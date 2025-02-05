 Skip to content
  1. AI Gateway adds Cerebras, ElevenLabs, and Cartesia as new providers

    AI Gateway

    AI Gateway has added three new providers: Cartesia, Cerebras, and ElevenLabs, giving you more even more options for providers you can use through AI Gateway. Here's a brief overview of each:

    • Cartesia provides text-to-speech models that produce natural-sounding speech with low latency.
    • Cerebras delivers low-latency AI inference to Meta's Llama 3.1 8B and Llama 3.3 70B models.
    • ElevenLabs offers text-to-speech models with human-like voices in 32 languages.
    Example of Cerebras log in AI Gateway

    To get started with AI Gateway, just update the base URL. Here's how you can send a request to Cerebras using cURL:

    Example fetch request
    curl -X POST https://gateway.ai.cloudflare.com/v1/ACCOUNT_TAG/GATEWAY/cerebras/chat/completions \
     --header 'content-type: application/json' \
     --header 'Authorization: Bearer CEREBRAS_TOKEN' \
     --data '{
        "model": "llama-3.3-70b",
        "messages": [
            {
                "role": "user",
                "content": "What is Cloudflare?"
            }
        ]
    }'

  1. Fight CSAM More Easily Than Ever

    Cache / CDN

    You can now implement our child safety tooling, the CSAM Scanning Tool, more easily. Instead of requiring external reporting credentials, you only need a verified email address for notifications to onboard. This change makes the tool more accessible to a wider range of customers.

    How It Works

    When enabled, the tool automatically hashes images for enabled websites as they enter the Cloudflare cache. These hashes are then checked against a database of known abusive images.

    • Potential match detected?
      • The content URL is blocked, and
      • Cloudflare will notify you about the found matches via the provided email address.

    Updated Service-Specific Terms

    We have also made updates to our Service-Specific Terms to reflect these changes.

  1. Expanded AI insights in Cloudflare Radar

    Radar

    Radar has expanded its AI insights with new API endpoints for Internet services rankings, robots.txt analysis, and AI inference data.

    Internet services ranking

    Radar now provides rankings for Internet services, including Generative AI platforms, based on anonymized 1.1.1.1 resolver data. Previously limited to the annual Year in Review, these insights are now available daily via the API, through the following endpoints:

    Robots.txt

    Radar now analyzes robots.txt files from the top 10,000 domains, identifying AI bot access rules. AI-focused user agents from ai.robots.txt are categorized as:

    • Fully allowed/disallowed if directives apply to all paths (*).
    • Partially allowed/disallowed if restrictions apply to specific paths.

    These insights are now available weekly via the API, through the following endpoints:

    Workers AI

    Radar now provides insights into public AI inference models from Workers AI, tracking usage trends across models and tasks. These insights are now available via the API, through the following endpoints:

    Learn more about the new Radar AI insights in our blog post.

  1. Updated leaked credentials database

    WAF

    Added new records to the leaked credentials database from a third-party database.

  1. Block files that are password-protected, compressed, or otherwise unscannable.

    Data Loss Prevention Gateway

    Gateway HTTP policies can now block files that are password-protected, compressed, or otherwise unscannable.

    These unscannable files are now matched with the Download and Upload File Types traffic selectors for HTTP policies:

    • Password-protected Microsoft Office document
    • Password-protected PDF
    • Password-protected ZIP archive
    • Unscannable ZIP archive

    To get started inspecting and modifying behavior based on these and other rules, refer to HTTP filtering.

  1. Terraform v5 Provider is now generally available

    Cloudflare Fundamentals Terraform
    Screenshot of Terraform defining a Zone

    Cloudflare's v5 Terraform Provider is now generally available. With this release, Terraform resources are now automatically generated based on OpenAPI Schemas. This change brings alignment across our SDKs, API documentation, and now Terraform Provider. The new provider boosts coverage by increasing support for API properties to 100%, adding 25% more resources, and more than 200 additional data sources. Going forward, this will also reduce the barriers to bringing more resources into Terraform across the broader Cloudflare API. This is a small, but important step to making more of our platform manageable through GitOps, making it easier for you to manage Cloudflare just like you do your other infrastructure.

    The Cloudflare Terraform Provider v5 is a ground-up rewrite of the provider and introduces breaking changes for some resource types. Please refer to the upgrade guide for best practices, or the blog post on automatically generating Cloudflare's Terraform Provider for more information about the approach.

    For more info

  1. Revamped Workers Metrics

    Workers

    We've revamped the Workers Metrics dashboard.

    Workers Metrics dashboard

    Now you can easily compare metrics across Worker versions, understand the current state of a gradual deployment, and review key Workers metrics in a single view. This new interface enables you to:

    • Drag-and-select using a graphical timepicker for precise metric selection.
    Workers Metrics graphical timepicker
    • Use histograms to visualize cumulative metrics, allowing you to bucket and compare rates over time.
    • Focus on Worker versions by directly interacting with the version numbers in the legend.
    Workers Metrics legend selector
    • Monitor and compare active gradual deployments.
    • Track error rates across versions with grouping both by version and by invocation status.
    • Measure how Smart Placement improves request duration.

    Learn more about metrics.

  1. Removed unused meta fields from DNS records

    DNS

    Cloudflare is removing five fields from the meta object of DNS records. These fields have been unused for more than a year and are no longer set on new records. This change may take up to four weeks to fully roll out.

    The affected fields are:

    • the auto_added boolean
    • the managed_by_apps boolean and corresponding apps_install_id
    • the managed_by_argo_tunnel boolean and corresponding argo_tunnel_id

    An example record returned from the API would now look like the following:

    Updated API Response
    {
      "result": {
        "id": "<ID>",
        "zone_id": "<ZONE_ID>",
        "zone_name": "example.com",
        "name": "www.example.com",
        "type": "A",
        "content": "192.0.2.1",
        "proxiable": true,
        "proxied": false,
        "ttl": 1,
        "locked": false,
        "meta": {
          "auto_added": false,
          "managed_by_apps": false,
          "managed_by_argo_tunnel": false,
          "source": "primary"
        },
        "comment": null,
        "tags": [],
        "created_on": "2025-03-17T20:37:05.368097Z",
        "modified_on": "2025-03-17T20:37:05.368097Z"
      },
      "success": true,
      "errors": [],
      "messages": []
    }

    For more guidance, refer to Manage DNS records.

  1. Workers for Platforms now supports Static Assets

    Workers for Platforms

    Workers for Platforms customers can now attach static assets (HTML, CSS, JavaScript, images) directly to User Workers, removing the need to host separate infrastructure to serve the assets.

    This allows your platform to serve entire front-end applications from Cloudflare's global edge, utilizing caching for fast load times, while supporting dynamic logic within the same Worker. Cloudflare automatically scales its infrastructure to handle high traffic volumes, enabling you to focus on building features without managing servers.

    What you can build

    Static Sites: Host and serve HTML, CSS, JavaScript, and media files directly from Cloudflare's network, ensuring fast loading times worldwide. This is ideal for blogs, landing pages, and documentation sites because static assets can be efficiently cached and delivered closer to the user, reducing latency and enhancing the overall user experience.

    Full-Stack Applications: Combine asset hosting with Cloudflare Workers to power dynamic, interactive applications. If you're an e-commerce platform, you can serve your customers' product pages and run inventory checks from within the same Worker.

    index.js
    export default {
      async fetch(request, env) {
        const url = new URL(request.url);
    

        // Check real-time inventory
        if (url.pathname === "/api/inventory/check") {
          const product = url.searchParams.get("product");
          const inventory = await env.INVENTORY_KV.get(product);
          return new Response(inventory);
        }
    

        // Serve static assets (HTML, CSS, images)
        return env.ASSETS.fetch(request);
      },
    };

    Get Started: Upload static assets using the Workers for Platforms API or Wrangler. For more information, visit our Workers for Platforms documentation.

  1. Transform HTML quickly with streaming content

    Workers

    You can now transform HTML elements with streamed content using HTMLRewriter.

    Methods like replace, append, and prepend now accept Response and ReadableStream values as Content.

    This can be helpful in a variety of situations. For instance, you may have a Worker in front of an origin, and want to replace an element with content from a different source. Prior to this change, you would have to load all of the content from the upstream URL and convert it into a string before replacing the element. This slowed down overall response times.

    Now, you can pass the Response object directly into the replace method, and HTMLRewriter will immediately start replacing the content as it is streamed in. This makes responses faster.

    index.js
    class ElementRewriter {
      async element(element) {
        // able to replace elements while streaming content
        // the fetched body is not buffered into memory as part
        // of the replace
        let res = await fetch("https://upstream-content-provider.example");
        element.replace(res);
      }
    }
    

    export default {
      async fetch(request, env, ctx) {
        let response = await fetch("https://site-to-replace.com");
        return new HTMLRewriter()
          .on("[data-to-replace]", new ElementRewriter())
          .transform(response);
      },
    };

    For more information, see the HTMLRewriter documentation.

  1. AI Gateway Introduces New Worker Binding Methods

    AI Gateway

    We have released new Workers bindings API methods, allowing you to connect Workers applications to AI Gateway directly. These methods simplify how Workers calls AI services behind your AI Gateway configurations, removing the need to use the REST API and manually authenticate.

    To add an AI binding to your Worker, include the following in your Wrangler configuration file:

    Add an AI binding to your Worker.

    With the new AI Gateway binding methods, you can now:

    • Send feedback and update metadata with patchLog.
    • Retrieve detailed log information using getLog.
    • Execute universal requests to any AI Gateway provider with run.

    For example, to send feedback and update metadata using patchLog:

    Send feedback and update metadata using patchLog:

  1. Increased Browser Rendering limits!

    Workers Browser Rendering

    Browser Rendering now supports 10 concurrent browser instances per account and 10 new instances per minute, up from the previous limits of 2.

    This allows you to launch more browser tasks from Cloudflare Workers.

    To manage concurrent browser sessions, you can use Queues or Workflows:

    index.js
    export default {
      async queue(batch, env) {
        for (const message of batch.messages) {
          const browser = await puppeteer.launch(env.BROWSER);
          const page = await browser.newPage();
    

          try {
            await page.goto(message.url, {
              waitUntil: message.waitUntil,
            });
            // Process page...
          } finally {
            await browser.close();
          }
        }
      },
    };

  1. Expanded language support for Stream AI Generated Captions

    Stream

    Stream's generated captions leverage Workers AI to automatically transcribe audio and provide captions to the player experience. We have added support for these languages:

    • cs - Czech
    • nl - Dutch
    • fr - French
    • de - German
    • it - Italian
    • ja - Japanese
    • ko - Korean
    • pl - Polish
    • pt - Portuguese
    • ru - Russian
    • es - Spanish

    For more information, learn about adding captions to videos.

  1. New Snippets Code Editor

    Rules

    The new Snippets code editor lets you edit Snippet code and rule in one place, making it easier to test and deploy changes without switching between pages.

    New Snippets code editor

    What’s new:

    • Single-page editing for code and rule – No need to jump between screens.
    • Auto-complete & syntax highlighting – Get suggestions and avoid mistakes.
    • Code formatting & refactoring – Write cleaner, more readable code.

    Try it now in Rules > Snippets.

  1. Automatic configuration for private databases on Hyperdrive

    Hyperdrive

    Hyperdrive now automatically configures your Cloudflare Tunnel to connect to your private database.

    Automatic configuration of Cloudflare Access and Service Token in the Cloudflare dashboard for Hyperdrive.

    When creating a Hyperdrive configuration for a private database, you only need to provide your database credentials and set up a Cloudflare Tunnel within the private network where your database is accessible. Hyperdrive will automatically create the Cloudflare Access, Service Token, and Policies needed to secure and restrict your Cloudflare Tunnel to the Hyperdrive configuration.

    To create a Hyperdrive for a private database, you can follow the Hyperdrive documentation. You can still manually create the Cloudflare Access, Service Token, and Policies if you prefer.

    This feature is available from the Cloudflare dashboard.

  1. Workers KV namespace limits increased to 1000

    KV

    You can now have up to 1000 Workers KV namespaces per account.

    Workers KV namespace limits were increased from 200 to 1000 for all accounts. Higher limits for Workers KV namespaces enable better organization of key-value data, such as by category, tenant, or environment.

    Consult the Workers KV limits documentation for the rest of the limits. This increased limit is available for both the Free and Paid Workers plans.

  1. Support for Node.js DNS, Net, and Timer APIs in Workers

    Workers

    When using a Worker with the nodejs_compat compatibility flag enabled, you can now use the following Node.js APIs:

    node:net

    You can use node:net to create a direct connection to servers via a TCP sockets with net.Socket.

    index.js
    import net from "node:net";
    

    const exampleIP = "127.0.0.1";
    

    export default {
      async fetch(req) {
        const socket = new net.Socket();
        socket.connect(4000, exampleIP, function () {
          console.log("Connected");
        });
    

        socket.write("Hello, Server!");
        socket.end();
    

        return new Response("Wrote to server", { status: 200 });
      },
    };

    Additionally, you can now use other APIs including net.BlockList and net.SocketAddress.

    Note that net.Server is not supported.

    node:dns

    You can use node:dns for name resolution via DNS over HTTPS using Cloudflare DNS at 1.1.1.1.

    index.js
    import dns from "node:dns";
    

    let response = await dns.promises.resolve4("cloudflare.com", "NS");

    All node:dns functions are available, except lookup, lookupService, and resolve which throw "Not implemented" errors when called.

    node:timers

    You can use node:timers to schedule functions to be called at some future period of time.

    This includes setTimeout for calling a function after a delay, setInterval for calling a function repeatedly, and setImmediate for calling a function in the next iteration of the event loop.

    index.js
    import timers from "node:timers";
    

    console.log("first");
    timers.setTimeout(() => {
      console.log("last");
    }, 10);
    

    timers.setTimeout(() => {
      console.log("next");
    });

  1. WAF Release - 2025-01-21

    WAF
    RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
    Cloudflare Managed Ruleset 100303Command Injection - NslookupLogBlock

    This was released as

    Cloudflare Managed Ruleset 100534Web Shell ActivityLogBlock

    This was released as

  1. Detect source code leaks with Data Loss Prevention

    Data Loss Prevention

    You can now detect source code leaks with Data Loss Prevention (DLP) with predefined checks against common programming languages.

    The following programming languages are validated with natural language processing (NLP).

    • C
    • C++
    • C#
    • Go
    • Haskell
    • Java
    • JavaScript
    • Lua
    • Python
    • R
    • Rust
    • Swift

    DLP also supports confidence level for source code profiles.

    For more details, refer to DLP profiles.

  1. Export SSH command logs with Access for Infrastructure using Logpush

    Access

    Cloudflare now allows you to send SSH command logs to storage destinations configured in Logpush, including third-party destinations. Once exported, analyze and audit the data as best fits your organization! For a list of available data fields, refer to the SSH logs dataset.

    To set up a Logpush job, refer to Logpush integration.

  1. Increased Workflows limits and improved instance queueing.

    Workflows

    Workflows (beta) now allows you to define up to 1024 steps. sleep steps do not count against this limit.

    We've also added:

    • instanceId as property to the WorkflowEvent type, allowing you to retrieve the current instance ID from within a running Workflow instance
    • Improved queueing logic for Workflow instances beyond the current maximum concurrent instances, reducing the cases where instances are stuck in the queued state.
    • Support for pause and resume for Workflow instances in a queued state.

    We're continuing to work on increases to the number of concurrent Workflow instances, steps, and support for a new waitForEvent API over the coming weeks.

  1. WAF Release - 2025-01-13

    WAF
    RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
    Cloudflare Managed Ruleset 100704

    Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953

    		LogBlockNew Detection
    Cloudflare Managed Ruleset 100705Sentry - SSRFLogBlockNew Detection
    Cloudflare Managed Ruleset 100706Apache Struts - Remote Code Execution - CVE:CVE-2024-53677LogBlockNew Detection
    Cloudflare Managed Ruleset 100707

    FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990

    		LogBlockNew Detection
    Cloudflare Managed Ruleset 100007C_BETACommand Injection - Common Attack CommandsDisabled

  1. New Rules Overview Interface

    Rules

    Rules Overview gives you a single page to manage all your Cloudflare Rules.

    Rules Overview Interface

    What you can do:

    • See all your rules in one place – No more clicking around.
    • Find rules faster – Search by name.
    • Understand execution order – See how rules run in sequence.
    • Debug easily – Use Trace without switching tabs.

    Check it out in Rules > Overview.

  1. Smart Tiered Cache optimizes Load Balancing Pools

    Cache / CDN

    You can now achieve higher cache hit rates and reduce origin load when using Load Balancing with Smart Tiered Cache. Cloudflare automatically selects a single, optimal tiered data center for all origins in your Load Balancing Pool.

    How it works

    When you use Load Balancing with Smart Tiered Cache, Cloudflare analyzes performance metrics across your pool's origins and automatically selects the optimal Upper Tier data center for the entire pool. This means:

    • Consistent cache location: All origins in the pool share the same Upper Tier cache.
    • Higher HIT rates: Requests for the same content hit the cache more frequently.
    • Reduced origin requests: Fewer requests reach your origin servers.
    • Improved performance: Faster response times for cache HITs.

    Example workflow

    Load Balancing Pool: api-pool
    ├── Origin 1: api-1.example.com
    ├── Origin 2: api-2.example.com
    └── Origin 3: api-3.example.com
        
    Selected Upper Tier: [Optimal data center based on pool performance]

    Get started

    To get started, enable Smart Tiered Cache on your zone and configure your Load Balancing Pool.

  1. 40-60% Faster D1 Worker API Requests

    D1

    Users making D1 requests via the Workers API can see up to a 60% end-to-end latency improvement due to the removal of redundant network round trips needed for each request to a D1 database.

    D1 Worker API latency

    p50, p90, and p95 request latency aggregated across entire D1 service. These latencies are a reference point and should not be viewed as your exact workload improvement.

    This performance improvement benefits all D1 Worker API traffic, especially cross-region requests where network latency is an outsized latency factor. For example, a user in Europe talking to a database in North America. D1 location hints can be used to influence the geographic location of a database.

    For more details on how D1 removed redundant round trips, see the D1 specific release note entry.

