users can ensure they are routed properly by directing their API requests at eu.api.cloudflare.com.

CASB - Export CASB findings to CSV

Tue, 16 Apr 2024 00:00:00 GMT

You can now export all top-level CASB findings or every instance of your findings to CSV.

DDoS protection - 2024-04-16

Tue, 16 Apr 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
	HTTP requests with unusual HTTP headers or URI path (signature #64).	N/A	block
	HTTP requests with unusual HTTP headers or URI path (signature #65).	N/A	block

DLP - Optical character recognition

Tue, 16 Apr 2024 00:00:00 GMT

DLP can now detect sensitive data in jpeg, jpg, and png files. This helps companies prevent the leak of sensitive data in images, such as screenshots.

Workers for Platforms - Workers for Platforms available to all users

Tue, 16 Apr 2024 00:00:00 GMT

Workers for Platforms will be available for all users through the new pay-as-you-go plan. For more information, refer to the blog post.

Access - Zero Trust User identity audit logs

Mon, 15 Apr 2024 00:00:00 GMT

All user identity changes via SCIM or Authentication events are logged against a user's registry identity.

Trace - Cloudflare Trace now supports Workers

Mon, 15 Apr 2024 00:00:00 GMT

Starting today, customers can use Cloudflare Trace to confirm if a request to a specific URL within their zone is routed through a Workers script.

D1 - HTTP API now returns a HTTP 400 error for invalid queries

Fri, 12 Apr 2024 00:00:00 GMT

Previously, D1's HTTP API returned a HTTP 500 Internal Server error for an invalid query. An invalid SQL query now correctly returns a HTTP 400 Bad Request error.

D1's Workers API is unaffected by this change.

Stream - Live Instant Clipping for live broadcasts and recordings

Thu, 11 Apr 2024 00:00:00 GMT

Clipping is now available in open beta for live broadcasts and recordings. For more information, refer to Live instant clipping documentation.

Workers AI - Add AI native binding

Thu, 11 Apr 2024 00:00:00 GMT

Added new AI native binding, you can now run models with const resp = await env.AI.run(modelName, inputs)
Deprecated @cloudflare/ai npm package. While existing solutions using the @cloudflare/ai package will continue to work, no new Workers AI features will be supported. Moving to native AI bindings is highly recommended

Workers - 2024-04-11

Thu, 11 Apr 2024 00:00:00 GMT

Improve Streams API spec compliance by exposing desiredSize and other properties on stream class prototypes
The new URL.parse(...) method is implemented. This provides an alternative to the URL constructor that does not throw exceptions on invalid URLs.
R2 bindings objects now have a storageClass option. This can be set on object upload to specify the R2 storage class - Standard or Infrequent Access. The property is also returned with object metadata.

Turnstile - 2024-04-10

Wed, 10 Apr 2024 00:00:00 GMT

Added [refresh-timeout] and document new automatic interactive timeout-refresh.

Zaraz - 2024-04-08

Mon, 08 Apr 2024 00:00:00 GMT

Consent Management: Add consent object to context.system for finer control over consent preferences
Consent Management: Add support for IAB-compliant consent mode
Consent Management: Add "zarazConsentChoicesUpdated" event
Consent Management: Modal now respects system dark mode prefs when present
Google Analytics 4 Managed Component: Add support for Google Consent Mode v2
Google Ads Managed Component: Add support for Google Consent Mode v2
Twitter Managed Component: Enable tweet embeds
Bing Managed Component: Support running without setting cookies
Bugfix: client.get for Custom Managed Components fixed
Bugfix: Prevent duplicate pageviews in monitoring after consent granting
Bugfix: Prevent Managed Component routes from blocking origin routes unintentionally

D1 - D1 alpha databases are deprecated

Fri, 05 Apr 2024 00:00:00 GMT

Now that D1 is generally available and production ready, alpha D1 databases are deprecated and should be migrated for better performance, reliability, and ongoing support.

Refer to alpha database migration guide to migrate to the new, generally available, database architecture.

Gateway - Gateway file type control improvements

Fri, 05 Apr 2024 00:00:00 GMT

Gateway now offers a more extensive, categorized list of files to control uploads and downloads.

Workers - 2024-04-05

Fri, 05 Apr 2024 00:00:00 GMT

A new JavaScript-native remote procedure call (RPC) API is now available, allowing you to communicate more easily across Workers and between Workers and Durable Objects.

Calls - Orange Meets availability

Thu, 04 Apr 2024 00:00:00 GMT

Orange Meets, Cloudflare's internal video conferencing app, is open source and available for use from Github.

Calls - Cloudflare Calls open beta

Thu, 04 Apr 2024 00:00:00 GMT

Cloudflare Calls is in open beta and available from the Cloudflare Dashboard.

DDoS protection - 2024-04-04

Thu, 04 Apr 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...177059f1	HTTP requests from known botnet (signature #31).	log	N/A
...7b231fb2	HTTP requests from known botnet (signature #81).	N/A	block

Images - Images upload widget

Thu, 04 Apr 2024 00:00:00 GMT

Use the upload widget to integrate Cloudflare Images into your application by embedding the script into a static HTML page or installing a package that works with your preferred framework. To try out the upload widget, sign up for the the closed beta.

Images - Face cropping

Thu, 04 Apr 2024 00:00:00 GMT

Crop and resize images of people's faces at scale using the existing gravity parameter and saliency detection, which sets the focal point of an image based on the most visually interesting pixels. To apply face cropping to your image optimization, sign up for the closed beta.

Page Shield - Individual threat intelligence categories

Thu, 04 Apr 2024 00:00:00 GMT

Instead of aggregating categories of URL and domain data from threat intelligence, they are now listed per type.

Workers - 2024-04-04

Thu, 04 Apr 2024 00:00:00 GMT

There is no longer an explicit limit on the total amount of data which may be uploaded with Cache API put() per request. Other Cache API Limits continue to apply.
The Web standard ReadableStream.from() API is now implemented. The API enables creating a ReadableStream from a either a sync or async iterable.

Durable Objects - Durable Objects support for Oceania region

Wed, 03 Apr 2024 00:00:00 GMT

Durable Objects can reside in Oceania, lowering Durable Objects request latency for eyeball Workers in Oceania locations.

Refer to Durable Objects to provide location hints to objects.

R2 - 2024-04-03

Wed, 03 Apr 2024 00:00:00 GMT

Event notifications for R2 is now available as an open beta.
Super Slurper now supports migration from Google Cloud Storage.

Workers - 2024-04-03

Wed, 03 Apr 2024 00:00:00 GMT

When the brotli_content_encoding compatibility flag is enabled, the Workers runtime now supports compressing and decompressing request bodies encoded using the Brotli compression algorithm. Refer to this docs section for more detail.

Browser Rendering - Browser Rendering Available for everyone

Tue, 02 Apr 2024 00:00:00 GMT

Browser Rendering is now out of beta and available to all customers with Workers Paid Plan. Analytics and logs are available in Cloudflare's dashboard, under "Worker & Pages".

DDoS protection - 2024-04-02

Tue, 02 Apr 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Update the rule to match to block attacks more consistently.

Workers - 2024-04-02

Tue, 02 Apr 2024 00:00:00 GMT

You can now write Workers in Python

D1 - D1 is generally available

Mon, 01 Apr 2024 00:00:00 GMT

D1 is now generally available and production ready. Read the blog post for more details on new features in GA and to learn more about the upcoming D1 read replication API.

Developers with a Workers Paid plan now have a 10GB GB per-database limit (up from 2GB), which can be combined with existing limit of 50,000 databases per account.
Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.
D1 databases can be exported as a SQL file.

Durable Objects - Billing reduction for WebSocket messages

Mon, 01 Apr 2024 00:00:00 GMT

Durable Objects request billing applies a 20:1 ratio for incoming WebSocket messages. For example, 1 million Websocket received messages across connections would be charged as 50,000 Durable Objects requests.

This is a billing-only calculation and does not impact Durable Objects metrics and analytics.

Hyperdrive - Hyperdrive is now Generally Available

Mon, 01 Apr 2024 00:00:00 GMT

Hyperdrive is now Generally Available and ready for production applications.

Read the announcement blog to learn more about the Hyperdrive and the roadmap, including upcoming support for MySQL databases.

Workers - 2024-04-01

Mon, 01 Apr 2024 00:00:00 GMT

The new unwrap_custom_thenables compatibility flag enables workers to accept custom thenables in internal APIs that expect a promise (for instance, the ctx.waitUntil(...) method).
TransformStreams created with the TransformStream constructor now have a cancel algorithm that is called when the stream is canceled or aborted. This change is part of the implementation of the WHATWG Streams standard.
The nodejs_compat compatibility flag now includes an implementation of the MockTracker API from node:test. This is not an implementation of the full node:test module, and mock timers are currently not included.
Exceptions reported to Tail Workers now include a "stack" property containing the exception's stack trace, if available.

API deprecations - Privacy Pass API Removal

Sun, 31 Mar 2024 00:00:00 GMT

Deprecation date: March 31, 2024

In 2017, Cloudflare announced support for Privacy Pass, a recent protocol to let users prove their identity across multiple sites anonymously without enabling tracking. The initial use case was to provide untraceable tokens to sites to vouch for users who might otherwise have been presented with a CAPTCHA challenge. In the time since this release, Privacy Pass has evolved both at the IETF and within Cloudflare. The version announced in 2017 is now considered legacy, and these legacy Privacy Pass tokens are no longer supported as an alternative to Cloudflare challenges. As has been discussed on our blog The end road for CAPTCHA, Cloudflare uses a variety of signals to infer if incoming traffic is likely automated. The (legacy) Privacy Pass zone setting is no longer meaningful to Cloudflare customers as Cloudflare now operates CAPTCHA free, and supports the latest Privacy Pass draft.

In September 2023, support for legacy Privacy Pass tokens as an alternative to Cloudflare Managed Challenge was removed. By the end of March 2024, the current public-facing API will be removed as well.

Deprecated API:

GET zones/:zone_identifier/settings/privacy_pass
POST zones/:zone_identifier/settings/privacy_pass

AI Gateway - 2024-03-26

Tue, 26 Mar 2024 00:00:00 GMT

LLM Side Channel vulnerability fixed
Providers: Added Anthropic, Google Vertex, Perplexity as providers.

Queues - Delay messages published to a queue

Tue, 26 Mar 2024 00:00:00 GMT

Messages published to a queue and/or marked for retry from a queue consumer can now be explicitly delayed. Delaying messages allows you to defer tasks until later, and/or respond to backpressure when consuming from a queue.

Refer to Batching and Retries to learn how to delay messages written to a queue.

Queues - Support for pull-based consumers

Mon, 25 Mar 2024 00:00:00 GMT

Queues now supports pull-based consumers. A pull-based consumer allows you to pull from a queue over HTTP from any environment and/or programming language outside of Cloudflare Workers. A pull-based consumer can be useful when your message consumption rate is limited by upstream infrastructure or long-running tasks.

Review the documentation on pull-based consumers to configure HTTP-based pull.

Turnstile - 2024-03-25

Mon, 25 Mar 2024 00:00:00 GMT

Added more supported languages.

Rules - New TLS fields in rule expressions

Fri, 22 Mar 2024 00:00:00 GMT

Customers can now use new fields cf.tls_client_hello_length (the length of the client hello message sent in a TLS handshake), cf.tls_client_random (the value of the 32-byte random value provided by the client in a TLS handshake), and cf.tls_client_extensions_sha1 (the SHA-1 fingerprint of TLS client extensions) in various products built on Ruleset Engine.

Browser Isolation - Removed third-party cookie dependencies

Thu, 21 Mar 2024 00:00:00 GMT

Removed dependency on third-party cookies in the isolated browser, fixing an issue that previously caused intermittent disruptions for users maintaining multi-site, cross-tab sessions in the isolated browser.

Page Shield - Increase allowed length per policy

Thu, 21 Mar 2024 00:00:00 GMT

Now each policy supports up to 6,000 characters.

Rules - Origin Rules now allow port numbers in Host Header Override

Wed, 20 Mar 2024 00:00:00 GMT

Customers can now use arbitrary port numbers in Host Header Override in Origin Rules. Previously, only hostname was allowed as a value (for example, example.com). Now, you can set the value to hostname:port (for example, example.com:1234) as well.

Hyperdrive - Improved local development configuration

Tue, 19 Mar 2024 00:00:00 GMT

Hyperdrive now supports a WRANGLER_HYPERDRIVE_LOCAL_CONNECTION_STRING_<BINDING_NAME> environmental variable for configuring local development to use a test/non-production database, in addition to the localConnectionString configuration in wrangler.toml.

Refer to Local development for instructions on how to configure Hyperdrive locally.

Queues - Default content type now set to JSON

Mon, 18 Mar 2024 00:00:00 GMT

The default content type for messages published to a queue is now json, which improves compatibility with the upcoming pull-based queues.

Any Workers created on or after the compatibility date of 2024-03-18, or that explicitly set the queues_json_messages compatibility flag, will use the new default behaviour. Existing Workers with a compatibility date prior will continue to use v8 as the default content type for published messages.

Trace - Cloudflare Trace now supports BYOIP zones

Mon, 18 Mar 2024 00:00:00 GMT

Customers can now use Cloudflare Trace to trace HTTP/S requests through their BYOIP zones.

D1 - Change in `wrangler d1 execute` default

Tue, 12 Mar 2024 00:00:00 GMT

As of wrangler@3.33.0, wrangler d1 execute and wrangler d1 migrations apply now default to using a local database, to match the default behavior of wrangler dev.

It is also now possible to specify one of --local or --remote to explicitly tell wrangler which environment you wish to run your commands against.

DDoS protection - 2024-03-12

Tue, 12 Mar 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...85fa2e98	Adaptive DDoS Protection for UDP Destination Ports (Available only to Enterprise accounts).	N/A	log	Enable rule that uses a customer's UDP destination port profile to mitigate traffic (log mode by default).

Trace - Cloudflare Trace now supports grey-clouded hostnames

Tue, 12 Mar 2024 00:00:00 GMT

Even if the hostname is not proxied by Cloudflare, Cloudflare Trace will now return all the configurations that Cloudflare would have applied to the request.

Workers - 2024-03-11

Mon, 11 Mar 2024 00:00:00 GMT

Built-in APIs that return Promises will now produce stack traces when the Promise rejects. Previously, the rejection error lacked a stack trace.
A new compat flag fetcher_no_get_put_delete removes the get(), put(), and delete() methods on service bindings and Durable Object stubs. This will become the default as of compatibility date 2024-03-26. These methods were designed as simple convenience wrappers around fetch(), but were never documented.
Updated v8 to version 12.3.

D1 - Billing for D1 usage

Tue, 05 Mar 2024 00:00:00 GMT

As of 2024-03-05, D1 usage will start to be counted and may incur charges for an account's future billing cycle.

Developers on the Workers Paid plan with D1 usage beyond included limits will incur charges according to D1's pricing.

Developers on the Workers Free plan can use up to the included limits. Usage beyond the limits below requires signing up for the $5/month Workers Paid plan.

Account billable metrics are available in the Cloudflare Dashboard and GraphQL API.

DDoS protection - 2024-02-26

Mon, 26 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...6831bff1	HTTP requests with unusual HTTP headers or URI path (signature #35).	block	block	Extend the rule to catch attacks more comprehensively.
...e269dfd6	HTTP requests with unusual HTTP headers or URI path (signature #56).	block	block	Extend the rule to catch attacks more comprehensively.

Version Management - Support for API Shield

Mon, 26 Feb 2024 00:00:00 GMT

API Shield no longer prevents Version Management enablement and zone settings configurations.

Queues - Explicit retries no longer impact consumer concurrency/scaling.

Sat, 24 Feb 2024 00:00:00 GMT

Calling retry() or retryAll() on a message or message batch will no longer have an impact on how Queues scales consumer concurrency.

Previously, using explicit retries via retry() or retryAll() would count as an error and could result in Queues scaling down the number of concurrent consumers.

Workers - 2024-02-24

Sat, 24 Feb 2024 00:00:00 GMT

v8 updated to version 12.2.
You can now use Iterator helpers in Workers.
You can now use new methods on Set, such as Set.intersection and Set.union, in Workers.

API Shield - Endpoint Management supports hostname variables

Fri, 23 Feb 2024 00:00:00 GMT

Customers can now save endpoints in Endpoint Management that contain variables in the hostname. Hostname variables are supported across all product features.

Workers - 2024-02-23

Fri, 23 Feb 2024 00:00:00 GMT

Sockets now support an opened attribute.
Durable Object alarm handlers now impose a maximum wall time of 15 minutes.

Access - Access for SaaS OIDC Support

Thu, 22 Feb 2024 00:00:00 GMT

Access for SaaS applications can be setup with OIDC as an authentication method. OIDC and SAML 2.0 are now both fully supported.

Access - WARP as an identity source for Access

Thu, 22 Feb 2024 00:00:00 GMT

Allow users to log in to Access applications with their WARP session identity. Users need to reauthenticate based on default session durations. WARP authentication identity must be turned on in your device enrollment permissions and can be enabled on a per application basis.

R2 - 2024-02-20

Tue, 20 Feb 2024 00:00:00 GMT

When an OPTIONS request against the public entrypoint does not include an origin header, an HTTP 400 instead of an HTTP 401 is returned.

DDoS protection - 2024-02-19

Mon, 19 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...0fbfd5ae	HTTP requests from known botnet (signature #32).	block	ddos_dynamic
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Expand rule logic to catch more attacks.
...3ad719cd	HTTP requests from known botnet (signature #79).	ddos_dynamic	ddos_dynamic	Expand the rule scope to catch more attacks.

D1 - API changes to `run()`

Fri, 16 Feb 2024 00:00:00 GMT

A previous change (made on 2024-02-13) to the run() query statement method has been reverted.

run() now returns a D1Result, including the result rows, matching its original behavior prior to the change on 2024-02-13.

Future change to run() to return a D1ExecResult, as originally intended and documented, will be gated behind a compatibility date as to avoid breaking existing Workers relying on the way run() currently works.

Stream - Tonemapping improvements for HDR content

Fri, 16 Feb 2024 00:00:00 GMT

In certain cases, videos uploaded with an HDR colorspace (such as footage from certain mobile devices) appeared washed out or desaturated when played back. This issue is resolved for new uploads.

Durable Objects - Optional `alarmInfo` parameter for Durable Object Alarms

Thu, 15 Feb 2024 00:00:00 GMT

Durable Objects Alarms now have a new alarmInfo argument that provides more details about an alarm invocation, including the retryCount and isRetry to signal if the alarm was retried.

Zaraz - 2024-02-15

Thu, 15 Feb 2024 00:00:00 GMT

Single Page Applications: Introduce zaraz.spaPageview() for manually triggering SPA pageviews
Pinterest Managed Component: Add ecommerce support
Google Ads Managed Component: Append url and rnd params to pagead/landing endpoint
Bugfix: Add noindex robots headers for Zaraz GET endpoint responses
Bugfix: Gracefully handle responses from custom Managed Components without mapped endpoints

D1 - API changes to `raw()`, `all()` and `run()`

Tue, 13 Feb 2024 00:00:00 GMT

D1's raw(), all() and run() query statement methods have been updated to reflect their intended behavior and improve compatibility with ORM libraries.

raw() now correctly returns results as an array of arrays, allowing the correct handling of duplicate column names (such as when joining tables), as compared to all(), which is unchanged and returns an array of objects. To include an array of column names in the results when using raw(), use raw({columnNames: true}).

run() no longer incorrectly returns a D1Result and instead returns a D1ExecResult as originally intended and documented.

This may be a breaking change for some applications that expected raw() to return an array of objects.

Refer to D1 client API to review D1's query methods, return types and TypeScript support in detail.

DDoS protection - 2024-02-12

Mon, 12 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...c47bdca6	HTTP requests with unusual HTTP headers or URI path (signature #62).	N/A	block

DDoS protection - 2024-02-08

Thu, 08 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...3a679c52	Requests coming from known bad sources.	ddos_dynamic	managed_challenge	Expand the rule to mitigate on all zones.

DDoS protection - 2024-02-06

Tue, 06 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Modify characteristics of the unusual HTTP headers or URI path.
...3a679c52	Requests coming from known bad sources.	N/A	ddos_dynamic
...3ad719cd	HTTP requests from known botnet (signature #79).	ddos_dynamic	ddos_dynamic	Expand the scope of the rule to match more attacks.

R2 - 2024-02-06

Tue, 06 Feb 2024 00:00:00 GMT

The response shape of GET /buckets/:bucket/sippy has changed.
The /buckets/:bucket/sippy/validate endpoint is exposed over APIGW to validate Sippy's configuration.
The shape of the configuration object when modifying Sippy's configuration has changed.

DDoS protection - 2024-02-05

Mon, 05 Feb 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Extend the rule to catch more attacks.

Zaraz - 2024-02-05

Mon, 05 Feb 2024 00:00:00 GMT

Dashboard: rename "tracks" to "events" for consistency
Pinterest Conversion API Managed Component: update parameters sent to api
HTTP Managed Component: update _settings prefix usage handling
Bugfix: better minification of client-side js
Bugfix: fix bug where anchor link click events were not bubbling when using click listener triggers
API update: begin migration support from deprecated tool.neoEvents array to tool.actions object config schema migration

API deprecations - Argo Tunnel

Sun, 04 Feb 2024 00:00:00 GMT

Deprecation date: February 4, 2024

This endpoint and its related APIs are deprecated in favor of the Cloudflare Tunnels equivalent APIs.

Deprecated API:

GET accounts/:account_identifier/tunnels
POST accounts/:account_identifier/tunnels
GET accounts/:account_identifier/tunnels/:tunnel_id
DELETE accounts/:account_identifier/tunnels/:tunnel_id

Replacement: Cloudflare Tunnel API

R2 - 2024-02-02

Fri, 02 Feb 2024 00:00:00 GMT

Updated GetBucket endpoint: Now fetches by bucket_name instead of bucket_id.

R2 - 2024-01-30

Tue, 30 Jan 2024 00:00:00 GMT

Fixed a bug where the API would accept empty strings in the AllowedHeaders property of PutBucketCors actions.

DDoS protection - 2024-01-26

Fri, 26 Jan 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...3ad719cd	HTTP requests from known botnet (signature #79).	N/A	ddos_dynamic
...61bc58d5	HTTP requests with unusual HTTP headers or URI path (signature #55).	managed_challenge	managed_challenge	Expanded the scope of the rule to catch attacks more consistently.

R2 - 2024-01-26

Fri, 26 Jan 2024 00:00:00 GMT

Parts are now automatically sorted in ascending order regardless of input during CompleteMultipartUpload.

DDoS protection - 2024-01-25

Thu, 25 Jan 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.

DDoS protection - 2024-01-23

Tue, 23 Jan 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.
...2de94fb2	HTTP requests with unusual HTTP headers or URI path (signature #3).	ddos_dynamic	block	Expand rule scope to catch more attacks.
...2f8d9a4f	HTTP requests from known botnet (signature #78).	N/A	block

Magic WAN - Network segmentation

Tue, 23 Jan 2024 00:00:00 GMT

You can define policies in your Connector to either allow traffic to flow between your LANs without it leaving your local premises or to forward it via the Cloudflare network where you can add additional security features.

D1 - Support for LIMIT on UPDATE and DELETE statements

Thu, 18 Jan 2024 00:00:00 GMT

D1 now supports adding a LIMIT clause to UPDATE and DELETE statements, which allows you to limit the impact of a potentially dangerous operation.

Vectorize - HTTP API query vectors request and response format change

Wed, 17 Jan 2024 00:00:00 GMT

Vectorize /query HTTP endpoint has the following changes:

returnVectors request body property is deprecated in favor of returnValues and returnMetadata properties.
Response format has changed to the below format to match [Workers API change]:(/workers/configuration/compatibility-flags/#vectorize-query-with-metadata-optionally-returned)

{
  "result": {
    "count": 1,
    "matches": [
      {
        "id": "4",
        "score": 0.789848214,
        "values": [ 75.0999984741211, 67.0999984741211, 29.899999618530273],
        "metadata": {
          "url": "/products/sku/418313",
          "streaming_platform": "netflix"
        }
      }
    ]
  },
  "errors": [],
  "messages": [],
  "success": true
}

Images - Cloudflare Images and Images Resizing merge

Mon, 15 Jan 2024 00:00:00 GMT

Cloudflare Images and Images Resizing merged to create a more centralized and unified experience for Cloudflare Images. To learn more about the merge, refer to the blog post.

R2 - 2024-01-11

Thu, 11 Jan 2024 00:00:00 GMT

Sippy is available for Google Cloud Storage (GCS) beta.

DDoS protection - 2024-01-05

Fri, 05 Jan 2024 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...2de94fb2	HTTP requests with unusual HTTP headers or URI path (signature #3).	block	block	Fine-tune the characteristics of the unusual requests.
...177059f1	HTTP requests from known botnet (signature #31).	block	N/A	Removed due to false positives.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	N/A	Removed due to false positives.
...82c0ed5f	HTTP requests from known botnet (signature #77).	N/A	block
...e4f3ea4d	HTTP requests from known botnet (signature #76).	N/A	block

Access - Unique Entity IDs in Access for SaaS

Wed, 20 Dec 2023 00:00:00 GMT

All new Access for SaaS applications have unique Entity IDs. This allows for multiple integrations with the same SaaS provider if required. The unique Entity ID has the application audience tag appended. Existing apps are unchanged.

DDoS protection - 2023-12-19

Tue, 19 Dec 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...1fc1e601	HTTP requests with unusual HTTP headers or URI path (signature #31).	block	block	Add more characteristics to the unusual HTTP headers or URI path.
...22807318	HTTP requests from known botnets.	log	ddos_dynamic	Extend the rule to catch more attacks.
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Change the rule to catch more attacks.

Zaraz - 2023-12-19

Tue, 19 Dec 2023 00:00:00 GMT

Google Analytics 4 Managed Component: Fix Google Analytics 4 average engagement time metric.

D1 - Legacy alpha automated backups disabled

Mon, 18 Dec 2023 00:00:00 GMT

Databases using D1's legacy alpha backend will no longer run automated hourly backups. You may still choose to take manual backups of these databases.

The D1 team recommends moving to D1's new production backend, which will require you to export and import your existing data. D1's production backend is faster than the original alpha backend. The new backend also supports Time Travel, which allows you to restore your database to any minute in the past 30 days without relying on hourly or manual snapshots.

Turnstile - 2023-12-18

Mon, 18 Dec 2023 00:00:00 GMT

Added Pre-Clearance mode.

Access - Default relay state support in Access for SaaS

Fri, 15 Dec 2023 00:00:00 GMT

Allows Access admins to set a default relay state on Access for SaaS apps.

DDoS protection - 2023-12-14

Thu, 14 Dec 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Tweak the rule to avoid false positives in some rare cases.

R2 - 2023-12-11

Mon, 11 Dec 2023 00:00:00 GMT

The x-id query param for S3 ListBuckets action is now ignored.
The x-id query param is now ignored for all S3 actions.

DDoS protection - 2023-12-08

Fri, 08 Dec 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Updated the rule to avoid false positives in some rare circumstances.
...e7a37252	HTTP requests from known botnet (signature #75).	N/A	block

Vectorize - Metadata filtering

Wed, 06 Dec 2023 00:00:00 GMT

Vectorize now supports metadata filtering with equals ($eq) and not equals ($neq) operators. Metadata filtering limits query() results to only vectors that fulfill new filter property.

let metadataMatches = await env.YOUR_INDEX.query(queryVector,
  {
    topK: 3,
    filter: { streaming_platform: "netflix" },
    returnValues: true,
    returnMetadata: true
  })

Only new indexes created on or after 2023-12-06 support metadata filtering. Currently, there is no way to migrate previously created indexes to work with metadata filtering.

Workers - 2023-12-04

Mon, 04 Dec 2023 00:00:00 GMT

The Web Platform standard navigator.sendBeacon(...) API is now provided by the Workers runtime.
V8 updated to 12.0.

DDoS protection - 2023-11-29

Wed, 29 Nov 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...8ed59b32	HTTP requests with unusual HTTP headers or URI path (signature #61).	ddos_dynamic	ddos_dynamic	Rename rule to avoid confusion.
...61e8d513	Global L7 WordPress attack mitigations (Deprecated)	ddos_dynamic	ddos_dynamic	Mark rule as deprecated.

Radar - Add more meta information's

Mon, 27 Nov 2023 00:00:00 GMT

Added meta.lastUpdated to all summaries and top endpoints (timeseries and timeseriesGroups already had this).
Fix meta.dateRange to return date ranges for all requested series.

DDoS protection - 2023-11-22

Wed, 22 Nov 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...254da96a	HTTP requests with unusual HTTP headers or URI path (signature #58).	log	block

Radar - Add new Layer 3 endpoints and Layer 7 dimensions

Thu, 16 Nov 2023 00:00:00 GMT

Added Layer 3 top origin locations and top target location.
Added Layer 7 Summaries by http_method, http_version, ip_version, managed_rules, mitigation_product.
Added Layer 7 Timeseries Groups by http_method, http_version, ip_version, managed_rules, mitigation_product, industry, vertical.
Added Layer 7 Top by industry, vertical.
Deprecated Layer 7 timeseries groups without dimension.
- To continue getting this data, switch to the new timeseries group by mitigation_product endpoint.
Deprecated Layer 7 summary without dimension).
- To continue getting this data, switch to the new summary by mitigation_product endpoint.
Added new Error codes.

DDoS protection - 2023-11-13

Mon, 13 Nov 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Improve this filter to catch more attacks.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block
...7c7a2f25	HTTP requests from known botnet (signature #74).	N/A	block
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic

Zaraz - 2023-11-13

Mon, 13 Nov 2023 00:00:00 GMT

HTTP Request Managed Component: Re-added __zarazTrack property.

DDoS protection - 2023-11-10

Fri, 10 Nov 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...7d0f1e5f	HTTP requests from known botnet (signature #72).	N/A	block
...94547a95	HTTP requests with unusual HTTP headers or URI path (signature #59).	N/A	ddos_dynamic
...e269dfd6	HTTP requests with unusual HTTP headers or URI path (signature #56).	log	block	Enable filter early to mitigate widespread impact.
...f35a42a0	HTTP requests with unusual HTTP headers or URI path (signature #57).	log	block	Enable filter early to mitigate widespread impact.

Vectorize - Metadata API changes

Wed, 08 Nov 2023 00:00:00 GMT

Vectorize now supports distinct returnMetadata and returnValues arguments when querying an index, replacing the now-deprecated returnVectors argument. This allows you to return metadata without needing to return the vector values, reducing the amount of unnecessary data returned from a query. Both returnMetadata and returnValues default to false.

For example, to return only the metadata from a query, set returnMetadata: true.

let matches = await env.YOUR_INDEX.query(queryVector, { topK: 5, returnMetadata: true })

New Workers projects created on or after 2023-11-08 or that update the compatibility date for an existing project will use the new return type.

Stream - HLS improvements for on-demand TS output

Tue, 07 Nov 2023 00:00:00 GMT

HLS output from Cloudflare Stream on-demand videos that use Transport Stream file format now includes a 10 second offset to timestamps. This will have no impact on most customers. A small percentage of customers will see improved playback stability. Caption files were also adjusted accordingly.

Radar - Add new Layer 3 direction parameter

Tue, 31 Oct 2023 00:00:00 GMT

Added a direction parameter to all Layer 3 endpoints. Use together with location parameter to filter by origin or target location timeseries groups.

Zaraz - 2023-10-31

Tue, 31 Oct 2023 00:00:00 GMT

Google Analytics 4 Managed Component: Remove debug_mode key if falsy or false.

Workers - 2023-10-30

Mon, 30 Oct 2023 00:00:00 GMT

A new usage model called Workers Standard is available for Workers and Pages Functions pricing. This is now the default usage model for accounts that are first upgraded to the Workers Paid plan. Read the blog post for more information.
The usage model set in a script's wrangler.toml will be ignored after an account has opted-in to Workers Standard pricing. It must be configured through the dashboard (Workers & Pages > Select your Worker > Settings > Usage Model).
Workers and Pages Functions on the Standard usage model can set custom CPU limits for their Workers

AI Gateway - 2023-10-26

Thu, 26 Oct 2023 00:00:00 GMT

Real-time Logs: Logs are now real-time, showing logs for the last hour. If you have a need for persistent logs, please let the team know on Discord. We are building out a persistent logs feature for those who want to store their logs for longer.
Providers: Azure OpenAI is now supported as a provider!
Docs: Added Azure OpenAI example.
Bug Fixes: Errors with costs and tokens should be fixed.

Zaraz - 2023-10-26

Thu, 26 Oct 2023 00:00:00 GMT

Custom HTML: Added support for non-JavaScript script tags.

R2 - 2023-10-23

Mon, 23 Oct 2023 00:00:00 GMT

PutBucketCors now only accepts valid origins.

Workers - 2023-10-20

Fri, 20 Oct 2023 00:00:00 GMT

Added the crypto_preserve_public_exponent compatibility flag to correct a wrong type being used in the algorithm field of RSA keys in the WebCrypto API.

Zaraz - 2023-10-20

Fri, 20 Oct 2023 00:00:00 GMT

Bing Managed Component: Fixed an issue where some events were not being sent to Bing even after being triggered.
Dashboard: Improved welcome screen for new Zaraz users.

DDoS protection - 2023-10-19

Thu, 19 Oct 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...61bc58d5	HTTP requests with unusual HTTP headers or URI path (signature #55).	ddos_dynamic	ddos_dynamic	Requests will be challenged by default, larger attacks are blocked.

beacon.min.js - 2023-10-18

Wed, 18 Oct 2023 00:00:00 GMT

Manages A/B testing tags.

Workers - 2023-10-18

Wed, 18 Oct 2023 00:00:00 GMT

The limit of 3 Cron Triggers per Worker has been removed. Account-level limits on the total number of Cron Triggers across all Workers still apply.

Workers - 2023-10-12

Thu, 12 Oct 2023 00:00:00 GMT

A TCP Socket's WritableStream now ensures the connection has opened before resolving the promise returned by close.

DDoS protection - 2023-10-11

Wed, 11 Oct 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...35675e08	HTTP requests with unusual HTTP headers or URI path (signature #24).	block	block	This rule can cause rare false positives with custom apps sending invalid headers.

Stream - SRT Audio Improvements

Tue, 10 Oct 2023 00:00:00 GMT

In some cases, playback via SRT protocol was missing an audio track regardless of existence of audio in the broadcast. This issue is now resolved.

Tenant - New Tenant Admin UI

Tue, 10 Oct 2023 00:00:00 GMT

Partners can now create and view accounts through the Cloudflare dashboard by going to Tenants > Managed Accounts.

AI Gateway - 2023-10-09

Mon, 09 Oct 2023 00:00:00 GMT

Logs: Logs will now be limited to the last 24h. If you have a use case that requires more logging, please reach out to the team on Discord.
Dashboard: Logs now refresh automatically.
Docs: Fixed Workers AI example in docs and dash.
Caching: Embedding requests are now cacheable. Rate limit will not apply for cached requests.
Bug Fixes: Identical requests to different providers are not wrongly served from cache anymore. Streaming now works as expected, including for the Universal endpoint.
Known Issues: There's currently a bug with costs that we are investigating.

DDoS protection - 2023-10-09

Mon, 09 Oct 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action
...02bbdce1	HTTP requests with unusual HTTP headers or URI path (signature #47).	N/A	block
...493cb8a8	HTTP requests with unusual HTTP headers or URI path (signature #52).	N/A	block
...5c344623	HTTP requests from uncommon clients	N/A	block
...6363bb1b	HTTP requests with unusual HTTP headers or URI path (signature #48).	N/A	block
...c1fbd175	HTTP requests trying to impersonate browsers (pattern #4).	N/A	block

Workers - 2023-10-09

Mon, 09 Oct 2023 00:00:00 GMT

The Web Platform standard CustomEvent class is now available in Workers.
Fixed a bug in the WebCrypto API where the publicExponent field of the algorithm of RSA keys would have the wrong type. Use the crypto_preserve_public_exponent compatibility flag to enable the new behavior.

Queues - More queues per account - up to 10,000

Sat, 07 Oct 2023 00:00:00 GMT

Developers building on Queues can now create up to 10,000 queues per account, enabling easier per-user, per-job and sharding use-cases.

Refer to Limits to learn more about Queues' current limits.

Notifications - 2023-10-06

Fri, 06 Oct 2023 00:00:00 GMT

Added Traffic Anomalies Alerts to notify customers when traffic to their domain has an unexpected spike or drop.

Queues - Higher consumer concurrency limits

Thu, 05 Oct 2023 00:00:00 GMT

Queue consumers can now scale to 20 concurrent invocations (per queue), up from 10. This allows you to scale out and process higher throughput queues more quickly.

Queues with no explicit limit specified will automatically scale to the new maximum.

This limit will continue to grow during the Queues beta.

D1 - Create up to 50,000 D1 databases

Tue, 03 Oct 2023 00:00:00 GMT

Developers using D1 on a Workers Paid plan can now create up to 50,000 databases as part of ongoing increases to D1's limits.

This further enables database-per-user use-cases and allows you to isolate data between customers.
Total storage per account is now 50 GB.
D1's analytics and metrics provide per-database usage data.

If you need to create more than 50,000 databases or need more per-account storage, reach out to the D1 team to discuss.

Vectorize - Increased indexes per account limits

Tue, 03 Oct 2023 00:00:00 GMT

You can now create up to 100 Vectorize indexes per account. Read the limits documentation for details on other limits, many of which will increase during the beta period.

Zaraz - 2023-10-03

Tue, 03 Oct 2023 00:00:00 GMT

Bugfix: Fixed an issue that prevented some server-side requests from arriving to their destination
Google Analytics 4 Managed Component: Add support for dbg and ir fields.

D1 - The D1 public beta is here

Thu, 28 Sep 2023 00:00:00 GMT

D1 is now in public beta, and storage limits have been increased:

Developers with a Workers Paid plan now have a 2 GB per-database limit (up from 500 MB) and can create 25 databases per account (up from 10). These limits will continue to increase automatically during the public beta.
Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.

Databases must be using D1's new storage subsystem to benefit from the increased database limits.

Read the announcement blog for more details about what is new in the beta and what is coming in the future for D1.

Hyperdrive - Hyperdrive now available

Thu, 28 Sep 2023 00:00:00 GMT

Hyperdrive is now available in public beta to any developer with a Workers paid plan.

To start using Hyperdrive, visit the get started guide or read the announcement blog to learn more.

Notifications - 2023-09-28

Thu, 28 Sep 2023 00:00:00 GMT

Added Incident Alerts.

Vectorize - Vectorize now in public beta

Wed, 27 Sep 2023 00:00:00 GMT

Vectorize, Cloudflare's vector database, is now in public beta. Vectorize allows you to store and efficiently query vector embeddings from AI/ML models from Workers AI, OpenAI, and other embeddings providers or machine-learning workflows.

To get started with Vectorize, see the guide.

Stream - LL-HLS Beta

Mon, 25 Sep 2023 00:00:00 GMT

Low-Latency HTTP Live Streaming (LL-HLS) is now in open beta. Enable LL-HLS on your live input for automatic low-latency playback using the Stream built-in player where supported.

For more information, refer to live input and custom player docs.

DDoS protection - 2023-09-24

Sun, 24 Sep 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...0fb54442	HTTP requests with unusual HTTP headers or URI path (signature #49).	N/A	block
...3dd5f188	HTTP requests from known botnet (signature #71).	N/A	block
...97003a74	HTTP requests with unusual HTTP headers or URI path (signature #17).	block	block	Expand rule to catch more attacks.

DDoS protection - 2023-09-21

Thu, 21 Sep 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...1d73128d	HTTP requests from known botnet (signature #56).	block	block	Make the rule customizable as it might cause false positive in rare cases.
...4a95ba67	HTTP requests with unusual HTTP headers or URI path (signature #32).	ddos_dynamic	ddos_dynamic	Expand the scope of the rule to catch more attacks.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Update the rule to remove some rare false positives.

Version Management - Support for Bot Management

Wed, 20 Sep 2023 00:00:00 GMT

Version Management now supports versioning for Bot Management.

Access - App launcher supports tags and filters

Fri, 15 Sep 2023 00:00:00 GMT

Access admins can now tag applications and allow users to filter by those tags in the App Launcher.

Access - App launcher customization

Fri, 15 Sep 2023 00:00:00 GMT

Allow Access admins to configure the App Launcher page within Zero Trust.

Access - View active Access user identities in the dashboard and API

Fri, 15 Sep 2023 00:00:00 GMT

Access admins can now view the full contents of a user's identity and device information for all active application sessions.

Workers - 2023-09-14

Thu, 14 Sep 2023 00:00:00 GMT

An implementation of the node:crypto API from Node.js is now available when the nodejs_compat compatibility flag is enabled.

Pages - Support for D1's new storage subsystem and build error message improvements

Wed, 13 Sep 2023 00:00:00 GMT

Added support for D1's new storage subsystem. All Git builds and deployments done with Wrangler v3.5.0 and up can use the new subsystem.
Builds which fail due to exceeding the build time limit will return a proper error message indicating so rather than Internal error.
New and improved error messages for other build failures

Zaraz - 2023-09-13

Wed, 13 Sep 2023 00:00:00 GMT

Consent Management: Add support for custom button translations.
Consent Management: Modal stays fixed when scrolling.
Google Analytics 4 Managed Component: hideOriginalIP and ga-audiences can be set from tool event.

Zaraz - 2023-09-11

Mon, 11 Sep 2023 00:00:00 GMT

Reddit Managed Component: Support new "Account ID" formats (e.g. "ax_xxxxx").

Access - Custom OIDC claims for named IdPs

Fri, 08 Sep 2023 00:00:00 GMT

Access admins can now add custom claims to the existing named IdP providers. Previously this was locked to the generic OIDC provider.

Radar - Add Connection Tampering endpoints

Fri, 08 Sep 2023 00:00:00 GMT

Added Connection Tampering summary and timeseries endpoints.

Waiting Room - Waiting Room coverage for multiple hostnames and paths

Wed, 06 Sep 2023 00:00:00 GMT

Advanced Waiting Room customers can now add multiple hostname and path combinations to a single waiting room via the UI and API.

Zaraz - 2023-09-06

Wed, 06 Sep 2023 00:00:00 GMT

Consent Management: Consent cookie name can now be customized.

DDoS protection - 2023-09-05

Tue, 05 Sep 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Expand filter to catch attacks more comprehensively.
...4346874d	HTTP requests with unusual HTTP headers or URI path (signature #46).	N/A	block
...6fe7a312	HTTP requests from known botnet (signature #70).	N/A	block	Expand filter to catch more attacks. It is now configurable.

Zaraz - 2023-09-05

Tue, 05 Sep 2023 00:00:00 GMT

Segment Managed Component: API Endpoint can be customized.

R2 - 2023-09-01

Fri, 01 Sep 2023 00:00:00 GMT

Fixed an issue with ListBuckets where the name_contains parameter would also search over the jurisdiction name.

DDoS protection - 2023-08-30

Wed, 30 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic
...46082508	HTTP requests with unusual HTTP headers or URI path (signature #45).	N/A	block

DDoS protection - 2023-08-29

Tue, 29 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...3fe55678	HTTP requests with unusual HTTP headers or URI path (signature #44).	N/A	block

DDoS protection - 2023-08-25

Fri, 25 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...20c5afb5	HTTP requests with unusual HTTP headers or URI path (signature #36).	block	block	This rule was previously readonly, but can cause false positives in rare cases. It is now possible to override it.
...cb26e2e2	HTTP requests from known botnet (signature #69).	N/A	block
...ebff5ef1	HTTP requests with unusual HTTP headers or URI path (signature #43).	N/A	block

Turnstile - 2023-08-24

Thu, 24 Aug 2023 00:00:00 GMT

Added Client-side errors.

Notifications - 2023-08-23

Wed, 23 Aug 2023 00:00:00 GMT

Added Logo Match Alert.

Pages - Commit message limit increase

Wed, 23 Aug 2023 00:00:00 GMT

Commit messages can now be up to 384 characters before being trimmed.

R2 - 2023-08-23

Wed, 23 Aug 2023 00:00:00 GMT

Config Audit Logs GA.

Zaraz - 2023-08-21

Mon, 21 Aug 2023 00:00:00 GMT

TikTok Managed Component: Support setting ttp and event_id.
Consent Management: Accessibility improvements.
Facebook Managed Component: Support for using "Limited Data Use" features.

D1 - Row count now returned per query

Sat, 19 Aug 2023 00:00:00 GMT

D1 now returns a count of rows_written and rows_read for every query executed, allowing you to assess the cost of query for both pricing and index optimization purposes.

The meta object returned in D1's Client API contains a total count of the rows read (rows_read) and rows written (rows_written) by that query. For example, a query that performs a full table scan (for example, SELECT * FROM users) from a table with 5000 rows would return a rows_read value of 5000:

"meta": {
  "duration": 0.20472300052642825,
  "size_after": 45137920,
  "rows_read": 5000,
  "rows_written": 0
}

Refer to D1 pricing documentation to understand how reads and writes are measured. D1 remains free to use during the alpha period.

DDoS protection - 2023-08-16

Wed, 16 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...9721fd20	HTTP requests trying to impersonate browsers (pattern #3).	N/A	ddos_dynamic

DDoS protection - 2023-08-14

Mon, 14 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	managed_challenge	Expand the filter to catch more attacks.
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Expand the filter to catch more attacks.

Radar - Deprecate old layer 3 dataset

Mon, 14 Aug 2023 00:00:00 GMT

Added Regional Internet Registry (see field source in response) to get asn by id and get asn by ip endpoints.
Stopped collecting data in the old Layer 3 data source.
Updated Layer 3 timeseries endpoint to start using the new Layer 3 data source by default, fetching the old data source now requires sending the parameter metric=bytes_old.
Deprecated Layer 3 summary endpoint, this will stop receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.
Deprecated Layer 3 timeseries groups endpoint, this will stop receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.

DDoS protection - 2023-08-11

Fri, 11 Aug 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action
...1de9523e	HTTP requests with unusual HTTP headers or URI path (signature #41).	N/A	block
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...aa03a345	HTTP requests from known botnet (signature #68).	N/A	block
...efca86eb	HTTP requests from known botnet (signature #66).	N/A	block
...f93fb5d6	HTTP requests from known botnet (signature #67).	N/A	block

R2 - 2023-08-11

Fri, 11 Aug 2023 00:00:00 GMT

Users can now complete conditional multipart publish operations. When a condition failure occurs when publishing an upload, the upload is no longer available and is treated as aborted.

D1 - Bind D1 from the Cloudflare dashboard

Wed, 09 Aug 2023 00:00:00 GMT

You can now bind a D1 database to your Workers directly in the Cloudflare dashboard. To bind D1 from the Cloudflare dashboard, select your Worker project -> Settings -> Variables -> and select D1 Database Bindings.

Note: If you have previously deployed a Worker with a D1 database binding with a version of wrangler prior to 3.5.0, you must upgrade to wrangler v3.5.0 first before you can edit your D1 database bindings in the Cloudflare dashboard. New Workers projects do not have this limitation.

Legacy D1 alpha users who had previously prefixed their database binding manually with __D1_BETA__ should remove this as part of this upgrade. Your Worker scripts should call your D1 database via env.BINDING_NAME only. Refer to the latest D1 getting started guide for best practices.

We recommend all D1 alpha users begin using wrangler 3.5.0 (or later) to benefit from improved TypeScript types and future D1 API improvements.

Stream - Scheduled Deletion

Tue, 08 Aug 2023 00:00:00 GMT

Stream now supports adding a scheduled deletion date to new and existing videos. Live inputs support deletion policies for automatic recording deletion.

For more, refer to the video on demand or live input docs.

Access - Azure AD authentication contexts

Wed, 02 Aug 2023 00:00:00 GMT

Support Azure AD authentication contexts directly in Access policies.

D1 - Per-database limit now 500 MB

Tue, 01 Aug 2023 00:00:00 GMT

Databases using D1's new storage subsystem can now grow to 500 MB each, up from the previous 100 MB limit. This applies to both existing and newly created databases.

Refer to Limits to learn about D1's limits.

Pages - Support for newer TLDs

Tue, 01 Aug 2023 00:00:00 GMT

Support newer TLDs such as .party and .music.

DDoS protection - 2023-07-31

Mon, 31 Jul 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...9aec0913	HTTP requests from known botnet (signature #52).	block	block	Expose existing read-only filter publicly as it might cause false positives in rare cases.
...c5f479f0	HTTP requests from known botnet (signature #62).	N/A	block
...d0e36f9c	HTTP requests from known botnet (signature #63).	N/A	block

DDoS protection - 2023-07-31

Mon, 31 Jul 2023 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...aa772b5c	Adaptive DDoS Protection for Location-Based UDP (Available only to Enterprise accounts).	N/A	log	Enable UDP geolocation Adaptive DDoS rule

Radar - Fix HTTP timeseries endpoint urls

Mon, 31 Jul 2023 00:00:00 GMT

Updated HTTP timeseries endpoints urls to timeseries_groups (example) due to consistency. Old timeseries endpoints are still available, but will soon be removed.

Turnstile - 2023-07-31

Mon, 31 Jul 2023 00:00:00 GMT

Added [turnstile.isExpired].
Added uk language.

D1 - New default storage subsystem

Thu, 27 Jul 2023 00:00:00 GMT

Databases created via the Cloudflare dashboard and Wrangler (as of v3.4.0) now use D1's new storage subsystem by default. The new backend can be 6 - 20x faster than D1's original alpha backend.

To understand which storage subsystem your database uses, run wrangler d1 info YOUR_DATABASE and inspect the version field in the output.

Databases with version: beta use the new storage backend and support the Time Travel API. Databases with version: alpha only use D1's older, legacy backend.

D1 - Time Travel

Thu, 27 Jul 2023 00:00:00 GMT

Time Travel is now available. Time Travel allows you to restore a D1 database back to any minute within the last 30 days (Workers Paid plan) or 7 days (Workers Free plan), at no additional cost for storage or restore operations.

Refer to the Time Travel documentation to learn how to travel backwards in time.

Databases using D1's new storage subsystem can use Time Travel. Time Travel replaces the snapshot-based backups used for legacy alpha databases.

beacon.min.js - 2023-07-25

Tue, 25 Jul 2023 00:00:00 GMT

Fixed ETag format in the response header.

Radar - Add URL Scanner endpoints

Thu, 20 Jul 2023 00:00:00 GMT

Added urlscanner endpoints. For more information, refer to URL Scanner.

Workers - 2023-07-14

Fri, 14 Jul 2023 00:00:00 GMT

An implementation of the util.MIMEType API from Node.js is now available when the nodejs_compat compatibility flag is enabled.

beacon.min.js - 2023-07-13

Thu, 13 Jul 2023 00:00:00 GMT

Fixed the issue that was causing an illegal invocation error.

Pages - V2 build system enabled by default

Tue, 11 Jul 2023 00:00:00 GMT

V2 build system is now default for all new projects.

Pages - Sped up project creation

Mon, 10 Jul 2023 00:00:00 GMT

Sped up project creation.

Workers - 2023-07-07

Fri, 07 Jul 2023 00:00:00 GMT

An implementation of the process.env API from Node.js is now available when using the nodejs_compat compatibility flag.
An implementation of the diagnostics_channel API from Node.js is now available when using the nodejs_compat compatibility flag.

R2 - 2023-07-05

Wed, 05 Jul 2023 00:00:00 GMT

Improved performance for ranged reads on very large files. Previously ranged reads near the end of very large files would be noticeably slower than ranged reads on smaller files. Performance should now be consistently good independent of filesize.

API deprecations - ChaCha20 TLS Cipher Removal

Sat, 01 Jul 2023 00:00:00 GMT

Deprecation date: July 1, 2023

Back in 2016, Cloudflare introduced support for ChaCha20-Poly1305 cipher suites for TLS 1.2. At the time, we introduced two variants of these new suites, the "standard" suites as defined by the IETF RFC 7905, and "draft" suites that followed an earlier draft of said specification. The draft suites were added for compatibility with some older Android devices that at the time did not yet support the proper ChaCha20-Poly1305 standard versions. This was in 2016, and in the meantime the standard ChaCha20-Poly1305 cipher suites have gained much wider adoption, to the point were traffic using the old suites has dropped significantly. Due to the current low usage and the non-standard nature of these cipher suites, we are now deprecating their support on the Cloudflare network.

This should not affect customer zones in any way, as clients that might currently use these cipher suites will be able to fallback to different ones. In addition, unlike the standard variants, these legacy cipher suites are not exposed directly through our API (e.g. through the TLS cipher suites preferences endpoint), and their deprecation will not affect customer configurations in any way.

As of July 1st, 2023, the ChaCha20-Poly1305 ciphers have been deprecated and are deemed End of Life by Cloudflare. If you have clients that currently rely on these ciphers, it is strongly recommended to upgrade them to newer, more secure ciphers. Be aware that these deprecated ciphers will be completely removed in the first quarter of 2024, and requests using them will start to fail. Take proactive measures to ensure a smooth transition and maintain the security of your systems.

API deprecations - Transfer-Encoding and Content-Length headers

Sat, 01 Jul 2023 00:00:00 GMT

Deprecation date: July 1, 2023

Previously, RFC 2616 allowed the use of Transfer-Encoding and Content-Length HTTP headers in the same request. RFC 7230 supersedes RFC 2616 and prohibits the use of Transfer-Encoding and Content-Length headers in the same request because they can cause HTTP request smuggling vulnerabilities.

Starting on July 1st, 2023, Cloudflare will decline requests with both Transfer-Encoding and Content-Length HTTP headers.

D1 - Metrics and analytics

Wed, 28 Jun 2023 00:00:00 GMT

You can now view per-database metrics via both the Cloudflare dashboard and the GraphQL Analytics API.

D1 currently exposes read & writes per second, query response size, and query latency percentiles.

Spectrum - 2023-06-27

Tue, 27 Jun 2023 00:00:00 GMT

Argo Smart Routing is available for UDP applications, providing faster and more reliable traffic routing.

Access - Custom block pages for Access applications

Fri, 23 Jun 2023 00:00:00 GMT

Allow Access admins to customize the block pages presented by Access to end users.

Workers - 2023-06-22

Thu, 22 Jun 2023 00:00:00 GMT

Added the strict_crypto_checks compatibility flag to enable additional Web Crypto API error and security checking.
Fixes regression in the TCP Sockets API where connect("google.com:443") would fail with a TypeError.

R2 - 2023-06-21

Wed, 21 Jun 2023 00:00:00 GMT

Multipart ETags are now MD5 hashes.

Radar - Add Quality endpoints

Tue, 20 Jun 2023 00:00:00 GMT

Added quality endpoints.

Workers - 2023-06-19

Mon, 19 Jun 2023 00:00:00 GMT

The TCP Sockets API now reports clearer errors when a connection cannot be established.
Updated V8 to 11.5.

D1 - Generated columns documentation

Fri, 16 Jun 2023 00:00:00 GMT

New documentation has been published on how to use D1's support for generated columns to define columns that are dynamically generated on write (or read). Generated columns allow you to extract data from JSON objects or use the output of other SQL functions.

R2 - 2023-06-16

Fri, 16 Jun 2023 00:00:00 GMT

Fixed a bug where calling GetBucket on a non-existent bucket would return a 500 instead of a 404.
Improved S3 compatibility for ListObjectsV1, now nextmarker is only set when truncated is true.
The R2 worker bindings now support parsing conditional headers with multiple etags. These etags can now be strong, weak or a wildcard. Previously the bindings only accepted headers containing a single strong etag.
S3 putObject now supports sha256 and sha1 checksums. These were already supported by the R2 worker bindings.
CopyObject in the S3 compatible api now supports Cloudflare specific headers which allow the copy operation to be conditional on the state of the destination object.

D1 - Deprecating Error.cause

Mon, 12 Jun 2023 00:00:00 GMT

As of wrangler v3.1.1 the D1 client API now returns detailed error messages within the top-level Error.message property, and no longer requires developers to inspect the Error.cause.message property.

To facilitate a transition from the previous Error.cause behaviour, detailed error messages will continue to be populated within Error.cause as well as the top-level Error object until approximately July 14th, 2023. Future versions of both wrangler and the D1 client API will no longer populate Error.cause after this date.

Workers - 2023-06-09

Fri, 09 Jun 2023 00:00:00 GMT

AbortSignal.any() is now available.
Updated V8 to 11.4.
Following an update to the WHATWG URL spec, the delete() and has() methods of the URLSearchParams class now accept an optional second argument to specify the search parameter’s value. This is potentially a breaking change, so it is gated behind the new urlsearchparams_delete_has_value_arg and url_standard compatibility flags.
Added the strict_compression_checks compatibility flag for additional DecompressionStream error checking.

Radar - Add BGP stats, pfx2as and moas endpoint

Wed, 07 Jun 2023 00:00:00 GMT

Added BGP stats, pfx2as and moas endpoints.

API deprecations - Account Billing Profile, User Billing Profile, and User Billing History

Tue, 06 Jun 2023 00:00:00 GMT

Deprecation date: June 6, 2023

There is no API replacement for these endpoints. As an alternative, please log in to your Cloudflare account to view your:

Deprecated API:

GET accounts/{account_identifier}/billing/profile
GET user/billing/profile
GET user/billing/history

Workers - 2023-05-26

Fri, 26 May 2023 00:00:00 GMT

A new Hibernatable WebSockets API (beta) has been added to Durable Objects. The Hibernatable WebSockets API allows a Durable Object that is not currently running an event handler (for example, processing a WebSocket message or alarm) to be removed from memory while keeping its WebSockets connected (“hibernation”). A Durable Object that hibernates will not incur billable Duration (GB-sec) charges.

Turnstile - 2023-05-25

Thu, 25 May 2023 00:00:00 GMT

Added idempotency support for POST /siteverify requests via the idempotency_key parameter.

Browser Rendering - Browser Rendering Beta

Fri, 19 May 2023 00:00:00 GMT

Beta Launch

D1 - New experimental backend

Fri, 19 May 2023 00:00:00 GMT

D1 has a new experimental storage back end that dramatically improves query throughput, latency and reliability. The experimental back end will become the default back end in the near future. To create a database using the experimental backend, use wrangler and set the --experimental-backend flag when creating a database:

$ wrangler d1 create your-database --experimental-backend

Read more about the experimental back end in the announcement blog.

D1 - Location hints

Fri, 19 May 2023 00:00:00 GMT

You can now provide a location hint when creating a D1 database, which will influence where the leader (writer) is located. By default, D1 will automatically create your database in a location close to where you issued the request to create a database. In most cases this allows D1 to choose the optimal location for your database on your behalf.

Pages - Build error message improvement

Fri, 19 May 2023 00:00:00 GMT

Builds which fail due to Out of memory (OOM) will return a proper error message indicating so rather than Internal error.

Workers for Platforms - Outbound Workers, Custom Limits and Tail Workers

Thu, 18 May 2023 00:00:00 GMT

Outbound Workers, Custom Limits and Tail Workers are now available.

D1 - Query JSON

Wed, 17 May 2023 00:00:00 GMT

New documentation has been published that covers D1's extensive JSON function support. JSON functions allow you to parse, query and modify JSON directly from your SQL queries, reducing the number of round trips to your database, or data queried.

Pages - V2 build system beta

Wed, 17 May 2023 00:00:00 GMT

The V2 build system is now available in open beta. Enable the V2 build system by going to your Pages project in the Cloudflare dashboard and selecting Settings > Build & deployments > Build system version.

Pages - Support for Smart Placement

Tue, 16 May 2023 00:00:00 GMT

Smart placement can now be enabled for Pages within your Pages Project by going to Settings > Functions.

Stream - Multiple audio tracks now generally available

Tue, 16 May 2023 00:00:00 GMT

Stream supports adding multiple audio tracks to an existing video.

For more, refer to the documentation to get started.

Workers - 2023-05-16

Tue, 16 May 2023 00:00:00 GMT

The new connect() method allows you to connect to any TCP-speaking services directly from your Workers. To learn more about other protocols supported on the Workers platform, visit the new Protocols documentation.
We have added new native database integrations for popular serverless database providers, including Neon, PlanetScale, and Supabase. Native integrations automatically handle the process of creating a connection string and adding it as a Secret to your Worker.
You can now also connect directly to databases over TCP from a Worker, starting with PostgreSQL. Support for PostgreSQL is based on the popular pg driver, and allows you to connect to any PostgreSQL instance over TLS from a Worker directly.
The R2 Migrator (Super Slurper), which automates the process of migrating from existing object storage providers to R2, is now Generally Available.

Workers - 2023-05-15

Mon, 15 May 2023 00:00:00 GMT

Cursor, an experimental AI assistant, trained to answer questions about Cloudflare's Developer Platform, is now available to preview! Cursor can answer questions about Workers and the Cloudflare Developer Platform, and is itself built on Workers. You can read more about Cursor in the announcement blog.

Workers - 2023-05-12

Fri, 12 May 2023 00:00:00 GMT

The performance.now() and performance.timeOrigin APIs can now be used in Cloudflare Workers. Just like Date.now(), for security reasons time only advances after I/O.

Radar - Added `IOS` as an option for the OS parameter in all HTTP

Wed, 10 May 2023 00:00:00 GMT

Added IOS as an option for the OS parameter in all HTTP endpoints (example).

Workers - 2023-05-05

Fri, 05 May 2023 00:00:00 GMT

The new nodeJsCompatModule type can be used with a Worker bundle to emulate a Node.js environment. Common Node.js globals such as process and Buffer will be present, and require('...') can be used to load Node.js built-ins without the node: specifier prefix.
Fixed an issue where websocket connections would be disconnected when updating workers. Now, only WebSockets connected to Durable Objects are disconnected by updates to that Durable Object’s code.

Workers - 2023-04-28

Fri, 28 Apr 2023 00:00:00 GMT

The Web Crypto API now supports curves Ed25519 and X25519 defined in the Secure Curves specification.
The global connect method has been moved to a cloudflare:sockets module.

Stream - Player Enhancement Properties

Wed, 26 Apr 2023 00:00:00 GMT

Cloudflare Stream now supports player enhancement properties.

With player enhancements, you can modify your video player to incorporate elements of your branding, such as your logo, and customize additional options to present to your viewers.

For more, refer to the documentation to get started.

beacon.min.js - 2023-04-19

Wed, 19 Apr 2023 00:00:00 GMT

Reports additional LCP diagnostic information using web-vitals library's attribution build.

Notifications - 2023-04-19

Wed, 19 Apr 2023 00:00:00 GMT

Added Maintenance Notification Alerts.

DDoS protection - 2023-04-17

Mon, 17 Apr 2023 00:00:00 GMT

Previously, only a subset of rules were exposed publicly. In rare situations, these rules can cause false positives. When this happens, you can customize their behavior using overrides.

Besides these rules, the DDoS managed rules contain other rules that do not cause issues. Until now, these rules were not shown in the dashboard or referenced in the documentation.

Cloudflare now shows all rules in the dashboard, including these high-confidence rules. This means that packets matching these rules will now have the correct rule identifier. The newly published rules are read-only and you cannot disable them.

Turnstile - 2023-04-17

Mon, 17 Apr 2023 00:00:00 GMT

Added references to Turnstile Public API.
Added references for [after-interactive-callback], [before-interactive-callback], and [unsupported-callback].

Workers - 2023-04-14

Fri, 14 Apr 2023 00:00:00 GMT

No externally-visible changes this week.

Workers - 2023-04-10

Mon, 10 Apr 2023 00:00:00 GMT

URL.canParse(...) is a new standard API for testing that an input string can be parsed successfully as a URL without the additional cost of creating and throwing an error.
The Workers-specific IdentityTransformStream and FixedLengthStream classes now support specifying a highWaterMark for the writable-side that is used for backpressure signaling using the standard writer.desiredSize/writer.ready mechanisms.

beacon.min.js - 2023-04-06

Thu, 06 Apr 2023 00:00:00 GMT

Updated webpack configuration to output code in ECMAScript 3 (ES3) format.

API deprecations - Load Balancing - notification_email

Mon, 03 Apr 2023 00:00:00 GMT

Deprecation date: April 3, 2023

This field is deprecated and has been moved to Cloudflare centralized notification service.

notification_email is the email address to send health status notifications to. This can be an individual mailbox or a mailing list. Multiple emails can be supplied as a comma delimited list.

R2 - 2023-04-01

Sat, 01 Apr 2023 00:00:00 GMT

GetBucket is now available for use through the Cloudflare API.
Location hints can now be set when creating a bucket, both through the S3 API, and the dashboard.

Queues - Consumer concurrency (enabled)

Tue, 28 Mar 2023 00:00:00 GMT

Queue consumers will now automatically scale up based on the number of messages being written to the queue. To control or limit concurrency, you can explicitly define a max_concurrency for your consumer.

Workers - 2023-03-24

Fri, 24 Mar 2023 00:00:00 GMT

Fixed a bug in Wrangler tail and live logs on the dashboard that prevented the Administrator Read-Only and Workers Tail Read roles from successfully tailing Workers.

beacon.min.js - 2023-03-23

Thu, 23 Mar 2023 00:00:00 GMT

Updated Google's web-vitals library (version 3.1.1) and removed experimental server-timing header.

Pages - Git projects can now see files uploaded

Thu, 23 Mar 2023 00:00:00 GMT

Files uploaded are now visible for Git projects, you can view them in the Cloudflare dashboard.

Stream - Limits for downloadable MP4s for live recordings

Tue, 21 Mar 2023 00:00:00 GMT

Previously, generating a download for a live recording exceeding four hours resulted in failure.

To fix the issue, now video downloads are only available for live recordings under four hours. Live recordings exceeding four hours can still be played but cannot be downloaded.

Pages - Notifications for Pages are now available

Mon, 20 Mar 2023 00:00:00 GMT

Notifications for Pages events are now available in the Cloudflare dashboard. Events supported include:
- Deployment started.
- Deployment succeeded.
- Deployment failed.

Radar - Add AS112 and email endpoints

Mon, 20 Mar 2023 00:00:00 GMT

Added AS112 endpoints.
Added email endpoints.

API deprecations - Access Bookmark applications

Sun, 19 Mar 2023 00:00:00 GMT

Deprecation date: March 19, 2023

This endpoint is deprecated in favor of using a specialized Access Application App Type API.

Deprecated API:

GET accounts/:identifier/access/bookmarks
GET accounts/:identifier/access/bookmarks/:uuid
POST accounts/:identifier/access/bookmarks/:uuid
PUT accounts/:identifier/access/bookmarks/:uuid
DELETE accounts/:identifier/access/bookmarks/:uuid

Replacement: Access applications app type API

R2 - 2023-03-16

Thu, 16 Mar 2023 00:00:00 GMT

The ListParts API has been implemented and is available for use.
HTTP2 is now enabled by default for new custom domains linked to R2 buckets.
Object Lifecycles are now available for use.
Bug fix: Requests to public buckets will now return the Content-Encoding header for gzip files when Accept-Encoding: gzip is used.

Queues - Consumer concurrency (upcoming)

Wed, 15 Mar 2023 00:00:00 GMT

Queue consumers will soon automatically scale up concurrently as a queues' backlog grows in order to keep overall message processing latency down. Concurrency will be enabled on all existing queues by 2023-03-28.

To opt-out, or to configure a fixed maximum concurrency, set max_concurrency = 1 in your wrangler.toml / wrangler.json file or via the queues dashboard.

To opt-in, you do not need to take any action: your consumer will begin to scale out as needed to keep up with your message backlog. It will scale back down as the backlog shrinks, and/or if a consumer starts to generate a higher rate of errors. To learn more about how consumers scale, refer to the consumer concurrency documentation.

Notifications - 2023-03-13

Mon, 13 Mar 2023 00:00:00 GMT

Added Pages Alerts.

Workers - 2023-03-09

Thu, 09 Mar 2023 00:00:00 GMT

No externally-visible changes.

Turnstile - 2023-03-06

Mon, 06 Mar 2023 00:00:00 GMT

Added [execution] and [appearance].

Workers - 2023-03-06

Mon, 06 Mar 2023 00:00:00 GMT

Workers Logpush now supports 300 characters per log line. This is an increase from the previous limit of 150 characters per line.

Notifications - 2023-03-02

Thu, 02 Mar 2023 00:00:00 GMT

Added Brand Protection Alerts.

Queues - Explicit acknowledgement (new feature)

Thu, 02 Mar 2023 00:00:00 GMT

You can now acknowledge individual messages with a batch by calling .ack() on a message.

This allows you to mark a message as delivered as you process it within a batch, and avoids the entire batch from being redelivered if your consumer throws an error during batch processing. This can be particularly useful when you are calling external APIs, writing messages to a database, or otherwise performing non-idempotent actions on individual messages within a batch.

Queues - Higher per-queue throughput

Wed, 01 Mar 2023 00:00:00 GMT

The per-queue throughput limit has now been raised to 400 messages per second.

Turnstile - 2023-02-15

Wed, 15 Feb 2023 00:00:00 GMT

Added the [turnstile.ready] callback.

Pages - Analytics Engine now available in Functions

Tue, 14 Feb 2023 00:00:00 GMT

Added support for Analytics Engine in Functions.

Workers - 2023-02-06

Mon, 06 Feb 2023 00:00:00 GMT

Fixed a bug where transferring large request bodies to a Durable Object was unexpectedly slow.
Previously, an error would be thrown when trying to access unimplemented standard Request and Response properties. Now those will be left as undefined.

Turnstile - 2023-02-01

Wed, 01 Feb 2023 00:00:00 GMT

Added the [data-]language parameter.

Workers - 2023-01-31

Tue, 31 Jan 2023 00:00:00 GMT

The request.cf object now includes two additional properties, tlsClientHelloLength and tlsClientRandom.

R2 - 2023-01-27

Fri, 27 Jan 2023 00:00:00 GMT

R2 authentication tokens created via the R2 token page are now scoped to a single account by default.

Radar - Updated IPv6 calculation method

Mon, 23 Jan 2023 00:00:00 GMT

IPv6 percentage started to be calculated as (IPv6 requests / requests for dual-stacked content), where as before it was calculated as (IPv6 requests / IPv4+IPv6 requests).

Workers - 2023-01-13

Fri, 13 Jan 2023 00:00:00 GMT

Durable Objects can now use jurisdictions with idFromName via a new subnamespace API.
V8 updated to 10.9.

Radar - Add new layer 3 dataset

Wed, 11 Jan 2023 00:00:00 GMT

Added new Layer 3 data source and related endpoints.
Updated Layer 3 timeseries endpoint to support fetching both current and new data sources. For retro-compatibility reasons, fetching the new data source requires sending the parameter metric=bytes else the current data source will be returned.
Deprecated old Layer 3 endpoints TimeseriesGroups and Summary. Users should upgrade to newer endpoints.

Pages - Queues now available in Functions

Thu, 05 Jan 2023 00:00:00 GMT

Added support for Queues producer in Functions.

Stream - Earlier detection (and rejection) of non-video uploads

Wed, 04 Jan 2023 00:00:00 GMT

Cloudflare Stream now detects non-video content on upload using the POST API and returns a 400 Bad Request HTTP error with code 10059.

Previously, if you or one of your users attempted to upload a file that is not a video (ex: an image), the request to upload would appear successful, but then fail to be encoded later on.

With this change, Stream responds to the upload request with an error, allowing you to give users immediate feedback if they attempt to upload non-video content.

Pages - API messaging update

Thu, 15 Dec 2022 00:00:00 GMT

Updated all API messaging to be more helpful.

Queues - sendBatch support

Tue, 13 Dec 2022 00:00:00 GMT

The JavaScript API for Queue producers now includes a sendBatch method which supports sending up to 100 messages at a time.

Queues - Increased per-account limits

Mon, 12 Dec 2022 00:00:00 GMT

Queues now allows developers to create up to 100 queues per account, up from the initial beta limit of 10 per account. This limit will continue to increase over time.

Turnstile - 2022-12-12

Mon, 12 Dec 2022 00:00:00 GMT

POST /siteverify supports JSON requests now.

Stream - Faster mp4 downloads of live recordings

Thu, 08 Dec 2022 00:00:00 GMT

Generating MP4 downloads of live stream recordings is now significantly faster. For more, refer to the docs.

R2 - 2022-12-07

Wed, 07 Dec 2022 00:00:00 GMT

Fix CORS preflight requests for the S3 API, which allows using the S3 SDK in the browser.
Passing a range header to the get operation in the R2 bindings API should now work as expected.

DDoS protection - 2022-12-02

Fri, 02 Dec 2022 00:00:00 GMT

Rule ID	Description	Previous Action	New Action	Notes
...58e4914a	Adaptive DDoS Protection for UDP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...76d5e15c	Adaptive DDoS Protection for Other IPv6 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...8de83ef6	Adaptive DDoS Protection for IPv6 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...938e978c	Adaptive DDoS Protection for IPv6 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...9c173480	Adaptive DDoS Protection for ICMP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ad8078b8	Adaptive DDoS Protection for IPv4 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ae3f5e4e	Adaptive DDoS Protection for ICMPv6 (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...c7dc52df	Adaptive DDoS Protection for Other IPv4 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...e4e7541c	Adaptive DDoS Protection for IPv4 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives

Pages - Ability to delete aliased deployments

Thu, 01 Dec 2022 00:00:00 GMT

Aliased deployments can now be deleted. If using the API, you will need to add the query parameter force=true.

R2 - 2022-11-30

Wed, 30 Nov 2022 00:00:00 GMT

Requests with the header x-amz-acl: public-read are no longer rejected.
Fixed issues with wildcard CORS rules and presigned URLs.
Fixed an issue where ListObjects would time out during delimited listing of unicode-normalized keys.
S3 API's PutBucketCors now rejects requests with unknown keys in the XML body.
Signing additional headers no longer breaks CORS preflight requests for presigned URLs.

Stream - Multiple audio tracks (closed beta)

Tue, 29 Nov 2022 00:00:00 GMT

Stream now supports adding multiple audio tracks to an existing video upload. This allows you to:

Provide viewers with audio tracks in multiple languages
Provide dubbed audio tracks, or audio commentary tracks (ex: Director’s Commentary)
Allow your users to customize the customize the audio mix, by providing separate audio tracks for music, speech or other audio tracks.
Provide Audio Description tracks to ensure your content is accessible. (WCAG 2.0 Guideline 1.2 1)

To request an invite to the beta, refer to this post.

Stream - VP9 support for WebRTC live streams (beta)

Tue, 22 Nov 2022 00:00:00 GMT

Cloudflare Stream now supports VP9 when streaming using WebRTC (WHIP), currently in beta.

R2 - 2022-11-21

Mon, 21 Nov 2022 00:00:00 GMT

Fixed a bug in ListObjects where startAfter would skip over objects with keys that have numbers right after the startAfter prefix.
Add worker bindings for multipart uploads.

Pages - Deep linking to a Pages deployment

Sat, 19 Nov 2022 00:00:00 GMT

You can now deep-link to a Pages deployment in the dashboard with :pages-deployment. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project/:pages-deployment.

Pages - Functions GA and other updates

Thu, 17 Nov 2022 00:00:00 GMT

Pages functions are now GA. For more information, refer to the blog post.
We also made the following updates to Functions:
- Functions metrics are now available in the dashboard.
- Functions billing is now available.
- The Unbound usage model is now available for Functions.
- Secrets are now available.
- Functions tailing is now available via the dashboard or with Wrangler (wrangler pages deployment tail).

R2 - 2022-11-17

Thu, 17 Nov 2022 00:00:00 GMT

Unconditionally return HTTP 206 on ranged requests to match behavior of other S3 compatible implementations.
Fixed a CORS bug where AllowedHeaders in the CORS config were being treated case-sensitively.

Pages - Service bindings now available in Functions

Tue, 15 Nov 2022 00:00:00 GMT

Service bindings are now available in Functions. For more details, refer to the docs.

Turnstile - 2022-11-11

Fri, 11 Nov 2022 00:00:00 GMT

Added retry and retry-interval for controlling retry behavior.

R2 - 2022-11-08

Tue, 08 Nov 2022 00:00:00 GMT

Copying multipart objects via CopyObject is re-enabled.
UploadPartCopy is re-enabled.

Stream - Reduced time to start WebRTC streaming and playback with Trickle ICE

Tue, 08 Nov 2022 00:00:00 GMT

Cloudflare Stream's WHIP and WHEP implementations now support Trickle ICE, reducing the time it takes to initialize WebRTC connections, and increasing compatibility with WHIP and WHEP clients.

For more, refer to the docs.

Stream - Deprecating the 'per-video' Analytics API

Mon, 07 Nov 2022 00:00:00 GMT

The “per-video” analytics API is being deprecated. If you still use this API, you will need to switch to using the GraphQL Analytics API by February 1, 2023. After this date, the per-video analytics API will be no longer available.

The GraphQL Analytics API provides the same functionality and more, with additional filters and metrics, as well as the ability to fetch data about multiple videos in a single request. Queries are faster, more reliable, and built on a shared analytics system that you can use across many Cloudflare products.

For more about this change and how to migrate existing API queries, refer to this post and the GraphQL Analytics API docs.

Pages - Ansi color codes in build logs

Thu, 03 Nov 2022 00:00:00 GMT

Build log now supports ansi color codes.

Stream - Create an unlimited number of live inputs

Tue, 01 Nov 2022 00:00:00 GMT

Cloudflare Stream now has no limit on the number of live inputs you can create. Stream is designed to allow your end-users to go live — live inputs can be created quickly on-demand via a single API request for each of user of your platform or app.

For more on creating and managing live inputs, get started with the docs.

R2 - 2022-10-28

Fri, 28 Oct 2022 00:00:00 GMT

Multipart upload part sizes are always expected to be of the same size, but this enforcement is now done when you complete an upload instead of being done very time you upload a part.
Fixed a performance issue where concurrent multipart part uploads would get rejected.

Turnstile - 2022-10-28

Fri, 28 Oct 2022 00:00:00 GMT

Renamed the [data-]expired-callback callback to [data-]timeout-callback (called when the challenge times out).
Added the [data-]expired-callback callback (called when the token expires).

R2 - 2022-10-26

Wed, 26 Oct 2022 00:00:00 GMT

Fixed ranged reads for multipart objects with part sizes unaligned to 64KiB.

Turnstile - 2022-10-24

Mon, 24 Oct 2022 00:00:00 GMT

Added response-field and response-field-name for controlling the input element created by Turnstile.
Added option for changing the size of the Turnstile widget.

Stream - More accurate bandwidth estimates for live video playback

Thu, 20 Oct 2022 00:00:00 GMT

When playing live video, Cloudflare Stream now provides significantly more accurate estimates of the bandwidth needs of each quality level to client video players. This ensures that live video plays at the highest quality that viewers have adequate bandwidth to play.

As live video is streamed to Cloudflare, we transcode it to make it available to viewers at multiple quality levels. During transcoding, we learn about the real bandwidth needs of each segment of video at each quality level, and use this to provide an estimate of the bandwidth requirements of each quality level the in HLS (.m3u8) and DASH (.mpd) manifests.

If a live stream contains content with low visual complexity, like a slideshow presentation, the bandwidth estimates provided in the HLS manifest will be lower, ensuring that the most viewers possible view the highest quality level, since it requires relatively little bandwidth. Conversely, if a live stream contains content with high visual complexity, like live sports with motion and camera panning, the bandwidth estimates provided in the HLS manifest will be higher, ensuring that viewers with inadequate bandwidth switch down to a lower quality level, and their playback does not buffer.

This change is particularly helpful if you're building a platform or application that allows your end users to create their own live streams, where these end users have their own streaming software and hardware that you can't control. Because this new functionality adapts based on the live video we receive, rather than just the configuration advertised by the broadcaster, even in cases where your end users' settings are less than ideal, client video players will not receive excessively high estimates of bandwidth requirements, causing playback quality to decrease unnecessarily. Your end users don't have to be OBS Studio experts in order to get high quality video playback.

No work is required on your end — this change applies to all live inputs, for all customers of Cloudflare Stream. For more, refer to the docs.

R2 - 2022-10-19

Wed, 19 Oct 2022 00:00:00 GMT

HeadBucket now sets x-amz-bucket-region to auto in the response.

beacon.min.js - 2022-10-17

Mon, 17 Oct 2022 00:00:00 GMT

Updated to report new metrics such as time to first byte (TTFB), interaction to next paint (INP), and first contentful paint (FCP). Additionally, it reports navigator.webdriver, server-timing header (experimental), and protocol info (nextHopProtocol).

Turnstile - 2022-10-13

Thu, 13 Oct 2022 00:00:00 GMT

Added validation for action: /^[a-z0-9_-]{0,32}$/i
Added validation for cData: /^[a-z0-9_-]{0,255}$/i

API deprecations - Page Shield

Tue, 11 Oct 2022 00:00:00 GMT

Deprecation date: October 11, 2022

Replace script_monitor in Page Shield API routes with page_shield.

Turnstile - 2022-10-11

Tue, 11 Oct 2022 00:00:00 GMT

Added turnstile.remove

R2 - 2022-10-06

Thu, 06 Oct 2022 00:00:00 GMT

Temporarily disabled UploadPartCopy while we investigate an issue.

Pages - Deep linking to a Pages project

Wed, 05 Oct 2022 00:00:00 GMT

You can now deep-link to a Pages project in the dashboard with :pages-project. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project.

Stream - AV1 Codec support for live streams and recordings (beta)

Wed, 05 Oct 2022 00:00:00 GMT

Cloudflare Stream now supports playback of live videos and live recordings using the AV1 codec, which uses 46% less bandwidth than H.264.

For more, read the blog post.

R2 - 2022-09-29

Thu, 29 Sep 2022 00:00:00 GMT

Fixed a CORS issue where Access-Control-Allow-Headers was not being set for preflight requests.

R2 - 2022-09-28

Wed, 28 Sep 2022 00:00:00 GMT

Fixed a bug where CORS configuration was not being applied to S3 endpoint.
No-longer render the Access-Control-Expose-Headers response header if ExposeHeader is not defined.
Public buckets will no-longer return the Content-Range response header unless the response is partial.
Fixed CORS rendering for the S3 HeadObject operation.
Fixed a bug where no matching CORS configuration could result in a 403 response.
Temporarily disable copying objects that were created with multipart uploads.
Fixed a bug in the Workers bindings where an internal error was being returned for malformed ranged .get requests.

Calls - Cloudflare Calls closed beta

Tue, 27 Sep 2022 00:00:00 GMT

Cloudflare Calls is available as a closed beta for users who request an invitation. Refer to the blog post for more information.

R2 - 2022-09-27

Tue, 27 Sep 2022 00:00:00 GMT

CORS preflight responses and adding CORS headers for other responses is now implemented for S3 and public buckets. Currently, the only way to configure CORS is via the S3 API.
Fixup for bindings list truncation to work more correctly when listing keys with custom metadata that have " or when some keys/values contain certain multi-byte UTF-8 values.
The S3 GetObject operation now only returns Content-Range in response to a ranged request.

Stream - WebRTC live streaming and playback (beta)

Tue, 27 Sep 2022 00:00:00 GMT

Cloudflare Stream now supports live video streaming over WebRTC, with sub-second latency, to unlimited concurrent viewers.

For more, read the blog post or the get started with example code in the docs.

R2 - 2022-09-19

Mon, 19 Sep 2022 00:00:00 GMT

The R2 put() binding options can now be given an onlyIf field, similar to get(), that performs a conditional upload.
The R2 delete() binding now supports deleting multiple keys at once.
The R2 put() binding now supports user-specified SHA-1, SHA-256, SHA-384, SHA-512 checksums in options.
User-specified object checksums will now be available in the R2 get() and head() bindings response. MD5 is included by default for non-multipart uploaded objects.

Stream - Manually control when you start and stop simulcasting

Thu, 15 Sep 2022 00:00:00 GMT

You can now enable and disable individual live outputs via the API or Stream dashboard, allowing you to control precisely when you start and stop simulcasting to specific destinations like YouTube and Twitch. For more, read the docs.

Pages - Increased domain limits

Mon, 12 Sep 2022 00:00:00 GMT

Previously, all plans had a maximum of 10 custom domains per project.

Now, the limits are:

Free: 100 custom domains.
Pro: 250 custom domains.
Business and Enterprise: 500 custom domains.

Pages - Support for _routes.json

Thu, 08 Sep 2022 00:00:00 GMT

Pages now offers support for _routes.json. For more details, refer to the documentation.

R2 - 2022-09-06

Tue, 06 Sep 2022 00:00:00 GMT

The S3 CopyObject operation now includes x-amz-version-id and x-amz-copy-source-version-id in the response headers for consistency with other methods.
The ETag for multipart files uploaded until shortly after Open Beta uploaded now include the number of parts as a suffix.

Pages - Increased build log expiration time

Thu, 25 Aug 2022 00:00:00 GMT

Build log expiration time increased from 2 weeks to 1 year.

R2 - 2022-08-17

Wed, 17 Aug 2022 00:00:00 GMT

The S3 DeleteObjects operation no longer trims the space from around the keys before deleting. This would result in files with leading / trailing spaces not being able to be deleted. Additionally, if there was an object with the trimmed key that existed it would be deleted instead. The S3 DeleteObject operation was not affected by this.
Fixed presigned URL support for the S3 ListBuckets and ListObjects operations.

Stream - Unique subdomain for your Stream Account

Mon, 15 Aug 2022 00:00:00 GMT

URLs in the Stream Dashboard and Stream API now use a subdomain specific to your Cloudflare Account: customer-{CODE}.cloudflarestream.com. This change allows you to:

Use Content Security Policy (CSP) directives specific to your Stream subdomain, to ensure that only videos from your Cloudflare account can be played on your website.
Allowlist only your Stream account subdomain at the network-level to ensure that only videos from a specific Cloudflare account can be accessed on your network.

No action is required from you, unless you use Content Security Policy (CSP) on your website. For more on CSP, read the docs.

Pages - New bindings supported

Mon, 08 Aug 2022 00:00:00 GMT

R2 and D1 bindings are now supported.

R2 - 2022-08-06

Sat, 06 Aug 2022 00:00:00 GMT

Uploads will automatically infer the Content-Type based on file body if one is not explicitly set in the PutObject request. This functionality will come to multipart operations in the future.

Stream - Clip videos using the Stream API

Tue, 02 Aug 2022 00:00:00 GMT

You can now change the start and end times of a video uploaded to Cloudflare Stream. For more information, refer to Clip videos.

R2 - 2022-07-30

Sat, 30 Jul 2022 00:00:00 GMT

Fixed S3 conditionals to work properly when provided the LastModified date of the last upload, bindings fixes will come in the next release.
If-Match / If-None-Match headers now support arrays of ETags, Weak ETags and wildcard (*) as per the HTTP standard and undocumented AWS S3 behavior.

Stream - Live inputs

Tue, 26 Jul 2022 00:00:00 GMT

The Live Inputs API now supports optional pagination, search, and filter parameters. For more information, refer to the Live Inputs API documentation.

R2 - 2022-07-21

Thu, 21 Jul 2022 00:00:00 GMT

Added dummy implementation of the following operation that mimics the response that a basic AWS S3 bucket will return when first created: GetBucketAcl.

R2 - 2022-07-20

Wed, 20 Jul 2022 00:00:00 GMT

Added dummy implementations of the following operations that mimic the response that a basic AWS S3 bucket will return when first created:
- GetBucketVersioning
- GetBucketLifecycleConfiguration
- GetBucketReplication
- GetBucketTagging
- GetObjectLockConfiguration

R2 - 2022-07-19

Tue, 19 Jul 2022 00:00:00 GMT

Fixed an S3 compatibility issue for error responses with MinIO .NET SDK and any other tooling that expects no xmlns namespace attribute on the top-level Error tag.
List continuation tokens prior to 2022-07-01 are no longer accepted and must be obtained again through a new list operation.
The list() binding will now correctly return a smaller limit if too much data would otherwise be returned (previously would return an Internal Error).

R2 - 2022-07-14

Thu, 14 Jul 2022 00:00:00 GMT

Improvements to 500s: we now convert errors, so things that were previously concurrency problems for some operations should now be TooMuchConcurrency instead of InternalError. We've also reduced the rate of 500s through internal improvements.
ListMultipartUpload correctly encodes the returned Key if the encoding-type is specified.

R2 - 2022-07-13

Wed, 13 Jul 2022 00:00:00 GMT

S3 XML documents sent to R2 that have an XML declaration are not rejected with 400 Bad Request / MalformedXML.
Minor S3 XML compatibility fix impacting Arq Backup on Windows only (not the Mac version). Response now contains XML declaration tag prefix and the xmlns attribute is present on all top-level tags in the response.
Beta ListMultipartUploads support.

R2 - 2022-07-06

Wed, 06 Jul 2022 00:00:00 GMT

Support the r2_list_honor_include compat flag coming up in an upcoming runtime release (default behavior as of 2022-07-14 compat date). Without that compat flag/date, list will continue to function implicitly as include: ['httpMetadata', 'customMetadata'] regardless of what you specify.
cf-create-bucket-if-missing can be set on a PutObject/CreateMultipartUpload request to implicitly create the bucket if it does not exist.
Fix S3 compatibility with MinIO client spec non-compliant XML for publishing multipart uploads. Any leading and trailing quotes in CompleteMultipartUpload are now optional and ignored as it seems to be the actual non-standard behavior AWS implements.

Pages - Added support for .dev.vars in wrangler pages

Tue, 05 Jul 2022 00:00:00 GMT

Pages now supports .dev.vars in wrangler pages, which allows you to use use environmental variables during your local development without chaining --envs.

This functionality requires Wrangler v2.0.16 or higher.

API deprecations - Cloudflare Images - Create authenticated direct upload URL v1

Fri, 01 Jul 2022 00:00:00 GMT

Deprecation date: July 1, 2022

This endpoint is deprecated in favor of using v2, which allows you to control metadata, define an access policy, and get the image ID.

Deprecated API: POST accounts/:account_identifier/images/v1/direct_upload

Replacement: POST accounts/:account_identifier/images/v2/direct_upload

R2 - 2022-07-01

Fri, 01 Jul 2022 00:00:00 GMT

Unsupported search parameters to ListObjects/ListObjectsV2 are now rejected with 501 Not Implemented.
Fixes for Listing:
- Fix listing behavior when the number of files within a folder exceeds the limit (you'd end up seeing a CommonPrefix for that large folder N times where N = number of children within the CommonPrefix / limit).
- Fix corner case where listing could cause objects with sharing the base name of a "folder" to be skipped.
- Fix listing over some files that shared a certain common prefix.
DeleteObjects can now handle 1000 objects at a time.
S3 CreateBucket request can specify x-amz-bucket-object-lock-enabled with a value of false and not have the requested rejected with a NotImplemented error. A value of true will continue to be rejected as R2 does not yet support object locks.

R2 - 2022-06-17

Fri, 17 Jun 2022 00:00:00 GMT

Fixed a regression for some clients when using an empty delimiter.
Added support for S3 pre-signed URLs.

R2 - 2022-06-16

Thu, 16 Jun 2022 00:00:00 GMT

Fixed a regression in the S3 API UploadPart operation where TooMuchConcurrency & NoSuchUpload errors were being returned as NoSuchBucket.

Pages - Added deltas to wrangler pages publish

Mon, 13 Jun 2022 00:00:00 GMT

Pages has added deltas to wrangler pages publish.

We now keep track of the files that make up each deployment and intelligently only upload the files that we have not seen. This means that similar subsequent deployments should only need to upload a minority of files and this will hopefully make uploads even faster.

This functionality requires Wrangler v2.0.11 or higher.

R2 - 2022-06-13

Mon, 13 Jun 2022 00:00:00 GMT

Fixed a bug with the S3 API ListObjectsV2 operation not returning empty folder/s as common prefixes when using delimiters.
The S3 API ListObjectsV2 KeyCount parameter now correctly returns the sum of keys and common prefixes rather than just the keys.
Invalid cursors for list operations no longer fail with an InternalError and now return the appropriate error message.

R2 - 2022-06-10

Fri, 10 Jun 2022 00:00:00 GMT

The ContinuationToken field is now correctly returned in the response if provided in a S3 API ListObjectsV2 request.
Fixed a bug where the S3 API AbortMultipartUpload operation threw an error when called multiple times.

Pages - Added branch alias to PR comments

Wed, 08 Jun 2022 00:00:00 GMT

PR comments for Pages previews now include the branch alias.

R2 - 2022-05-27

Fri, 27 May 2022 00:00:00 GMT

Fixed a bug where the S3 API's PutObject or the .put() binding could fail but still show the bucket upload as successful.
If conditional headers are provided to S3 API UploadObject or CreateMultipartUpload operations, and the object exists, a 412 Precondition Failed status code will be returned if these checks are not met.

Stream - Picture-in-Picture support

Tue, 24 May 2022 00:00:00 GMT

The Stream Player now displays a button to activate Picture-in-Picture mode, if the viewer's web browser supports the Picture-in-Picture API.

R2 - 2022-05-20

Fri, 20 May 2022 00:00:00 GMT

Fixed a bug when Accept-Encoding was being used in SignedHeaders when sending requests to the S3 API would result in a SignatureDoesNotMatch response.

R2 - 2022-05-17

Tue, 17 May 2022 00:00:00 GMT

Fixed a bug where requests to the S3 API were not handling non-encoded parameters used for the authorization signature.
Fixed a bug where requests to the S3 API where number-like keys were being parsed as numbers instead of strings.

R2 - 2022-05-16

Mon, 16 May 2022 00:00:00 GMT

Add support for S3 virtual-hosted style paths, such as <BUCKET>.<ACCOUNT_ID>.r2.cloudflarestorage.com instead of path-based routing (<ACCOUNT_ID>.r2.cloudflarestorage.com/<BUCKET>).
Implemented GetBucketLocation for compatibility with external tools, this will always return a LocationConstraint of auto.

Stream - Creator ID property

Fri, 13 May 2022 00:00:00 GMT

During or after uploading a video to Stream, you can now specify a value for a new field, creator. This field can be used to identify the creator of the video content, linking the way you identify your users or creators to videos in your Stream account. For more, read the blog post.

Workers for Platforms - Workers for Platform announced

Tue, 10 May 2022 00:00:00 GMT

Workers for Platforms, built on top of Cloudflare Workers, allows you to deploy custom code on behalf of your users or lets your users directly deploy their own code to your platform. For more information, refer to the announcement blog post.

R2 - 2022-05-06

Fri, 06 May 2022 00:00:00 GMT

S3 API GetObject ranges are now inclusive (bytes=0-0 will correctly return the first byte).
S3 API GetObject partial reads return the proper 206 Partial Content response code.
Copying from a non-existent key (or from a non-existent bucket) to another bucket now returns the proper NoSuchKey / NoSuchBucket response.
The S3 API now returns the proper Content-Type: application/xml response header on relevant endpoints.
Multipart uploads now have a -N suffix on the etag representing the number of parts the file was published with.
UploadPart and UploadPartCopy now return proper error messages, such as TooMuchConcurrency or NoSuchUpload, instead of 'internal error'.
UploadPart can now be sent a 0-length part.

R2 - 2022-05-05

Thu, 05 May 2022 00:00:00 GMT

When using the S3 API, an empty string and us-east-1 will now alias to the auto region for compatibility with external tools.
GetBucketEncryption, PutBucketEncryption and DeleteBucketEncrypotion are now supported (the only supported value currently is AES256).
Unsupported operations are explicitly rejected as unimplemented rather than implicitly converting them into ListObjectsV2/PutBucket/DeleteBucket respectively.
S3 API CompleteMultipartUploads requests are now properly escaped.

R2 - 2022-05-03

Tue, 03 May 2022 00:00:00 GMT

Pagination cursors are no longer returned when the keys in a bucket is the same as the MaxKeys argument.
The S3 API ListBuckets operation now accepts cf-max-keys, cf-start-after and cf-continuation-token headers behave the same as the respective URL parameters.
The S3 API ListBuckets and ListObjects endpoints now allow per_page to be 0.
The S3 API CopyObject source parameter now requires a leading slash.
The S3 API CopyObject operation now returns a NoSuchBucket error when copying to a non-existent bucket instead of an internal error.
Enforce the requirement for auto in SigV4 signing and the CreateBucket LocationConstraint parameter.
The S3 API CreateBucket operation now returns the proper location response header.

R2 - 2022-04-14

Thu, 14 Apr 2022 00:00:00 GMT

The S3 API now supports unchunked signed payloads.
Fixed .put() for the Workers R2 bindings.
Fixed a regression where key names were not properly decoded when using the S3 API.
Fixed a bug where deleting an object and then another object which is a prefix of the first could result in errors.
The S3 API DeleteObjects operation no longer returns an error even though an object has been deleted in some cases.
Fixed a bug where startAfter and continuationToken were not working in list operations.
The S3 API ListObjects operation now correctly renders Prefix, Delimiter, StartAfter and MaxKeys in the response.
The S3 API ListObjectsV2 now correctly honors the encoding-type parameter.
The S3 API PutObject operation now works with POST requests for s3cmd compatibility.

R2 - 2022-04-04

Mon, 04 Apr 2022 00:00:00 GMT

The S3 API DeleteObjects request now properly returns a MalformedXML error instead of InternalError when provided with more than 128 keys.

Stream - Analytics panel in Stream Dashboard

Thu, 17 Mar 2022 00:00:00 GMT

The Stream Dashboard now has an analytics panel that shows the number of minutes of both live and recorded video delivered. This view can be filtered by Creator ID, Video UID, and Country. For more in-depth analytics data, refer to the bulk analytics documentation.

Stream - Custom letterbox color configuration option for Stream Player

Wed, 16 Mar 2022 00:00:00 GMT

The Stream Player can now be configured to use a custom letterbox color, displayed around the video ('letterboxing' or 'pillarboxing') when the video's aspect ratio does not match the player's aspect ratio. Refer to the documentation on configuring the Stream Player here.

Stream - Support for SRT live streaming protocol

Thu, 10 Mar 2022 00:00:00 GMT

Cloudflare Stream now supports the SRT live streaming protocol. SRT is a modern, actively maintained streaming video protocol that delivers lower latency, and better resilience against unpredictable network conditions. SRT supports newer video codecs and makes it easier to use accessibility features such as captions and multiple audio tracks.

For more, read the blog post.

Stream - Faster video quality switching in Stream Player

Thu, 17 Feb 2022 00:00:00 GMT

When viewers manually change the resolution of video they want to receive in the Stream Player, this change now happens immediately, rather than once the existing resolution playback buffer has finished playing.

Stream - Volume and playback controls accessible during playback of VAST Ads

Wed, 09 Feb 2022 00:00:00 GMT

When viewing ads in the VAST format in the Stream Player, viewers can now manually start and stop the video, or control the volume.

Stream - DASH and HLS manifest URLs accessible in Stream Dashboard

Tue, 25 Jan 2022 00:00:00 GMT

If you choose to use a third-party player with Cloudflare Stream, you can now easily access HLS and DASH manifest URLs from within the Stream Dashboard. For more about using Stream with third-party players, read the docs here.

Stream - Input health status in the Stream Dashboard

Sat, 22 Jan 2022 00:00:00 GMT

When a live input is connected, the Stream Dashboard now displays technical details about the connection, which can be used to debug configuration issues.

Stream - Live viewer count in the Stream Player

Thu, 06 Jan 2022 00:00:00 GMT

The Stream Player now shows the total number of people currently watching a video live.

Stream - Webhook notifications for live stream connections events

Tue, 04 Jan 2022 00:00:00 GMT

You can now configure Stream to send webhooks each time a live stream connects and disconnects. For more information, refer to the Webhooks documentation.

beacon.min.js - 2021-12-14

Tue, 14 Dec 2021 00:00:00 GMT

Improved site filtering.

Stream - FedRAMP Support

Tue, 07 Dec 2021 00:00:00 GMT

The Stream Player can now be served from a FedRAMP compliant subdomain.

Stream - 24/7 Live streaming support

Tue, 23 Nov 2021 00:00:00 GMT

You can now use Cloudflare Stream for 24/7 live streaming.

Stream - Persistent Live Stream IDs

Wed, 17 Nov 2021 00:00:00 GMT

You can now start and stop live broadcasts without having to provide a new video UID to the Stream Player (or your own player) each time the stream starts and stops. Read the docs.

beacon.min.js - 2021-11-16

Tue, 16 Nov 2021 00:00:00 GMT

When using the automatic installation feature of the JavaScript Beacon (available only to customers proxied through Cloudflare - also known as orange-clouded customers), Subresource Integrity (SRI) is now enabled by default. SRI is a security feature that enables browsers to verify that resources they fetch are delivered without unexpected manipulation.

Stream - MP4 video file downloads for live videos

Thu, 14 Oct 2021 00:00:00 GMT

Once a live video has ended and been recorded, you can now give viewers the option to download an MP4 video file of the live recording. For more, read the docs here.

Stream - Serverless Live Streaming

Thu, 30 Sep 2021 00:00:00 GMT

Stream now supports live video content! For more information, read the blog post and get started by reading the docs.

beacon.min.js - 2021-09-01

Wed, 01 Sep 2021 00:00:00 GMT

Improved to report debugging information for Core Web Vitals.

Stream - Thumbnail previews in Stream Player seek bar

Mon, 26 Jul 2021 00:00:00 GMT

The Stream Player now displays preview images when viewers hover their mouse over the seek bar, making it easier to skip to a specific part of a video.

Stream - MP4 video file downloads (GA)

Mon, 26 Jul 2021 00:00:00 GMT

All Cloudflare Stream customers can now give viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.

Stream - Stream Connect (open beta)

Sat, 10 Jul 2021 00:00:00 GMT

You can now opt-in to the Stream Connect beta, and use Cloudflare Stream to restream live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

Stream - Simplified signed URL token generation

Thu, 10 Jun 2021 00:00:00 GMT

You can now obtain a signed URL token via a single API request, without needing to generate signed tokens in your own application. Read the docs.

Stream - Stream Connect (closed beta)

Tue, 08 Jun 2021 00:00:00 GMT

You can now use Cloudflare Stream to restream or simulcast live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

beacon.min.js - 2021-05-28

Fri, 28 May 2021 00:00:00 GMT

startsWith function replaced with indexOf function, which prevents rendering if multiple beacon scripts are loaded.

beacon.min.js - 2021-05-12

Wed, 12 May 2021 00:00:00 GMT

Reporting endpoint changed from /cdn-cgi/beacon/performance to /cdn-cgi/rum (for Browser Insights only).

Stream - MP4 video file downloads (beta)

Mon, 03 May 2021 00:00:00 GMT

You can now give your viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.

Stream - Picture quality improvements

Mon, 29 Mar 2021 00:00:00 GMT

Cloudflare Stream now encodes videos with fewer artifacts, resulting in improved video quality for your viewers.

Stream - Improved client bandwidth hints for third-party video players

Thu, 25 Mar 2021 00:00:00 GMT

If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.

Stream - Improved client bandwidth hints for third-party video players

Thu, 25 Mar 2021 00:00:00 GMT

Stream - Less bandwidth, identical video quality

Wed, 17 Mar 2021 00:00:00 GMT

Cloudflare Stream now delivers video using 3-10x less bandwidth, with no reduction in quality. This ensures faster playback for your viewers with less buffering, particularly when viewers have slower network connections.

Stream - Stream Player 2.0 (preview)

Wed, 10 Mar 2021 00:00:00 GMT

A brand new version of the Stream Player is now available for preview. New features include:

Unified controls across desktop and mobile devices
Keyboard shortcuts
Intelligent mouse cursor interactions with player controls
Phased out support for Internet Explorer 11

For more, refer to this post on the Cloudflare Community Forum.

Stream - Faster video encoding

Thu, 04 Mar 2021 00:00:00 GMT

Videos uploaded to Cloudflare Stream are now available to view 5x sooner, reducing the time your users wait between uploading and viewing videos.

API deprecations - Zone Analytics API

Mon, 01 Mar 2021 00:00:00 GMT

Deprecation date: March 1, 2021

This API is deprecated in favor of the GraphQL Analytics API, which provides equivalent data and more features, including the ability to select only the metrics that you need. For more information, refer to the Zone analytics to GraphQL analytics migration guide.

Deprecated API:

GET zones/:zone_identifier/analytics/dashboard
GET zones/:zone_identifier/analytics/colos

Replacement: GraphQL Analytics API

Stream - Removed weekly upload limit, increased max video upload size

Sun, 17 Jan 2021 00:00:00 GMT

You can now upload videos up to 30GB in size to Cloudflare Stream and also now upload an unlimited number of videos to Cloudflare Stream each week

Stream - Tus support for direct creator uploads

Mon, 14 Dec 2020 00:00:00 GMT

You can now use the tus protocol when allowing creators (your end users) to upload their own videos directly to Cloudflare Stream.

In addition, all uploads to Cloudflare Stream made using tus are now faster and more reliable as part of this change.

Stream - Multiple audio track mixdown

Wed, 09 Dec 2020 00:00:00 GMT

Videos with multiple audio tracks (ex: 5.1 surround sound) are now mixed down to stereo when uploaded to Stream. The resulting video, with stereo audio, is now playable in the Stream Player.

Stream - Storage limit notifications

Wed, 02 Dec 2020 00:00:00 GMT

Cloudflare now emails you if your account is using 75% or more of your prepaid video storage, so that you can take action and plan ahead.

API deprecations - Organizations

Thu, 02 Apr 2020 00:00:00 GMT

Deprecation date: April 2, 2020

This endpoint and its related APIs are deprecated in favor of the /accounts equivalent API, which has a broader range of features and is backwards compatible with the /organizations API.

Deprecated API:

GET organizations/:identifier
PATCH organizations/:identifier
GET organizations/:organization_identifier/invites
POST organizations/:organization_identifier/invites
GET organizations/:organization_identifier/invites/:identifier
PATCH organizations/:organization_identifier/invites/:identifier
DELETE organizations/:organization_identifier/invites/:identifier
GET organizations/:organization_identifier/members
GET organizations/:organization_identifier/members/:identifier
PATCH organizations/:organization_identifier/members/:identifier
DELETE organizations/:organization_identifier/members/:identifier
GET organizations/:organization_identifier/roles
GET organizations/:organization_identifier/roles/:identifier
GET organizations/:organization_identifier/audit_logs
GET organizations/:organization_identifier/railguns
POST organizations/:organization_identifier/railguns
GET organizations/:organization_identifier/railguns/:identifier
PATCH organizations/:organization_identifier/railguns/:identifier
DELETE organizations/:organization_identifier/railguns/:identifier
GET organizations/:organization_identifier/railguns/:identifier/zones

Replacement: Accounts API

Spectrum - 2019-11-07

Thu, 07 Nov 2019 00:00:00 GMT

Argo Smart Routing is available for optimizing traffic on TCP applications, ensuring faster and more reliable routing.

Spectrum - 2018-10-02

Tue, 02 Oct 2018 00:00:00 GMT

Users can set up Spectrum with Cloudflare Load Balancing to enable TCP health checks, failover support, and traffic steering, ensuring high resilience for your Spectrum applications.