 Skip to content
Cloudflare Docs

Changelog

New updates and improvements at Cloudflare.

Subscribe to RSS View RSS feeds
All products
hero image

  1. Investigate your Workers with the Query Builder in the new Observability dashboard

    Workers

    The Workers Observability dashboard offers a single place to investigate and explore your Workers Logs.

    The Overview tab shows logs from all your Workers in one place. The Invocations view groups logs together by invocation, which refers to the specific trigger that started the execution of the Worker (i.e. fetch). The Events view shows logs in the order they were produced, based on timestamp. Previously, you could only view logs for a single Worker.

    Workers Observability Overview Tab

    The Investigate tab presents a Query Builder, which helps you write structured queries to investigate and visualize your logs. The Query Builder can help answer questions such as:

    • Which paths are experiencing the most 5XX errors?
    • What is the wall time distribution by status code for my Worker?
    • What are the slowest requests, and where are they coming from?
    • Who are my top N users?
    Workers Observability Overview Tab

    The Query Builder can use any field that you store in your logs as a key to visualize, filter, and group by. Use the Query Builder to quickly access your data, build visualizations, save queries, and share them with your team.

    Workers Logs is now Generally Available

    Workers Logs is now Generally Available. With a small change to your Wrangler configuration, Workers Logs ingests, indexes, and stores all logs emitted from your Workers for up to 7 days.

    We've introduced a number of changes during our beta period, including:

    • Dashboard enhancements with customizable fields as columns in the Logs view and support for invocation-based grouping
    • Performance improvements to ensure no adverse impact
    • Public API endpoints for broader consumption

    The API documents three endpoints: list the keys in the telemetry dataset, run a query, and list the unique values for a key. For more, visit our REST API documentation.

    Visit the docs to learn more about the capabilities and methods exposed by the Query Builder. Start using Workers Logs and the Query Builder today by enabling observability for your Workers:

    {
      "observability": {
        "enabled": true,
        "logs": {
          "invocation_logs": true,
          "head_sampling_rate": 1 // optional. default = 1.
        }
      }
    }

  1. CPU time and Wall time now published for Workers Invocations

    Workers

    You can now observe and investigate the CPU time and Wall time for every Workers Invocations.

    You can use a Workers Logs filter to search for logs where Wall time exceeds 100ms.

    Workers Logs Wall Time Filter

    You can also use the Workers Observability Query Builder to find the median CPU time and median Wall time for all of your Workers.

    Query Builder filter

  1. WARP client for Windows (version 2025.2.664.0)

    Zero Trust WARP Client

    A new GA release for the Windows WARP client is now available on the stable releases downloads page.

    This release contains a hotfix for captive portal detection for the 2025.2.600.0 release.

    Changes and improvements

    • Fix to reduce the number of browser tabs opened during captive portal logins.

    Known issues

    • DNS resolution may be broken when the following conditions are all true:

      • WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
      • A custom DNS server address is configured on the primary network adapter.
      • The custom DNS server address on the primary network adapter is changed while WARP is connected.

      To work around this issue, reconnect the WARP client by toggling off and back on.

  1. WARP client for macOS (version 2025.2.664.0)

    Zero Trust WARP Client

    A new GA release for the macOS WARP client is now available on the stable releases downloads page.

    This release contains a hotfix for captive portal detection and PF state tables for the 2025.2.600.0 release.

    Changes and improvements

    • Fix to reduce the number of browser tabs opened during captive portal logins.
    • Improvement to exclude local DNS traffic entries from PF state table to reduce risk of connectivity issues from exceeding table capacity.

    Known issues

    • macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later.

  1. Local development support for Email Workers

    Email Routing

    Email Workers enables developers to programmatically take action on anything that hits their email inbox. If you're building with Email Workers, you can now test the behavior of an Email Worker script, receiving, replying and sending emails in your local environment using wrangler dev.

    Below is an example that shows you how you can receive messages using the email() handler and parse them using postal-mime:

    TypeScript
    import * as PostalMime from "postal-mime";
    

    export default {
      async email(message, env, ctx) {
        const parser = new PostalMime.default();
        const rawEmail = new Response(message.raw);
        const email = await parser.parse(await rawEmail.arrayBuffer());
        console.log(email);
      },
    };

    Now when you run npx wrangler dev, wrangler will expose a local /cdn-cgi/handler/email endpoint that you can POST email messages to and trigger your Worker's email() handler:

    Terminal window
    curl -X POST 'http://localhost:8787/cdn-cgi/handler/email' \
      --url-query 'from=sender@example.com' \
      --url-query 'to=recipient@example.com' \
      --header 'Content-Type: application/json' \
      --data-raw 'Received: from smtp.example.com (127.0.0.1)
            by cloudflare-email.com (unknown) id 4fwwffRXOpyR
            for <recipient@example.com>; Tue, 27 Aug 2024 15:50:20 +0000
    From: "John" <sender@example.com>
    Reply-To: sender@example.com
    To: recipient@example.com
    Subject: Testing Email Workers Local Dev
    Content-Type: text/html; charset="windows-1252"
    X-Mailer: Curl
    Date: Tue, 27 Aug 2024 08:49:44 -0700
    Message-ID: <6114391943504294873000@ZSH-GHOSTTY>
    

    Hi there'

    This is what you get in the console:

    {
      "headers": [
        {
          "key": "received",
          "value": "from smtp.example.com (127.0.0.1) by cloudflare-email.com (unknown) id 4fwwffRXOpyR for <recipient@example.com>; Tue, 27 Aug 2024 15:50:20 +0000"
        },
        { "key": "from", "value": "\"John\" <sender@example.com>" },
        { "key": "reply-to", "value": "sender@example.com" },
        { "key": "to", "value": "recipient@example.com" },
        { "key": "subject", "value": "Testing Email Workers Local Dev" },
        { "key": "content-type", "value": "text/html; charset=\"windows-1252\"" },
        { "key": "x-mailer", "value": "Curl" },
        { "key": "date", "value": "Tue, 27 Aug 2024 08:49:44 -0700" },
        {
          "key": "message-id",
          "value": "<6114391943504294873000@ZSH-GHOSTTY>"
        }
      ],
      "from": { "address": "sender@example.com", "name": "John" },
      "to": [{ "address": "recipient@example.com", "name": "" }],
      "replyTo": [{ "address": "sender@example.com", "name": "" }],
      "subject": "Testing Email Workers Local Dev",
      "messageId": "<6114391943504294873000@ZSH-GHOSTTY>",
      "date": "2024-08-27T15:49:44.000Z",
      "html": "Hi there\n",
      "attachments": []
    }

    Local development is a critical part of the development flow, and also works for sending, replying and forwarding emails. See our documentation for more information.

  1. Hyperdrive Free plan makes fast, global database access available to all

    Hyperdrive

    Hyperdrive is now available on the Free plan of Cloudflare Workers, enabling you to build Workers that connect to PostgreSQL or MySQL databases without compromise.

    Low-latency access to SQL databases is critical to building full-stack Workers applications. We want you to be able to build on fast, global apps on Workers, regardless of the tools you use. So we made Hyperdrive available for all, to make it easier to build Workers that connect to PostgreSQL and MySQL.

    If you want to learn more about how Hyperdrive works, read the deep dive on how Hyperdrive can make your database queries up to 4x faster.

    Hyperdrive provides edge connection setup and global connection pooling for optimal latencies.

    Visit the docs to get started with Hyperdrive for PostgreSQL or MySQL.

  1. Hyperdrive introduces support for MySQL and MySQL-compatible databases

    Hyperdrive

    Hyperdrive now supports connecting to MySQL and MySQL-compatible databases, including Amazon RDS and Aurora MySQL, Google Cloud SQL for MySQL, Azure Database for MySQL, PlanetScale and MariaDB.

    Hyperdrive makes your regional, MySQL databases fast when connecting from Cloudflare Workers. It eliminates unnecessary network roundtrips during connection setup, pools database connections globally, and can cache query results to provide the fastest possible response times.

    Best of all, you can connect using your existing drivers, ORMs, and query builders with Hyperdrive's secure credentials, no code changes required.

    TypeScript
    import { createConnection } from "mysql2/promise";
    

    export interface Env {
      HYPERDRIVE: Hyperdrive;
    }
    

    export default {
      async fetch(request, env, ctx): Promise<Response> {
        const connection = await createConnection({
          host: env.HYPERDRIVE.host,
          user: env.HYPERDRIVE.user,
          password: env.HYPERDRIVE.password,
          database: env.HYPERDRIVE.database,
          port: env.HYPERDRIVE.port,
          disableEval: true, // Required for Workers compatibility
        });
    

        const [results, fields] = await connection.query("SHOW tables;");
    

        ctx.waitUntil(connection.end());
    

        return new Response(JSON.stringify({ results, fields }), {
          headers: {
            "Content-Type": "application/json",
            "Access-Control-Allow-Origin": "*",
          },
        });
      },
    } satisfies ExportedHandler<Env>;

    Learn more about how Hyperdrive works and get started building Workers that connect to MySQL with Hyperdrive.

  1. Deploy a Workers application in seconds with one-click

    Workers

    You can now add a Deploy to Cloudflare button to the README of your Git repository containing a Workers application — making it simple for other developers to quickly set up and deploy your project!

    Deploy to Cloudflare

    The Deploy to Cloudflare button:

    1. Creates a new Git repository on your GitHub/ GitLab account: Cloudflare will automatically clone and create a new repository on your account, so you can continue developing.
    2. Automatically provisions resources the app needs: If your repository requires Cloudflare primitives like a Workers KV namespace, a D1 database, or an R2 bucket, Cloudflare will automatically provision them on your account and bind them to your Worker upon deployment.
    3. Configures Workers Builds (CI/CD): Every new push to your production branch on your newly created repository will automatically build and deploy courtesy of Workers Builds.
    4. Adds preview URLs to each pull request: If you'd like to test your changes before deploying, you can push changes to a non-production branch and preview URLs will be generated and posted back to GitHub as a comment.
    Import repo or choose template

    To create a Deploy to Cloudflare button in your README, you can add the following snippet, including your Git repository URL:

    [![Deploy to Cloudflare](https://deploy.workers.cloudflare.com/button)](https://deploy.workers.cloudflare.com/?url=<YOUR_GIT_REPO_URL>)

    Check out our documentation for more information on how to set up a deploy button for your application and best practices to ensure a successful deployment for other developers.

  1. Full-stack frameworks are now Generally Available on Cloudflare Workers

    Workers Workers for Platforms
    Full-stack on Cloudflare Workers

    The following full-stack frameworks now have Generally Available ("GA") adapters for Cloudflare Workers, and are ready for you to use in production:

    The following frameworks are now in beta, with GA support coming very soon:

    You can also build complete full-stack apps on Workers without a framework:

    Get started building today with our framework guides, or read our Developer Week 2025 blog post about all the updates to building full-stack applications on Workers.

  1. The Cloudflare Vite plugin is now Generally Available

    Workers

    The Cloudflare Vite plugin has reached v1.0 and is now Generally Available ("GA").

    When you use @cloudflare/vite-plugin, you can use Vite's local development server and build tooling, while ensuring that while developing, your code runs in workerd, the open-source Workers runtime.

    This lets you get the best of both worlds for a full-stack app — you can use Hot Module Replacement from Vite right alongside Durable Objects and other runtime APIs and bindings that are unique to Cloudflare Workers.

    @cloudflare/vite-plugin is made possible by the new environment API in Vite, and was built in partnership with the Vite team.

    Framework support

    You can build any type of application with @cloudflare/vite-plugin, using any rendering mode, from single page applications (SPA) and static sites to server-side rendered (SSR) pages and API routes.

    React Router v7 (Remix) is the first full-stack framework to provide full support for Cloudflare Vite plugin, allowing you to use all parts of Cloudflare's developer platform, without additional build steps.

    You can also build complete full-stack apps on Workers without a framework"just use Vite" and React together, and build a back-end API in the same Worker. Follow our React SPA with an API tutorial to learn how.

    Configuration

    If you're already using Vite in your build and development toolchain, you can start using our plugin with minimal changes to your vite.config.ts:

    vite.config.ts
    import { defineConfig } from "vite";
    import { cloudflare } from "@cloudflare/vite-plugin";
    

    export default defineConfig({
      plugins: [cloudflare()],
    });

    Take a look at the documentation for our Cloudflare Vite plugin for more information!

  1. Improved support for Node.js Crypto and TLS APIs in Workers

    Workers

    When using a Worker with the nodejs_compat compatibility flag enabled, the following Node.js APIs are now available:

    This make it easier to reuse existing Node.js code in Workers or use npm packages that depend on these APIs.

    node:crypto

    The full node:crypto API is now available in Workers.

    You can use it to verify and sign data:

    JavaScript
    import { sign, verify } from "node:crypto";
    

    const signature = sign("sha256", "-data to sign-", env.PRIVATE_KEY);
    const verified = verify("sha256", "-data to sign-", env.PUBLIC_KEY, signature);

    Or, to encrypt and decrypt data:

    JavaScript
    import { publicEncrypt, privateDecrypt } from "node:crypto";
    

    const encrypted = publicEncrypt(env.PUBLIC_KEY, "some data");
    const plaintext = privateDecrypt(env.PRIVATE_KEY, encrypted);

    See the node:crypto documentation for more information.

    node:tls

    The following APIs from node:tls are now available:

    This enables secure connections over TLS (Transport Layer Security) to external services.

    JavaScript
    import { connect } from "node:tls";
    

    // ... in a request handler ...
    const connectionOptions = { key: env.KEY, cert: env.CERT };
    const socket = connect(url, connectionOptions, () => {
      if (socket.authorized) {
        console.log("Connection authorized");
      }
    });
    

    socket.on("data", (data) => {
      console.log(data);
    });
    

    socket.on("end", () => {
      console.log("server ends connection");
    });

    See the node:tls documentation for more information.

  1. Build MCP servers with the Agents SDK

    Agents Workers

    The Agents SDK now includes built-in support for building remote MCP (Model Context Protocol) servers directly as part of your Agent. This allows you to easily create and manage MCP servers, without the need for additional infrastructure or configuration.

    The SDK includes a new MCPAgent class that extends the Agent class and allows you to expose resources and tools over the MCP protocol, as well as authorization and authentication to enable remote MCP servers.

    JavaScript
    export class MyMCP extends McpAgent {
      server = new McpServer({
        name: "Demo",
        version: "1.0.0",
      });
    

      async init() {
        this.server.resource(`counter`, `mcp://resource/counter`, (uri) => {
          // ...
        });
    

        this.server.tool(
          "add",
          "Add two numbers together",
          { a: z.number(), b: z.number() },
          async ({ a, b }) => {
            // ...
          },
        );
      }
    }

    See the example for the full code and as the basis for building your own MCP servers, and the client example for how to build an Agent that acts as an MCP client.

    To learn more, review the announcement blog as part of Developer Week 2025.

    Agents SDK updates

    We've made a number of improvements to the Agents SDK, including:

    • Support for building MCP servers with the new MCPAgent class.
    • The ability to export the current agent, request and WebSocket connection context using import { context } from "agents", allowing you to minimize or avoid direct dependency injection when calling tools.
    • Fixed a bug that prevented query parameters from being sent to the Agent server from the useAgent React hook.
    • Automatically converting the agent name in useAgent or useAgentChat to kebab-case to ensure it matches the naming convention expected by routeAgentRequest.

    To install or update the Agents SDK, run npm i agents@latest in an existing project, or explore the agents-starter project:

    Terminal window
    npm create cloudflare@latest -- --template cloudflare/agents-starter

    See the full release notes and changelog on the Agents SDK repository and

  1. Create fully-managed RAG pipelines for your AI applications with AutoRAG

    AI Search Vectorize

    AutoRAG is now in open beta, making it easy for you to build fully-managed retrieval-augmented generation (RAG) pipelines without managing infrastructure. Just upload your docs to R2, and AutoRAG handles the rest: embeddings, indexing, retrieval, and response generation via API.

    AutoRAG open beta demo

    With AutoRAG, you can:

    • Customize your pipeline: Choose from Workers AI models, configure chunking strategies, edit system prompts, and more.
    • Instant setup: AutoRAG provisions everything you need from Vectorize, AI gateway, to pipeline logic for you, so you can go from zero to a working RAG pipeline in seconds.
    • Keep your index fresh: AutoRAG continuously syncs your index with your data source to ensure responses stay accurate and up to date.
    • Ask questions: Query your data and receive grounded responses via a Workers binding or API.

    Whether you're building internal tools, AI-powered search, or a support assistant, AutoRAG gets you from idea to deployment in minutes.

    Get started in the Cloudflare dashboard or check out the guide for instructions on how to build your RAG pipeline today.

  1. Browser Rendering REST API is Generally Available, with new endpoints and a free tier

    Browser Rendering

    We’re excited to announce Browser Rendering is now available on the Workers Free plan, making it even easier to prototype and experiment with web search and headless browser use-cases when building applications on Workers.

    The Browser Rendering REST API is now Generally Available, allowing you to control browser instances from outside of Workers applications. We've added three new endpoints to help automate more browser tasks:

    • Extract structured data – Use /json to retrieve structured data from a webpage.
    • Retrieve links – Use /links to pull all links from a webpage.
    • Convert to Markdown – Use /markdown to convert webpage content into Markdown format.

    For example, to fetch the Markdown representation of a webpage:

    Markdown example
    curl -X 'POST' 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/markdown' \
      -H 'Content-Type: application/json' \
      -H 'Authorization: Bearer <apiToken>' \
      -d '{
        "url": "https://example.com"
      }'

    For the full list of endpoints, check out our REST API documentation. You can also interact with Browser Rendering via the Cloudflare TypeScript SDK.

    We also recently landed support for Playwright in Browser Rendering for browser automation from Cloudflare Workers, in addition to Puppeteer, giving you more flexibility to test across different browser environments.

    Visit the Browser Rendering docs to learn more about how to use headless browsers in your applications.

  1. Durable Objects on Workers Free plan

    Durable Objects Workers

    Durable Objects can now be used with zero commitment on the Workers Free plan allowing you to build AI agents with Agents SDK, collaboration tools, and real-time applications like chat or multiplayer games.

    Durable Objects let you build stateful, serverless applications with millions of tiny coordination instances that run your application code alongside (in the same thread!) your durable storage. Each Durable Object can access its own SQLite database through a Storage API. A Durable Object class is defined in a Worker script encapsulating the Durable Object's behavior when accessed from a Worker. To try the code below, click the button:

    Deploy to Cloudflare

    JavaScript
    import { DurableObject } from "cloudflare:workers";
    

    // Durable Object
    export class MyDurableObject extends DurableObject {
      ...
      async sayHello(name) {
        return `Hello, ${name}!`;
      }
    }
    

    // Worker
    export default {
      async fetch(request, env) {
        // Every unique ID refers to an individual instance of the Durable Object class
        const id = env.MY_DURABLE_OBJECT.idFromName("foo");
    

        // A stub is a client used to invoke methods on the Durable Object
        const stub = env.MY_DURABLE_OBJECT.get(id);
    

        // Methods on the Durable Object are invoked via the stub
        const response = await stub.sayHello("world");
    

        return response;
      },
    };

    Free plan limits apply to Durable Objects compute and storage usage. Limits allow developers to build real-world applications, with every Worker request able to call a Durable Object on the free plan.

    For more information, checkout:

  1. SQLite in Durable Objects GA with 10GB storage per object

    Durable Objects Workers

    SQLite in Durable Objects is now generally available (GA) with 10GB SQLite database per Durable Object. Since the public beta in September 2024, we've added feature parity and robustness for the SQLite storage backend compared to the preexisting key-value (KV) storage backend for Durable Objects.

    SQLite-backed Durable Objects are recommended for all new Durable Object classes, using new_sqlite_classes Wrangler configuration. Only SQLite-backed Durable Objects have access to Storage API's SQL and point-in-time recovery methods, which provide relational data modeling, SQL querying, and better data management.

    JavaScript
    export class MyDurableObject extends DurableObject {
      sql: SqlStorage
      constructor(ctx: DurableObjectState, env: Env) {
        super(ctx, env);
        this.sql = ctx.storage.sql;
      }
    

      async sayHello() {
        let result = this.sql
          .exec("SELECT 'Hello, World!' AS greeting")
          .one();
        return result.greeting;
      }
    }

    KV-backed Durable Objects remain for backwards compatibility, and a migration path from key-value storage to SQL storage for existing Durable Object classes will be offered in the future.

    For more details on SQLite storage, checkout Zero-latency SQLite storage in every Durable Object blog.

  1. Capture up to 256 KB of log events in each Workers Invocation

    Workers

    You can now capture a maximum of 256 KB of log events per Workers invocation, helping you gain better visibility into application behavior.

    All console.log() statements, exceptions, request metadata, and headers are automatically captured during the Worker invocation and emitted as JSON object. Workers Logs deserializes this object before indexing the fields and storing them. You can also capture, transform, and export the JSON object in a Tail Worker.

    256 KB is a 2x increase from the previous 128 KB limit. After you exceed this limit, further context associated with the request will not be recorded in your logs.

    This limit is automatically applied to all Workers.

  1. Workflows is now Generally Available

    Workflows Workers

    Workflows is now Generally Available (or "GA"): in short, it's ready for production workloads. Alongside marking Workflows as GA, we've introduced a number of changes during the beta period, including:

    • A new waitForEvent API that allows a Workflow to wait for an event to occur before continuing execution.
    • Increased concurrency: you can run up to 4,500 Workflow instances concurrently — and this will continue to grow.
    • Improved observability, including new CPU time metrics that allow you to better understand which Workflow instances are consuming the most resources and/or contributing to your bill.
    • Support for vitest for testing Workflows locally and in CI/CD pipelines.

    Workflows also supports the new increased CPU limits that apply to Workers, allowing you to run more CPU-intensive tasks (up to 5 minutes of CPU time per instance), not including the time spent waiting on network calls, AI models, or other I/O bound tasks.

    Human-in-the-loop

    The new step.waitForEvent API allows a Workflow instance to wait on events and data, enabling human-in-the-the-loop interactions, such as approving or rejecting a request, directly handling webhooks from other systems, or pushing event data to a Workflow while it's running.

    Because Workflows are just code, you can conditionally execute code based on the result of a waitForEvent call, and/or call waitForEvent multiple times in a single Workflow based on what the Workflow needs.

    For example, if you wanted to implement a human-in-the-loop approval process, you could use waitForEvent to wait for a user to approve or reject a request, and then conditionally execute code based on the result.

    JavaScript
    import {
      WorkflowEntrypoint,
      WorkflowStep,
      WorkflowEvent,
    } from "cloudflare:workers";
    

    export class MyWorkflow extends WorkflowEntrypoint {
      async run(event, step) {
        // Other steps in your Workflow
        let stripeEvent = await step.waitForEvent(
          "receive invoice paid webhook from Stripe",
          { type: "stripe-webhook", timeout: "1 hour" },
        );
        // Rest of your Workflow
      }
    }

    You can then send a Workflow an event from an external service via HTTP or from within a Worker using the Workers API for Workflows:

    JavaScript
    export default {
      async fetch(req, env) {
        const instanceId = new URL(req.url).searchParams.get("instanceId");
        const webhookPayload = await req.json();
    

        let instance = await env.MY_WORKFLOW.get(instanceId);
        // Send our event, with `type` matching the event type defined in
        // our step.waitForEvent call
        await instance.sendEvent({
          type: "stripe-webhook",
          payload: webhookPayload,
        });
    

        return Response.json({
          status: await instance.status(),
        });
      },
    };

    Read the GA announcement blog to learn more about what landed as part of the Workflows GA.

  1. Playwright for Browser Rendering now available

    Browser Rendering

    We're excited to share that you can now use Playwright's browser automation capabilities from Cloudflare Workers.

    Playwright is an open-source package developed by Microsoft that can do browser automation tasks; it's commonly used to write software tests, debug applications, create screenshots, and crawl pages. Like Puppeteer, we forked Playwright and modified it to be compatible with Cloudflare Workers and Browser Rendering.

    Below is an example of how to use Playwright with Browser Rendering to test a TODO application using assertions:

    Assertion example
    import { launch, type BrowserWorker } from "@cloudflare/playwright";
    import { expect } from "@cloudflare/playwright/test";
    

    interface Env {
      MYBROWSER: BrowserWorker;
    }
    

    export default {
      async fetch(request: Request, env: Env) {
        const browser = await launch(env.MYBROWSER);
        const page = await browser.newPage();
    

        await page.goto("https://demo.playwright.dev/todomvc");
    

        const TODO_ITEMS = [
          "buy some cheese",
          "feed the cat",
          "book a doctors appointment",
        ];
    

        const newTodo = page.getByPlaceholder("What needs to be done?");
        for (const item of TODO_ITEMS) {
          await newTodo.fill(item);
          await newTodo.press("Enter");
        }
    

        await expect(page.getByTestId("todo-title")).toHaveCount(TODO_ITEMS.length);
    

        await Promise.all(
          TODO_ITEMS.map((value, index) =>
            expect(page.getByTestId("todo-title").nth(index)).toHaveText(value),
          ),
        );
      },
    };

    Playwright is available as an npm package at @cloudflare/playwright and the code is at GitHub.

    Learn more in our documentation.

  1. Workers Fetch API can override Cache Rules

    Cache / CDN

    You can now programmatically override Cache Rules using the cf object in the fetch() command. This feature gives you fine-grained control over caching behavior on a per-request basis, allowing Workers to customize cache settings dynamically based on request properties, user context, or business logic.

    How it works

    Using the cf object in fetch(), you can override specific Cache Rules settings by:

    1. Setting custom cache options: Pass cache properties in the cf object as the second argument to fetch() to override default Cache Rules.
    2. Dynamic cache control: Apply different caching strategies based on request headers, cookies, or other runtime conditions.
    3. Per-request customization: Bypass or modify Cache Rules for individual requests while maintaining default behavior for others.
    4. Programmatic cache management: Implement complex caching logic that adapts to your application's needs.

    What can be configured

    Workers can override the following Cache Rules settings through the cf object:

    • cacheEverything: Treat all content as static and cache all file types beyond the default cached content.
    • cacheTtl: Set custom time-to-live values in seconds for cached content at the edge, regardless of origin headers.
    • cacheTtlByStatus: Set different TTLs based on the response status code (for example, { "200-299": 86400, 404: 1, "500-599": 0 }).
    • cacheKey: Customize cache keys to control which requests are treated as the same for caching purposes (Enterprise only).
    • cacheTags: Append additional cache tags for targeted cache purging operations.

    Benefits

    • Enhanced flexibility: Customize cache behavior without modifying zone-level Cache Rules.
    • Dynamic optimization: Adjust caching strategies in real-time based on request context.
    • Simplified configuration: Reduce the number of Cache Rules needed by handling edge cases programmatically.
    • Improved performance: Fine-tune cache behavior for specific use cases to maximize hit rates.

    Get started

    To get started, refer to the Workers Fetch API documentation and the cf object properties documentation.

  1. All cache purge methods now available for all plans

    Cache / CDN

    You can now access all Cloudflare cache purge methods — no matter which plan you’re on. Whether you need to update a single asset or instantly invalidate large portions of your site’s content, you now have the same powerful tools previously reserved for Enterprise customers.

    Anyone on Cloudflare can now:

    1. Purge Everything: Clears all cached content associated with a website.
    2. Purge by Prefix: Targets URLs sharing a common prefix.
    3. Purge by Hostname: Invalidates content by specific hostnames.
    4. Purge by URL (single-file purge): Precisely targets individual URLs.
    5. Purge by Tag: Uses Cache-Tag response headers to invalidate grouped assets, offering flexibility for complex cache management scenarios.

    Want to learn how each purge method works, when to use them, or what limits apply to your plan? Dive into our purge cache documentation and API reference for all the details.

  1. WAF Release - 2025-04-02

    WAF
    RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
    Cloudflare Managed Ruleset 100732Sitecore - Code Injection - CVE:CVE-2025-27218LogBlockThis is a New Detection
    Cloudflare Managed Ruleset 100733

    Angular-Base64-Upload - Remote Code Execution - CVE:CVE-2024-42640

    		LogBlockThis is a New Detection
    Cloudflare Managed Ruleset 100734Apache Camel - Remote Code Execution - CVE:CVE-2025-29891LogDisabledThis is a New Detection
    Cloudflare Managed Ruleset 100735

    Progress Software WhatsUp Gold - Remote Code Execution - CVE:CVE-2024-4885

    		LogBlockThis is a New Detection
    Cloudflare Managed Ruleset 100737Apache Tomcat - Remote Code Execution - CVE:CVE-2025-24813LogBlockThis is a New Detection
    Cloudflare Managed Ruleset 100659Common Payloads for Server-side Template InjectionN/ADisabledN/A
    Cloudflare Managed Ruleset 100659Common Payloads for Server-side Template Injection - Base64N/ADisabledN/A
    Cloudflare Managed Ruleset 100642LDAP InjectionN/ADisabledN/A
    Cloudflare Managed Ruleset 100642LDAP Injection Base64N/ADisabledN/A
    Cloudflare Managed Ruleset 100005

    DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892, CVE:CVE-2022-31474

    		N/ADisabledN/A
    Cloudflare Managed Ruleset 100527Apache Struts - CVE:CVE-2021-31805N/ABlockN/A
    Cloudflare Managed Ruleset 100702Command Injection - CVE:CVE-2022-24108N/ABlockN/A
    Cloudflare Managed Ruleset 100622C

    Ivanti - Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887, CVE:CVE-2024-22024

    		N/ABlockN/A
    Cloudflare Managed Ruleset 100536CGraphQL Command InjectionN/ADisabledN/A
    Cloudflare Managed Ruleset 100536GraphQL InjectionN/ADisabledN/A
    Cloudflare Managed Ruleset 100536AGraphQL IntrospectionN/ADisabledN/A
    Cloudflare Managed Ruleset 100536BGraphQL SSRFN/ADisabledN/A
    Cloudflare Managed Ruleset 100559APrototype Pollution - Common PayloadsN/ADisabledN/A
    Cloudflare Managed Ruleset 100559APrototype Pollution - Common Payloads - Base64N/ADisabledN/A
    Cloudflare Managed Ruleset 100734Apache Camel - Remote Code Execution - CVE:CVE-2025-29891N/ADisabledN/A

  1. CASB and Email security

    Email security

    With Email security, you get two free CASB integrations.

    Use one SaaS integration for Email security to sync with your directory of users, take actions on delivered emails, automatically provide EMLs for reclassification requests for clean emails, discover CASB findings and more.

    With the other integration, you can have a separate SaaS integration for CASB findings for another SaaS provider.

    Refer to Add an integration to learn more about this feature.

    CASB-EmailSecurity

    This feature is available across these Email security packages:

    • Enterprise
    • Enterprise + PhishGuard

  1. WARP client for macOS (version 2025.2.600.0)

    Zero Trust WARP Client

    A new GA release for the macOS WARP client is now available on the stable releases downloads page.

    This release contains support for a new WARP setting, Global WARP override. It also includes significant improvements to our captive portal / public Wi-Fi detection logic. If you have experienced captive portal issues in the past, re-test and give this version a try.

    Changes and improvements

    • Improved captive portal detection to make more public networks compatible and have faster detection.
    • Improved error messages shown in the app.
    • WARP tunnel protocol details can now be viewed using the warp-cli tunnel stats command.
    • Fixed an issue with device revocation and re-registration when switching configurations.
    • Added a new Global WARP override setting. This setting puts account administrators in control of disabling and enabling WARP across all devices registered to an account from the dashboard. Global WARP override is disabled by default.

    Known issues

    • macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.3 or later.

  1. WARP client for Windows (version 2025.2.600.0)

    Zero Trust WARP Client

    A new GA release for the Windows WARP client is now available on the stable releases downloads page.

    This release contains support for a new WARP setting, Global WARP override. It also includes significant improvements to our captive portal / public Wi-Fi detection logic. If you have experienced captive portal issues in the past, re-test and give this version a try.

    Changes and improvements

    • Improved captive portal detection to make more public networks compatible and have faster detection.
    • Improved error messages shown in the app.
    • Added the ability to control if the WARP interface IPs are registered with DNS servers or not.
    • Removed DNS logs view from the Windows client GUI. DNS logs can be viewed as part of warp-diag or by viewing the log file on the user's local directory.
    • Fixed an issue that would result in a user receiving multiple re-authentication requests when waking their device from sleep.
    • WARP tunnel protocol details can now be viewed using the warp-cli tunnel stats command.
    • Improvements to Windows multi-user including support for fast user switching. If you are interested in testing this feature, reach out to your Cloudflare account team.
    • Fixed an issue with device revocation and re-registration when switching configurations.
    • Fixed an issue where DEX tests would run during certain sleep states where the networking stack was not fully up. This would result in failures that would be ignored.
    • Added a new Global WARP override setting. This setting puts account administrators in control of disabling and enabling WARP across all devices registered to an account from the dashboard. Global WARP override is disabled by default.

    Known issues

    • DNS resolution may be broken when the following conditions are all true:

      • WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
      • A custom DNS server address is configured on the primary network adapter.
      • The custom DNS server address on the primary network adapter is changed while WARP is connected.

      To work around this issue, reconnect the WARP client by toggling off and back on.

Search all changelog entries