---
title: Cloudflare One Changelog
image: https://developers.cloudflare.com/cf-twitter-card.png
---

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

Cloudflare One

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Mar 01, 2025
1. ### [Use Logpush for Email security detections](https://developers.cloudflare.com/changelog/post/2025-03-01-logpush-detections/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
You can now send detection logs to an endpoint of your choice with Cloudflare Logpush.  
Filter logs matching specific criteria you have set and select from over 25 fields you want to send. When creating a new Logpush job, remember to select **Email security alerts** as the dataset.  
![logpush-detections](https://developers.cloudflare.com/_astro/Logpush-Detections.Dc5tHta3_1PsIMk.webp)  
For more information, refer to [Enable detection logs](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/email-security-logs/#enable-detection-logs).  
This feature is available across these Email security packages:  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Feb 27, 2025
1. ### [Check status of Email security or Area 1](https://developers.cloudflare.com/changelog/post/2025-02-07-check-status/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
Concerns about performance for Email security or Area 1? You can now check the operational status of both on the [Cloudflare Status page ↗](https://www.cloudflarestatus.com/).  
For Email security, look under **Cloudflare Sites and Services**.  
   * **Dashboard** is the dashboard for Cloudflare, including Email security  
   * **Email security (Zero Trust)** is the processing of email  
   * **API** are the Cloudflare endpoints, including the ones for Email security  
For Area 1, under **Cloudflare Sites and Services**:  
   * **Area 1 - Dash** is the dashboard for Cloudflare, including Email security  
   * **Email security (Area1)** is the processing of email  
   * **Area 1 - API** are the Area 1 endpoints  
![Status-page](https://developers.cloudflare.com/_astro/Status-Page.DcFJ1286_2qTtkN.webp)  
This feature is available across these Email security packages:  
   * **Advantage**  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Feb 25, 2025
1. ### [Use DLP Assist for M365](https://developers.cloudflare.com/changelog/post/2025-02-25-dlp-assist-for-m365/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
Cloudflare Email security customers who have Microsoft 365 environments can quickly deploy an Email DLP (Data Loss Prevention) solution for free.  
Simply deploy our add-in, create a DLP policy in Cloudflare, and configure Outlook to trigger behaviors like displaying a banner, alerting end users before sending, or preventing delivery entirely.  
Refer to [Outbound Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/email-security/outbound-dlp/) to learn more about this feature.  
In GUI alert:  
![DLP-Alert](https://developers.cloudflare.com/_astro/DLP-Alert.5s-fbKn3_1xfB14.webp)  
Alert before sending:  
![DLP-Pop-up](https://developers.cloudflare.com/_astro/DLP-Pop-up.0gkYy7o5_ZgIo8K.webp)  
Prevent delivery:  
![DLP-Blocked](https://developers.cloudflare.com/_astro/DLP-Blocked.CmQkGrnM_ZewJi3.webp)  
This feature is available across these Email security packages:  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Feb 14, 2025
1. ### [Configure your Magic WAN Connector to connect via static IP assigment](https://developers.cloudflare.com/changelog/post/2025-02-14-local-console-access/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
You can now locally configure your [Magic WAN Connector](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/) to work in a static IP configuration.  
This local method does not require having access to a DHCP Internet connection. However, it does require being comfortable with using tools to access the serial port on Magic WAN Connector as well as using a serial terminal client to access the Connector's environment.  
For more details, refer to [WAN with a static IP address](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/configure-hardware-appliance/#bootstrap-via-serial-console).

Feb 07, 2025
1. ### [Open email links with Security Center](https://developers.cloudflare.com/changelog/post/2025-02-07-open-links-security-center/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
You can now investigate links in emails with Cloudflare Security Center to generate a report containing a myriad of technical details: a phishing scan, SSL certificate data, HTTP request and response data, page performance data, DNS records, what technologies and libraries the page uses, and more.  
![Open links in Security Center](https://developers.cloudflare.com/_astro/Open-Links-Security-Center.b-LJU4YB_2dBHq8.webp)  
From **Investigation**, go to **View details**, and look for the **Links identified** section. Select **Open in Security Center** next to each link. **Open in Security Center** allows your team to quickly generate a detailed report about the link with no risk to the analyst or your environment.  
For more details, refer to [Open links](https://developers.cloudflare.com/cloudflare-one/email-security/investigation/search-email/#open-links).  
This feature is available across these Email security packages:  
   * **Advantage**  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Feb 03, 2025
1. ### [Block files that are password-protected, compressed, or otherwise unscannable.](https://developers.cloudflare.com/changelog/post/2025-02-13-improvements-unscannable-files/)  
[ Data Loss Prevention ](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/)[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
Gateway HTTP policies can now block files that are password-protected, compressed, or otherwise unscannable.  
These unscannable files are now matched with the [Download and Upload File Types traffic selectors](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/#download-and-upload-file-types) for HTTP policies:  
   * Password-protected Microsoft Office document  
   * Password-protected PDF  
   * Password-protected ZIP archive  
   * Unscannable ZIP archive  
To get started inspecting and modifying behavior based on these and other rules, refer to [HTTP filtering](https://developers.cloudflare.com/cloudflare-one/traffic-policies/get-started/http/).

Jan 20, 2025
1. ### [Detect source code leaks with Data Loss Prevention](https://developers.cloudflare.com/changelog/post/2025-01-03-source-code-confidence-level/)  
[ Data Loss Prevention ](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/)  
You can now detect source code leaks with Data Loss Prevention (DLP) with predefined checks against common programming languages.  
The following programming languages are validated with natural language processing (NLP).  
   * C  
   * C++  
   * C#  
   * Go  
   * Haskell  
   * Java  
   * JavaScript  
   * Lua  
   * Python  
   * R  
   * Rust  
   * Swift  
DLP also supports confidence level for [source code profiles](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/dlp-profiles/predefined-profiles/#source-code).  
For more details, refer to [DLP profiles](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/dlp-profiles/).

Jan 15, 2025
1. ### [Export SSH command logs with Access for Infrastructure using Logpush](https://developers.cloudflare.com/changelog/post/2025-01-15-ssh-logs-and-logpush/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
Availability  
Only available on Enterprise plans.  
Cloudflare now allows you to send SSH command logs to storage destinations configured in [Logpush](https://developers.cloudflare.com/logs/logpush/), including third-party destinations. Once exported, analyze and audit the data as best fits your organization! For a list of available data fields, refer to the [SSH logs dataset](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/ssh%5Flogs/).  
To set up a Logpush job, refer to [Logpush integration](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/).

Dec 19, 2024
1. ### [Escalate user submissions](https://developers.cloudflare.com/changelog/post/2024-12-19-escalate-user-submissions/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
After you triage your users' submissions (that are machine reviewed), you can now escalate them to our team for reclassification (which are instead human reviewed). User submissions from the submission alias, PhishNet, and our API can all be escalated.  
![Escalate](https://developers.cloudflare.com/_astro/Escalate.CwXPIyM3_ZxuRN6.webp)  
From **Reclassifications**, go to **User submissions**. Select the three dots next to any of the user submissions, then select **Escalate** to create a team request for reclassification. The Cloudflare dashboard will then show you the submissions on the **Team Submissions** tab.  
Refer to [User submissions](https://developers.cloudflare.com/cloudflare-one/email-security/submissions/user-submissions/) to learn more about this feature.  
This feature is available across these Email security packages:  
   * **Advantage**  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Dec 19, 2024
1. ### [Increased transparency for phishing email submissions](https://developers.cloudflare.com/changelog/post/2024-12-19-reclassification-tab/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
You now have more transparency about team and user submissions for phishing emails through a **Reclassification** tab in the Zero Trust dashboard.  
Reclassifications happen when users or admins [submit a phish](https://developers.cloudflare.com/cloudflare-one/email-security/settings/phish-submissions/) to Email security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.  
This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.  
![Use the Reclassification area to review submitted phishing emails](https://developers.cloudflare.com/_astro/reclassifications-tab.yDgtjG51_Z1TVbIE.webp)

Dec 19, 2024
1. ### [Troubleshoot tunnels with diagnostic logs](https://developers.cloudflare.com/changelog/post/2024-12-19-diagnostic-logs/)  
[ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
The latest `cloudflared` build [2024.12.2 ↗](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance.  
A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file.  
For more information, refer to [Diagnostic logs](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/).

Dec 17, 2024
1. ### [Establish BGP peering over Direct CNI circuits](https://developers.cloudflare.com/changelog/post/2024-12-17-bgp-support-cni/)  
[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/)  
Magic WAN and Magic Transit customers can use the Cloudflare dashboard to configure and manage BGP peering between their networks and their Magic routing table when using a Direct CNI on-ramp.  
Using BGP peering allows customers to:  
   * Automate the process of adding or removing networks and subnets.  
   * Take advantage of failure detection and session recovery features.  
With this functionality, customers can:  
   * Establish an eBGP session between their devices and the Magic WAN / Magic Transit service when connected via CNI.  
   * Secure the session by MD5 authentication to prevent misconfigurations.  
   * Exchange routes dynamically between their devices and their Magic routing table.  
Refer to [Magic WAN BGP peering](https://developers.cloudflare.com/cloudflare-wan/configuration/manually/how-to/configure-routes/#configure-bgp-routes) or [Magic Transit BGP peering](https://developers.cloudflare.com/magic-transit/how-to/configure-routes/#configure-bgp-routes) to learn more about this feature and how to set it up.

Dec 05, 2024
1. ### [Generate customized terraform files for building cloud network on-ramps](https://developers.cloudflare.com/changelog/post/2024-12-05-cloud-onramp-terraform/)  
[ Multi-Cloud Networking ](https://developers.cloudflare.com/multi-cloud-networking/)  
You can now generate customized terraform files for building cloud network on-ramps to [Magic WAN](https://developers.cloudflare.com/cloudflare-wan/).  
[Magic Cloud](https://developers.cloudflare.com/multi-cloud-networking/) can scan and discover existing network resources and generate the required terraform files to automate cloud resource deployment using their existing infrastructure-as-code workflows for cloud automation.  
You might want to do this to:  
   * Review the proposed configuration for an on-ramp before deploying it with Cloudflare.  
   * Deploy the on-ramp using your own infrastructure-as-code pipeline instead of deploying it with Cloudflare.  
For more details, refer to [Set up with Terraform](https://developers.cloudflare.com/multi-cloud-networking/cloud-on-ramps/#set-up-with-terraform).

Nov 22, 2024
1. ### [Find security misconfigurations in your AWS cloud environment](https://developers.cloudflare.com/changelog/post/2024-11-22-cloud-data-extraction-aws/)  
[ CASB ](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/)  
You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/).  
You can also [connect your AWS compute account](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration.  
To connect a compute account to your AWS integration:  
   1. In [Cloudflare One ↗](https://one.dash.cloudflare.com), go to **Cloud & SaaS findings** \> **Integrations**.  
   2. Find and select your AWS integration.  
   3. Select **Open connection instructions**.  
   4. Follow the instructions provided to connect a new compute account.  
   5. Select **Refresh**.

Nov 21, 2024
1. ### [Improved non-English keyboard support](https://developers.cloudflare.com/changelog/post/2024-11-21-non-english-keyboard/)  
[ Browser Isolation ](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/)  
You can now type in languages that use diacritics (like á or ç) and character-based scripts (such as Chinese, Japanese, and Korean) directly within the remote browser. The isolated browser now properly recognizes non-English keyboard input, eliminating the need to copy and paste content from a local browser or device.

Nov 07, 2024
1. ### [Use Logpush for Email security user actions](https://developers.cloudflare.com/changelog/post/2024-11-07-logpush-user-actions/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
You can now send user action logs for Email security to an endpoint of your choice with Cloudflare Logpush.  
Filter logs matching specific criteria you have set or select from multiple fields you want to send. For all users, we will log the date and time, user ID, IP address, details about the message they accessed, and what actions they took.  
When creating a new Logpush job, remember to select **Audit logs** as the dataset and filter by:  
   * **Field**: `"ResourceType"`  
   * **Operator**: `"starts with"`  
   * **Value**: `"email_security"`.  
![Logpush-user-actions](https://developers.cloudflare.com/_astro/Logpush-User-Actions.D14fWgmq_CYM35.webp)  
For more information, refer to [Enable user action logs](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/email-security-logs/#enable-user-action-logs).  
This feature is available across all Email security packages:  
   * **Enterprise**  
   * **Enterprise + PhishGuard**

Oct 02, 2024
1. ### [Search for custom rules using rule name and/or ID](https://developers.cloudflare.com/changelog/post/2024-10-02-custom-rule-search/)  
[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)  
The Magic Firewall dashboard now allows you to search custom rules using the rule name and/or ID.  
   1. Log into the [Cloudflare dashboard ↗](https://dash.cloudflare.com) and select your account.  
   2. Go to **Analytics & Logs** \> **Network Analytics**.  
   3. Select **Magic Firewall**.  
   4. Add a filter for **Rule ID**.  
![Search for firewall rules with rule IDs](https://developers.cloudflare.com/_astro/search-with-rule-id.DJgzqgKk_2jJ9x8.webp)  
Additionally, the rule ID URL link has been added to Network Analytics.

Oct 01, 2024
1. ### [Eliminate long-lived credentials and enhance SSH security with Cloudflare Access for Infrastructure](https://developers.cloudflare.com/changelog/post/2024-10-01-ssh-with-access-for-infrastructure/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
Organizations can now eliminate long-lived credentials from their SSH setup and enable strong multi-factor authentication for SSH access, similar to other Access applications, all while generating access and command logs.  
SSH with [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/non-http/infrastructure-apps/) uses short-lived SSH certificates from Cloudflare, eliminating SSH key management and reducing the security risks associated with lost or stolen keys. It also leverages a common deployment model for Cloudflare One customers: [WARP-to-Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-device-client/).  
SSH with Access for Infrastructure enables you to:  
   * **Author fine-grained policy** to control who may access your SSH servers, including specific ports, protocols, and SSH users.  
   * **Monitor infrastructure access** with Access and SSH command logs, supporting regulatory compliance and providing visibility in case of security breach.  
   * **Preserve your end users' workflows.** SSH with Access for Infrastructure supports native SSH clients and does not require any modifications to users’ SSH configs.  
![Example of an infrastructure Access application](https://developers.cloudflare.com/_astro/infrastructure-app.BhpJOgxs_Z1M0wLH.webp)  
To get started, refer to [SSH with Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/ssh/ssh-infrastructure-access/).

Jun 17, 2024
1. ### [Exchange user risk scores with Okta](https://developers.cloudflare.com/changelog/post/2024-06-17-okta-risk-exchange/)  
[ Risk Score ](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/)  
Beyond the controls in [Zero Trust](https://developers.cloudflare.com/cloudflare-one/), you can now [exchange user risk scores](https://developers.cloudflare.com/cloudflare-one/team-and-resources/users/risk-score/#send-risk-score-to-okta) with Okta to inform SSO-level policies.  
First, configure Cloudflare One to send user risk scores to Okta.  
   1. Set up the [Okta SSO integration](https://developers.cloudflare.com/cloudflare-one/integrations/identity-providers/okta/).  
   2. In [Cloudflare One ↗](https://one.dash.cloudflare.com/), go to **Integrations** \> **Identity providers**.  
   3. In **Your identity providers**, locate your Okta integration and select **Edit**.  
   4. Turn on **Send risk score to Okta**.  
   5. Select **Save**.  
   6. Upon saving, Cloudflare One will display the well-known URL for your organization. Copy the value.  
Next, configure Okta to receive your risk scores.  
   1. On your Okta admin dashboard, go to **Security** \> **Device Integrations**.  
   2. Go to **Receive shared signals**, then select **Create stream**.  
   3. Name your integration. In **Set up integration with**, choose _Well-known URL_.  
   4. In **Well-known URL**, enter the well-known URL value provided by Cloudflare One.  
   5. Select **Create**.

Jun 16, 2024
1. ### [Explore product updates for Cloudflare One](https://developers.cloudflare.com/changelog/post/2024-06-16-cloudflare-one/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)[ Browser Isolation ](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/)[ CASB ](https://developers.cloudflare.com/cloudflare-one/integrations/cloud-and-saas/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)[ Digital Experience Monitoring ](https://developers.cloudflare.com/cloudflare-one/insights/dex/)[ Data Loss Prevention ](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/)[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)[ Multi-Cloud Networking ](https://developers.cloudflare.com/multi-cloud-networking/)[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)[ Network Flow ](https://developers.cloudflare.com/network-flow/)[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/)[ Risk Score ](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/)[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
Welcome to your new home for product updates on [Cloudflare One](https://developers.cloudflare.com/cloudflare-one/).  
Our [new changelog](https://developers.cloudflare.com/changelog/) lets you read about changes in much more depth, offering in-depth examples, images, code samples, and even gifs.  
If you are looking for older product updates, refer to the following locations.  
Older product updates  
   * [Access](https://developers.cloudflare.com/cloudflare-one/changelog/access/)  
   * [Browser Isolation](https://developers.cloudflare.com/cloudflare-one/changelog/browser-isolation/)  
   * [CASB](https://developers.cloudflare.com/cloudflare-one/changelog/casb/)  
   * [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/changelog/tunnel/)  
   * [Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/changelog/dlp/)  
   * [Digital Experience Monitoring](https://developers.cloudflare.com/cloudflare-one/changelog/dex/)  
   * [Email security](https://developers.cloudflare.com/cloudflare-one/changelog/email-security/)  
   * [Gateway](https://developers.cloudflare.com/cloudflare-one/changelog/gateway/)  
   * [Multi-Cloud Networking](https://developers.cloudflare.com/multi-cloud-networking/changelog/)  
   * [Cloudflare Network Firewall](https://developers.cloudflare.com/cloudflare-network-firewall/changelog/)  
   * [Magic Network Monitoring](https://developers.cloudflare.com/network-flow/changelog/)  
   * [Magic Transit](https://developers.cloudflare.com/magic-transit/changelog/)  
   * [Magic WAN](https://developers.cloudflare.com/cloudflare-wan/changelog/)  
   * [Network Interconnect](https://developers.cloudflare.com/network-interconnect/changelog/)  
   * [Risk score](https://developers.cloudflare.com/cloudflare-one/changelog/risk-score/)  
   * [Cloudflare One Client](https://developers.cloudflare.com/changelog/cloudflare-one-client/)

[Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)