---
title: Core platform Changelog
image: https://developers.cloudflare.com/cf-twitter-card.png
---

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

Core platform

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Aug 29, 2025
1. ### [Terraform v5.9 now available](https://developers.cloudflare.com/changelog/post/2025-08-29-terrform-v59-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a 2 week cadence to ensure its stability and reliability, including the v5.9 release. We have also pivoted from an issue-to-issue approach to a resource-per-resource approach - we will be focusing on specific resources for every release, stabilizing the release, and closing all associated bugs with that resource before moving onto resolving migration issues.  
Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.  
This release includes a new resource, `cloudflare_snippet`, which replaces `cloudflare_snippets`. `cloudflare_snippet` is now considered deprecated but can still be used. Please utilize `cloudflare_snippet` as soon as possible.  
#### Changes  
   * Resources stabilized:  
         * `cloudflare_zone_setting`  
         * `cloudflare_worker_script`  
         * `cloudflare_worker_route`  
         * `tiered_cache`  
   * **NEW** resource `cloudflare_snippet` which should be used in place of `cloudflare_snippets`. `cloudflare_snippets` is now deprecated. This enables the management of Cloudflare's snippet functionality through Terraform.  
   * DNS Record Improvements: Enhanced handling of DNS record drift detection  
   * Load Balancer Fixes: Resolved `created_on` field inconsistencies and improved pool configuration handling  
   * Bot Management: Enhanced auto-update model state consistency and fight mode configurations  
   * Other bug fixes  
For a more detailed look at all of the changes, refer to the[changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.9.0) in GitHub.  
#### Issues Closed  
   * [#5921: In cloudflare\_ruleset removing an existing rule causes recreation of later rules ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5921)  
   * [#5904: cloudflare\_zero\_trust\_access\_application is not idempotent ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5904)  
   * [#5898: (cloudflare\_workers\_script) Durable Object migrations not applied ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5898)  
   * [#5892: cloudflare\_workers\_script secret\_text environment variable gets replaced on every deploy ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5892)  
   * [#5891: cloudflare\_zone suddenly started showing drift ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5891)  
   * [#5882: cloudflare\_zero\_trust\_list always marked for change due to read only attributes ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5882)  
   * [#5879: cloudflare\_zero\_trust\_gateway\_certificate unable to manage resource (cant mark as active/inactive) ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5879)  
   * [#5858: cloudflare\_dns\_records is always updated in-place ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5858)  
   * [#5839: Recurring change on cloudflare\_zero\_trust\_gateway\_policy after upgrade to V5 provider & also setting expiration fails ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5839)  
   * [#5811: Reusable policies are imported as inline type for cloudflare\_zero\_trust\_access\_application ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5811)  
   * [#5795: cloudflare\_zone\_setting inconsistent value of "editable" upon apply ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5795)  
   * [#5789: Pagination issue fetching all policies in "cloudflare\_zero\_trust\_access\_policies" data source ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5789)  
   * [#5770: cloudflare\_zero\_trust\_access\_application type warp diff on every apply ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5770)  
   * [#5765: V5 / cloudflare\_zone\_dnssec fails with HTTP/400 "Malformed request body" ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5765)  
   * [#5755: Unable to manage Cloudflare managed WAF rules via Terraform ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5755)  
   * [#5738: v4 to v5 upgrade failing Error: no schema available AND Unable to Read Previously Saved State for UpgradeResourceState ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5738)  
   * [#5727: cloudflare\_ruleset http\_request\_cache\_settings bypass mismatch between dashboard and terraform ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5727)  
   * [#5700: cloudflare\_account\_member invalid type 'string' for field 'roles' ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5700)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new issue if one does not already exist for what you are experiencing.  
#### Upgrading  
We suggest holding off on migration to v5 while we work on stabilization. This help will you avoid any blocking issues while the Terraform resources are actively being stabilized.  
If you'd like more information on migrating from v4 to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition. These do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)  
   * [GitHub Repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare)

Aug 27, 2025
1. ### [Enhanced crawler insights and custom 402 responses](https://developers.cloudflare.com/changelog/post/2025-08-27-ai-crawl-control-launch/)  
[ AI Crawl Control ](https://developers.cloudflare.com/ai-crawl-control/)  
We improved AI crawler management with detailed analytics and introduced custom HTTP 402 responses for blocked crawlers. AI Audit has been renamed to AI Crawl Control and is now generally available.  
**Enhanced Crawlers tab:**  
   * View total allowed and blocked requests for each AI crawler  
   * Trend charts show crawler activity over your selected time range per crawler  
![Updated AI Crawl Control table showing request counts and trend charts](https://developers.cloudflare.com/_astro/ai-crawl-control-table.BDr0Qd-5_ZKex0W.webp)  
**Custom block responses (paid plans):**You can now return HTTP 402 "Payment Required" responses when blocking AI crawlers, enabling direct communication with crawler operators about licensing terms.  
For users on paid plans, when blocking AI crawlers you can configure:  
   * **Response code:** Choose between 403 Forbidden or 402 Payment Required  
   * **Response body:** Add a custom message with your licensing contact information  
![AI Crawl Control block response configuration interface](https://developers.cloudflare.com/_astro/ai-crawl-control-block-response.L4duQj7-_Z2mHb4X.webp)  
Example 402 response:  
```  
HTTP 402 Payment Required  
Date: Mon, 24 Aug 2025 12:56:49 GMT  
Content-type: application/json  
Server: cloudflare  
Cf-Ray: 967e8da599d0c3fa-EWR  
Cf-Team: 2902f6db750000c3fa1e2ef400000001  
{  
  "message": "Please contact the site owner for access."  
}  
```

Aug 22, 2025
1. ### [Audit logs (version 2) - Logpush Beta Release](https://developers.cloudflare.com/changelog/post/2025-08-22-audit-logs-v2-logpush/)  
[ Audit Logs ](https://developers.cloudflare.com/fundamentals/account/account-security/review-audit-logs/)  
[Audit Logs v2 dataset](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/audit%5Flogs%5Fv2/) is now available via Logpush.  
This expands on earlier releases of Audit Logs v2 in the [API](https://developers.cloudflare.com/changelog/2025-03-27-automatic-audit-logs-beta-release/) and [Dashboard UI](https://developers.cloudflare.com/changelog/2025-07-29-audit-logs-v2-ui-beta/).  
We recommend creating a new Logpush job for the Audit Logs v2 dataset.  
Timelines for General Availability (GA) of Audit Logs v2 and the retirement of Audit Logs v1 will be shared in upcoming updates.  
For more details on Audit Logs v2, refer to the [Audit Logs documentation ↗](https://developers.cloudflare.com/fundamentals/account/account-security/audit-logs/).

Aug 22, 2025
1. ### [Dedicated Egress IP for Logpush](https://developers.cloudflare.com/changelog/post/2025-08-22-dedicated-egress-ip-logpush/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
Cloudflare Logpush can now deliver logs from using fixed, dedicated egress IPs. By routing Logpush traffic through a Cloudflare zone enabled with [Aegis IP](https://developers.cloudflare.com/smart-shield/configuration/dedicated-egress-ips/), your log destination only needs to allow Aegis IPs making setup more secure.  
Highlights:  
   * Fixed egress IPs ensure your destination only accepts traffic from known addresses.  
   * Works with any supported Logpush destination.  
   * Recommended to use a dedicated zone as a proxy for easier management.  
To get started, work with your Cloudflare account team to provision Aegis IPs, then configure your Logpush job to deliver logs through the proxy zone. For full setup instructions, refer to the [Logpush documentation](https://developers.cloudflare.com/logs/logpush/logpush-job/enable-destinations/egress-ip/).

Aug 15, 2025
1. ### [Extended retention](https://developers.cloudflare.com/changelog/post/2025-08-15-extended-retention/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
Customers can now rely on Log Explorer to meet their log retention compliance requirements.  
Contract customers can choose to store their logs in Log Explorer for up to two years, at an additional cost of $0.10 per GB per month. Customers interested in this feature can contact their account team to have it added to their contract.

Aug 15, 2025
1. ### [Terraform v5.8.4 now available](https://developers.cloudflare.com/changelog/post/2025-08-15-terraform-v584-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare Community related to the v5 release. We have committed to releasing improvements on a two week cadence to ensure stability and reliability.  
One key change we adopted in recent weeks is a pivot to more comprehensive, test-driven development. We are still evaluating individual issues, but are also investing in much deeper testing to drive our stabilization efforts. We will subsequently be investing in comprehensive migration scripts. As a result, you will see several of the highest traffic APIs have been stabilized in the most recent release, and are supported by comprehensive acceptance tests.  
Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.  
#### Changes  
   * Resources stabilized:  
         * `cloudflare_argo_smart_routing`  
         * `cloudflare_bot_management`  
         * `cloudflare_list`  
         * `cloudflare_list_item`  
         * `cloudflare_load_balancer`  
         * `cloudflare_load_balancer_monitor`  
         * `cloudflare_load_balancer_pool`  
         * `cloudflare_spectrum_application`  
         * `cloudflare_managed_transforms`  
         * `cloudflare_url_normalization_settings`  
         * `cloudflare_snippet`  
         * `cloudflare_snippet_rules`  
         * `cloudflare_zero_trust_access_application`  
         * `cloudflare_zero_trust_access_group`  
         * `cloudflare_zero_trust_access_identity_provider`  
         * `cloudflare_zero_trust_access_mtls_certificate`  
         * `cloudflare_zero_trust_access_mtls_hostname_settings`  
         * `cloudflare_zero_trust_access_policy`  
         * `cloudflare_zone`  
   * Multipart handling restored for `cloudflare_snippet`  
   * `cloudflare_bot_management` diff issues resolves when running `terraform plan` and `terraform apply`  
   * Other bug fixes  
For a more detailed look at all of the changes, refer to the [changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.8.4) in GitHub.  
#### Issues Closed  
   * [#5017: 'Uncaught Error: No such module' using cloudflare\_snippets ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5017)  
   * [#5701: cloudflare\_workers\_script migrations for Durable Objects not recorded in tfstate; cannot be upgraded between versions ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5701)  
   * [#5640: cloudflare\_argo\_smart\_routing importing doesn't read the actual value ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5640)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
We suggest holding off on migration to v5 while we work on stablization. This help will you avoid any blocking issues while the Terraform resources are actively being stablized.  
If you'd like more information on migrating to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition. These migration scripts do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

Aug 13, 2025
1. ### [IBM Cloud Logs as Logpush destination](https://developers.cloudflare.com/changelog/post/2025-08-13-ibm-cloud-logs-destination/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
Cloudflare Logpush now supports IBM Cloud Logs as a native destination.  
Logs from Cloudflare can be sent to [IBM Cloud Logs ↗](https://www.ibm.com/products/cloud-logs) via [Logpush](https://developers.cloudflare.com/logs/logpush/). The setup can be done through the Logpush UI in the Cloudflare Dashboard or by using the [Logpush API](https://developers.cloudflare.com/api/resources/logpush/subresources/jobs/). The integration requires IBM Cloud Logs HTTP Source Address and an IBM API Key. The feature also allows for filtering events and selecting specific log fields.  
For more information, refer to [Destination Configuration](https://developers.cloudflare.com/logs/logpush/logpush-job/enable-destinations/ibm-cloud-logs/) documentation.

Aug 01, 2025
1. ### [Terraform v5.8.2 now available](https://developers.cloudflare.com/changelog/post/2025-08-01-terraform-v582-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high mumber of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a 2 week cadeance to ensure it's stability and reliability. We have also pivoted from an issue-to-issue approach to a resource-per-resource approach - we will be focusing on specific resources for every release, stablizing the release and closing all associated bugs with that resource before moving onto resolving migration issues.  
Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.  
#### Changes  
   * Resources stablized:  
         * `cloudflare_custom_pages`  
         * `cloudflare_page_rule`  
         * `cloudflare_dns_record`  
         * `cloudflare_argo_tiered_caching`  
   * Addressed chronic drift issues in `cloudflare_logpush_job`, `cloudflare_zero_trust_dns_location`, `cloudflare_ruleset` & `cloudflare_api_token`  
   * `cloudflare_zone_subscripton` returns expected values `rate_plan.id` from former versions  
   * `cloudflare_workers_script` can now successfully be destroyed with bindings & migration for Durable Objects now recorded in tfstate  
   * Ability to configure `add_headers` under `cloudflare_zero_trust_gateway_policy`  
   * Other bug fixes  
For a more detailed look at all of the changes, see the [changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.8.2) in GitHub.  
#### Issues Closed  
   * [#5666: cloudflare\_ruleset example lists id which is a read-only field ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5666)  
   * [#5578: cloudflare\_logpush\_job plan always suggests changes ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5578)  
   * [#5552: 5.4.0: Since provider update, existing cloudflare\_list\_item would be recreated "created" state ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5552)  
   * [#5670: cloudflare\_zone\_subscription: uses wrong ID field in Read/Update ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5670)  
   * [#5548: cloudflare\_api\_token resource always shows changes (drift) ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5548)  
   * [#5634: cloudflare\_workers\_script with bindings fails to be destroyed ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5634)  
   * [#5616: cloudflare\_workers\_script Unable to deploy worker assets ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5616)  
   * [#5331: cloudflare\_workers\_script 500 internal server error when uploading python ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5331)  
   * [#5701: cloudflare\_workers\_script migrations for Durable Objects not recorded in tfstate; cannot be upgraded between versions ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5701)  
   * [#5704: cloudflare\_workers\_script randomly fails to deploy when changing compatibility\_date ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5704)  
   * [#5439: cloudflare\_workers\_script (v5.2.0) ignoring content and bindings properties ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5439)  
   * [#5522: cloudflare\_workers\_script always detects changes after apply ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5522)  
   * [#5693: cloudflare\_zero\_trust\_access\_identity\_provider gives recurring change on OTP pin login ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5693)  
   * [#5567: cloudflare\_r2\_custom\_domain doesn't roundtrip jurisdiction properly ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5567)  
   * [#5179: Bad request with when creating cloudflare\_api\_shield\_schema resource ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5179)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
We suggest holding off on migration to v5 while we work on stablization. This help will you avoid any blocking issues while the Terraform resources are actively being stablized.  
If you'd like more information on migrating from v4 to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

Jul 29, 2025
1. ### [Audit logs (version 2) - UI Beta Release](https://developers.cloudflare.com/changelog/post/2025-07-29-audit-logs-v2-ui-beta/)  
[ Audit Logs ](https://developers.cloudflare.com/fundamentals/account/account-security/review-audit-logs/)  
The Audit Logs v2 UI is now available to all Cloudflare customers in Beta. This release builds on the public [Beta of the Audit Logs v2 API](https://developers.cloudflare.com/changelog/product/audit-logs/) and introduces a redesigned user interface with powerful new capabilities to make it easier to investigate account activity.  
**Enabling the new UI**  
To try the new user interface, go to **Manage Account > Audit Logs**. The previous version of Audit Logs remains available and can be re-enabled at any time using the **Switch back to old Audit Logs** link in the banner at the top of the page.  
**New Features:**  
   * **Advanced Filtering**: Filter logs by actor, resource, method, and more for faster insights.  
   * **On-hover filter controls**: Easily include or exclude values in queries by hovering over fields within a log entry.  
   * **Detailed Log Sidebar**: View rich context for each log entry without leaving the main view.  
   * **JSON Log View**: Inspect the raw log data in a structured JSON format.  
   * **Custom Time Ranges**: Define your own time windows to view historical activity.  
   * **Infinite Scroll**: Seamlessly browse logs without clicking through pages.  
![Audit Logs v2 new UI](https://developers.cloudflare.com/_astro/Audit_logs_v2_filters.Bacd1IHg_f0dJz.webp)  
For more details on Audit Logs v2, see the [Audit Logs documentation ↗](https://developers.cloudflare.com/fundamentals/account/account-security/audit-logs/).  
**Known issues**  
   * A small number of audit logs may currently be unavailable in Audit Logs v2\. In some cases, certain fields such as actor information may be missing in certain audit logs. We are actively working to improve coverage and completeness for General Availability.  
   * Export to CSV is not supported in the new UI.  
We are actively refining the Audit Logs v2 experience and welcome your feedback. You can share overall feedback by clicking the thumbs up or thumbs down icons at the top of the page, or provide feedback on specific audit log entries using the thumbs icons next to each audit log line or by filling out our [feedback form ↗](https://docs.google.com/forms/d/e/1FAIpQLSfXGkJpOG1jUPEh-flJy9B13icmcdBhveFwe-X0EzQjJQnQfQ/viewform?usp=sharing).

Jul 15, 2025
1. ### [Faster, more reliable UDP traffic for Cloudflare Tunnel](https://developers.cloudflare.com/changelog/post/2025-07-15-udp-improvements/)  
[ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
Your real-time applications running over [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.  
This is a foundational improvement to Cloudflare Tunnel, delivered automatically to all customers. There are no settings to configure — your UDP traffic is already flowing faster and more reliably.  
**What’s new:**  
   * **Faster UDP performance**: We've significantly reduced the latency for establishing new UDP sessions, making applications like private DNS much more responsive.  
   * **Greater reliability for mixed traffic**: UDP packets are no longer affected by heavy TCP traffic, preventing timeouts and connection drops for your real-time services.  
Learn more about running [TCP or UDP applications](https://developers.cloudflare.com/reference-architecture/architectures/sase/#connecting-applications) and [private networks](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) through [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/).

Jul 14, 2025
1. ### [Terraform v5.7.0 now available](https://developers.cloudflare.com/changelog/post/2025-07-11-terraform-v570-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high mumber of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare community related to the v5 release, with 13.5% of resources impacted. We have committed to releasing improvements on a 2 week cadeance to ensure it's stability and relability, including the v5.7 release.  
Thank you for continuing to raise issues and please keep an eye on this changelog for more information about upcoming releases.  
#### Changes  
   * Addressed permanent diff bug on Cloudflare Tunnel config  
   * State is now saved correctly for Zero Trust Access applications  
   * Exact match is now working as expected within `data.cloudflare_zero_trust_access_applications`  
   * `cloudflare_zero_trust_access_policy` now supports OIDC claims & diff issues resolved  
   * Self hosted applications with private IPs no longer require a public domain for `cloudflare_zero_trust_access_application`.  
   * New resource:  
         * `cloudflare_zero_trust_tunnel_warp_connector`  
   * Other bug fixes  
For a more detailed look at all of the changes, see the[changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.7.0) in GitHub.  
#### Issues Closed  
   * [#5563: cloudflare\_logpull\_retention is missing import ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5563)  
   * [#5608: cloudflare\_zero\_trust\_access\_policy in 5.5.0 provider gives error upon apply unexpected new value: .app\_count: was cty.NumberIntVal(0), but now cty.NumberIntVal(1) ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5608)  
   * [#5612: data.cloudflare\_zero\_trust\_access\_applications does not exact match ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5612)  
   * [#5532: cloudflare\_zero\_trust\_access\_identity\_provider detects changes on every plan ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5532)  
   * [#5662: cloudflare\_zero\_trust\_access\_policy does not support OIDC claims ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5662)  
   * [#5565: Running Terraform with the cloudflare\_zero\_trust\_access\_policy resource results in updates on every apply, even when no changes are made - breaks idempotency ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5565)  
   * [#5529: cloudflare\_zero\_trust\_access\_application: self hosted applications with private ips require public domain  ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5529)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
We suggest holding on migration to v5 while we work on stablization of the v5 provider. This will ensure Cloudflare can work ahead and avoid any blocking issues.  
If you'd like more information on migrating from v4 to v5, please make use of the[migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our[GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

Jul 09, 2025
1. ### [Usage tracking](https://developers.cloudflare.com/changelog/post/2025-07-09-usage-tracking/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
[Log Explorer](https://developers.cloudflare.com/log-explorer/) customers can now monitor their data ingestion volume to keep track of their billing. Monthly usage is displayed at the top of the [Log Search](https://developers.cloudflare.com/log-explorer/log-search/) and [Manage Datasets](https://developers.cloudflare.com/log-explorer/manage-datasets/) screens in Log Explorer.  
![Ingested data](https://developers.cloudflare.com/_astro/ingested-data.D2flqRIu_Z2v4FHF.webp)

Jul 01, 2025
1. ### [Introducing Pay Per Crawl (private beta)](https://developers.cloudflare.com/changelog/post/2025-07-01-pay-per-crawl/)  
[ AI Crawl Control ](https://developers.cloudflare.com/ai-crawl-control/)  
We are introducing a new feature of [AI Crawl Control](https://developers.cloudflare.com/ai-crawl-control/) — Pay Per Crawl. [Pay Per Crawl](https://developers.cloudflare.com/ai-crawl-control/features/pay-per-crawl/what-is-pay-per-crawl/) enables site owners to require payment from AI crawlers every time the crawlers access their content, thereby fostering a fairer Internet by enabling site owners to control and monetize how their content gets used by AI.  
![Pay per crawl](https://developers.cloudflare.com/_astro/pay-per-crawl.B5bv2nwT_1TH6vv.webp)  
**For Site Owners:**  
   * Set pricing and select which crawlers to charge for content access  
   * Manage payments via Stripe  
   * Monitor analytics on successful content deliveries  
**For AI Crawler Owners:**  
   * Use HTTP headers to request and accept pricing  
   * Receive clear confirmations on charges for accessed content  
Learn more in the [Pay Per Crawl documentation](https://developers.cloudflare.com/ai-crawl-control/features/pay-per-crawl/what-is-pay-per-crawl/).

Jul 01, 2025
1. ### [AI Crawl Control refresh](https://developers.cloudflare.com/changelog/post/2025-07-01-refresh/)  
[ AI Crawl Control ](https://developers.cloudflare.com/ai-crawl-control/)  
We redesigned the AI Crawl Control dashboard to provide more intuitive and granular control over AI crawlers.  
   * From the new **AI Crawlers** tab: block specific AI crawlers.  
   * From the new **Metrics** tab: view AI Crawl Control metrics.  
![Block AI crawlers](https://developers.cloudflare.com/_astro/manage-ai-crawlers.6UgS8dSG_Z1HRWpI.webp) ![Analyze AI crawler activity](https://developers.cloudflare.com/_astro/analyze-metrics.C52pJZVg_1C7hti.webp)  
To get started, explore:  
   * [Manage AI crawlers](https://developers.cloudflare.com/ai-crawl-control/features/manage-ai-crawlers/).  
   * [Analyze AI traffic](https://developers.cloudflare.com/ai-crawl-control/features/analyze-ai-traffic/).

Jun 23, 2025
1. ### [Cloudflare User Groups & SCIM User Groups are now in GA](https://developers.cloudflare.com/changelog/post/2025-06-23-user-groups-ga/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)  
We're announcing the GA of **User Groups for Cloudflare Dashboard** and **System for Cross Domain Identity Management (SCIM) User Groups**, strengthening our RBAC capabilities with stable, production-ready primitives for managing access at scale.  
**What's New**  
**User Groups \[GA\]**: [User Groups](https://developers.cloudflare.com/fundamentals/manage-members/user-groups/) are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually or via our APIs.  
**SCIM User Groups \[GA\]**: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.  
**Stability & Scale**: These features have undergone extensive testing during the Public Beta period and are now ready for production use across enterprises of all sizes.  
Note  
SCIM Virtual Groups (identified by the pattern `CF-<accountID>-<Role Name>` in your IdP) are now officially deprecated as of June 2, 2025\. SCIM Virtual Groups end-of-life will take effect on December 2, 2025\. We strongly recommend migrating to SCIM User Groups to ensure continued support for SCIM synchronization to the Cloudflare Dashboard. If you haven’t used Virtual Groups, no action is required.  
For more info:  
   * [Get started with User Groups](https://developers.cloudflare.com/fundamentals/manage-members/user-groups/)  
   * [Explore our SCIM integration guide](https://developers.cloudflare.com/fundamentals/account/account-security/scim-setup/)

Jun 18, 2025
1. ### [Log Explorer is GA](https://developers.cloudflare.com/changelog/post/2025-06-18-log-explorer-ga/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
[Log Explorer](https://developers.cloudflare.com/log-explorer/) is now GA, providing native observability and forensics for traffic flowing through Cloudflare.  
Search and analyze your logs, natively in the Cloudflare dashboard. These logs are also stored in Cloudflare's network, eliminating many of the costs associated with other log providers.  
![Log Explorer dashboard](https://developers.cloudflare.com/_astro/log-explorer-dash.CJSVLZ7Y_ZXS1TD.webp)  
With Log Explorer, you can now:  
   * **Monitor security and performance issues with custom dashboards** – use natural language to define charts for measuring response time, error rates, top statistics and more.  
   * **Investigate and troubleshoot issues with Log Search** – use data type-aware search filters or custom sql to investigate detailed logs.  
   * **Save time and collaborate with saved queries** – save Log Search queries for repeated use or sharing with other users in your account.  
   * **Access Log Explorer at the account and zone level** – easily find Log Explorer at the account and zone level for querying any dataset.  
For help getting started, refer to [our documentation](https://developers.cloudflare.com/log-explorer/).

Jun 17, 2025
1. ### [Terraform v5.6.0 now available](https://developers.cloudflare.com/changelog/post/2025-06-17-terraform-v560-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare)reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.6.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.  
#### Changes  
   * Broad fixes across resources with recurring diffs, including, but not limited to:  
         * `cloudflare_zero_trust_access_identity_provider`  
                  * `cloudflare_zone`  
   * `cloudflare_page_rules` runtime panic when setting `cache_level` to `cache_ttl_by_status`  
   * Failure to serialize requests in `cloudflare_zero_trust_tunnel_cloudflared_config`  
   * Undocumented field 'priority' on `zone_lockdown` resource  
   * Missing importability for `cloudflare_zero_trust_device_default_profile_local_domain_fallback` and `cloudflare_account_subscription`  
   * New resources:  
         * `cloudflare_schema_validation_operation_settings`  
         * `cloudflare_schema_validation_schemas`  
         * `cloudflare_schema_validation_settings`  
         * `cloudflare_zero_trust_device_settings`  
   * Other bug fixes  
For a more detailed look at all of the changes, see the[changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.6.0) in GitHub.  
#### Issues Closed  
   * [#5098: 500 Server Error on updating 'zero\_trust\_tunnel\_cloudflared\_virtual\_network' Terraform resource ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5098)  
   * [#5148: cloudflare\_user\_agent\_blocking\_rule doesn’t actually support user agents ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5148)  
   * [#5472: cloudflare\_zone showing changes in plan after following upgrade steps ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5472)  
   * [#5508: cloudflare\_zero\_trust\_tunnel\_cloudflared\_config failed to serialize http request ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5508)  
   * [#5509: cloudflare\_zone: Problematic Terraform behaviour with paused zones ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5509)  
   * [#5520: Resource 'cloudflare\_magic\_wan\_static\_route' is not working ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5520)  
   * [#5524: Optional fields cause crash in cloudflare\_zero\_trust\_tunnel\_cloudflared(s) when left null ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5524)  
   * [#5526: Provider v5 migration issue: no import method for cloudflare\_zero\_trust\_device\_default\_profile\_local\_domain\_fallback ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5526)  
   * [#5532: cloudflare\_zero\_trust\_access\_identity\_provider detects changes on every plan ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5532)  
   * [#5561: cloudflare\_zero\_trust\_tunnel\_cloudflared: cannot rotate tunnel secret ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5561)  
   * [#5569: cloudflare\_zero\_trust\_device\_custom\_profile\_local\_domain\_fallback not allowing multiple DNS Server entries ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5569)  
   * [#5577: Panic modifying page\_rule resource ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5577)  
   * [#5653: cloudflare\_zone\_setting resource schema confusion in 5.5.0: value vs enabled ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5653)  
If you have an unaddressed issue with the provider, we encourage you to check the[open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
If you are evaluating a move from v4 to v5, please make use of the[migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our[GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

Jun 09, 2025
1. ### [More flexible fallback handling — Custom Errors now support fetching assets returned with 4xx or 5xx status codes](https://developers.cloudflare.com/changelog/post/2025-06-09-custom-errors-fetch-4xx-5xx-assets/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
[Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) can now fetch and store [assets](https://developers.cloudflare.com/rules/custom-errors/create-rules/#create-a-custom-error-asset-dashboard) and [error pages](https://developers.cloudflare.com/rules/custom-errors/#error-pages) from your origin even if they are served with a 4xx or 5xx HTTP status code — previously, only 200 OK responses were allowed.  
**What’s new:**  
   * You can now upload error pages and error assets that return error status codes (for example, 403, 500, 502, 503, 504) when fetched.  
   * These assets are stored and minified at the edge, so they can be reused across multiple Custom Error rules without triggering requests to the origin.  
This is especially useful for retrieving error content or downtime banners from your backend when you can’t override the origin status code.  
Learn more in the [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) documentation.

Jun 09, 2025
1. ### [Match Workers subrequests by upstream zone — cf.worker.upstream\_zone now supported in Transform Rules](https://developers.cloudflare.com/changelog/post/2025-06-09-transform-rule-subrequest-matching/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now use the [cf.worker.upstream\_zone](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream%5Fzone/) field in [Transform Rules](https://developers.cloudflare.com/rules/transform/) to control rule execution based on whether a request originates from [Workers](https://developers.cloudflare.com/workers/), including subrequests issued by Workers in other zones.  
![Match Workers subrequests by upstream zone in Transform Rules](https://developers.cloudflare.com/_astro/transform-rule-subrequest-matching.BeUBEN67_wWefn.webp)  
**What's new:**  
   * `cf.worker.upstream_zone` is now supported in Transform Rules expressions.  
   * Skip or apply logic conditionally when handling [Workers subrequests](https://developers.cloudflare.com/workers/platform/limits/#subrequests).  
For example, to add a header when the subrequest comes from another zone:  
Text in **Expression Editor** (replace `myappexample.com` with your domain):  
```  
(cf.worker.upstream_zone != "" and cf.worker.upstream_zone != "myappexample.com")  
```  
Selected operation under **Modify request header**: _Set static_  
**Header name**: `X-External-Workers-Subrequest`  
**Value**: `1`  
This gives you more granular control in how you handle incoming requests for your zone.  
Learn more in the [Transform Rules](https://developers.cloudflare.com/rules/transform/) documentation and [Rules language fields](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/) reference.

Jun 02, 2025
1. ### [Cloudflare User Groups & Enhanced Permission Policies are now in Beta](https://developers.cloudflare.com/changelog/post/2025-06-02-user-groups-beta/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)  
We're excited to announce the Public Beta launch of **User Groups for Cloudflare Dashboard** and **System for Cross Domain Identity Management (SCIM) User Groups**, expanding our RBAC capabilities to simplify user and group management at scale.  
We've also visually overhauled the **Permission Policies UI** to make defining permissions more intuitive.  
**What's New**  
**User Groups \[BETA\]**: [User Groups](https://developers.cloudflare.com/fundamentals/manage-members/user-groups/) are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually or via our APIs.  
**SCIM User Groups \[BETA\]**: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.  
Note  
SCIM Virtual Groups (identified by the pattern `CF-<accountID>-<Role Name>` in your IdP) are deprecated as of 06/02/25\. We recommend migrating SCIM Virtual Groups implementations to use [SCIM User Groups](https://developers.cloudflare.com/fundamentals/account/account-security/scim-setup/). If you did not use Virtual Groups, no action is needed.  
**Revamped Permission Policies UI \[BETA\]**: As Cloudflare's services have grown, so has the need for precise, role-based access control. We've given the Permission Policies builder a visual overhaul to make it much easier for administrators to find and define the exact permissions they want for specific principals.  
![Updated Permissions Policy UX](https://developers.cloudflare.com/_astro/2025-06-02-permissions-policy-ux.2wLEPgVX_7gPgJ.webp)  
Note  
When opting into the Beta for User Groups and Permission Policies, you'll be transitioning to a new experience. Please be aware that opting out isn't currently available.  
For more info:  
   * [Get started with User Groups](https://developers.cloudflare.com/fundamentals/manage-members/user-groups/)  
   * [Explore our SCIM integration guide](https://developers.cloudflare.com/fundamentals/account/account-security/scim-setup/)

May 30, 2025
1. ### [Fine-tune image optimization — WebP now supported in Configuration Rules](https://developers.cloudflare.com/changelog/post/2025-05-30-configuration-rules-webp/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now enable [Polish](https://developers.cloudflare.com/images/polish/activate-polish/) with the `webp` format directly in [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/), allowing you to optimize image delivery for specific routes, user agents, or A/B tests — without applying changes zone-wide.  
**What’s new:**  
   * [WebP](https://developers.cloudflare.com/images/polish/compression/#webp) is now a supported [value](https://developers.cloudflare.com/rules/configuration-rules/settings/#polish) in the **Polish** setting for Configuration Rules.  
This gives you more precise control over how images are compressed and delivered, whether you're targeting modern browsers, running experiments, or tailoring performance by geography or device type.  
Learn more in the [Polish](https://developers.cloudflare.com/images/polish/) and [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/) documentation.

May 23, 2025
1. ### [New GraphQL Analytics API Explorer and MCP Server](https://developers.cloudflare.com/changelog/post/2025-05-23-graphql-api-explorer/)  
[ Analytics ](https://developers.cloudflare.com/analytics/)  
We’ve launched two powerful new tools to make the GraphQL Analytics API more accessible:  
#### GraphQL API Explorer  
The new [GraphQL API Explorer ↗](https://graphql.cloudflare.com/explorer) helps you build, test, and run queries directly in your browser. Features include:  
   * In-browser schema documentation to browse available datasets and fields  
   * Interactive query editor with autocomplete and inline documentation  
   * A "Run in GraphQL API Explorer" button to execute example queries from our docs  
   * Seamless OAuth authentication — no manual setup required  
![GraphQL API Explorer](https://developers.cloudflare.com/_astro/graphql-api-explorer.CPUNZZ5B_1RXsdE.webp)  
#### GraphQL Model Context Protocol (MCP) Server  
MCP Servers let you use natural language tools like Claude to generate structured queries against your data. See our [blog post ↗](https://blog.cloudflare.com/thirteen-new-mcp-servers-from-cloudflare/) for details on how they work and which servers are available. The new [GraphQL MCP server ↗](https://github.com/cloudflare/mcp-server-cloudflare/tree/main/apps/graphql) helps you discover and generate useful queries for the GraphQL Analytics API. With this server, you can:  
   * Explore what data is available to query  
   * Generate and refine queries using natural language, with one-click links to run them in the API Explorer  
   * Build dashboards and visualizations from structured query outputs  
Example prompts include:  
   * “Show me HTTP traffic for the last 7 days for example.com”  
   * “What GraphQL node returns firewall events?”  
   * “Can you generate a link to the Cloudflare GraphQL API Explorer with a pre-populated query and variables?”  
We’re continuing to expand these tools, and your feedback helps shape what’s next. [Explore the documentation](https://developers.cloudflare.com/analytics/graphql-api/) to learn more and get started.

May 19, 2025
1. ### [Terraform v5.5.0 now available](https://developers.cloudflare.com/changelog/post/2025-05-19-terraform-v550-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.5.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.  
#### Changes  
   * Broad fixes across resources with recurring diffs, including, but not limited to:  
         * `cloudflare_zero_trust_gateway_policy`  
         * `cloudflare_zero_trust_access_application`  
         * `cloudflare_zero_trust_tunnel_cloudflared_route`  
         * `cloudflare_zone_setting`  
         * `cloudflare_ruleset`  
         * `cloudflare_page_rule`  
   * Zone settings can be re-applied without client errors  
   * Page rules conversion errors are fixed  
   * Failure to apply changes to `cloudflare_zero_trust_tunnel_cloudflared_route`  
   * Other bug fixes  
For a more detailed look at all of the changes, see the [changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.5.0) in GitHub.  
#### Issues Closed  
   * [#5304: Importing cloudflare\_zero\_trust\_gateway\_policy invalid attribute filter value ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5304)  
   * [#5303: cloudflare\_page\_rule import does not set values for all of the fields in terraform state ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5303)  
   * [#5178: cloudflare\_page\_rule Page rule creation with redirect fails ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5178)  
   * [#5336: cloudflare\_turnstile\_wwidget not able to udpate ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5336)  
   * [#5418: cloudflare\_cloud\_connector\_rules: Provider returned invalid result object after apply ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5418)  
   * [#5423: cloudflare\_zone\_setting: "Invalid value for zone setting always\_use\_https" ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5423)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
If you are evaluating a move from v4 to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

May 09, 2025
1. ### [More ways to match — Snippets now support Custom Lists, Bot Score, and WAF Attack Score](https://developers.cloudflare.com/changelog/post/2025-05-09-snippets-cloud-connector-lists-waf-bot-scores/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now use IP, Autonomous System (AS), and Hostname [custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) to route traffic to [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/), giving you greater precision and control over how you match and process requests at the edge.  
In Snippets, you can now also match on [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/), unlocking smarter edge logic for everything from request filtering and mitigation to [tarpitting](https://developers.cloudflare.com/rules/snippets/examples/slow-suspicious-requests/) and logging.  
**What’s new:**  
   * [Custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) matching – Snippets and Cloud Connector now support user-created IP, AS, and Hostname lists via dashboard or [Lists API](https://developers.cloudflare.com/api/resources/rules/subresources/lists/methods/list/). Great for shared logic across zones.  
   * [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/) – Use Cloudflare’s intelligent traffic signals to detect bots or attacks and take advanced, tailored actions with just a few lines of code.  
![New fields in Snippets](https://developers.cloudflare.com/_astro/snippets-lists-scores.D05l6zgc_ZG4Rof.webp)  
These enhancements unlock new possibilities for building smarter traffic workflows with minimal code and maximum efficiency.  
Learn more in the [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) documentation.

May 06, 2025
1. ### [Terraform v5.4.0 now available](https://developers.cloudflare.com/changelog/post/2025-05-06-terraform-v540-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.4.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.  
#### Changes  
   * Removes the `worker_platforms_script_secret` resource from the provider (see [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade#cloudflare%5Fworker%5Fsecret) for alternatives—applicable to both Workers and Workers for Platforms)  
   * Removes duplicated fields in `cloudflare_cloud_connector_rules` resource  
   * Fixes `cloudflare_workers_route` id issues [#5134 ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5134) [#5501 ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5501)  
   * Fixes issue around refreshing resources that have unsupported response typesAffected resources  
         * `cloudflare_certificate_pack`  
         * `cloudflare_registrar_domain`  
         * `cloudflare_stream_download`  
         * `cloudflare_stream_webhook`  
         * `cloudflare_user`  
         * `cloudflare_workers_kv`  
         * `cloudflare_workers_script`  
   * Fixes `cloudflare_workers_kv` state refresh issues  
   * Fixes issues around configurability of nested properties without computed values for the following resourcesAffected resources  
         * `cloudflare_account`  
         * `cloudflare_account_dns_settings`  
         * `cloudflare_account_token`  
         * `cloudflare_api_token`  
         * `cloudflare_cloud_connector_rules`  
         * `cloudflare_custom_ssl`  
         * `cloudflare_d1_database`  
         * `cloudflare_dns_record`  
         * `email_security_trusted_domains`  
         * `cloudflare_hyperdrive_config`  
         * `cloudflare_keyless_certificate`  
         * `cloudflare_list_item`  
         * `cloudflare_load_balancer`  
         * `cloudflare_logpush_dataset_job`  
         * `cloudflare_magic_network_monitoring_configuration`  
         * `cloudflare_magic_transit_site`  
         * `cloudflare_magic_transit_site_lan`  
         * `cloudflare_magic_transit_site_wan`  
         * `cloudflare_magic_wan_static_route`  
         * `cloudflare_notification_policy`  
         * `cloudflare_pages_project`  
         * `cloudflare_queue`  
         * `cloudflare_queue_consumer`  
         * `cloudflare_r2_bucket_cors`  
         * `cloudflare_r2_bucket_event_notification`  
         * `cloudflare_r2_bucket_lifecycle`  
         * `cloudflare_r2_bucket_lock`  
         * `cloudflare_r2_bucket_sippy`  
         * `cloudflare_ruleset`  
         * `cloudflare_snippet_rules`  
         * `cloudflare_snippets`  
         * `cloudflare_spectrum_application`  
         * `cloudflare_workers_deployment`  
         * `cloudflare_zero_trust_access_application`  
         * `cloudflare_zero_trust_access_group`  
   * Fixed defaults that made `cloudflare_workers_script` fail when using Assets  
   * Fixed Workers Logpush setting in `cloudflare_workers_script` mistakenly being readonly  
   * Fixed `cloudflare_pages_project` broken when using "source"  
The detailed [changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.4.0) is available on GitHub.  
#### Upgrading  
If you are evaluating a move from v4 to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues either by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare), or by opening a [support ticket ↗](https://www.support.cloudflare.com/s/?language=en%5FUS).  
#### For more info  
   * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)  
   * [Documentation on using Terraform with Cloudflare ↗](https://developers.cloudflare.com/terraform/)

[Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)