--- title: Cloudflare One Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Cloudflare One ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Dec 19, 2024 1. ### [Troubleshoot tunnels with diagnostic logs](https://developers.cloudflare.com/changelog/post/2024-12-19-diagnostic-logs/) [ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/) The latest `cloudflared` build [2024.12.2 ↗](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance. A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file. For more information, refer to [Diagnostic logs](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/). Dec 17, 2024 1. ### [Establish BGP peering over Direct CNI circuits](https://developers.cloudflare.com/changelog/post/2024-12-17-bgp-support-cni/) [ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/) Magic WAN and Magic Transit customers can use the Cloudflare dashboard to configure and manage BGP peering between their networks and their Magic routing table when using a Direct CNI on-ramp. Using BGP peering allows customers to: * Automate the process of adding or removing networks and subnets. * Take advantage of failure detection and session recovery features. With this functionality, customers can: * Establish an eBGP session between their devices and the Magic WAN / Magic Transit service when connected via CNI. * Secure the session by MD5 authentication to prevent misconfigurations. * Exchange routes dynamically between their devices and their Magic routing table. Refer to [Magic WAN BGP peering](https://developers.cloudflare.com/cloudflare-wan/configuration/how-to/configure-routes/#configure-bgp-routes) or [Magic Transit BGP peering](https://developers.cloudflare.com/magic-transit/how-to/configure-routes/#configure-bgp-routes) to learn more about this feature and how to set it up. Dec 05, 2024 1. ### [Generate customized terraform files for building cloud network on-ramps](https://developers.cloudflare.com/changelog/post/2024-12-05-cloud-onramp-terraform/) [ Multi-Cloud Networking ](https://developers.cloudflare.com/multi-cloud-networking/) You can now generate customized terraform files for building cloud network on-ramps to [Magic WAN](https://developers.cloudflare.com/cloudflare-wan/). [Magic Cloud](https://developers.cloudflare.com/multi-cloud-networking/) can scan and discover existing network resources and generate the required terraform files to automate cloud resource deployment using their existing infrastructure-as-code workflows for cloud automation. You might want to do this to: * Review the proposed configuration for an on-ramp before deploying it with Cloudflare. * Deploy the on-ramp using your own infrastructure-as-code pipeline instead of deploying it with Cloudflare. For more details, refer to [Set up with Terraform](https://developers.cloudflare.com/multi-cloud-networking/cloud-on-ramps/#set-up-with-terraform). Nov 22, 2024 1. ### [Find security misconfigurations in your AWS cloud environment](https://developers.cloudflare.com/changelog/post/2024-11-22-cloud-data-extraction-aws/) [ CASB ](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/) You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/). You can also [connect your AWS compute account](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration. To connect a compute account to your AWS integration: 1. In [Cloudflare One ↗](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** \> **Integrations**. 2. Find and select your AWS integration. 3. Select **Open connection instructions**. 4. Follow the instructions provided to connect a new compute account. 5. Select **Refresh**. Nov 21, 2024 1. ### [Improved non-English keyboard support](https://developers.cloudflare.com/changelog/post/2024-11-21-non-english-keyboard/) [ Browser Isolation ](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/) You can now type in languages that use diacritics (like á or ç) and character-based scripts (such as Chinese, Japanese, and Korean) directly within the remote browser. The isolated browser now properly recognizes non-English keyboard input, eliminating the need to copy and paste content from a local browser or device. Nov 07, 2024 1. ### [Use Logpush for Email security user actions](https://developers.cloudflare.com/changelog/post/2024-11-07-logpush-user-actions/) [ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/) You can now send user action logs for Email security to an endpoint of your choice with Cloudflare Logpush. Filter logs matching specific criteria you have set or select from multiple fields you want to send. For all users, we will log the date and time, user ID, IP address, details about the message they accessed, and what actions they took. When creating a new Logpush job, remember to select **Audit logs** as the dataset and filter by: * **Field**: `"ResourceType"` * **Operator**: `"starts with"` * **Value**: `"email_security"`. ![Logpush-user-actions](https://developers.cloudflare.com/_astro/Logpush-User-Actions.D14fWgmq_CYM35.webp) For more information, refer to [Enable user action logs](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/email-security-logs/#enable-user-action-logs). This feature is available across all Email security packages: * **Enterprise** * **Enterprise + PhishGuard** Oct 02, 2024 1. ### [Search for custom rules using rule name and/or ID](https://developers.cloudflare.com/changelog/post/2024-10-02-custom-rule-search/) [ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/) The Magic Firewall dashboard now allows you to search custom rules using the rule name and/or ID. 1. Log into the [Cloudflare dashboard ↗](https://dash.cloudflare.com) and select your account. 2. Go to **Analytics & Logs** \> **Network Analytics**. 3. Select **Magic Firewall**. 4. Add a filter for **Rule ID**. ![Search for firewall rules with rule IDs](https://developers.cloudflare.com/_astro/search-with-rule-id.DJgzqgKk_2jJ9x8.webp) Additionally, the rule ID URL link has been added to Network Analytics. Oct 01, 2024 1. ### [Eliminate long-lived credentials and enhance SSH security with Cloudflare Access for Infrastructure](https://developers.cloudflare.com/changelog/post/2024-10-01-ssh-with-access-for-infrastructure/) [ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs. SSH with [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-device-client/). SSH with Access for Infrastructure enables you to: * **Author fine-grained policy** to control who may access your SSH servers, including specific ports, protocols, and SSH users. * **Monitor infrastructure access** with Access and SSH command logs, supporting regulatory compliance and providing visibility in case of security breach. * **Preserve your end users' workflows.** SSH with Access for Infrastructure supports native SSH clients and does not require any modifications to users’ SSH configs. ![Example of an infrastructure Access application](https://developers.cloudflare.com/_astro/infrastructure-app.BhpJOgxs_Z1M0wLH.webp) To get started, refer to [SSH with Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/). Jun 17, 2024 1. ### [Exchange user risk scores with Okta](https://developers.cloudflare.com/changelog/post/2024-06-17-okta-risk-exchange/) [ Risk Score ](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/) Beyond the controls in [Zero Trust](https://developers.cloudflare.com/cloudflare-one/), you can now [exchange user risk scores](https://developers.cloudflare.com/cloudflare-one/team-and-resources/users/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies. First, configure Cloudflare One to send user risk scores to Okta. 1. Set up the [Okta SSO integration](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/okta/). 2. In the [Cloudflare dashboard ↗](https://dash.cloudflare.com/), go to **Zero Trust** \> **Integrations** \> **Identity providers**. 3. In **Your identity providers**, locate your Okta integration and select **Edit**. 4. Turn on **Send risk score to Okta**. 5. Select **Save**. 6. Upon saving, Cloudflare One will display the well-known URL for your organization. Copy the value. Next, configure Okta to receive your risk scores. 1. On your Okta admin dashboard, go to **Security** \> **Device Integrations**. 2. Go to **Receive shared signals**, then select **Create stream**. 3. Name your integration. In **Set up integration with**, choose _Well-known URL_. 4. In **Well-known URL**, enter the well-known URL value provided by Cloudflare One. 5. Select **Create**. Jun 16, 2024 1. ### [Explore product updates for Cloudflare One](https://developers.cloudflare.com/changelog/post/2024-06-16-cloudflare-one/) [ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)[ Browser Isolation ](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/)[ CASB ](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)[ Digital Experience Monitoring ](https://developers.cloudflare.com/cloudflare-one/insights/dex/)[ Data Loss Prevention ](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/)[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)[ Multi-Cloud Networking ](https://developers.cloudflare.com/multi-cloud-networking/)[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)[ Network Flow ](https://developers.cloudflare.com/network-flow/)[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/)[ Risk Score ](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/)[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/) Welcome to your new home for product updates on [Cloudflare One](https://developers.cloudflare.com/cloudflare-one/). Our [new changelog](https://developers.cloudflare.com/changelog/) lets you read about changes in much more depth, offering in-depth examples, images, code samples, and even gifs. If you are looking for older product updates, refer to the following locations. Older product updates * [Access](https://developers.cloudflare.com/cloudflare-one/changelog/access/) * [Browser Isolation](https://developers.cloudflare.com/cloudflare-one/changelog/browser-isolation/) * [CASB](https://developers.cloudflare.com/cloudflare-one/changelog/casb/) * [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/changelog/tunnel/) * [Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/changelog/dlp/) * [Digital Experience Monitoring](https://developers.cloudflare.com/cloudflare-one/changelog/dex/) * [Email security](https://developers.cloudflare.com/cloudflare-one/changelog/email-security/) * [Gateway](https://developers.cloudflare.com/cloudflare-one/changelog/gateway/) * [Multi-Cloud Networking](https://developers.cloudflare.com/multi-cloud-networking/changelog/) * [Cloudflare Network Firewall](https://developers.cloudflare.com/cloudflare-network-firewall/changelog/) * [Magic Network Monitoring](https://developers.cloudflare.com/network-flow/changelog/) * [Magic Transit](https://developers.cloudflare.com/magic-transit/changelog/) * [Magic WAN](https://developers.cloudflare.com/cloudflare-wan/changelog/) * [Network Interconnect](https://developers.cloudflare.com/network-interconnect/changelog/) * [Risk score](https://developers.cloudflare.com/cloudflare-one/changelog/risk-score/) * [Cloudflare One Client](https://developers.cloudflare.com/changelog/cloudflare-one-client/)