--- title: WAF Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) WAF ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Mar 07, 2025 1. ### [Updated leaked credentials database](https://developers.cloudflare.com/changelog/post/2025-03-07-updated-leaked-credentials-database/) [ WAF ](https://developers.cloudflare.com/waf/) Added new records to the leaked credentials database. The record sources are: Have I Been Pwned (HIBP) database, RockYou 2024 dataset, and another third-party database. Mar 03, 2025 1. ### [WAF Release - 2025-03-03](https://developers.cloudflare.com/changelog/post/2025-03-03-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | ------------------------------------------------------------------------------------------- | --------------- | ---------- | ----------------------- | | Cloudflare Managed Ruleset | ...93e63099 | 100721 | Ivanti - Remote Code Execution - CVE:CVE-2024-13159, CVE:CVE-2024-13160, CVE:CVE-2024-13161 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...cac42ce2 | 100596 | Citrix Content Collaboration ShareFile - Remote Code Execution - CVE:CVE-2023-24489 | N/A | Block | | Feb 24, 2025 1. ### [WAF Release - 2025-02-24](https://developers.cloudflare.com/changelog/post/2025-02-24-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | ----------------------------------------------------- | --------------- | ---------- | ----------------------- | | Cloudflare Managed Ruleset | ...4916911e | 100718A | SonicWall SSLVPN 2 - Auth Bypass - CVE:CVE-2024-53704 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...c382fdec | 100720 | Palo Alto Networks - Auth Bypass - CVE:CVE-2025-0108 | Log | Block | This is a New Detection | Feb 18, 2025 1. ### [WAF Release - 2025-02-18](https://developers.cloudflare.com/changelog/post/2025-02-18-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | --------------------------------------------------- | --------------- | ---------- | ----------------------- | | Cloudflare Managed Ruleset | ...a2ffa4b8 | 100715 | FortiOS - Auth Bypass - CVE:CVE-2024-55591 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...5a883e12 | 100716 | Ivanti - Auth Bypass - CVE:CVE-2021-44529 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...958094d3 | 100717 | SimpleHelp - Auth Bypass - CVE:CVE-2024-57727 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...3b66df22 | 100718 | SonicWall SSLVPN - Auth Bypass - CVE:CVE-2024-53704 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...9184699f | 100719 | Yeti Platform - Auth Bypass - CVE:CVE-2024-46507 | Log | Block | This is a New Detection | Feb 11, 2025 1. ### [WAF Release - 2025-02-11](https://developers.cloudflare.com/changelog/post/2025-02-11-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | ------------------------------------------------------------------------- | --------------- | ---------- | ----------------------- | | Cloudflare Managed Ruleset | ...483b4c26 | 100708 | Aviatrix Network - Remote Code Execution - CVE:CVE-2024-50603 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...7e924ca3 | 100709 | Next.js - Remote Code Execution - CVE:CVE-2024-46982 | Log | Disabled | This is a New Detection | | Cloudflare Managed Ruleset | ...83a7d8ff | 100710 | Progress Software WhatsUp Gold - Directory Traversal - CVE:CVE-2024-12105 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...baa8eb34 | 100711 | WordPress - Remote Code Execution - CVE:CVE-2024-56064 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...87f5d34e | 100712 | WordPress - Remote Code Execution - CVE:CVE-2024-9047 | Log | Block | This is a New Detection | | Cloudflare Managed Ruleset | ...bf72cf8a | 100713 | FortiOS - Auth Bypass - CVE:CVE-2022-40684 | Log | Block | This is a New Detection | Feb 04, 2025 1. ### [Updated leaked credentials database](https://developers.cloudflare.com/changelog/post/2025-02-04-updated-leaked-credentials-database/) [ WAF ](https://developers.cloudflare.com/waf/) Added new records to the leaked credentials database from a third-party database. Jan 21, 2025 1. ### [WAF Release - 2025-01-21](https://developers.cloudflare.com/changelog/post/2025-01-21-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | ---------------------------- | --------------- | ---------- | -------------------------------- | | Cloudflare Managed Ruleset | ...b090ba9a | 100303 | Command Injection - Nslookup | Log | Block | This was released as ...b8d152f4 | | Cloudflare Managed Ruleset | ...49e6b538 | 100534 | Web Shell Activity | Log | Block | This was released as ...82fe4e7f | Jan 13, 2025 1. ### [WAF Release - 2025-01-13](https://developers.cloudflare.com/changelog/post/2025-01-13-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | -------------------------- | ----------- | -------------- | --------------------------------------------------------------------------------------------- | --------------- | ---------- | ------------- | | Cloudflare Managed Ruleset | ...f49e5840 | 100704 | Cleo Harmony - Auth Bypass - CVE:CVE-2024-55956, CVE:CVE-2024-55953 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...a6d43bc2 | 100705 | Sentry - SSRF | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...ce6311bb | 100706 | Apache Struts - Remote Code Execution - CVE:CVE-2024-53677 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...2233da1f | 100707 | FortiWLM - Remote Code Execution - CVE:CVE-2023-48782, CVE:CVE-2023-34993, CVE:CVE-2023-34990 | Log | Block | New Detection | | Cloudflare Managed Ruleset | ...e31d972a | 100007C\_BETA | Command Injection - Common Attack Commands | Disabled | | | Jan 06, 2025 1. ### [WAF Release - 2025-01-06](https://developers.cloudflare.com/changelog/post/2025-01-06-waf-release/) [ WAF ](https://developers.cloudflare.com/waf/) | Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments | | ------------------- | ----------- | -------------- | --------------------------------------------------------------------------------------------------------- | --------------- | ---------- | ------------- | | Cloudflare Specials | ...9da08beb | 100678 | Pandora FMS - Remote Code Execution - CVE:CVE-2024-11320 | Log | Block | New Detection | | Cloudflare Specials | ...ecdf3d02 | 100679 | Palo Alto Networks - Remote Code Execution - CVE:CVE-2024-0012, CVE:CVE-2024-9474 | Log | Block | New Detection | | Cloudflare Specials | ...a40f2a35 | 100680 | Ivanti - Command Injection - CVE:CVE-2024-37397 | Log | Block | New Detection | | Cloudflare Specials | ...58ae3c89 | 100681 | Really Simple Security - Auth Bypass - CVE:CVE-2024-10924 | Log | Block | New Detection | | Cloudflare Specials | ...e37f2da6 | 100682 | Magento - XXE - CVE:CVE-2024-34102 | Log | Block | New Detection | | Cloudflare Specials | ...5054c752 | 100683 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51567 | Log | Block | New Detection | | Cloudflare Specials | ...dfe93d7b | 100684 | Microsoft SharePoint - Remote Code Execution - CVE:CVE-2024-38094, CVE:CVE-2024-38024, CVE:CVE-2024-38023 | Log | Block | New Detection | | Cloudflare Specials | ...1454c856 | 100685 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51568 | Log | Block | New Detection | | Cloudflare Specials | ...e92362e5 | 100686 | Seeyon - Remote Code Execution | Log | Block | New Detection | | Cloudflare Specials | ...b9f1c9f8 | 100687 | WordPress - Remote Code Execution - CVE:CVE-2024-10781, CVE:CVE-2024-10542 | Log | Block | New Detection | | Cloudflare Specials | ...0d7ca374 | 100688 | ProjectSend - Remote Code Execution - CVE:CVE-2024-11680 | Log | Block | New Detection | | Cloudflare Specials | ...a5260b70 | 100689 | Palo Alto GlobalProtect - Remote Code Execution - CVE:CVE-2024-5921 | Log | Block | New Detection | | Cloudflare Specials | ...d007118b | 100690 | Ivanti - Remote Code Execution - CVE:CVE-2024-37404 | Log | Block | New Detection | | Cloudflare Specials | ...c3e49f64 | 100691 | Array Networks - Remote Code Execution - CVE:CVE-2023-28461 | Log | Block | New Detection | | Cloudflare Specials | ...fcc6f5bb | 100692 | CyberPanel - Remote Code Execution - CVE:CVE-2024-51378 | Log | Block | New Detection | | Cloudflare Specials | ...b615335e | 100693 | Symfony Profiler - Auth Bypass - CVE:CVE-2024-50340 | Log | Block | New Detection | | Cloudflare Specials | ...09d08c8a | 100694 | Citrix Virtual Apps - Remote Code Execution - CVE:CVE-2024-8069 | Log | Block | New Detection | | Cloudflare Specials | ...8aafb2f5 | 100695 | MSMQ Service - Remote Code Execution - CVE:CVE-2023-21554 | Log | Block | New Detection | | Cloudflare Specials | ...11b7a8c7 | 100696 | Nginxui - Remote Code Execution - CVE:CVE-2024-49368 | Log | Block | New Detection | | Cloudflare Specials | ...45954c7e | 100697 | Apache ShardingSphere - Remote Code Execution - CVE:CVE-2022-22733 | Log | Block | New Detection | | Cloudflare Specials | ...f5311209 | 100698 | Mitel MiCollab - Auth Bypass - CVE:CVE-2024-41713 | Log | Block | New Detection | | Cloudflare Specials | ...b3e5e46e | 100699 | Apache Solr - Auth Bypass - CVE:CVE-2024-45216 | Log | Block | New Detection | [Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)