Skip to content
Cloudflare Docs

Changelog

New updates and improvements at Cloudflare. Subscribe to RSS

hero image

  1. Set breakpoints and debug your Workers tests with @cloudflare/vitest-pool-workers

    Workers

    You can now debug your Workers tests with our Vitest integration by running the following command:

    Terminal window
    vitest --inspect --no-file-parallelism

    Attach a debugger to the port 9229 and you can start stepping through your Workers tests. This is available with @cloudflare/vitest-pool-workers v0.7.5 or later.

    Learn more in our documentation.

  1. Use the latest JavaScript features with Wrangler CLI v4

    Workers

    We've released the next major version of Wrangler, the CLI for Cloudflare Workers — wrangler@4.0.0. Wrangler v4 is a major release focused on updates to underlying systems and dependencies, along with improvements to keep Wrangler commands consistent and clear.

    You can run the following command to install it in your projects:

    Terminal window
    npm i wrangler@latest

    Unlike previous major versions of Wrangler, which were foundational rewrites and rearchitectures — Version 4 of Wrangler includes a much smaller set of changes. If you use Wrangler today, your workflow is very unlikely to change.

    A detailed migration guide is available and if you find a bug or hit a roadblock when upgrading to Wrangler v4, open an issue on the cloudflare/workers-sdk repository on GitHub.

    Going forward, we'll continue supporting Wrangler v3 with bug fixes and security updates until Q1 2026, and with critical security updates until Q1 2027, at which point it will be out of support.

  1. Threaded replies now possible in Email Workers

    Email Routing

    We’re removing some of the restrictions in Email Routing so that AI Agents and task automation can better handle email workflows, including how Workers can reply to incoming emails.

    It's now possible to keep a threaded email conversation with an Email Worker script as long as:

    • The incoming email has to have valid DMARC.
    • The email can only be replied to once in the same EmailMessage event.
    • The recipient in the reply must match the incoming sender.
    • The outgoing sender domain must match the same domain that received the email.
    • Every time an email passes through Email Routing or another MTA, an entry is added to the References list. We stop accepting replies to emails with more than 100 References entries to prevent abuse or accidental loops.

    Here's an example of a Worker responding to Emails using a Workers AI model:

    AI model responding to emails
    import PostalMime from "postal-mime";
    import {createMimeMessage} from "mimetext"
    import { EmailMessage } from "cloudflare:email";
    

    export default {
      async email(message, env, ctx) {
        const email = await PostalMime.parse(message.raw)
        const res = await env.AI.run('@cf/meta/llama-2-7b-chat-fp16', {
          messages: [{
            role: "user",
            content: email.text ?? ''
          }]
        })
    

        // message-id is generated by mimetext
        const response = createMimeMessage()
        response.setHeader("In-Reply-To", message.headers.get("Message-ID")!);
        response.setSender("agent@example.com");
        response.setRecipient(message.from);
        response.setSubject("Llama response");
        response.addMessage({
          contentType: 'text/plain',
          data: res instanceof ReadableStream ? await new Response(res).text() : res.response!
        })
    

        const replyMessage = new EmailMessage("<email>", message.from, response.asRaw());
        await message.reply(replyMessage)
      }
    } satisfies ExportedHandler<Env>;

    See Reply to emails from Workers for more information.

  1. Access your Worker's environment variables from process.env

    Workers

    You can now access environment variables and secrets on process.env when using the nodejs_compat compatability flag.

    const apiClient = ApiClient.new({ apiKey: process.env.API_KEY });
    const LOG_LEVEL = process.env.LOG_LEVEL || "info";

    In Node.js, environment variables are exposed via the global process.env object. Some libraries assume that this object will be populated, and many developers may be used to accessing variables in this way.

    Previously, the process.env object was always empty unless written to in Worker code. This could cause unexpected errors or friction when developing Workers using code previously written for Node.js.

    Now, environment variables, secrets, and version metadata can all be accessed on process.env.

    To opt-in to the new process.env behaviour now, add the nodejs_compat_populate_process_env compatibility flag to your wrangler.json configuration:

    {
      // Rest of your configuration
      // Add "nodejs_compat_populate_process_env" to your compatibility_flags array
      "compatibility_flags": ["nodejs_compat", "nodejs_compat_populate_process_env"],
      // Rest of your configuration

    After April 1, 2025, populating process.env will become the default behavior when both nodejs_compat is enabled and your Worker's compatability_date is after "2025-04-01".

  1. Hyperdrive reduces query latency by up to 90% and now supports IP access control lists

    Hyperdrive

    Hyperdrive now pools database connections in one or more regions close to your database. This means that your uncached queries and new database connections have up to 90% less latency as measured from connection pools.

    Hyperdrive query latency decreases by 90% during Hyperdrive's gradual rollout of regional pooling.

    By improving placement of Hyperdrive database connection pools, Workers' Smart Placement is now more effective when used with Hyperdrive, ensuring that your Worker can be placed as close to your database as possible.

    With this update, Hyperdrive also uses Cloudflare's standard IP address ranges to connect to your database. This enables you to configure the firewall policies (IP access control lists) of your database to only allow access from Cloudflare and Hyperdrive.

    Refer to documentation on how Hyperdrive makes connecting to regional databases from Cloudflare Workers fast.

    This improvement is enabled on all Hyperdrive configurations.

  1. Cloudflare One Agent now supports Endpoint Monitoring

    Digital Experience Monitoring

    Digital Experience Monitoring (DEX) provides visibility into device, network, and application performance across your Cloudflare SASE deployment. The latest release of the Cloudflare One agent (v2025.1.861) now includes device endpoint monitoring capabilities to provide deeper visibility into end-user device performance which can be analyzed directly from the dashboard.

    Device health metrics are now automatically collected, allowing administrators to:

    • View the last network a user was connected to
    • Monitor CPU and RAM utilization on devices
    • Identify resource-intensive processes running on endpoints
    Device endpoint monitoring dashboard

    This feature complements existing DEX features like synthetic application monitoring and network path visualization, creating a comprehensive troubleshooting workflow that connects application performance with device state.

    For more details refer to our DEX documentation.

  1. Introducing Media Transformations from Cloudflare Stream

    Stream

    Today, we are thrilled to announce Media Transformations, a new service that brings the magic of Image Transformations to short-form video files, wherever they are stored!

    For customers with a huge volume of short video — generative AI output, e-commerce product videos, social media clips, or short marketing content — uploading those assets to Stream is not always practical. Sometimes, the greatest friction to getting started was the thought of all that migrating. Customers want a simpler solution that retains their current storage strategy to deliver small, optimized MP4 files. Now you can do that with Media Transformations.

    To transform a video or image, enable transformations for your zone, then make a simple request with a specially formatted URL. The result is an MP4 that can be used in an HTML video element without a player library. If your zone already has Image Transformations enabled, then it is ready to optimize videos with Media Transformations, too.

    URL format
    https://example.com/cdn-cgi/media/<OPTIONS>/<SOURCE-VIDEO>

    For example, we have a short video of the mobile in Austin's office. The original is nearly 30 megabytes and wider than necessary for this layout. Consider a simple width adjustment:

    Example URL
    https://example.com/cdn-cgi/media/width=640/<SOURCE-VIDEO>
    https://developers.cloudflare.com/cdn-cgi/media/width=640/https://pub-d9fcbc1abcd244c1821f38b99017347f.r2.dev/aus-mobile.mp4

    The result is less than 3 megabytes, properly sized, and delivered dynamically so that customers do not have to manage the creation and storage of these transformed assets.

    For more information, learn about Transforming Videos.

  1. One-click Logpush Setup with R2 Object Storage

    Logs

    We’ve streamlined the Logpush setup process by integrating R2 bucket creation directly into the Logpush workflow!

    Now, you no longer need to navigate multiple pages to manually create an R2 bucket or copy credentials. With this update, you can seamlessly configure a Logpush job to R2 in just one click, reducing friction and making setup faster and easier.

    This enhancement makes it easier for customers to adopt Logpush and R2.

    For more details refer to our Logs documentation.

    One CLick Logpush to R2

  1. Set retention polices for your R2 bucket with bucket locks

    R2

    You can now use bucket locks to set retention policies on your R2 buckets (or specific prefixes within your buckets) for a specified period — or indefinitely. This can help ensure compliance by protecting important data from accidental or malicious deletion.

    Locks give you a few ways to ensure your objects are retained (not deleted or overwritten). You can:

    • Lock objects for a specific duration, for example 90 days.
    • Lock objects until a certain date, for example January 1, 2030.
    • Lock objects indefinitely, until the lock is explicitly removed.

    Buckets can have up to 1,000 bucket lock rules. Each rule specifies which objects it covers (via prefix) and how long those objects must remain retained.

    Here are a couple of examples showing how you can configure bucket lock rules using Wrangler:

    Ensure all objects in a bucket are retained for at least 180 days

    Terminal window
    npx wrangler r2 bucket lock add <bucket> --name 180-days-all --retention-days 180

    Prevent deletion or overwriting of all logs indefinitely (via prefix)

    Terminal window
    npx wrangler r2 bucket lock add <bucket> --name indefinite-logs --prefix logs/ --retention-indefinite

    For more information on bucket locks and how to set retention policies for objects in your R2 buckets, refer to our documentation.

  1. Gain visibility into user actions in Zero Trust Browser Isolation sessions

    Browser Isolation

    We're excited to announce that new logging capabilities for Remote Browser Isolation (RBI) through Logpush are available in Beta starting today!

    With these enhanced logs, administrators can gain visibility into end user behavior in the remote browser and track blocked data extraction attempts, along with the websites that triggered them, in an isolated session.

    {
      "AccountID": "$ACCOUNT_ID",
      "Decision": "block",
      "DomainName": "www.example.com",
      "Timestamp": "2025-02-27T23:15:06Z",
      "Type": "copy",
      "UserID": "$USER_ID"
    }

    User Actions available:

    • Copy & Paste
    • Downloads & Uploads
    • Printing

    Learn more about how to get started with Logpush in our documentation.