Cloudflare Docs

Changelog

New updates and improvements at Cloudflare.

Cloudflare Fundamentals
  1. Terraform v5.8.2 now available

    Cloudflare Fundamentals Terraform

    Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high mumber of issues reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a 2 week cadeance to ensure it's stability and reliability. We have also pivoted from an issue-to-issue approach to a resource-per-resource approach - we will be focusing on specific resources for every release, stablizing the release and closing all associated bugs with that resource before moving onto resolving migration issues.

    Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.

    Changes

    • Resources stablized:
      • cloudflare_custom_pages
      • cloudflare_page_rule
      • cloudflare_dns_record
      • cloudflare_argo_tiered_caching
    • Addressed chronic drift issues in cloudflare_logpush_job, cloudflare_zero_trust_dns_location, cloudflare_ruleset & cloudflare_api_token
    • cloudflare_zone_subscripton returns expected values rate_plan.id from former versions
    • cloudflare_workers_script can now successfully be destroyed with bindings & migration for Durable Objects now recorded in tfstate
    • Ability to configure add_headers under cloudflare_zero_trust_gateway_policy
    • Other bug fixes

    For a more detailed look at all of the changes, see the changelog in GitHub.

    Issues Closed

    If you have an unaddressed issue with the provider, we encourage you to check the open issues and open a new one if one does not already exist for what you are experiencing.

    Upgrading

    We suggest holding off on migration to v5 while we work on stablization. This help will you avoid any blocking issues while the Terraform resources are actively being stablized.

    If you'd like more information on migrating from v4 to v5, please make use of the migration guide. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues by reporting to our GitHub repository.

    For more info

  1. Terraform v5.7.0 now available

    Cloudflare Fundamentals Terraform

    Earlier this year, we announced the launch of the new Terraform v5 Provider. We are aware of the high mumber of issues reported by the Cloudflare community related to the v5 release, with 13.5% of resources impacted. We have committed to releasing improvements on a 2 week cadeance to ensure it's stability and relability, including the v5.7 release.

    Thank you for continuing to raise issues and please keep an eye on this changelog for more information about upcoming releases.

    Changes

    • Addressed permanent diff bug on Cloudflare Tunnel config
    • State is now saved correctly for Zero Trust Access applications
    • Exact match is now working as expected within data.cloudflare_zero_trust_access_applications
    • cloudflare_zero_trust_access_policy now supports OIDC claims & diff issues resolved
    • Self hosted applications with private IPs no longer require a public domain for cloudflare_zero_trust_access_application.
    • New resource:
      • cloudflare_zero_trust_tunnel_warp_connector
    • Other bug fixes

    For a more detailed look at all of the changes, see the changelog in GitHub.

    Issues Closed

    If you have an unaddressed issue with the provider, we encourage you to check the open issues and open a new one if one does not already exist for what you are experiencing.

    Upgrading

    We suggest holding on migration to v5 while we work on stablization of the v5 provider. This will ensure Cloudflare can work ahead and avoid any blocking issues.

    If you'd like more information on migrating from v4 to v5, please make use of the migration guide. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues by reporting to our GitHub repository.

    For more info

  1. Cloudflare User Groups & SCIM User Groups are now in GA

    Cloudflare Fundamentals

    We're announcing the GA of User Groups for Cloudflare Dashboard and System for Cross Domain Identity Management (SCIM) User Groups, strengthening our RBAC capabilities with stable, production-ready primitives for managing access at scale.

    What's New

    User Groups [GA]: User Groups are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually or via our APIs.

    SCIM User Groups [GA]: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.

    Stability & Scale: These features have undergone extensive testing during the Public Beta period and are now ready for production use across enterprises of all sizes.

    For more info:

  1. Terraform v5.6.0 now available

    Cloudflare Fundamentals Terraform

    Earlier this year, we announced the launch of the new Terraform v5 Provider. Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of issues reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.6.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.

    Changes

    • Broad fixes across resources with recurring diffs, including, but not limited to:
      • cloudflare_zero_trust_access_identity_provider
        • cloudflare_zone
    • cloudflare_page_rules runtime panic when setting cache_level to cache_ttl_by_status
    • Failure to serialize requests in cloudflare_zero_trust_tunnel_cloudflared_config
    • Undocumented field 'priority' on zone_lockdown resource
    • Missing importability for cloudflare_zero_trust_device_default_profile_local_domain_fallback and cloudflare_account_subscription
    • New resources:
      • cloudflare_schema_validation_operation_settings
      • cloudflare_schema_validation_schemas
      • cloudflare_schema_validation_settings
      • cloudflare_zero_trust_device_settings
    • Other bug fixes

    For a more detailed look at all of the changes, see the changelog in GitHub.

    Issues Closed

    If you have an unaddressed issue with the provider, we encourage you to check the open issues and open a new one if one does not already exist for what you are experiencing.

    Upgrading

    If you are evaluating a move from v4 to v5, please make use of the migration guide. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues by reporting to our GitHub repository.

    For more info

  1. Cloudflare User Groups & Enhanced Permission Policies are now in Beta

    Cloudflare Fundamentals

    We're excited to announce the Public Beta launch of User Groups for Cloudflare Dashboard and System for Cross Domain Identity Management (SCIM) User Groups, expanding our RBAC capabilities to simplify user and group management at scale.

    We've also visually overhauled the Permission Policies UI to make defining permissions more intuitive.

    What's New

    User Groups [BETA]: User Groups are a new Cloudflare IAM primitive that enable administrators to create collections of account members that are treated equally from an access control perspective. User Groups can be assigned permission policies, with individual members in the group inheriting all permissions granted to the User Group. User Groups can be created manually or via our APIs.

    SCIM User Groups [BETA]: Centralize & simplify your user and group management at scale by syncing memberships directly from your upstream identity provider (like Okta or Entra ID) to the Cloudflare Platform. This ensures Cloudflare stays in sync with your identity provider, letting you apply Permission Policies to those synced groups directly within the Cloudflare Dashboard.

    Revamped Permission Policies UI [BETA]: As Cloudflare's services have grown, so has the need for precise, role-based access control. We've given the Permission Policies builder a visual overhaul to make it much easier for administrators to find and define the exact permissions they want for specific principals.

    Updated Permissions Policy UX

    For more info:

  1. Terraform v5.5.0 now available

    Cloudflare Fundamentals Terraform

    Earlier this year, we announced the launch of the new Terraform v5 Provider. Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of issues reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.5.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.

    Changes

    • Broad fixes across resources with recurring diffs, including, but not limited to:
      • cloudflare_zero_trust_gateway_policy
      • cloudflare_zero_trust_access_application
      • cloudflare_zero_trust_tunnel_cloudflared_route
      • cloudflare_zone_setting
      • cloudflare_ruleset
      • cloudflare_page_rule
    • Zone settings can be re-applied without client errors
    • Page rules conversion errors are fixed
    • Failure to apply changes to cloudflare_zero_trust_tunnel_cloudflared_route
    • Other bug fixes

    For a more detailed look at all of the changes, see the changelog in GitHub.

    Issues Closed

    If you have an unaddressed issue with the provider, we encourage you to check the open issues and open a new one if one does not already exist for what you are experiencing.

    Upgrading

    If you are evaluating a move from v4 to v5, please make use of the migration guide. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues by reporting to our GitHub repository.

    For more info

  1. Terraform v5.4.0 now available

    Cloudflare Fundamentals Terraform

    Earlier this year, we announced the launch of the new Terraform v5 Provider. Unlike the earlier Terraform providers, v5 is automatically generated based on the OpenAPI Schemas for our REST APIs. Since launch, we have seen an unexpectedly high number of issues reported by customers. These issues currently impact about 15% of resources. We have been working diligently to address these issues across the company, and have released the v5.4.0 release which includes a number of bug fixes. Please keep an eye on this changelog for more information about upcoming releases.

    Changes

    • Removes the worker_platforms_script_secret resource from the provider (see migration guide for alternatives—applicable to both Workers and Workers for Platforms)
    • Removes duplicated fields in cloudflare_cloud_connector_rules resource
    • Fixes cloudflare_workers_route id issues #5134 #5501
    • Fixes issue around refreshing resources that have unsupported response types
      Affected resources
      • cloudflare_certificate_pack
      • cloudflare_registrar_domain
      • cloudflare_stream_download
      • cloudflare_stream_webhook
      • cloudflare_user
      • cloudflare_workers_kv
      • cloudflare_workers_script
    • Fixes cloudflare_workers_kv state refresh issues
    • Fixes issues around configurability of nested properties without computed values for the following resources
      Affected resources
      • cloudflare_account
      • cloudflare_account_dns_settings
      • cloudflare_account_token
      • cloudflare_api_token
      • cloudflare_cloud_connector_rules
      • cloudflare_custom_ssl
      • cloudflare_d1_database
      • cloudflare_dns_record
      • email_security_trusted_domains
      • cloudflare_hyperdrive_config
      • cloudflare_keyless_certificate
      • cloudflare_list_item
      • cloudflare_load_balancer
      • cloudflare_logpush_dataset_job
      • cloudflare_magic_network_monitoring_configuration
      • cloudflare_magic_transit_site
      • cloudflare_magic_transit_site_lan
      • cloudflare_magic_transit_site_wan
      • cloudflare_magic_wan_static_route
      • cloudflare_notification_policy
      • cloudflare_pages_project
      • cloudflare_queue
      • cloudflare_queue_consumer
      • cloudflare_r2_bucket_cors
      • cloudflare_r2_bucket_event_notification
      • cloudflare_r2_bucket_lifecycle
      • cloudflare_r2_bucket_lock
      • cloudflare_r2_bucket_sippy
      • cloudflare_ruleset
      • cloudflare_snippet_rules
      • cloudflare_snippets
      • cloudflare_spectrum_application
      • cloudflare_workers_deployment
      • cloudflare_zero_trust_access_application
      • cloudflare_zero_trust_access_group
    • Fixed defaults that made cloudflare_workers_script fail when using Assets
    • Fixed Workers Logpush setting in cloudflare_workers_script mistakenly being readonly
    • Fixed cloudflare_pages_project broken when using "source"

    The detailed changelog is available on GitHub.

    Upgrading

    If you are evaluating a move from v4 to v5, please make use of the migration guide. We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of terraform plan to test your changes before applying, and let us know if you encounter any additional issues either by reporting to our GitHub repository, or by opening a support ticket.

    For more info

  1. Updates to Account Home - Quick actions, traffic insights, Workers projects, and more

    Cloudflare Fundamentals
    Updated Account Home

    Recently, Account Home has been updated to streamline your workflows:

    • Recent Workers projects: You'll now find your projects readily accessible from a new Developer Platform tab on Account Home. See recently-modified projects and explore what you can work our developer-focused products.

    • Traffic and security insights: Get a snapshot of domain performance at a glance with key metrics and trends.

    • Quick actions: You can now perform common actions for your account, domains, and even Workers in just 1-2 clicks from the 3-dot menu.

    • Keep starred domains front and center: Now, when you filter for starred domains on Account Home, we'll save your preference so you'll continue to only see starred domains by default.

    We can't wait for you to take the new Account Home for a spin.

    For more info:

  1. Dozens of Cloudflare Terraform Provider resources now have proper drift detection

    Cloudflare Fundamentals Terraform

    In Cloudflare Terraform Provider versions 5.2.0 and above, dozens of resources now have proper drift detection. Before this fix, these resources would indicate they needed to be updated or replaced — even if there was no real change. Now, you can rely on your terraform plan to only show what resources are expected to change.

    This issue affected resources related to these products and features:

    • API Shield
    • Argo Smart Routing
    • Argo Tiered Caching
    • Bot Management
    • BYOIP
    • D1
    • DNS
    • Email Routing
    • Hyperdrive
    • Observatory
    • Pages
    • R2
    • Rules
    • SSL/TLS
    • Waiting Room
    • Workers
    • Zero Trust

  1. Cloudflare Terraform Provider now properly redacts sensitive values

    Cloudflare Fundamentals Terraform

    In the Cloudflare Terraform Provider versions 5.2.0 and above, sensitive properties of resources are redacted in logs. Sensitive properties in Cloudflare's OpenAPI Schema are now annotated with x-sensitive: true. This results in proper auto-generation of the corresponding Terraform resources, and prevents sensitive values from being shown when you run Terraform commands.

    This issue affected resources related to these products and features:

    • Alerts and Audit Logs
    • Device API
    • DLP
    • DNS
    • Magic Visibility
    • Magic WAN
    • TLS Certs and Hostnames
    • Tunnels
    • Turnstile
    • Workers
    • Zaraz

  1. Terraform v5 Provider is now generally available

    Cloudflare Fundamentals Terraform
    Screenshot of Terraform defining a Zone

    Cloudflare's v5 Terraform Provider is now generally available. With this release, Terraform resources are now automatically generated based on OpenAPI Schemas. This change brings alignment across our SDKs, API documentation, and now Terraform Provider. The new provider boosts coverage by increasing support for API properties to 100%, adding 25% more resources, and more than 200 additional data sources. Going forward, this will also reduce the barriers to bringing more resources into Terraform across the broader Cloudflare API. This is a small, but important step to making more of our platform manageable through GitOps, making it easier for you to manage Cloudflare just like you do your other infrastructure.

    The Cloudflare Terraform Provider v5 is a ground-up rewrite of the provider and introduces breaking changes for some resource types. Please refer to the upgrade guide for best practices, or the blog post on automatically generating Cloudflare's Terraform Provider for more information about the approach.

    For more info

