--- title: Application security Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Application security ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Feb 04, 2025 1. ### [Updated leaked credentials database](https://developers.cloudflare.com/changelog/post/2025-02-04-updated-leaked-credentials-database/) [ WAF ](https://developers.cloudflare.com/waf/) Added new records to the leaked credentials database from a third-party database. Jan 29, 2025 1. ### [New Snippets Code Editor](https://developers.cloudflare.com/changelog/post/2025-01-29-snippets-code-editor/) [ Rules ](https://developers.cloudflare.com/rules/) The new [Snippets](https://developers.cloudflare.com/rules/snippets/) code editor lets you edit Snippet code and rule in one place, making it easier to test and deploy changes without switching between pages. ![New Snippets code editor](https://developers.cloudflare.com/_astro/snippets-new-editor.CaoIu2_-_Z2rsmyM.webp) What’s new: * **Single-page editing for code and rule** – No need to jump between screens. * **Auto-complete & syntax highlighting** – Get suggestions and avoid mistakes. * **Code formatting & refactoring** – Write cleaner, more readable code. Try it now in [Rules > Snippets ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/snippets). Jan 21, 2025 1. ### [WAF Release - 2025-01-21](https://developers.cloudflare.com/changelog/post/2025-01-21-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | ---------------------------- | --------------- | ---------- | -------------------------------- | | Cloudflare Managed Ruleset | ...b090ba9a | 100303 | Command Injection - Nslookup | Log | Block | This was released as ...b8d152f4 | | Cloudflare Managed Ruleset | ...49e6b538 | 100534 | Web Shell Activity | Log | Block | This was released as ...82fe4e7f | Jan 13, 2025 1. ### [WAF Release - 2025-01-13](https://developers.cloudflare.com/changelog/post/2025-01-13-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | --------------------------------------------------------------------------------------------- | --------------- | ---------- | ------------- | | Cloudflare Managed Ruleset | ...f49e5840 | 100704 | Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...a6d43bc2 | 100705 | Sentry - SSRF | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...ce6311bb | 100706 | Apache Struts - Remote Code Execution - CVE:CVE-2024-53677 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...2233da1f | 100707 | FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...e31d972a | 100007C\_BETA | Command Injection - Common Attack Commands | Disabled | | | Jan 09, 2025 1. ### [New Rules Overview Interface](https://developers.cloudflare.com/changelog/post/2025-01-09-rules-overview/) [ Rules ](https://developers.cloudflare.com/rules/) **Rules Overview** gives you a single page to manage all your [Cloudflare Rules](https://developers.cloudflare.com/rules/). What you can do: * **See all your rules in one place** – No more clicking around. * **Find rules faster** – Search by name. * **Understand execution order** – See how rules run in sequence. * **Debug easily** – Use [Trace](https://developers.cloudflare.com/rules/trace-request/) without switching tabs. Check it out in [Rules > Overview ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview). Jan 06, 2025 1. ### [WAF Release - 2025-01-06](https://developers.cloudflare.com/changelog/post/2025-01-06-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | ------------------- | ----------- | -------------- | --------------------------------------------------------------------------------------------------------- | --------------- | ---------- | ------------- | | Cloudflare Specials | ...9da08beb | 100678 | Pandora FMS - Remote Code Execution - CVE:CVE-2024-11320 | Log | Block | New Detection | | Cloudflare Specials | ...ecdf3d02 | 100679 | Palo Alto Networks - Remote Code Execution - CVE:CVE-2024-0012, CVE:CVE-2024-9474 | Log | Block | New Detection | | Cloudflare Specials | ...a40f2a35 | 100680 | Ivanti - Command Injection - CVE:CVE-2024-37397 | Log | Block | New Detection | | Cloudflare Specials | ...58ae3c89 | 100681 | Really Simple Security - Auth Bypass - CVE:CVE-2024-10924 | Log | Block | New Detection | | Cloudflare Specials | ...e37f2da6 | 100682 | Magento - XXE - CVE:CVE-2024-34102 | Log | Block | New Detection | | Cloudflare Specials | ...5054c752 | 100683 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51567 | Log | Block | New Detection | | Cloudflare Specials | ...dfe93d7b | 100684 | Microsoft SharePoint - Remote Code Execution - CVE:CVE-2024-38094, CVE:CVE-2024-38024, CVE:CVE-2024-38023 | Log | Block | New Detection | | Cloudflare Specials | ...1454c856 | 100685 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51568 | Log | Block | New Detection | | Cloudflare Specials | ...e92362e5 | 100686 | Seeyon - Remote Code Execution | Log | Block | New Detection | | Cloudflare Specials | ...b9f1c9f8 | 100687 | WordPress - Remote Code Execution - CVE:CVE-2024-10781, CVE:CVE-2024-10542 | Log | Block | New Detection | | Cloudflare Specials | ...0d7ca374 | 100688 | ProjectSend - Remote Code Execution - CVE:CVE-2024-11680 | Log | Block | New Detection | | Cloudflare Specials | ...a5260b70 | 100689 | Palo Alto GlobalProtect - Remote Code Execution - CVE:CVE-2024-5921 | Log | Block | New Detection | | Cloudflare Specials | ...d007118b | 100690 | Ivanti - Remote Code Execution - CVE:CVE-2024-37404 | Log | Block | New Detection | | Cloudflare Specials | ...c3e49f64 | 100691 | Array Networks - Remote Code Execution - CVE:CVE-2023-28461 | Log | Block | New Detection | | Cloudflare Specials | ...fcc6f5bb | 100692 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51378 | Log | Block | New Detection | | Cloudflare Specials | ...b615335e | 100693 | Symfony Profiler - Auth Bypass - CVE:CVE-2024-50340 | Log | Block | New Detection | | Cloudflare Specials | ...09d08c8a | 100694 | Citrix Virtual Apps - Remote Code Execution - CVE:CVE-2024-8069 | Log | Block | New Detection | | Cloudflare Specials | ...8aafb2f5 | 100695 | MSMQ Service - Remote Code Execution - CVE:CVE-2023-21554 | Log | Block | New Detection | | Cloudflare Specials | ...11b7a8c7 | 100696 | Nginxui - Remote Code Execution - CVE:CVE-2024-49368 | Log | Block | New Detection | | Cloudflare Specials | ...45954c7e | 100697 | Apache ShardingSphere - Remote Code Execution - CVE:CVE-2022-22733 | Log | Block | New Detection | | Cloudflare Specials | ...f5311209 | 100698 | Mitel MiCollab - Auth Bypass - CVE:CVE-2024-41713 | Log | Block | New Detection | | Cloudflare Specials | ...b3e5e46e | 100699 | Apache Solr - Auth Bypass - CVE:CVE-2024-45216 | Log | Block | New Detection | Dec 19, 2024 1. ### [Troubleshoot tunnels with diagnostic logs](https://developers.cloudflare.com/changelog/post/2024-12-19-diagnostic-logs/) [ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/) The latest `cloudflared` build [2024.12.2 ↗](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance. A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file. For more information, refer to [Diagnostic logs](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/). Dec 11, 2024 1. ### [Terraform Support for Snippets](https://developers.cloudflare.com/changelog/post/2024-12-11-terraform-snippets/) [ Rules ](https://developers.cloudflare.com/rules/) Now, you can manage [Cloudflare Snippets](https://developers.cloudflare.com/rules/snippets/) with [Terraform](https://developers.cloudflare.com/terraform/). Use infrastructure-as-code to deploy and update Snippet code and rules without manual changes in the dashboard. Example Terraform configuration: ``` resource "cloudflare_snippet" "my_snippet" { zone_id = "" name = "my_test_snippet_1" main_module = "file1.js" files { name = "file1.js" content = file("file1.js") } } resource "cloudflare_snippet_rules" "cookie_snippet_rule" { zone_id = "" rules { enabled = true expression = "http.cookie eq \"a=b\"" description = "Trigger snippet on specific cookie" snippet_name = "my_test_snippet_1" } depends_on = [cloudflare_snippet.my_snippet] } ``` Learn more in the [Configure Snippets using Terraform](https://developers.cloudflare.com/rules/snippets/create-terraform/) documentation. Nov 22, 2024 1. ### [Cloud Connector Now Supports R2](https://developers.cloudflare.com/changelog/post/2024-11-22-cloud-connector-r2/) [ Rules ](https://developers.cloudflare.com/rules/) Now, you can use [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) to route traffic to your [R2 buckets](https://developers.cloudflare.com/r2/) based on URLs, headers, geolocation, and more. Example setup: Terminal window ``` curl --request PUT \ "https://api.cloudflare.com/client/v4/zones/{zone_id}/cloud_connector/rules" \ --header "Authorization: Bearer " \ --header "Content-Type: application/json" \ --data '[ { "expression": "http.request.uri.path wildcard \"/images/*\"", "provider": "cloudflare_r2", "description": "Connect to R2 bucket containing images", "parameters": { "host": "mybucketcustomdomain.example.com" } } ]' ``` Get started using [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) documentation. Oct 23, 2024 1. ### [Simplified UI for URL Rewrites](https://developers.cloudflare.com/changelog/post/2024-10-23-url-rewrites-wildcard/) [ Rules ](https://developers.cloudflare.com/rules/) It’s now easy to create **wildcard-based [URL Rewrites](https://developers.cloudflare.com/rules/transform/url-rewrite/)**. No need for complex functions—just define your patterns and go. ![Rules Overview Interface](https://developers.cloudflare.com/_astro/create-url-rewrite-rule.DIgpB8IB_ZNTjfK.webp) What’s improved: * **Full wildcard support** – Create rewrite patterns using intuitive interface. * **Simplified rule creation** – No need for complex functions. Try it via [creating a Rewrite URL rule in the dashboard](https://developers.cloudflare.com/rules/transform/url-rewrite/create-dashboard/#wildcard-pattern-parameters). Sep 05, 2024 1. ### [New Rules Templates for One-Click Rule Creation](https://developers.cloudflare.com/changelog/post/2024-09-05-rules-templates/) [ Rules ](https://developers.cloudflare.com/rules/) Now, you can create **common rule configurations** in just **one click** using Rules Templates. ![Rules Templates](https://developers.cloudflare.com/_astro/rules-templates.DAV0GOXF_Z2wOoyL.webp) What you can do: * **Pick a pre-built rule** – Choose from a library of templates. * **One-click setup** – Deploy best practices instantly. * **Customize as needed** – Adjust templates to fit your setup. Template cards are now also available directly in the rule builder for each product. Need more ideas? Check out the [Examples gallery](https://developers.cloudflare.com/rules/examples/) in our documentation.