Changelog

Beta

Subscribe to all Changelog posts via RSS.

ProductTitleDateDescription
Wrangler3.30.12024-02-29
Wrangler3.30.02024-02-27
DDoS protectionHTTP ruleset - 2024-02-26 - Emergency2024-02-26For more details, refer to the dedicated page for HTTP ruleset - 2024-02-26 - Emergency.
Version ManagementSupport for API Shield2024-02-26
  • API Shield no longer prevents Version Management enablement and zone settings configurations.
WAFScheduled changes2024-02-26For more details, refer to the dedicated page for Scheduled changes.
WAF2024-02-262024-02-26For more details, refer to the dedicated page for 2024-02-26.
QueuesExplicit retries no longer impact consumer concurrency/scaling.2024-02-24

Calling retry() or retryAll() on a message or message batch will no longer have an impact on how Queues scales consumer concurrency.

Previously, using explicit retries via retry() or retryAll() would count as an error and could result in Queues scaling down the number of concurrent consumers.

Wrangler3.29.02024-02-22
WAF2024-02-202024-02-20For more details, refer to the dedicated page for 2024-02-20.
Wrangler3.28.42024-02-20
DDoS protectionHTTP ruleset - Scheduled changes2024-02-19For more details, refer to the dedicated page for HTTP ruleset - Scheduled changes.
DDoS protectionHTTP ruleset - 2024-02-192024-02-19For more details, refer to the dedicated page for HTTP ruleset - 2024-02-19.
D1API changes to .run()2024-02-16

A previous change (made on 2024-02-13) to the run() query statement method has been reverted.

run() now returns a D1Result, including the result rows, matching its original behaviour prior to the change on 2024-02-13.

Future change to run() to return a D1ExecResult, as originally intended and documented, will be gated behind a compatibility date as to avoid breaking existing Workers relying on the way run() currently works.

Wrangler3.28.32024-02-16
ZarazZaraz - 2024-02-152024-02-15
  • NEW: add manager.route support for Managed Components
  • NEW: introduce zaraz.spaPageview() for manually triggering SPA pageviews
  • NEW: add support for client-evaluated triggers (UI update following shortly)
  • Pinterest MC: Add ecommerce support
  • Google Ads MC: Append url and rnd params to pagead/landing endpoint
  • Bugfix: Add noindex robots headers for Zaraz GET endpoint responses
  • Bugfix: Gracefully handle responses from custom MCs without mapped endpoints
D1API changes to .raw(), .all() and .run()2024-02-13

D1’s raw(), all() and run() query statement methods have been updated to reflect their intended behaviour and improve compatibility with ORM libraries.

raw() now correctly returns results as an array of arrays, allowing the correct handling of duplicate column names (such as when joining tables), as compared to all(), which is unchanged and returns an array of objects. To include an array of column names in the results when using raw(), use raw({columnNames: true}).

run() no longer incorrectly returns a D1Result and instead returns a D1ExecResult as originally intended and documented.

This may be a breaking change for some applications that expected raw() to return an array of objects.

Visit the query databases documentation to review D1’s query methods, return types and TypeScript support in detail.

Wrangler3.28.22024-02-13
DDoS protectionHTTP ruleset - 2024-02-122024-02-12For more details, refer to the dedicated page for HTTP ruleset - 2024-02-12.
WAF2024-02-122024-02-12For more details, refer to the dedicated page for 2024-02-12.
Wrangler3.28.12024-02-09
DDoS protectionHTTP ruleset - 2024-02-08 - Emergency2024-02-08For more details, refer to the dedicated page for HTTP ruleset - 2024-02-08 - Emergency.
Wrangler3.28.02024-02-08
  • #4499 cf9c029b Thanks @penalosa! - feat: Support runtime-agnostic polyfills

    Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here’s an example of a function that would cause Wrangler to fail to build:

    export function randomBytes(length: number) {
    if (navigator.userAgent !== "Cloudflare-Workers") {
    return new Uint8Array(require("node:crypto").randomBytes(length));
    } else {
    return crypto.getRandomValues(new Uint8Array(length));
    }
    }

    This function should work in both Workers and Node, since it gates Node-specific functionality behind a user agent check, and falls back to the built-in Workers crypto API. Instead, Wrangler detected the node:crypto import and failed with the following error:

    ✘ [ERROR] Could not resolve "node:crypto"
    
        src/randomBytes.ts:5:36:
          5 │ ... return new Uint8Array(require('node:crypto').randomBytes(length));
            ╵                                   ~~~~~~~~~~~~~
    
      The package "node:crypto" wasn't found on the file system but is built into node.
      Add "node_compat = true" to your wrangler.toml file to enable Node.js compatibility.
    

    This change turns that Wrangler build failure into a warning, which users can choose to ignore if they know the import of node:* APIs is safe (because it will never trigger at runtime, for instance):

    ▲ [WARNING] The package "node:crypto" wasn't found on the file system but is built into node.
    
      Your Worker may throw errors at runtime unless you enable the "nodejs_compat"
      compatibility flag. Refer to
      https://developers.cloudflare.com/workers/runtime-apis/nodejs/ for more details.
      Imported from:
       - src/randomBytes.ts
    

    However, in a lot of cases, it’s possible to know at build time whether the import is safe. This change also injects navigator.userAgent into esbuild’s bundle settings as a predefined constant, which means that esbuild can tree-shake away imports of node:* APIs that are guaranteed not to be hit at runtime, supressing the warning entirely.

  • #4926 a14bd1d9 Thanks @dario-piotrowicz! - feature: add a cf field to the getBindingsProxy result

    Add a new cf field to the getBindingsProxy result that people can use to mock the production cf (IncomingRequestCfProperties) object.

    Example:

    const { cf } = await getBindingsProxy();
    console.log(`country = ${cf.country}; colo = ${cf.colo}`);
  • #4931 321c7ed7 Thanks @dario-piotrowicz! - fix: make the entrypoint optional for the types command

    Currently running wrangler types against a wrangler.toml file without a defined entrypoint (main value) causes the command to error with the following message:

    ✘ [ERROR] Missing entry-point: The entry-point should be specified via the command line (e.g. `wrangler types path/to/script`) or the `main` config field.
    

    However developers could want to generate types without the entrypoint being defined (for example when using getBindingsProxy), so these changes make the entrypoint optional for the types command, assuming modules syntax if none is specified.

  • #4867 d637bd59 Thanks @RamIdeas! - fix: inflight requests to UserWorker which failed across reloads are now retried

    Previously, when running wrangler dev, requests inflight during a UserWorker reload (due to config or source file changes) would fail.

    Now, if those inflight requests are GET or HEAD requests, they will be reproxied against the new UserWorker. This adds to the guarantee that requests made during local development reach the latest worker.

  • #4928 4a735c46 Thanks @sdnts! - fix: Update API calls for Sippy’s endpoints

  • #4938 75bd08ae Thanks @rozenmd! - fix: print wrangler banner at the start of every d1 command

    This PR adds a wrangler banner to the start of every D1 command (except when invoked in JSON-mode)

    For example:

     ⛅️ wrangler 3.27.0
    -------------------
    ...
    
  • #4953 d96bc7dd Thanks @mrbbot! - fix: allow port option to be specified with unstable_dev()

    Previously, specifying a non-zero port when using unstable_dev() would try to start two servers on that port. This change ensures we only start the user-facing server on the specified port, allow unstable_dev() to startup correctly.

DDoS protectionHTTP ruleset - 2024-02-06 - Emergency2024-02-06For more details, refer to the dedicated page for HTTP ruleset - 2024-02-06 - Emergency.
Wrangler3.27.02024-02-06
DDoS protectionHTTP ruleset - 2024-02-05 - Emergency2024-02-05For more details, refer to the dedicated page for HTTP ruleset - 2024-02-05 - Emergency.
WAF2024-02-052024-02-05For more details, refer to the dedicated page for 2024-02-05.
ZarazZaraz - 2024-02-052024-02-05
  • Dashboard: rename “tracks” to “events” for consistency
  • Pinterest Conversion API MC: update parameters sent to api
  • HTTP MC: update _settings prefix usage handling
  • Bugfix: better minification of client-side js
  • Bugfix: fix bug where anchor link click events were not bubbling when using click listener triggers
  • API update: begin migration support from deprecated tool.neoEvents array to tool.actions object config schema migration
Wrangler3.26.02024-01-31
DDoS protectionHTTP ruleset - 2024-01-26 - Emergency2024-01-26For more details, refer to the dedicated page for HTTP ruleset - 2024-01-26 - Emergency.
Wrangler3.25.02024-01-26
DDoS protectionHTTP ruleset - 2024-01-252024-01-25For more details, refer to the dedicated page for HTTP ruleset - 2024-01-25.
DDoS protectionHTTP ruleset - 2024-01-232024-01-23For more details, refer to the dedicated page for HTTP ruleset - 2024-01-23.
WAF2024-01-22 - Emergency2024-01-22For more details, refer to the dedicated page for 2024-01-22 - Emergency.
D1Support for LIMIT on UPDATE and DELETE statements2024-01-18D1 now supports adding a LIMIT clause to UPDATE and DELETE statements, which allows you to limit the impact of a potentially dangerous operation.
VectorizeHTTP API query vectors request and response format change2024-01-17

Vectorize /query HTTP endpoint has the following changes:

  • returnVectors request body property is deprecated in favor of returnValues and returnMetadata properties.
  • Response format has changed to the below format to match [Workers API change]:(/workers/configuration/compatibility-dates/#vectorize-query-with-metadata-optionally-returned)
{
"result": {
"count": 1,
"matches": [
{
"id": "4",
"score": 0.789848214,
"values": [ 75.0999984741211, 67.0999984741211, 29.899999618530273],
"metadata": {
"url": "/products/sku/418313",
"streaming_platform": "netflix"
}
}
]
},
"errors": [],
"messages": [],
"success": true
}
WAF2024-01-17 - Emergency2024-01-17For more details, refer to the dedicated page for 2024-01-17 - Emergency.
WAF2024-01-162024-01-16For more details, refer to the dedicated page for 2024-01-16.
DDoS protectionHTTP ruleset - 2024-01-052024-01-05For more details, refer to the dedicated page for HTTP ruleset - 2024-01-05.
WAF2024-01-042024-01-04For more details, refer to the dedicated page for 2024-01-04.
DDoS protectionHTTP ruleset - 2023-12-19 - Emergency2023-12-19For more details, refer to the dedicated page for HTTP ruleset - 2023-12-19 - Emergency.
ZarazZaraz - 2023-12-192023-12-19
  • Google Analytics 4 Managed Component: Fix Google Analytics 4 average engagement time metric.
D1Legacy alpha automated backups disabled2023-12-18

Databases using D1’s legacy alpha backend will no longer run automated hourly backups. You may still choose to take manual backups of these databases.

The D1 team recommends moving to D1’s new production backend, which will require you to export and import your existing data. D1’s production backend is faster than the original alpha backend. The new backend also supports Time Travel, which allows you to restore your database to any minute in the past 30 days without relying on hourly or manual snapshots.

TurnstileTurnstile - 2023-12-182023-12-18
WAF2023-12-182023-12-18For more details, refer to the dedicated page for 2023-12-18.
DDoS protectionHTTP ruleset - 2023-12-14 - Emergency2023-12-14For more details, refer to the dedicated page for HTTP ruleset - 2023-12-14 - Emergency.
WAF2023-12-14 - Emergency2023-12-14For more details, refer to the dedicated page for 2023-12-14 - Emergency.
DDoS protectionHTTP ruleset - 2023-12-08 - Emergency2023-12-08For more details, refer to the dedicated page for HTTP ruleset - 2023-12-08 - Emergency.
VectorizeMetadata filtering2023-12-06

Vectorize now supports metadata filtering with equals ($eq) and not equals ($neq) operators. Metadata filtering limits query() results to only vectors that fulfill new filter property.

let metadataMatches = await env.YOUR_INDEX.query(queryVector, { topK: 3, filter: { streaming_platform: "netflix" }, returnValues: true, returnMetadata: true } )

Only new indexes created on or after 2023-12-06 support metadata filtering. Currently, there is no way to migrate previously created indexes to work with metadata filtering.

WorkersWorkers - 2023-12-042023-12-04
DDoS protectionHTTP ruleset - 2023-11-292023-11-29For more details, refer to the dedicated page for HTTP ruleset - 2023-11-29.
RadarAdd more meta information’s2023-11-27
  • Added meta.lastUpdated to all summaries and top endpoints (timeseries and timeseriesGroups already had this).
  • Fix meta.dateRange to return date ranges for all requested series.
DDoS protectionHTTP ruleset - 2023-11-222023-11-22For more details, refer to the dedicated page for HTTP ruleset - 2023-11-22.
WAF2023-11-212023-11-21For more details, refer to the dedicated page for 2023-11-21.
RadarAdd new Layer 3 endpoints and Layer 7 dimensions2023-11-16
DDoS protectionHTTP ruleset - 2023-11-13 - Emergency2023-11-13For more details, refer to the dedicated page for HTTP ruleset - 2023-11-13 - Emergency.
ZarazZaraz - 2023-11-132023-11-13
  • HTTP Request Managed Component: Re-added __zarazTrack property.
DDoS protectionHTTP ruleset - 2023-11-10 - Emergency2023-11-10For more details, refer to the dedicated page for HTTP ruleset - 2023-11-10 - Emergency.
VectorizeMetadata API changes2023-11-08

Vectorize now supports distinct returnMetadata and returnValues arguments when querying an index, replacing the now-deprecated returnVectors argument. This allows you to return metadata without needing to return the vector values, reducing the amount of unnecessary data returned from a query. Both returnMetadata and returnValues default to false.

For example, to return only the metadata from a query, set returnMetadata: true.

let matches = await env.YOUR_INDEX.query(queryVector, { topK: 5, returnMetadata: true })

New Workers projects created on or after 2023-11-08 or that update the compatibility date for an existing project will use the new return type.

StreamHLS improvements for on-demand TS output2023-11-07HLS output from Cloudflare Stream on-demand videos that use Transport Stream file format now includes a 10 second offset to timestamps. This will have no impact on most customers. A small percentage of customers will see improved playback stability. Caption files were also adjusted accordingly.
WAF2023-11-06 - Emergency2023-11-06For more details, refer to the dedicated page for 2023-11-06 - Emergency.
RadarAdd new Layer 3 direction parameter2023-10-31
ZarazZaraz - 2023-10-312023-10-31
  • Google Analytics 4 Managed Component: Remove debug_mode key if falsy or false.
WAF2023-10-302023-10-30For more details, refer to the dedicated page for 2023-10-30.
WorkersWorkers - 2023-10-302023-10-30
  • A new usage model called Workers Standard is available for Workers and Pages Functions pricing. This is now the default usage model for accounts that are first upgraded to the Workers Paid plan. Read the blog post for more information.
  • The usage model set in a script’s wrangler.toml will be ignored after an account has opted-in to Workers Standard pricing. It must be configured through the dashboard (Workers & Pages > Select your Worker > Settings > Usage Model).
  • Workers and Pages Functions on the Standard usage model can set custom CPU limits for their Workers
AI GatewayAI Gateway - 2023-10-262023-10-26
  • Real-time Logs: Logs are now real-time, showing logs for the last hour. If you have a need for persistent logs, please let the team know on Discord. We are building out a persistent logs feature for those who want to store their logs for longer.
  • Providers: Azure OpenAI is now supported as a provider!
  • Docs: Added Azure OpenAI example.
  • Bug Fixes: Errors with costs and tokens should be fixed.
ZarazZaraz - 2023-10-262023-10-26
  • Custom HTML: Added support for non-JavaScript script tags.
WAF2023-10-232023-10-23For more details, refer to the dedicated page for 2023-10-23.
WorkersWorkers - 2023-10-202023-10-20
ZarazZaraz - 2023-10-202023-10-20
  • Bing Managed Component: Fixed an issue where some events were not being sent to Bing even after being triggered.
  • Dashboard: Improved welcome screen for new Zaraz users".
DDoS protectionHTTP ruleset - 2023-10-192023-10-19For more details, refer to the dedicated page for HTTP ruleset - 2023-10-19.
WorkersWorkers - 2023-10-182023-10-18
  • The limit of 3 Cron Triggers per Worker has been removed. Account-level limits on the total number of Cron Triggers across all Workers still apply.
WorkersWorkers - 2023-10-122023-10-12
  • A TCP Socket’s WritableStream now ensures the connection has opened before resolving the promise returned by close.
DDoS protectionHTTP ruleset - 2023-10-112023-10-11For more details, refer to the dedicated page for HTTP ruleset - 2023-10-11.
WAF2023-10-11 - Emergency2023-10-11For more details, refer to the dedicated page for 2023-10-11 - Emergency.
StreamSRT Audio Improvements2023-10-10In some cases, playback via SRT protocol was missing an audio track regardless of existence of audio in the broadcast. This issue is now resolved.
TenantNew Tenant Admin UI2023-10-10
  • Partners can now create and view accounts through the Cloudflare dashboard by going to Tenants > Managed Accounts.
AI GatewayAI Gateway - 2023-10-092023-10-09
  • Logs: Logs will now be limited to the last 24h. If you have a use case that requires more logging, please reach out to the team on Discord.
  • Dashboard: Logs now refresh automatically.
  • Docs: Fixed Workers AI example in docs and dash.
  • Caching: Embedding requests are now cacheable. Rate limit will not apply for cached requests.
  • Bug Fixes: Identical requests to different providers are not wrongly served from cache anymore. Streaming now works as expected, including for the Universal endpoint.
  • Known Issues: There’s currently a bug with costs that we are investigating.
DDoS protectionHTTP ruleset - 2023-10-09 - Emergency2023-10-09For more details, refer to the dedicated page for HTTP ruleset - 2023-10-09 - Emergency.
WorkersWorkers - 2023-10-092023-10-09
QueuesMore queues per account - up to 10,0002023-10-07

Developers building on Queues can now create up to 10,000 queues per account, enabling easier per-user, per-job and sharding use-cases.

Refer to Limits to learn more about Queues’ current limits.

NotificationsNotifications - 2023-10-062023-10-06
  • Added Traffic Anomalies Alerts to notify customers when traffic to their domain has an unexpected spike or drop.
QueuesHigher consumer concurrency limits2023-10-05

Queue consumers can now scale to 20 concurrent invocations (per queue), up from 10. This allows you to scale out and process higher throughput queues more quickly.

Queues with no explicit limit specified will automatically scale to the new maximum.

This limit will continue to grow during the Queues beta.

D1Create up to 50,000 D1 databases2023-10-03

Developers using D1 on a Workers Paid plan can now create up to 50,000 databases as part of ongoing increases to D1’s limits.

  • This further enables database-per-user use-cases and allows you to isolate data between customers.
  • Total storage per account is now 50 GB.
  • D1’s analytics and metrics provide per-database usage data.

If you need to create more than 50,000 databases or need more per-account storage, reach out to the D1 team to discuss.

VectorizeIncreased indexes per account limits2023-10-03You can now create up to 100 Vectorize indexes per account. Read the limits documentation for details on other limits, many of which will increase during the beta period.
WAF2023-10-04 - Emergency2023-10-03For more details, refer to the dedicated page for 2023-10-04 - Emergency.
ZarazZaraz - 2023-10-032023-10-03
  • Bugfix: Fixed an issue that prevented some server-side requests from arriving to their destination
  • Google Analytics 4 Managed Component: Add support for dbg and ir fields.
WAF2023-10-022023-10-02For more details, refer to the dedicated page for 2023-10-02.
D1The D1 public beta is here2023-09-28

D1 is now in public beta, and storage limits have been increased:

  • Developers with a Workers Paid plan now have a 2 GB per-database limit (up from 500 MB) and can create 25 databases per account (up from 10). These limits will continue to increase automatically during the public beta.
  • Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.

Databases must be using D1’s new storage subsystem to benefit from the increased database limits.

Read the announcement blog for more details about what is new in the beta and what is coming in the future for D1.

HyperdriveHyperdrive now available2023-09-28

Hyperdrive is now available in public beta to any developer with a Workers paid plan.

To start using Hyperdrive, visit the get started guide or read the announcement blog to learn more.

NotificationsNotifications - 2023-09-282023-09-28
VectorizeVectorize now in open beta2023-09-27

Vectorize, Cloudflare’s vector database, is now in open beta. Vectorize allows you to store and efficiently query vector embeddings from AI/ML models from Workers AI, OpenAI, and other embeddings providers or machine-learning workflows.

To get started with Vectorize, see the guide.

StreamLL-HLS Beta2023-09-25

Low-Latency HTTP Live Streaming (LL-HLS) is now in open beta. Enable LL-HLS on your live input for automatic low-latency playback using the Stream built-in player where supported.

For more information, refer to live input and custom player docs.

DDoS protectionHTTP ruleset - 2023-09-24 - Emergency2023-09-24For more details, refer to the dedicated page for HTTP ruleset - 2023-09-24 - Emergency.
WAF2023-09-22 - Emergency2023-09-22For more details, refer to the dedicated page for 2023-09-22 - Emergency.
DDoS protectionHTTP ruleset - 2023-09-21 - Emergency2023-09-21For more details, refer to the dedicated page for HTTP ruleset - 2023-09-21 - Emergency.
Version ManagementSupport for Bot Management2023-09-20
WAF2023-09-182023-09-18For more details, refer to the dedicated page for 2023-09-18.
WorkersWorkers - 2023-09-142023-09-14
PagesSupport for D1’s new storage subsystem and build error message improvements2023-09-13
ZarazZaraz - 2023-09-132023-09-13
  • Consent Management: Add support for custom button translations.
  • Consent Management: Modal stays fixed when scrolling.
  • Google Analytics 4 Managed Component: hideOriginalIP and ga-audiences can be set from tool event.
ZarazZaraz - 2023-09-112023-09-11
  • Reddit Managed Component: Support new “Account ID” formats (e.g. “ax_xxxxx”).
RadarAdd Connection Tampering endpoints2023-09-08
Waiting RoomWaiting Room coverage for multiple hostnames and paths2023-09-06
ZarazZaraz - 2023-09-062023-09-06
  • Consent Management: Consent cookie name can now be customized.
DDoS protectionHTTP ruleset - 2023-09-05 - Emergency2023-09-05For more details, refer to the dedicated page for HTTP ruleset - 2023-09-05 - Emergency.
ZarazZaraz - 2023-09-052023-09-05
  • Segment Managed Component: API Endpoint can be customized.
WAF2023-09-042023-09-04For more details, refer to the dedicated page for 2023-09-04.
DDoS protectionHTTP ruleset - 2023-08-30 - Emergency2023-08-30For more details, refer to the dedicated page for HTTP ruleset - 2023-08-30 - Emergency.
DDoS protectionHTTP ruleset - 2023-08-29 - Emergency2023-08-29For more details, refer to the dedicated page for HTTP ruleset - 2023-08-29 - Emergency.
DDoS protectionHTTP ruleset - 2023-08-25 - Emergency2023-08-25For more details, refer to the dedicated page for HTTP ruleset - 2023-08-25 - Emergency.
TurnstileTurnstile - 2023-08-242023-08-24
NotificationsNotifications - 2023-08-232023-08-23
  • Added Logo Match Alert.
PagesCommit message limit increase2023-08-23
  • Commit messages can now be up to 384 characters before being trimmed.
WAF2023-08-212023-08-21For more details, refer to the dedicated page for 2023-08-21.
ZarazZaraz - 2023-08-212023-08-21
  • TikTok Managed Component: Support setting ttp and event_id.
  • Consent Management: Accessibility improvements.
  • Facebook Managed Component: Support for using “Limited Data Use” features.
D1Row count now returned per query2023-08-19

D1 now returns a count of rows_written and rows_read for every query executed, allowing you to assess the cost of query for both pricing and index optimization purposes.

The meta object returned in D1’s Client API contains a total count of the rows read (rows_read) and rows written (rows_written) by that query. For example, a query that performs a full table scan (for example, SELECT * FROM users) from a table with 5000 rows would return a rows_read value of 5000:

"meta": {
"duration": 0.20472300052642825,
"size_after": 45137920,
"rows_read": 5000,
"rows_written": 0
}

Refer to D1 pricing documentation to understand how reads and writes are measured. D1 remains free to use during the alpha period.

WAF2023-08-17 - Emergency2023-08-17For more details, refer to the dedicated page for 2023-08-17 - Emergency.
DDoS protectionHTTP ruleset - 2023-08-16 - Emergency2023-08-16For more details, refer to the dedicated page for HTTP ruleset - 2023-08-16 - Emergency.
DDoS protectionHTTP ruleset - 2023-08-142023-08-14For more details, refer to the dedicated page for HTTP ruleset - 2023-08-14.
RadarDeprecate old layer 3 dataset2023-08-14
DDoS protectionHTTP ruleset - 2023-08-11 - Emergency2023-08-11For more details, refer to the dedicated page for HTTP ruleset - 2023-08-11 - Emergency.
D1Bind D1 from the Cloudflare dashboard2023-08-09

You can now bind a D1 database to your Workers directly in the Cloudflare dashboard. To bind D1 from the Cloudflare dashboard, select your Worker project -> Settings -> Variables -> and select D1 Database Bindings.

Note: If you have previously deployed a Worker with a D1 database binding with a version of wrangler prior to 3.5.0, you must upgrade to wrangler v3.5.0 first before you can edit your D1 database bindings in the Cloudflare dashboard. New Workers projects do not have this limitation.

Legacy D1 alpha users who had previously prefixed their database binding manually with __D1_BETA__ should remove this as part of this upgrade. Your Worker scripts should call your D1 database via env.BINDING_NAME only. Refer to the latest D1 getting started guide for best practices.

We recommend all D1 alpha users begin using wrangler 3.5.0 (or later) to benefit from improved TypeScript types and future D1 API improvements.

StreamScheduled Deletion2023-08-08

Stream now supports adding a scheduled deletion date to new and existing videos. Live inputs support deletion policies for automatic recording deletion.

For more, refer to the video on demand or live input docs.

D1Per-database limit now 500 MB2023-08-01

Databases using D1’s new storage subsystem can now grow to 500 MB each, up from the previous 100 MB limit. This applies to both existing and newly created databases.

Refer to Limits to learn about D1’s limits.

PagesSupport for newer TLDs2023-08-01
  • Support newer TLDs such as .party and .music.
DDoS protectionHTTP ruleset - 2023-07-312023-07-31For more details, refer to the dedicated page for HTTP ruleset - 2023-07-31.
DDoS protectionNetwork-layer ruleset - 2023-07-312023-07-31For more details, refer to the dedicated page for Network-layer ruleset - 2023-07-31.
RadarFix HTTP timeseries endpoint urls2023-07-31
TurnstileTurnstile - 2023-07-312023-07-31
D1New default storage subsystem2023-07-27

Databases created via the Cloudflare dashboard and Wrangler (as of v3.4.0) now use D1’s new storage subsystem by default. The new backend can be 6 - 20x faster than D1’s original alpha backend.

To understand which storage subsystem your database uses, run wrangler d1 info YOUR_DATABASE and inspect the version field in the output.

Databases with version: beta use the new storage backend and support the Time Travel API. Databases with version: alpha only use D1’s older, legacy backend.

D1Time Travel2023-07-27

Time Travel is now available. Time Travel allows you to restore a D1 database back to any minute within the last 30 days (Workers Paid plan) or 7 days (Workers Free plan), at no additional cost for storage or restore operations.

Refer to the Time Travel documentation to learn how to travel backwards in time.

Databases using D1’s new storage subsystem can use Time Travel. Time Travel replaces the snapshot-based backups used for legacy alpha databases.

RadarAdd URL Scanner endpoints2023-07-20
WorkersWorkers - 2023-07-142023-07-14
PagesV2 build system enabled by default2023-07-11
  • V2 build system is now default for all new projects.
PagesSped up project creation2023-07-10
  • Sped up project creation.
WorkersWorkers - 2023-07-072023-07-07
  • An implementation of the process.env API from Node.js is now available when using the nodejs_compat compatibility flag.
  • An implementation of the diagnostics_channel API from Node.js is now available when using the nodejs_compat compatibility flag.
R2R2 - 2023-07-052023-07-05
  • Improved performance for ranged reads on very large files. Previously ranged reads near the end of very large files would be noticeably slower than ranged reads on smaller files. Performance should now be consistently good independent of filesize.
D1Metrics and analytics2023-06-28

You can now view per-database metrics via both the Cloudflare dashboard and the GraphQL Analytics API.

D1 currently exposes read & writes per second, query response size, and query latency percentiles.

WorkersWorkers - 2023-06-222023-06-22
R2R2 - 2023-06-212023-06-21
RadarAdd Quality endpoints2023-06-20
WorkersWorkers - 2023-06-192023-06-19
  • The TCP Sockets API now reports clearer errors when a connection cannot be established.
  • Updated V8 to 11.5.
D1Generated columns documentation2023-06-16New documentation has been published on how to use D1’s support for generated columns to define columns that are dynamically generated on write (or read). Generated columns allow you to extract data from JSON objects or use the output of other SQL functions.
R2R2 - 2023-06-162023-06-16
  • Fixed a bug where calling GetBucket on a non-existent bucket would return a 500 instead of a 404.
  • Improved S3 compatibility for ListObjectsV1, now nextmarker is only set when truncated is true.
  • The R2 worker bindings now support parsing conditional headers with multiple etags. These etags can now be strong, weak or a wildcard. Previously the bindings only accepted headers containing a single strong etag.
  • S3 putObject now supports sha256 and sha1 checksums. These were already supported by the R2 worker bindings.
  • CopyObject in the S3 compatible api now supports Cloudflare specific headers which allow the copy operation to be conditional on the state of the destination object.
D1Deprecating Error.cause2023-06-12

As of wrangler v3.1.1 the D1 client API now returns detailed error messages within the top-level Error.message property, and no longer requires developers to inspect the Error.cause.message property.

To facilitate a transition from the previous Error.cause behaviour, detailed error messages will continue to be populated within Error.cause as well as the top-level Error object until approximately July 14th, 2023. Future versions of both wrangler and the D1 client API will no longer populate Error.cause after this date.

WorkersWorkers - 2023-06-092023-06-09
RadarAdd BGP stats, pfx2as and moas endpoint2023-06-07
WorkersWorkers - 2023-05-262023-05-26
  • A new Hibernatable WebSockets API (beta) has been added to Durable Objects. The Hibernatable WebSockets API allows a Durable Object that is not currently running an event handler (for example, processing a WebSocket message or alarm) to be removed from memory while keeping its WebSockets connected (“hibernation”). A Durable Object that hibernates will not incur billable Duration (GB-sec) charges.
TurnstileTurnstile - 2023-05-252023-05-25
  • Added idempotency support for POST /siteverify requests via the idempotency_key parameter.
D1New experimental backend2023-05-19

D1 has a new experimental storage back end that dramatically improves query throughput, latency and reliability. The experimental back end will become the default back end in the near future. To create a database using the experimental backend, use wrangler and set the --experimental-backend flag when creating a database:

$ wrangler d1 create your-database --experimental-backend

Read more about the experimental back end in the announcement blog.

D1Location hints2023-05-19You can now provide a location hint when creating a D1 database, which will influence where the leader (writer) is located. By default, D1 will automatically create your database in a location close to where you issued the request to create a database. In most cases this allows D1 to choose the optimal location for your database on your behalf.
PagesBuild error message improvement2023-05-19
  • Builds which fail due to Out of memory (OOM) will return a proper error message indicating so rather than Internal error.
D1Query JSON2023-05-17New documentation has been published that covers D1’s extensive JSON function support. JSON functions allow you to parse, query and modify JSON directly from your SQL queries, reducing the number of round trips to your database, or data queried.
PagesV2 build system beta2023-05-17
PagesSupport for Smart Placement2023-05-16
StreamMultiple audio tracks now generally available2023-05-16

Stream supports adding multiple audio tracks to an existing video.

For more, refer to the documentation to get started.

WorkersWorkers - 2023-05-162023-05-16
  • The new connect() method allows you to connect to any TCP-speaking services directly from your Workers. To learn more about other protocols supported on the Workers platform, visit the new Protocols documentation.
  • We have added new native database integrations for popular serverless database providers, including Neon, PlanetScale, and Supabase. Native integrations automatically handle the process of creating a connection string and adding it as a Secret to your Worker.
  • You can now also connect directly to databases over TCP from a Worker, starting with PostgreSQL. Support for PostgreSQL is based on the popular pg driver, and allows you to connect to any PostgreSQL instance over TLS from a Worker directly.
  • The R2 Migrator (Super Slurper), which automates the process of migrating from existing object storage providers to R2, is now Generally Available.
WorkersWorkers - 2023-05-152023-05-15
  • Cursor, an experimental AI assistant, trained to answer questions about Cloudflare’s Developer Platform, is now available to preview! Cursor can answer questions about Workers and the Cloudflare Developer Platform, and is itself built on Workers. You can read more about Cursor in the announcement blog.
WorkersWorkers - 2023-05-122023-05-12
RadarAdded IOS as an option for the OS parameter in all HTTP2023-05-10
WorkersWorkers - 2023-05-052023-05-05
  • The new nodeJsCompatModule type can be used with a Worker bundle to emulate a Node.js environment. Common Node.js globals such as process and Buffer will be present, and require('...') can be used to load Node.js built-ins without the node: specifier prefix.
  • Fixed an issue where websocket connections would be disconnected when updating workers. Now, only websockets connected to Durable Object instances are disconnected by updates to that Durable Object’s code.
WorkersWorkers - 2023-04-282023-04-28
  • The Web Crypto API now supports curves Ed25519 and X25519 defined in the Secure Curves specification.
  • The global connect method has been moved to a cloudflare:sockets module.
StreamPlayer Enhancement Properties2023-04-26

Cloudflare Stream now supports player enhancement properties.

With player enhancements, you can modify your video player to incorporate elements of your branding, such as your logo, and customize additional options to present to your viewers.

For more, refer to the documentation to get started.

NotificationsNotifications - 2023-04-192023-04-19
  • Added Maintenance Notification Alerts.
DDoS protectionNetwork-layer ruleset - 2023-04-172023-04-17For more details, refer to the dedicated page for Network-layer ruleset - 2023-04-17.
TurnstileTurnstile - 2023-04-172023-04-17
WorkersWorkers - 2023-04-142023-04-14
  • No externally-visible changes this week.
WorkersWorkers - 2023-04-102023-04-10
  • URL.canParse(...) is a new standard API for testing that an input string can be parsed successfully as a URL without the additional cost of creating and throwing an error.
  • The Workers-specific IdentityTransformStream and FixedLengthStream classes now support specifying a highWaterMark for the writable-side that is used for backpressure signaling using the standard writer.desiredSize/writer.ready mechanisms.
R2R2 - 2023-04-012023-04-01
QueuesConsumer concurrency (enabled)2023-03-28Queue consumers will now automatically scale up based on the number of messages being written to the queue. To control or limit concurrency, you can explicitly define a max_concurrency for your consumer.
WorkersWorkers - 2023-03-242023-03-24
  • Fixed a bug in Wrangler tail and and live logs on the dashboard that prevented the Administrator Read-Only and Workers Tail Read roles from successfully tailing Workers.
PagesGit projects can now see files uploaded2023-03-23
StreamLimits for downloadable MP4s for live recordings2023-03-21

Previously, generating a download for a live recording exceeding four hours resulted in failure.

To fix the issue, now video downloads are only available for live recordings under four hours. Live recordings exceeding four hours can still be played but cannot be downloaded.

PagesNotifications for Pages are now available2023-03-20
RadarAdd AS112 and email endpoints2023-03-20
R2R2 - 2023-03-162023-03-16
  • The ListParts API has been implemented and is available for use.
  • HTTP2 is now enabled by default for new custom domains linked to R2 buckets.
  • Object Lifecycles are now available for use.
  • Bug fix: Requests to public buckets will now return the Content-Encoding header for gzip files when Accept-Encoding: gzip is used.
QueuesConsumer concurrency (upcoming)2023-03-15

Queue consumers will soon automatically scale up concurrently as a queues’ backlog grows in order to keep overall message processing latency down. Concurrency will be enabled on all existing queues by 2023-03-28.

To opt-out, or to configure a fixed maximum concurrency, set max_concurrency = 1 in your wrangler.toml file or via the queues dashboard.

To opt-in, you do not need to take any action: your consumer will begin to scale out as needed to keep up with your message backlog. It will scale back down as the backlog shrinks, and/or if a consumer starts to generate a higher rate of errors. To learn more about how consumers scale, refer to the consumer concurrency documentation.

NotificationsNotifications - 2023-03-132023-03-13
  • Added Pages Alerts.
WorkersWorkers - 2023-03-092023-03-09
  • No externally-visible changes.
TurnstileTurnstile - 2023-03-062023-03-06
WorkersWorkers - 2023-03-062023-03-06
  • Workers Logpush now supports 300 characters per log line. This is an increase from the previous limit of 150 characters per line.
NotificationsNotifications - 2023-03-022023-03-02
  • Added Brand Protection Alerts.
QueuesExplicit acknowledgement (new feature)2023-03-02

You can now acknowledge individual messages with a batch by calling .ack() on a message.

This allows you to mark a message as delivered as you process it within a batch, and avoids the entire batch from being redelivered if your consumer throws an error during batch processing. This can be particularly useful when you are calling external APIs, writing messages to a database, or otherwise performing non-idempotent actions on individual messages within a batch.

QueuesHigher per-queue throughput2023-03-01The per-queue throughput limit has now been raised to 400 messages per second.
TurnstileTurnstile - 2023-02-152023-02-15
PagesAnalytics Engine now available in Functions2023-02-14
WorkersWorkers - 2023-02-062023-02-06
  • Fixed a bug where transferring large request bodies to a Durable Object was unexpectedly slow.
  • Previously, an error would be thrown when trying to access unimplemented standard Request and Response properties. Now those will be left as undefined.
TurnstileTurnstile - 2023-02-012023-02-01
R2R2 - 2023-01-272023-01-27
  • R2 authentication tokens created via the R2 token page are now scoped to a single account by default.
RadarUpdated IPv6 calculation method2023-01-23
  • IPv6 percentage started to be calculated as (IPv6 requests / requests for dual-stacked content), where as before it was calculated as (IPv6 requests / IPv4+IPv6 requests).
WorkersWorkers - 2023-01-132023-01-13
  • Durable Objects can now use jurisdictions with idFromName via a new subnamespace API.
  • V8 updated to 10.9.
RadarAdd new layer 3 dataset2023-01-11
PagesQueues now available in Functions2023-01-05
  • Added support for Queues producer in Functions.
StreamEarlier detection (and rejection) of non-video uploads2023-01-04

Cloudflare Stream now detects non-video content on upload using the POST API and returns a 400 Bad Request HTTP error with code 10059.

Previously, if you or one of your users attempted to upload a file that is not a video (ex: an image), the request to upload would appear successful, but then fail to be encoded later on.

With this change, Stream responds to the upload request with an error, allowing you to give users immediate feedback if they attempt to upload non-video content.

PagesAPI messaging update2022-12-15Updated all API messaging to be more helpful.
QueuessendBatch support2022-12-13The JavaScript API for Queue producers now includes a sendBatch method which supports sending up to 100 messages at a time.
QueuesIncreased per-account limits2022-12-12Queues now allows developers to create up to 100 queues per account, up from the initial beta limit of 10 per account. This limit will continue to increase over time.
TurnstileTurnstile - 2022-12-122022-12-12
StreamFaster mp4 downloads of live recordings2022-12-08Generating MP4 downloads of live stream recordings is now significantly faster. For more, refer to the docs.
R2R2 - 2022-12-072022-12-07
  • Fix CORS preflight requests for the S3 API, which allows using the S3 SDK in the browser.
  • Passing a range header to the get operation in the R2 bindings API should now work as expected.
DDoS protectionNetwork-layer ruleset - 2022-12-022022-12-02For more details, refer to the dedicated page for Network-layer ruleset - 2022-12-02.
PagesAbility to delete aliased deployments2022-12-01
  • Aliased deployments can now be deleted. If using the API, you will need to add the query parameter force=true.
R2R2 - 2022-11-302022-11-30
  • Requests with the header x-amz-acl: public-read are no longer rejected.
  • Fixed issues with wildcard CORS rules and presigned URLs.
  • Fixed an issue where ListObjects would time out during delimited listing of unicode-normalized keys.
  • S3 API’s PutBucketCors now rejects requests with unknown keys in the XML body.
  • Signing additional headers no longer breaks CORS preflight requests for presigned URLs.
StreamMultiple audio tracks (closed beta)2022-11-29

Stream now supports adding multiple audio tracks to an existing video upload. This allows you to:

  • Provide viewers with audio tracks in multiple languages
  • Provide dubbed audio tracks, or audio commentary tracks (ex: Director’s Commentary)
  • Allow your users to customize the customize the audio mix, by providing separate audio tracks for music, speech or other audio tracks.
  • Provide Audio Description tracks to ensure your content is accessible. ( WCAG 2.0 Guideline 1.2 1)

To request an invite to the beta, refer to this post.

StreamVP9 support for WebRTC live streams (beta)2022-11-22

Cloudflare Stream now supports VP9 when streaming using WebRTC (WHIP), currently in beta.

R2R2 - 2022-11-212022-11-21
  • Fixed a bug in ListObjects where startAfter would skip over objects with keys that have numbers right after the startAfter prefix.
  • Add worker bindings for multipart uploads.
PagesDeep linking to a Pages deployment2022-11-19
  • You can now deep-link to a Pages deployment in the dashboard with :pages-deployment. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project/:pages-deployment.
PagesFunctions GA and other updates2022-11-17
R2R2 - 2022-11-172022-11-17
  • Unconditionally return HTTP 206 on ranged requests to match behavior of other S3 compatible implementations.
  • Fixed a CORS bug where AllowedHeaders in the CORS config were being treated case-sensitively.
PagesService bindings now available in Functions2022-11-15
  • Service bindings are now available in Functions. For more details, refer to the docs.
TurnstileTurnstile - 2022-11-112022-11-11
R2R2 - 2022-11-082022-11-08
  • Copying multipart objects via CopyObject is re-enabled.
  • UploadPartCopy is re-enabled.
StreamReduced time to start WebRTC streaming and playback with Trickle ICE2022-11-08

Cloudflare Stream’s WHIP and WHEP implementations now support Trickle ICE, reducing the time it takes to initialize WebRTC connections, and increasing compatibility with WHIP and WHEP clients.

For more, refer to the docs.

StreamDeprecating the ‘per-video’ Analytics API2022-11-07

The “per-video” analytics API is being deprecated. If you still use this API, you will need to switch to using the GraphQL Analytics API by February 1, 2023. After this date, the per-video analytics API will be no longer available.

The GraphQL Analytics API provides the same functionality and more, with additional filters and metrics, as well as the ability to fetch data about multiple videos in a single request. Queries are faster, more reliable, and built on a shared analytics system that you can use across many Cloudflare products.

For more about this change and how to migrate existing API queries, refer to this post and the GraphQL Analytics API docs.

PagesAnsi color codes in build logs2022-11-03Build log now supports ansi color codes.
StreamCreate an unlimited number of live inputs2022-11-01

Cloudflare Stream now has no limit on the number of live inputs you can create. Stream is designed to allow your end-users to go live — live inputs can be created quickly on-demand via a single API request for each of user of your platform or app.

For more on creating and managing live inputs, get started with the docs.

R2R2 - 2022-10-282022-10-28
  • Multipart upload part sizes are always expected to be of the same size, but this enforcement is now done when you complete an upload instead of being done very time you upload a part.
  • Fixed a performance issue where concurrent multipart part uploads would get rejected.
TurnstileTurnstile - 2022-10-282022-10-28
R2R2 - 2022-10-262022-10-26
  • Fixed ranged reads for multipart objects with part sizes unaligned to 64KiB.
TurnstileTurnstile - 2022-10-242022-10-24
StreamMore accurate bandwidth estimates for live video playback2022-10-20

When playing live video, Cloudflare Stream now provides significantly more accurate estimates of the bandwidth needs of each quality level to client video players. This ensures that live video plays at the highest quality that viewers have adequate bandwidth to play.

As live video is streamed to Cloudflare, we transcode it to make it available to viewers at mulitple quality levels. During transcoding, we learn about the real bandwidth needs of each segment of video at each quality level, and use this to provide an estimate of the bandwidth requirements of each quality level the in HLS (.m3u8) and DASH (.mpd) manifests.

If a live stream contains content with low visual complexity, like a slideshow presentation, the bandwidth estimates provided in the HLS manifest will be lower, ensuring that the most viewers possible view the highest quality level, since it requires relatively little bandwidth. Conversely, if a live stream contains content with high visual complexity, like live sports with motion and camera panning, the bandwidth estimates provided in the HLS manifest will be higher, ensuring that viewers with inadequate bandwidth switch down to a lower quality level, and their playback does not buffer.

This change is particularly helpful if you’re building a platform or application that allows your end users to create their own live streams, where these end users have their own streaming software and hardware that you can’t control. Because this new functionality adapts based on the live video we receive, rather than just the configuration advertised by the broadcaster, even in cases where your end users’ settings are less than ideal, client video players will not receive excessively high estimates of bandwidth requirements, causing playback quality to decrease unnecessarily. Your end users don’t have to be OBS Studio experts in order to get high quality video playback.

No work is required on your end — this change applies to all live inputs, for all customers of Cloudflare Stream. For more, refer to the docs.

R2R2 - 2022-10-192022-10-19
  • HeadBucket now sets x-amz-bucket-region to auto in the response.
TurnstileTurnstile - 2022-10-132022-10-13
  • Added validation for action: /^[a-z0-9_-]{0,32}$/i
  • Added validation for cData: /^[a-z0-9_-]{0,255}$/i
TurnstileTurnstile - 2022-10-112022-10-11
R2R2 - 2022-10-062022-10-06
  • Temporarily disabled UploadPartCopy while we investigate an issue.
PagesDeep linking to a Pages project2022-10-05
  • You can now deep-link to a Pages project in the dashboard with :pages-project. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project.
StreamAV1 Codec support for live streams and recordings (beta)2022-10-05

Cloudflare Stream now supports playback of live videos and live recordings using the AV1 codec, which uses 46% less bandwidth than H.264.

For more, read the blog post.

R2R2 - 2022-09-292022-09-29
  • Fixed a CORS issue where Access-Control-Allow-Headers was not being set for preflight requests.
R2R2 - 2022-09-282022-09-28
  • Fixed a bug where CORS configuration was not being applied to S3 endpoint.
  • No-longer render the Access-Control-Expose-Headers response header if ExposeHeader is not defined.
  • Public buckets will no-longer return the Content-Range response header unless the response is partial.
  • Fixed CORS rendering for the S3 HeadObject operation.
  • Fixed a bug where no matching CORS configuration could result in a 403 response.
  • Temporarily disable copying objects that were created with multipart uploads.
  • Fixed a bug in the Workers bindings where an internal error was being returned for malformed ranged .get requests.
R2R2 - 2022-09-272022-09-27
  • CORS preflight responses and adding CORS headers for other responses is now implemented for S3 and public buckets. Currently, the only way to configure CORS is via the S3 API.
  • Fixup for bindings list truncation to work more correctly when listing keys with custom metadata that have " or when some keys/values contain certain multi-byte UTF-8 values.
  • The S3 GetObject operation now only returns Content-Range in response to a ranged request.
StreamWebRTC live streaming and playback (beta)2022-09-27

Cloudflare Stream now supports live video streaming over WebRTC, with sub-second latency, to unlimited concurrent viewers.

For more, read the blog post or the get started with example code in the docs.

R2R2 - 2022-09-192022-09-19
  • The R2 put() binding options can now be given an onlyIf field, similar to get(), that performs a conditional upload.
  • The R2 delete() binding now supports deleting multiple keys at once.
  • The R2 put() binding now supports user-specified SHA-1, SHA-256, SHA-384, SHA-512 checksums in options.
  • User-specified object checksums will now be available in the R2 get() and head() bindings response. MD5 is included by default for non-multipart uploaded objects.
StreamManually control when you start and stop simulcasting2022-09-15You can now enable and disable individual live outputs via the API or Stream dashboard, allowing you to control precisely when you start and stop simulcasting to specific destinations like YouTube and Twitch. For more, read the docs.
PagesIncreased domain limits2022-09-12

Previously, all plans had a maximum of 10 custom domains per project.

Now, the limits are:

  • Free: 100 custom domains.
  • Pro: 250 custom domains.
  • Business and Enterprise: 500 custom domains.
PagesSupport for _routes.json2022-09-08
  • Pages now offers support for _routes.json. For more details, refer to the documentation.
R2R2 - 2022-09-062022-09-06
  • The S3 CopyObject operation now includes x-amz-version-id and x-amz-copy-source-version-id in the response headers for consistency with other methods.
  • The ETag for multipart files uploaded until shortly after Open Beta uploaded now include the number of parts as a suffix.
PagesIncreased build log expiration time2022-08-25Build log expiration time increased from 2 weeks to 1 year.
R2R2 - 2022-08-172022-08-17
  • The S3 DeleteObjects operation no longer trims the space from around the keys before deleting. This would result in files with leading / trailing spaces not being able to be deleted. Additionally, if there was an object with the trimmed key that existed it would be deleted instead. The S3 DeleteObject operation was not affected by this.
  • Fixed presigned URL support for the S3 ListBuckets and ListObjects operations.
StreamUnique subdomain for your Stream Account2022-08-15

URLs in the Stream Dashboard and Stream API now use a subdomain specific to your Cloudflare Account: customer-{CODE}.cloudflarestream.com. This change allows you to:

  1. Use Content Security Policy (CSP) directives specific to your Stream subdomain, to ensure that only videos from your Cloudflare account can be played on your website.

  2. Allowlist only your Stream account subdomain at the network-level to ensure that only videos from a specific Cloudflare account can be accessed on your network.

No action is required from you, unless you use Content Security Policy (CSP) on your website. For more on CSP, read the docs.

PagesNew bindings supported2022-08-08
R2R2 - 2022-08-062022-08-06
  • Uploads will automatically infer the Content-Type based on file body if one is not explicitly set in the PutObject request. This functionality will come to multipart operations in the future.
StreamClip videos using the Stream API2022-08-02You can now change the start and end times of a video uploaded to Cloudflare Stream. For more information, refer to Clip videos.
R2R2 - 2022-07-302022-07-30
  • Fixed S3 conditionals to work properly when provided the LastModified date of the last upload, bindings fixes will come in the next release.
  • If-Match / If-None-Match headers now support arrays of ETags, Weak ETags and wildcard (*) as per the HTTP standard and undocumented AWS S3 behavior.
StreamLive inputs2022-07-26

The Live Inputs API now supports optional pagination, search, and filter parameters. For more information, refer to the Live Inputs API documentation.

R2R2 - 2022-07-212022-07-21
  • Added dummy implementation of the following operation that mimics the response that a basic AWS S3 bucket will return when first created: GetBucketAcl.
R2R2 - 2022-07-202022-07-20
  • Added dummy implementations of the following operations that mimic the response that a basic AWS S3 bucket will return when first created:

    • GetBucketVersioning
    • GetBucketLifecycleConfiguration
    • GetBucketReplication
    • GetBucketTagging
    • GetObjectLockConfiguration
R2R2 - 2022-07-192022-07-19
  • Fixed an S3 compatibility issue for error responses with MinIO .NET SDK and any other tooling that expects no xmlns namespace attribute on the top-level Error tag.
  • List continuation tokens prior to 2022-07-01 are no longer accepted and must be obtained again through a new list operation.
  • The list() binding will now correctly return a smaller limit if too much data would otherwise be returned (previously would return an Internal Error).
R2R2 - 2022-07-142022-07-14
  • Improvements to 500s: we now convert errors, so things that were previously concurrency problems for some operations should now be TooMuchConcurrency instead of InternalError. We’ve also reduced the rate of 500s through internal improvements.
  • ListMultipartUpload correctly encodes the returned Key if the encoding-type is specified.
R2R2 - 2022-07-132022-07-13
  • S3 XML documents sent to R2 that have an XML declaration are not rejected with 400 Bad Request / MalformedXML.
  • Minor S3 XML compatibility fix impacting Arq Backup on Windows only (not the Mac version). Response now contains XML declaration tag prefix and the xmlns attribute is present on all top-level tags in the response.
  • Beta ListMultipartUploads support.
R2R2 - 2022-07-062022-07-06
  • Support the r2_list_honor_include compat flag coming up in an upcoming runtime release (default behavior as of 2022-07-14 compat date). Without that compat flag/date, list will continue to function implicitly as include: ['httpMetadata', 'customMetadata'] regardless of what you specify.
  • cf-create-bucket-if-missing can be set on a PutObject/CreateMultipartUpload request to implicitly create the bucket if it does not exist.
  • Fix S3 compatibility with MinIO client spec non-compliant XML for publishing multipart uploads. Any leading and trailing quotes in CompleteMultipartUpload are now optional and ignored as it seems to be the actual non-standard behavior AWS implements.
PagesAdded support for .dev.vars in wrangler pages2022-07-05

Pages now supports .dev.vars in wrangler pages, which allows you to use use environmental variables during your local development without chaining --envs.

This functionality requires Wrangler v2.0.16 or higher.

R2R2 - 2022-07-012022-07-01
  • Unsupported search parameters to ListObjects/ListObjectsV2 are now rejected with 501 Not Implemented.
  • Fixes for Listing:
    • Fix listing behavior when the number of files within a folder exceeds the limit (you’d end up seeing a CommonPrefix for that large folder N times where N = number of children within the CommonPrefix / limit).
    • Fix corner case where listing could cause objects with sharing the base name of a "folder" to be skipped.
    • Fix listing over some files that shared a certain common prefix.
  • DeleteObjects can now handle 1000 objects at a time.
  • S3 CreateBucket request can specify x-amz-bucket-object-lock-enabled with a value of false and not have the requested rejected with a NotImplemented error. A value of true will continue to be rejected as R2 does not yet support object locks.
R2R2 - 2022-06-172022-06-17
  • Fixed a regression for some clients when using an empty delimiter.
  • Added support for S3 pre-signed URLs.
R2R2 - 2022-06-162022-06-16
  • Fixed a regression in the S3 API UploadPart operation where TooMuchConcurrency & NoSuchUpload errors were being returned as NoSuchBucket.
PagesAdded deltas to wrangler pages publish2022-06-13

Pages has added deltas to wrangler pages publish.

We now keep track of the files that make up each deployment and intelligently only upload the files that we have not seen. This means that similar subsequent deployments should only need to upload a minority of files and this will hopefully make uploads even faster.

This functionality requires Wrangler v2.0.11 or higher.

R2R2 - 2022-06-132022-06-13
  • Fixed a bug with the S3 API ListObjectsV2 operation not returning empty folder/s as common prefixes when using delimiters.
  • The S3 API ListObjectsV2 KeyCount parameter now correctly returns the sum of keys and common prefixes rather than just the keys.
  • Invalid cursors for list operations no longer fail with an InternalError and now return the appropriate error message.
R2R2 - 2022-06-102022-06-10
  • The ContinuationToken field is now correctly returned in the response if provided in a S3 API ListObjectsV2 request.
  • Fixed a bug where the S3 API AbortMultipartUpload operation threw an error when called multiple times.
PagesAdded branch alias to PR comments2022-06-08
  • PR comments for Pages previews now include the branch alias.
R2R2 - 2022-05-272022-05-27
  • Fixed a bug where the S3 API’s PutObject or the .put() binding could fail but still show the bucket upload as successful.
  • If conditional headers are provided to S3 API UploadObject or CreateMultipartUpload operations, and the object exists, a 412 Precondition Failed status code will be returned if these checks are not met.
StreamPicture-in-Picture support2022-05-24

The Stream Player now displays a button to activate Picture-in-Picture mode, if the viewer’s web browser supports the Picture-in-Picture API.

R2R2 - 2022-05-202022-05-20
  • Fixed a bug when Accept-Encoding was being used in SignedHeaders when sending requests to the S3 API would result in a SignatureDoesNotMatch response.
R2R2 - 2022-05-172022-05-17
  • Fixed a bug where requests to the S3 API were not handling non-encoded parameters used for the authorization signature.
  • Fixed a bug where requests to the S3 API where number-like keys were being parsed as numbers instead of strings.
R2R2 - 2022-05-162022-05-16
  • Add support for S3 virtual-hosted style paths, such as <BUCKET>.<ACCOUNT_ID>.r2.cloudflarestorage.com instead of path-based routing (<ACCOUNT_ID>.r2.cloudflarestorage.com/<BUCKET>).
  • Implemented GetBucketLocation for compatibility with external tools, this will always return a LocationConstraint of auto.
StreamCreator ID property2022-05-13

During or after uploading a video to Stream, you can now specify a value for a new field, creator. This field can be used to identify the creator of the video content, linking the way you identify your users or creators to videos in your Stream account. For more, read the blog post.

R2R2 - 2022-05-062022-05-06
  • S3 API GetObject ranges are now inclusive (bytes=0-0 will correctly return the first byte).
  • S3 API GetObject partial reads return the proper 206 Partial Content response code.
  • Copying from a non-existent key (or from a non-existent bucket) to another bucket now returns the proper NoSuchKey / NoSuchBucket response.
  • The S3 API now returns the proper Content-Type: application/xml response header on relevant endpoints.
  • Multipart uploads now have a -N suffix on the etag representing the number of parts the file was published with.
  • UploadPart and UploadPartCopy now return proper error messages, such as TooMuchConcurrency or NoSuchUpload, instead of ‘internal error’.
  • UploadPart can now be sent a 0-length part.
R2R2 - 2022-05-052022-05-05
  • When using the S3 API, an empty string and us-east-1 will now alias to the auto region for compatibility with external tools.
  • GetBucketEncryption, PutBucketEncryption and DeleteBucketEncrypotion are now supported (the only supported value currently is AES256).
  • Unsupported operations are explicitly rejected as unimplemented rather than implicitly converting them into ListObjectsV2/PutBucket/DeleteBucket respectively.
  • S3 API CompleteMultipartUploads requests are now properly escaped.
R2R2 - 2022-05-032022-05-03
  • Pagination cursors are no longer returned when the keys in a bucket is the same as the MaxKeys argument.
  • The S3 API ListBuckets operation now accepts cf-max-keys, cf-start-after and cf-continuation-token headers behave the same as the respective URL parameters.
  • The S3 API ListBuckets and ListObjects endpoints now allow per_page to be 0.
  • The S3 API CopyObject source parameter now requires a leading slash.
  • The S3 API CopyObject operation now returns a NoSuchBucket error when copying to a non-existent bucket instead of an internal error.
  • Enforce the requirement for auto in SigV4 signing and the CreateBucket LocationConstraint parameter.
  • The S3 API CreateBucket operation now returns the proper location response header.
R2R2 - 2022-04-142022-04-14
  • The S3 API now supports unchunked signed payloads.
  • Fixed .put() for the Workers R2 bindings.
  • Fixed a regression where key names were not properly decoded when using the S3 API.
  • Fixed a bug where deleting an object and then another object which is a prefix of the first could result in errors.
  • The S3 API DeleteObjects operation no longer returns an error even though an object has been deleted in some cases.
  • Fixed a bug where startAfter and continuationToken were not working in list operations.
  • The S3 API ListObjects operation now correctly renders Prefix, Delimiter, StartAfter and MaxKeys in the response.
  • The S3 API ListObjectsV2 now correctly honors the encoding-type parameter.
  • The S3 API PutObject operation now works with POST requests for s3cmd compatibility.
R2R2 - 2022-04-042022-04-04
  • The S3 API DeleteObjects request now properly returns a MalformedXML error instead of InternalError when provided with more than 128 keys.
StreamAnalytics panel in Stream Dashboard2022-03-17The Stream Dashboard now has an analytics panel that shows the number of minutes of both live and recorded video delivered. This view can be filtered by Creator ID, Video UID, and Country. For more in-depth analytics data, refer to the bulk analytics documentation.
StreamCustom letterbox color configuration option for Stream Player2022-03-16The Stream Player can now be configured to use a custom letterbox color, displayed around the video (’letterboxing’ or ‘pillarboxing’) when the video’s aspect ratio does not match the player’s aspect ratio. Refer to the documentation on configuring the Stream Player here.
StreamSupport for SRT live streaming protocol2022-03-10

Cloudflare Stream now supports the SRT live streaming protocol. SRT is a modern, actively maintained streaming video protocol that delivers lower latency, and better resilience against unpredictable network conditions. SRT supports newer video codecs and makes it easier to use accessibility features such as captions and multiple audio tracks.

For more, read the blog post.

StreamFaster video quality switching in Stream Player2022-02-17When viewers manually change the resolution of video they want to receive in the Stream Player, this change now happens immediately, rather than once the existing resolution playback buffer has finished playing.
StreamVolume and playback controls accessible during playback of VAST Ads2022-02-09

When viewing ads in the VAST format in the Stream Player, viewers can now manually start and stop the video, or control the volume.

StreamDASH and HLS manifest URLs accessible in Stream Dashboard2022-01-25If you choose to use a third-party player with Cloudflare Stream, you can now easily access HLS and DASH manifest URLs from within the Stream Dashboard. For more about using Stream with third-party players, read the docs here.
StreamInput health status in the Stream Dashboard2022-01-22When a live input is connected, the Stream Dashboard now displays technical details about the connection, which can be used to debug configuration issues.
StreamLive viewer count in the Stream Player2022-01-06The Stream Player now shows the total number of people currently watching a video live.
StreamWebhook notifications for live stream connections events2022-01-04You can now configure Stream to send webhooks each time a live stream connects and disconnects. For more information, refer to the Webhooks documentation.
StreamFedRAMP Support2021-12-07

The Stream Player can now be served from a FedRAMP compliant subdomain.

Stream24/7 Live streaming support2021-11-23You can now use Cloudflare Stream for 24/7 live streaming.
StreamPersistent Live Stream IDs2021-11-17You can now start and stop live broadcasts without having to provide a new video UID to the Stream Player (or your own player) each time the stream starts and stops. Read the docs.
StreamMP4 video file downloads for live videos2021-10-14Once a live video has ended and been recorded, you can now give viewers the option to download an MP4 video file of the live recording. For more, read the docs here.
StreamServerless Live Streaming2021-09-30

Stream now supports live video content! For more information, read the blog post and get started by reading the docs.

StreamThumbnail previews in Stream Player seek bar2021-07-26The Stream Player now displays preview images when viewers hover their mouse over the seek bar, making it easier to skip to a specific part of a video.
StreamMP4 video file downloads (GA)2021-07-26All Cloudflare Stream customers can now give viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.
StreamStream Connect (open beta)2021-07-10

You can now opt-in to the Stream Connect beta, and use Cloudflare Stream to restream live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

StreamSimplified signed URL token generation2021-06-10You can now obtain a signed URL token via a single API request, without needing to generate signed tokens in your own application. Read the docs.
StreamStream Connect (closed beta)2021-06-08

You can now use Cloudflare Stream to restream or simulcast live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

StreamMP4 video file downloads (beta)2021-05-03You can now give your viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.
StreamPicture quality improvements2021-03-29Cloudflare Stream now encodes videos with fewer artifacts, resulting in improved video quality for your viewers.
StreamImproved client bandwidth hints for third-party video players2021-03-25If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.
StreamImproved client bandwidth hints for third-party video players2021-03-25If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.
StreamLess bandwidth, identical video quality2021-03-17Cloudflare Stream now delivers video using 3-10x less bandwidth, with no reduction in quality. This ensures faster playback for your viewers with less buffering, particularly when viewers have slower network connections.
StreamStream Player 2.0 (preview)2021-03-10

A brand new version of the Stream Player is now available for preview. New features include:

  • Unified controls across desktop and mobile devices
  • Keyboard shortcuts
  • Intelligent mouse cursor interactions with player controls
  • Phased out support for Internet Explorer 11

For more, refer to this post on the Cloudflare Community Forum.

StreamFaster video encoding2021-03-04Videos uploaded to Cloudflare Stream are now available to view 5x sooner, reducing the time your users wait between uploading and viewing videos.
StreamRemoved weekly upload limit, increased max video upload size2021-01-17You can now upload videos up to 30GB in size to Cloudflare Stream and also now upload an unlimited number of videos to Cloudflare Stream each week
StreamTus support for direct creator uploads2020-12-14

You can now use the tus protocol when allowing creators (your end users) to upload their own videos directly to Cloudflare Stream.

In addition, all uploads to Cloudflare Stream made using tus are now faster and more reliable as part of this change.

StreamMultiple audio track mixdown2020-12-09Videos with multiple audio tracks (ex: 5.1 surround sound) are now mixed down to stereo when uploaded to Stream. The resulting video, with stereo audio, is now playable in the Stream Player.
StreamStorage limit notifications2020-12-02Cloudflare now emails you if your account is using 75% or more of your prepaid video storage, so that you can take action and plan ahead.