Changelogs
Subscribe to all Changelog posts via RSS.
Unless otherwise noted, all dates refer to the release date of the change.
20th December 2024
Vectorize
Added support for index name reuse
Vectorize now supports the reuse of index names within the account. An index can be created using the same name as an index that is in a deleted state.
19th December 2024
Digital Experience Monitoring
Remote captures
Admins can now collect packet captures (PCAPs) and WARP diagnostic logs from end user devices. For more information, refer to Remote captures.
Email Security
Email Security reclassification tab
Customers can now have more transparency about their team and user submissions. The new Reclassification tab in the Zero Trust dashboard will allow customers to have a full understanding of what submissions they have made and what the outcomes of those submissions are.
Email Security
Email Security expanded folder scanning
Microsoft 365 customers can now choose to scan all folders or just the inbox when deploying via the Graph API.
Pages
Cloudflare GitHub App Permissions Update
- Cloudflare is requesting updated permissions for the Cloudflare GitHub App to enable features like automatically creating a repository on your GitHub account and deploying the new repository for you when getting started with a template. This feature is coming out soon to support a better onboarding experience.
- Requested permissions:
- Repository Administration (read/write) to create repositories.
- Contents (read/write) to push code to the created repositories.
- Who is impacted:
- Existing users will be prompted to update permissions when GitHub sends an email with subject "[GitHub] Cloudflare Workers & Pages is requesting updated permission" on December 19th, 2024.
- New users installing the app will see the updated permissions during the connecting repository process.
- Action: Review and accept the permissions update to use upcoming features. If you decline or take no action, you can continue connecting repositories and deploying changes via the Cloudflare GitHub App as you do today, but new features requiring these permissions will not be available.
- Questions? Visit #github-permissions-update in the Cloudflare Developers Discord.
- Requested permissions:
Vectorize
Added support for range queries in metadata filters
Vectorize now supports $lt
, $lte
, $gt
, and $gte
clauses in metadata filters.
Workers
- Cloudflare GitHub App Permissions Update
- Cloudflare is requesting updated permissions for the Cloudflare GitHub App to enable features like automatically creating a repository on your GitHub account and deploying the new repository for you when getting started with a template. This feature is coming out soon to support a better onboarding experience.
- Requested permissions:
- Repository Administration (read/write) to create repositories.
- Contents (read/write) to push code to the created repositories.
- Who is impacted:
- Existing users will be prompted to update permissions when GitHub sends an email with subject "[GitHub] Cloudflare Workers & Pages is requesting updated permission" on December 19th, 2024.
- New users installing the app will see the updated permissions during the connecting repository process.
- Action: Review and accept the permissions update to use upcoming features. If you decline or take no action, you can continue connecting repositories and deploying changes via the Cloudflare GitHub App as you do today, but new features requiring these permissions will not be available.
- Questions? Visit #github-permissions-update in the Cloudflare Developers Discord.
18th December 2024
Cloudflare Fundamentals
Use account owned tokens to manage other account owned tokens
Cloudflare's token management now allows users to set up a primary account owned token where they can manage all other account owned tokens.
Refer to Account owned tokens documentation for more details.
17th December 2024
Magic Transit
BGP support for Cloudflare Network Interconnect (CNI)
Magic Transit customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic Transit routing table.
Magic WAN
Magic WAN Connector configurable health checks
Health check rate on Magic WAN Connector IPsec tunnels are now configurable.
Magic WAN
BGP support for Cloudflare Network Interconnect (CNI)
Magic WAN customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic WAN table.
Cloudflare Network Interconnect
BGP support for Cloudflare Network Interconnect (CNI)
Magic WAN and Magic Transit customers can now establish BGP peering over Direct CNI circuits. Customers can now dynamically exchange routes and path availability status between their router device and the Magic WAN or Magic Transit routing table.
16th December 2024
Cloudflare Fundamentals
Cloudflare API docs are now automatically generated
Cloudflare's API documentation is now being automatically generated based on OpenAPI Schemas, and we have retired our old documentation. The move to OpenAPI Schemas allows us to ensure greater consistency and quality across our API documentation. The documentation now also includes examples of how to call the API using curl or our SDKs.
Refer to the Cloudflare API documentation, or the blog post on our transition to OpenAPI for more information.
Zaraz
- Consent Management: Allow forcing the consent modal language
- Zaraz Debugger: Log the response status and body for server-side requests
- Monitoring: Introduce "Advanced Monitoring" with new reports such as geography, user timeline, funnel, retention and more
- Monitoring: Show information about server-side requests success rate
- Zaraz Types: Update the
zaraz-types
package - Custom HTML Managed Component: Apply syntax highlighting for inlined JavaScript code
13th December 2024
AI Gateway
Bug Fixes
- Bug Fixes: Fixed Anthropic errors being cached.
- Bug Fixes: Fixed
env.AI.run()
requests using authenticated gateways returning authentication error.
11th December 2024
Hyperdrive
Hyperdrive now caches queries in all Cloudflare locations decreasing cache hit latency by up to 90%
Hyperdrive query caching now happens in all locations where Hyperdrive can be accessed. When making a query in a location that has cached the query result, your latency may be decreased by up to 90%.
Refer to documentation on how Hyperdrive caches query results.
Rules
Snippets support in the Cloudflare provider for Terraform
You can now manage Snippets using Terraform. For more information, refer to Configure Snippets using Terraform.
10th December 2024
WAF
2024-12-10
Change the order of list items in IP Lists (for API and Terraform users)
For more details, refer to the changelog page.
6th December 2024
Cloudflare Fundamentals
Dashboard SCIM is now fully self-serve
Dashboard SCIM is now self-serve. Previously, users configuring SCIM required assistance from Cloudflare to configure SCIM to onboard users. Now, with account owned tokens, SCIM can be configured by Enterprise customers that use Okta or Microsoft Entra without any assistance from Cloudflare.
Refer to the SCIM documentation for more details.
5th December 2024
Magic Cloud Networking
Download cloud onramp terraform
Customers can now generate customized terraform files for building cloud network on-ramps to Magic WAN. Magic Cloud can scan and discover existing network resources and generate the required terraform files to automate cloud resource deployment using their existing infrastructure-as-code workflows for cloud automation.
4th December 2024
Access
SCIM GA for Okta and Microsoft Entra ID
Cloudflare's SCIM integrations with Okta and Microsoft Entra ID (formerly AzureAD) are now out of beta and generally available (GA) for all customers. These integrations can be used for Access and Gateway policies and Zero Trust user management. Note: This GA release does not include Dashboard SSO SCIM support.
Zero Trust WARP Client
Custom device posture integration
WARP now supports setting up custom device posture integrations using a third-party API of your choice.
3rd December 2024
R2
- Server-side Encryption with Customer-Provided Keys is now available to all users via the Workers and S3-compatible APIs.
2nd December 2024
Page Shield
Alerts based on customer-defined policies
You can now scope all of Page Shield's alert types to selected zones and their associated policies, alerting only on the resources that have been explicitly allowed.
30th November 2024
Workflows
Step limit increased
Workflows now allow you to define up to 512 steps in a single Workflow definition, up from the previous limit of 256. This limit will continue to increase during the course of the open beta.
If you have Workflows that need more steps, we recommend delegating additional work to other Workflows by triggering a new Workflow from within a step and passing any state as parameters to that Workflow instance.
28th November 2024
25th November 2024
DLP
Profile confidence levels
DLP profiles now support setting a confidence level to choose how tolerant its detections are to false positives based on the context of the detection. The higher a profile's confidence level is, the less false positives will be allowed. Confidence levels include Low, Medium, or High. DLP profile confidence levels supersede context analysis.
22nd November 2024
CASB
CASB and DLP with Cloud Data Extraction for AWS cloud environments
You can now use CASB to find security misconfigurations in your AWS cloud environment. You can also connect your AWS compute account to extract and scan your S3 buckets for sensitive data while avoiding egress fees.
Rules
Support for Cloudflare R2 object storage in Cloud Connector
You can now connect to R2 buckets in Cloud Connector.
21st November 2024
Magic Cloud Networking
Import cloud resources for VMs and LBs
Cloud network discovery now includes cloud native virtual machine (VM) and load-balancer (LB) resources.
Magic Cloud Networking
Export resource catalog
Customers can export their resource catalog including all discovered resource metadata to a downloadable JSON file, suitable for offline analysis.
R2
- Sippy can now be enabled on buckets in jurisdictions (e.g., EU, FedRAMP).
- Fixed an issue with Sippy where GET/HEAD requests to objects with certain special characters would result in error responses.
Workflows
Fixed create instance API in Workers bindings
You can now call create()
without any arguments when using the Workers API for Workflows. Workflows will automatically generate the ID of the Workflow on your behalf.
This addresses a bug that caused calls to create()
to fail when provided with no arguments.
20th November 2024
Gateway
Category filtering in the network policy builder
Gateway users can now create network policies with the Content Categories and Security Risks traffic selectors. This update simplifies malicious traffic blocking and streamlines network monitoring for improved security management.
R2
- Oceania (OC) is now available as an R2 region.
- The default maximum number of buckets per account is now 1 million. If you need more than 1 million buckets, contact Cloudflare Support.
- Public buckets accessible via custom domain now support Smart Tiered Cache.
Workflows
Multiple Workflows in local development now supported
Local development with wrangler dev
now correctly supports multiple Workflow definitions per script.
There is no change to production Workflows, where multiple Workflow definitions per Worker script was already supported.
19th November 2024
AI Gateway
WebSockets API
- Configuration: Added WebSockets API which provides a single persistent connection, enabling continuous communication.
AI Gateway
Authentication
- Configuration: Added Authentication which adds security by requiring a valid authorization token for each request.
Hyperdrive
Hyperdrive now supports clear-text password authentication
When connecting to a database that requires secure clear-text password authentication over TLS, Hyperdrive will now support this authentication method.
Refer to the documentation to see all PostgreSQL authentication modes supported by Hyperdrive.
R2
- R2
bucket lifecycle
command added to Wrangler. Supports listing, adding, and removing object lifecycle rules.
Zero Trust WARP Client
MASQUE GA
MASQUE as a device tunnel protocol option is now generally available (GA). Refer to Device tunnel protocol for configuration details and minimum WARP client requirements.
18th November 2024
Zero Trust WARP Client
WARP client for macOS (version 2024.11.309.0)
A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.
Changes and improvements:
- Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
- Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
- Fixed an issue with the WARP client becoming unresponsive during startup.
- Extended
warp-diag
to collect system profiler firewall state as part of diagnostics. - Fixed an issue with the WARP client becoming unresponsive while handling LAN inclusion.
- Fixed an issue where users were unable to connect with an IPC error message displayed in the UI.
- Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.
Known issues:
- macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.1 or later.
Zero Trust WARP Client
WARP client for Windows (version 2024.11.309.0)
A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.
Changes and improvements:
- Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
- Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
- Fixed an issue with the WARP client becoming unresponsive during startup.
- Extended diagnostics collection time in
warp-diag
to ensure logs are captured reliably. - Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.
Known issues:
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.
Zero Trust WARP Client
WARP client for Linux (version 2024.11.309.0)
A new GA release for the Linux WARP client is now available in the package repository. This release contains reliability improvements and general bug fixes.
Changes and improvements:
- Fixed an issue where SSH sessions and other connections ould drop when a device that is using MASQUE changes its primary network interface.
- Device posture client certificate checks now support PKCS#1.
- Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
- Reduced unnecessary log messages when
resolv.conf
has no owner. - Fixed an issue with
warp-diag
printing benign TLS certificate errors. - Fixed an issue with the WARP client becoming unresponsive during startup.
- Extended diagnostics collection time in
warp-diag
to ensure logs are captured reliably. - Fixed an issue that was preventing proper operation of DNS-over-TLS (DoT) for consumer users.
Workers
- Updated v8 to version 13.1.
14th November 2024
Workers KV
Workers KV REST API bulk operations provide granular errors
The REST API endpoints for bulk operations (write, delete) now return the keys of operations that failed during the bulk operation. The updated response bodies are documented in the REST API documentation and contain the following information in the result
field:
{
"successful_key_count": number,
"unsuccessful_keys": string[]
}
The unsuccessful keys are an array of keys that were not written successfully to all storage backends and therefore should be retried.
R2
- R2
bucket info
command added to Wrangler. Displays location of bucket and common metrics.
13th November 2024
Vectorize
Added support for $in and $nin metadata filters
Vectorize now supports $in
and $nin
clauses in metadata filters.
12th November 2024
Zaraz
- Facebook Component: Update to version 21 of the API, and fail gracefully when e-commerce payload doesn't match schema
- Zaraz Monitoring: Show all response status codes from the Zaraz server-side requests in the dashboard
- Zaraz Debugger: Fix a bug that broke the display when Custom HTML included backticks
- Context Enricher: It's now possible to programatically edit the Zaraz
config
itself, in addition to thesystem
andclient
objects - Rocker Loader: Issues with using Zaraz next to Rocket Loader were fixed
- Automatic Actions: The tools setup flow now fully supports configuring Automatic Actions
- Bing Managed Component: Issues with setting the currency field were fixed
- Improvement: The allowed size for a Zaraz config was increased by 250x
- Improvement: The Zaraz runtime should run faster due to multiple code optimizations
- Bugfix: Fixed an issue that caused the dashboard to sometimes show "E-commerce" option for tools that do not support it
8th November 2024
R2
- R2
bucket dev-url
command added to Wrangler. Supports enabling, disabling, and getting status of bucket's r2.dev public access URL.
7th November 2024
Cache
Shard Cache by cache key
For custom cache keys, enterprise customers can now shard their cache using up to three values for previously restricted headers accept*
, referer
, and user-agent
. Sharding the cache can improve cache HIT
ratio and performance. However, overly sharding your cache, can have the opposite effect.
Cache
Versioning
Cache now supports versioned environments allowing customers to stage configurations and purge staged environments. Note that Cache Reserve is only supported for your production environment.
6th November 2024
R2
- R2
bucket domain
command added to Wrangler. Supports listing, adding, removing, and updating R2 bucket custom domains.
4th November 2024
API Shield
Endpoint labels
Customers can now organize their endpoints by use case and custom labels in Endpoint Management for easy reference and future machine learning (ML) model training.
WAF
2024-11-04
New table in Security Analytics and Security Events
For more details, refer to the changelog page.
1st November 2024
DLP
Send entire HTTP requests to a Logpush destination
In addition to logging the payload from HTTP requests that matched a DLP policy in Cloudflare Logs, Enterprise users can now configure a Logpush job to send the entire HTTP request that triggered a DLP match to a storage destination. This allows long-term storage of full requests for use in forensic investigation.
R2
- Add
minTLS
to response of list custom domains endpoint.
30th October 2024
Hyperdrive
New Hyperdrive configurations to private databases using Tunnels are validated before creation
When creating a new Hyperdrive configuration to a private database using Tunnels, Hyperdrive will verify that it can connect to the database to ensure that your Tunnel and Access application have been properly configured. This makes it easier to debug connectivity issues.
Refer to documentation on connecting to private databases for more information.
28th October 2024
R2
- Add get custom domain endpoint.
Vectorize
Improved query latency through REST API
Vectorize now has a significantly improved query latency through REST API:
24th October 2024
Pages
Updating Bun version to 1.1.33 in V2 build system
- Bun version is being updated from
1.0.1
to1.1.33
in Pages V2 build system. This is a minor version change, please see details at Bun. - If you wish to use a previous Bun version, you can override default version.
Vectorize
Vectorize increased limits
Developers with a Workers Paid plan can:
- Create 50,000 indexes per account, up from the previous 100 limit.
- Create 50,000 namespaces per index, up from the previous 100 limt. This applies to both existing and newly created indexes.
Refer to Limits to learn about Vectorize's limits.
23rd October 2024
Rules
Simplified user interface for URL Rewrites with wildcard support
The new simplified user interface for URL Rewrites is now live, making it easier for users to configure URL rewrites with wildcard support. This update streamlines the process by eliminating the need for complex functions in rule creation. The updated user interface is available at Rules > Transform Rules > Rewrite URL. For more information, refer to the wildcard support documentation.
Zero Trust WARP Client
WARP client for macOS (version 2024.10.279.1)
A new beta release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.
Changes and improvements:
- Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
- Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
Known issues:
- Cloudflare is investigating temporary networking issues on macOS 15 (Sequoia) that affect some users and may occur on any version of the WARP client.
Zero Trust WARP Client
WARP client for Windows (version 2024.10.279.1)
A new beta release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.
Changes and improvements:
- Fixed an issue where SSH sessions and other application connections over TCP or UDP could drop when a device that is using MASQUE changes its primary network interface.
- Fixed an issue to ensure the Cloudflare root certificate (or custom certificate) is installed in the trust store if not already there.
Known issues:
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.
Workflows
Workflows is now in public beta!
Workflows, a new product for building reliable, multi-step workflows using Cloudflare Workers, is now in public beta. The public beta is available to any user with a free or paid Workers plan.
A Workflow allows you to define multiple, independent steps that encapsulate errors, automatically retry, persist state, and can run for seconds, minutes, hours or even days. A Workflow can be useful for post-processing data from R2 buckets before querying it, automating a Workers AI RAG pipeline, or managing user signup flows and lifecycle emails.
You can learn more about Workflows in our announcement blog, or start building in our get started guide.
21st October 2024
R2
- Event notifications can now be configured for R2 buckets in jurisdictions (e.g., EU, FedRAMP).
Workers
- Fixed encoding of WebSocket pong messages when talking to remote servers. Previously, when a Worker made a WebSocket connection to an external server, the server may have prematurely closed the WebSocket for failure to respond correctly to pings. Client-side connections were not affected.
18th October 2024
API Shield
API Shield fields in Custom Rules
Customers can now use API Shield product feature fields in custom rules, referencing features such as JWT Validation, session identifiers, and Schema Validation.
SSL/TLS
New cloudflare_branding flag allows hostnames with over 64 characters for all CAs
To order certificates for hostnames longer than 64 characters, customers can now use the cloudflare_branding
flag when ordering a certificate via API. Setting cloudflare_branding
to true
will cause sni.cloudflaressl.com
to be used as the common name, while the long hostname is added as part of the subject alternative name (SAN).
17th October 2024
AI Gateway
Vercel SDK
Added Vercel AI SDK. The SDK supports many different AI providers, tools for streaming completions, and more.
Gateway
Per-account Cloudflare root certificate
Gateway users can now generate unique root CAs for their Zero Trust account. Both generated certificate and custom certificate users must activate a root certificate to use it for inspection. Per-account certificates replace the default Cloudflare certificate, which is set to expire on 2025-02-02.
Cloudflare Tunnel
Simplifed WARP Connector deployment
You can now deploy WARP Connector using a simplified, guided workflow similar to cloudflared
connectors. For detailed instructions, refer to the WARP Connector documentation.
15th October 2024
DNS
Quote validation for TXT records added via dashboard
When creating TXT records via the dashboard you will now find:
- Field validation errors if double quotes
"
are added inconsistently. - Automatically quoted TXT content upon save if no quotes exist in the record content field.
14th October 2024
Workers
- Updated v8 to version 13.0.
10th October 2024
Gateway
Time-based policy duration
Gateway now offers time-based DNS policy duration. With policy duration, you can configure a duration of time for a policy to turn on or set an exact date and time to turn a policy off.
Cloudflare Tunnel
Bugfix for --grace-period
The new cloudflared
build 2024.10.0 has a bugfix related to the --grace-period tunnel run parameter. cloudflared
connectors will now abide by the specified waiting period before forcefully closing connections to Cloudflare's network.
8th October 2024
Logs
Cloudflare has introduced new fields two Gateway-related datasets in Cloudflare Logs:
Gateway HTTP:
ApplicationIDs
,ApplicationNames
,CategoryIDs
,CategoryNames
,DestinationIPContinentCode
,DestinationIPCountryCode
,ProxyEndpoint
,SourceIPContinentCode
,SourceIPCountryCode
,VirtualNetworkID
, andVirtualNetworkName
.Gateway Network:
ApplicationIDs
,ApplicationNames
,DestinationIPContinentCode
,DestinationIPCountryCode
,ProxyEndpoint
,SourceIPContinentCode
,SourceIPCountryCode
,TransportProtocol
,VirtualNetworkID
, andVirtualNetworkName
.
7th October 2024
DNS
API support for per-record CNAME flattening
Paid zones now have the option to flatten specific CNAME records. When using the API, specify the setting cname_flatten
as true
or false
. Refer to the documentation for details.
Durable Objects
Alarms re-enabled in (beta) SQLite-backed Durable Object classes
The issue identified with alarms in beta Durable Object classes with a SQLite storage backend has been resolved and alarms have been re-enabled.
4th October 2024
Gateway
Expanded Gateway log fields
Gateway now offers new fields in activity logs for DNS, network, and HTTP policies to provide greater insight into your users' traffic routed through Gateway.
3rd October 2024
Zero Trust WARP Client
WARP client for Linux (version 2024.9.346.0)
A new GA release for the Linux WARP client is now available in the package repository. This release contains minor fixes and minor improvements.
Notable updates:
- Added
target list
to thewarp-cli
to enhance the user experience with the Access for Infrastructure SSH solution. - Added the ability to customize PCAP options in the
warp-cli
. - Added a list of installed applications in
warp-diag
. - Added a
tunnel reset mtu
subcommand to thewarp-cli
. - Added the ability for
warp-cli
to use the team name provided in the MDM file for initial registration. - Added a JSON output option to the
warp-cli
. - Added the ability to execute a PCAP on multiple interfaces with
warp-cli
. - Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).
- Improved the performance of firewall operations when enforcing split tunnel configuration.
- Fixed an issue where device posture certificate checks were unexpectedly failing.
- Fixed an issue where the Linux GUI fails to open the browser login window when registering a new Zero Trust organization.
- Fixed an issue where clients using service tokens failed to retry after a network change.
- Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
- Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
- Deprecated
warp-cli
commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.
Known issues:
- Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.
Zero Trust WARP Client
WARP client for Windows (version 2024.9.346.0)
A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.
Notable updates:
- Added
target list
to thewarp-cli
to enhance the user experience with the Access for Infrastructure SSH solution. - Added pre-login configuration details to the
warp-diag
output. - Added a
tunnel reset mtu
subcommand to thewarp-cli
. - Added a JSON output option to the
warp-cli
. - Added the ability for
warp-cli
to use the team name provided in the MDM file for initial registration. - Added the ability to execute a PCAP on multiple interfaces with
warp-cli
andwarp-dex
. - Improved
warp-dex
default interface selection for PCAPs and changedwarp-dex
CLI output to JSON. - Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
- Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).
Known issues:
- Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.
Zero Trust WARP Client
WARP client for macOS (version 2024.9.346.0)
A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.
All customers running macOS Ventura 13.0 and above (including Sequoia) are advised to upgrade to this release. This release fixes an incompatibility with the firewall found on macOS Sonoma 14.4 and above that could result in the firewall being disabled.
Notable updates:
- Added
target list
to thewarp-cli
to enhance the user experience with the Access for Infrastructure SSH solution. - Added a
tunnel reset mtu
subcommand to thewarp-cli
. - Added the ability for
warp-cli
to use the team name provided in the MDM file for initial registration. - Added a JSON output option to the
warp-cli
. - Added the ability to execute a PCAP on multiple interfaces with
warp-cli
andwarp-dex
. - Improved
warp-dex
default interface selection for PCAPs and changedwarp-dex
CLI output to JSON. - Improved application posture check compatibility with symbolically linked files.
- Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
- Added MASQUE tunnel protocol support for the consumer version of WARP (1.1.1.1 w/ WARP).
Known issues:
- Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.
2nd October 2024
Magic Firewall
New UI improvements
The dashboard now allows you to search custom rules using the rule name and/or ID. Additionally, the rule ID URL link has been added to Network Analytics. Go to Analytics & Logs > Network Analytics > Magic Firewall > Packet sample log > Search for Rule ID.
1st October 2024
Magic Cloud Networking
Cost visibility for managed cloud configuration
Customers can now see the cloud provider list price of discovered network resources and will be informed of total cost and delta cost when deploying managed configuration.
Magic Transit
Early access testing for BGP on CNI 2.0 circuits
Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.
Magic WAN
Early access testing for BGP on CNI 2.0 circuits
Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.
Cloudflare Network Interconnect
Early access testing for BGP on Direct CNI circuits
Customers can exchange routes dynamically with their Magic virtual network overlay via Direct CNI or Cloud CNI based connectivity.
30th September 2024
Gateway
File sandboxing
Gateway users on Enterprise plans can create HTTP policies with file sandboxing to quarantine previously unseen files downloaded by your users and scan them for malware.
Page Shield
New machine learning (ML) scores for detected scripts
In addition to the global integrity score, Page Shield now provides individual script scores (from 1 to 99) for the following malicious code detections: Magecart, Crypto mining, and Malware.
27th September 2024
Durable Objects
Alarms disabled in (beta) SQLite-backed Durable Object classes
An issue was identified with alarms in beta Durable Object classes with a SQLite storage backend. Alarms have been temporarily disabled for only SQLite-backed Durable Objects while a fix is implemented. Alarms in Durable Objects with default, key-value storage backend are unaffected and continue to operate.
Magic WAN
Magic WAN Connector sends WARP client traffic to Internet
All Magic WAN Connectors now route WARP client traffic directly to the Internet, bypassing IPsec tunneling, to prevent double encapsulation of WARP traffic.
26th September 2024
AI Gateway
Persistent logs
- Logs: AI Gateway now has logs that persist, giving you the flexibility to store them for your preferred duration.
AI Gateway
Evaluations
- Configurations: Use AI Gateway’s Evaluations to make informed decisions on how to optimize your AI application.
Durable Objects
(Beta) SQLite storage backend & SQL API available on new Durable Object classes
The new beta version of Durable Objects is available where each Durable Object has a private, embedded SQLite database. When deploying a new Durable Object class, users can opt-in to a SQLite storage backend in order to access new SQL API and point-in-time-recovery API, part of Durable Objects Storage API.
You cannot enable a SQLite storage backend on an existing, deployed Durable Object class. Automatic migration of deployed classes from their key-value storage backend to SQLite storage backend will be available in the future.
During the initial beta, Storage API billing is not enabled for Durable Object classes using SQLite storage backend. SQLite-backed Durable Objects will incur charges for requests and duration. We plan to enable Storage API billing for Durable Objects using SQLite storage backend in the first half of 2025 after advance notice with the following pricing.
Cloudflare Fundamentals
Account owned tokens
Account owned tokens are now generally available. Unlike user-owned tokens, account owned tokens are tied with the Cloudflare account instead of the user that created them. This ensures that long term integrations like CI/CD are not broken if the user that set it up leaves your organization.
Refer to the Account owned tokens documentation or the blog post for more details.
Queues
Queues is GA, with higher throughput & consumer concurrency
Queues is now generally available.
The per-queue message throughput has increased from 400 to 5,000 messages per second. This applies to new and existing queues.
Maximum concurrent consumers has increased from 20 to 250. This applies to new and existing queues. Queues with no explicit limit will automatically scale to the new maximum. Review the consumer concurrency documentation to learn more.
R2
- Event notifications for R2 is now generally available. Event notifications now support higher throughput (up to 5,000 messages per second per Queue), can be configured in the dashboard and Wrangler, and support for lifecycle deletes.
Zero Trust WARP Client
WARP client for macOS (version 2024.8.457.0)
A new GA release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.
Notable updates:
- Added the ability to customize PCAP options in
warp-cli
. - Added a list of installed applications in
warp-diag
. - Added a summary of
warp-dex
traceroute results in its JSON output. - Improved the performance of firewall operations when enforcing Split Tunnels configuration.
- Fixed an issue where the DNS logs were not being cleared when the user switched configurations.
- Fixed an issue where clients using service tokens failed to retry after a network change.
- Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
- Fixed an issue which prevented the use of private IP ranges that overlapped with end users' home networks.
- Deprecated
warp-cli
commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.
Known issues:
- Cloudflare is investigating temporary networking issues on macOS 15 (Sequoia) that seem to affect some users.
- Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services is enabled.
Zero Trust WARP Client
WARP client for Windows (version 2024.8.458.0)
A new GA release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.
Notable updates:
- Added the ability to customize PCAP options in
warp-cli
. - Added a list of installed applications in
warp-diag
. - Added a summary of
warp-dex
traceroute results in its JSON output. - Improved the performance of firewall operations when enforcing Split Tunnels configuration.
- Reduced the time it takes for a WARP client update to complete.
- Fixed an issue where clients using service tokens failed to retry the initial connection when there is no network connectivity on startup.
- Fixed issues where incorrect DNS server addresses were being applied following reboots and network changes. Any incorrect static entries set by previous WARP versions must be manually reverted.
- Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
- Deprecated
warp-cli
commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.
Known issues:
Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services enabled.
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.
Workers AI
Workers AI Birthday Week 2024 announcements
- Meta Llama 3.2 1B, 3B, and 11B vision is now available on Workers AI
@cf/black-forest-labs/flux-1-schnell
is now available on Workers AI- Workers AI is fast! Powered by new GPUs and optimizations, you can expect faster inference on Llama 3.1, Llama 3.2, and FLUX models.
- No more neurons. Workers AI is moving towards unit-based pricing
- Model pages get a refresh with better documentation on parameters, pricing, and model capabilities
- Closed beta for our Run Any* Model feature, sign up here
- Check out the product announcements blog post for more information
- And the technical blog post if you want to learn about how we made Workers AI fast
Workers
- You can now connect your GitHub or GitLab repository to an existing Worker to automatically build and deploy your changes when you make a git push with Workers Builds.
25th September 2024
API Shield
Fallthrough rule for Schema Validation 2.0
Customers can now enable the Fallthrough Action for Schema Validation 2.0 to block or log requests that do not match the endpoints listed in schemas protected by Schema Validation 2.0.
Calls
TURN service is generally available (GA)
Cloudflare Calls TURN service is generally available and helps address common challenges with real-time communication. For more information, refer to the blog post or TURN documentation.
24th September 2024
Cloudflare Fundamentals
Terraform v5 SDK preview
The Terraform v5 Provider is now available as a preview. This new provider is automatically generated based on the OpenAPI Specifications for our REST API, and provides improved user experiences overall.
Refer to the Terraform documentation or the blog post for more details.
Cloudflare Fundamentals
API Documentation Preview
Cloudflare's API documentation is now available in preview with new automatically generated documentation. This documentation includes code snippets that refer to language-specific SDKs to make it easier to get started than ever.
Refer to the blog post for more details.
Magic Network Monitoring
Magic Network Monitoring free version available to all customers
The free version of Magic Network Monitoring (MNM) is now available to everyone with a Cloudflare account by default.
23rd September 2024
Security Center
- Customers can now export all matches from a saved query. Select your Query name > select the three dots > Export matches.
20th September 2024
Hyperdrive
The node-postgres
(pg) driver is now supported for Pages applications using Hyperdrive.
The popular pg
(node-postgres driver no longer requires the legacy node_compat
mode, and can now be used in both Workers and Pages for connecting to Hyperdrive. This uses the new (improved) Node.js compatibility in Workers and Pages.
You can set compatibility_flags = ["nodejs_compat_v2"]
in your wrangler.toml
or via the Pages dashboard to benefit from this change. Visit the Hyperdrive documentation on supported drivers to learn more about the driver versions supported by Hyperdrive.
Rules
Automatic DNS Validation for Cloudflare Rules
The Cloudflare dashboard now automatically validates DNS records and Cloudflare for SaaS custom hostnames for rules targeting specific hostnames or URLs. To prevent misconfigured rules and ensure smoother deployments, you will get proactive warnings for missing or misconfigured DNS records and custom hostnames.
Workers
- Workers now support the [
handle_cross_request_promise_resolution
] compatibility flag which addresses certain edge cases around awaiting and resolving promises across multiple requests.
19th September 2024
Security Center
- Customers can now create a
security.txt
file file to provide the security research team with a standardized way to report vulnerabilities.
SSL/TLS
SSL.com available with ACM and SSL for SaaS
SSL.com is one of the certificate authorities that Cloudflare partners with. SSL.com is now available as an option to customers with Advanced Certificate Manager (ACM) or SSL for SaaS. Consider our reference documentation for details.
18th September 2024
Page Shield
Page Shield's script monitor now available in Free plan
The Page Shield's script monitor feature is now available to all users, including users in the Free plan.
Page Shield
Page Shield policy changes now available in audit logs
Cloudflare Audit Logs now include entries for any changes to Page Shield's policies.
R2
- Add the ability to set and update minimum TLS version for R2 bucket custom domains.
17th September 2024
Rules
Compression Rules available to all plans with Zstandard support
Compression Rules now support Zstandard compression and are available in all Cloudflare plans. Users in the Free plan will gradually get access throughout 2024.
Zaraz
- Automatic Actions: E-commerce support is now integrated with Automatic Actions
- Consent Management: Support styling the Consent Modal when CSP is enabled
- Consent Management: Fix an issue that could cause tools to load before consent was granted when TCF is enabled
- Zaraz Debugger: Remove redundant messages related to empty values
- Amplitude Managed Component: Respect the EU endpoint setting
16th September 2024
13th September 2024
12th September 2024
Magic Firewall
New UI improvements
The dashboard now displays the order number of custom rules, and improved drag and drop functionality. You can also preview rules on a side panel without leaving the current page.
10th September 2024
AI Gateway
Custom costs
- Configuration: AI Gateway now allows you to set custom costs at the request level custom costs to requests, accurately reflect your unique pricing, overriding the default or public model costs.
Rules
wildcard_replace() function now supported in URL rewrites
You can now use the wildcard_replace()
function in rewrite expressions of URL rewrites.
7th September 2024
Durable Objects
New error message for overloaded Durable Objects
Introduced a new overloaded error message for Durable Objects: "Durable Object is overloaded. Too many requests for the same object within a 10 second window."
This error message does not replace other types of overload messages that you may encounter for your Durable Object, and is only returned at more extreme levels of overload.
5th September 2024
Cache
New Cache Rules templates for one-click rule creation
The new Rules > Templates page in the Cloudflare dashboard provides one-click templates for creating cache rules, making it easy to optimize your caching strategy. Access these pre-built templates directly from each product's rule builder, and explore the Examples gallery in the developer documentation for real-world use cases.
Rules
New Rules Templates for one-click rule creation
The new Rules > Templates page in the Cloudflare dashboard allows you to create common rules with a single click, featuring dozens of pre-built templates. You can also access these templates directly from each product's rule builder. Also, explore the Examples gallery in the developer docs for real-world use cases and inspiration.
3rd September 2024
DLP
Exact Data Match multi-entry upload support
You can now upload files with multiple columns of data as Exact Data Match datasets. DLP can use each column as a separate existing detection entry.
2nd September 2024
Cloudflare Network Interconnect
Interconnect portal displays all available locations in a list
Customers can now see all available Direct CNI locations when searching for a Cloudflare site in the Interconnects interface.
29th August 2024
WAF
2024-08-29
Fixed occasional attack score mismatches
For more details, refer to the changelog page.
28th August 2024
API Shield
Increased capacity for Endpoint Management and Schema Validation
Endpoint Management and Schema Validation now support up to 10,000 saved and validated API endpoints.
26th August 2024
Access
Reduce automatic seat deprovisioning minimum to 1 month, down from 2 months.
Admins can now configure Zero Trust seats to automatically expire after 1 month of user inactivity. The previous minimum was 2 months.
Zero Trust WARP Client
WARP client for macOS (version 2024.8.309.1)
A new beta release for the macOS WARP client is now available in the App Center. This release contains minor fixes and improvements.
Notable updates:
- Added the ability to customize PCAP options in
warp-cli
. - Added a list of installed applications in
warp-diag
. - Added a summary of
warp-dex
traceroute results in its JSON output. - Improved the performance of firewall operations when enforcing Split Tunnels configuration.
- Fixed an issue where the DNS logs were not being cleared when the user switched configurations.
- Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
- Fixed an issue which prevented the use of private IP ranges that overlapped with end users' home networks.
- Deprecated
warp-cli
commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.
Known issues:
- Using MASQUE as the tunnel protocol may be incompatible if your organization has either of the following conditions:
- Magic WAN is enabled but does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Regional Services is enabled.
Zero Trust WARP Client
WARP client for Windows (version 2024.8.308.1)
A new beta release for the Windows WARP client is now available in the App Center. This release contains minor fixes and improvements.
Notable updates:
- Added the ability to customize PCAP options in
warp-cli
. - Added a list of installed applications in
warp-diag
. - Added a summary of
warp-dex
traceroute results in its JSON output. - Improved the performance of firewall operations when enforcing Split Tunnels configuration.
- Reduced the time it takes for a WARP client update to complete.
- Fixed issues where incorrect DNS server addresses were being applied following reboots and network changes. Any incorrect static entries set by previous WARP versions must be manually reverted.
- Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
- Deprecated
warp-cli
commands have been removed. If you have any workflows that use the deprecated commands, update to the new commands where necessary.
Known issues:
Using MASQUE as the tunnel protocol may be incompatible if your organization has either of the following conditions:
- Magic WAN is enabled but does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Regional Services is enabled.
DNS resolution may be broken when all of the following conditions are true:
- WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
- A custom DNS server address is configured on the primary network adapter.
- The custom DNS server address on the primary network adapter is changed while WARP is connected.
To work around the DNS issue, reconnect the WARP client by toggling off and back on.
23rd August 2024
D1
D1 alpha databases have stopped accepting SQL queries
Following the deprecation warning on 2024-04-30, D1 alpha databases have stopped accepting queries (you are still able to create and retrieve backups).
Requests to D1 alpha databases now respond with a HTTP 400 error, containing the following text:
You can no longer query a D1 alpha database. Please follow https://developers.cloudflare.com/d1/platform/alpha-migration/ to migrate your alpha database and resume querying.
You can upgrade to the new, generally available version of D1 by following the alpha database migration guide.
Zaraz
- Automatic Actions: Automatic Event Tracking is now fully available
- Consent Management: Fixed issues with rendering the Consent modal on iOS
- Zaraz Debugger: Remove redundant messages related to
__zarazEcommerce
- Zaraz Debugger: Fixed bug that prevented the debugger to load when certain Custom HTML tools were used
22nd August 2024
Rules
Simplified UI for Single Redirects with wildcard support
The simplified UI for Single Redirects is now available to all users, making URL redirects easier and more intuitive. This update builds on the recent wildcard support in Ruleset Engine products. Access the new UI under Rules > Redirect Rules. Learn more about wildcard support and our open-source Rust crate in the blog post.
21st August 2024
20th August 2024
Rules
Cloud Connector now available to all customers
Cloud Connector (beta) is now available to all customers. For setup details, refer to the documentation, explore examples, and check out the blog post.
19th August 2024
Bots
AI bots is now a managed rule
AI bots protection has been upgraded from a custom rule to a managed rule.
Hyperdrive
Improved caching for Postgres.js
Hyperdrive now better caches Postgres.js queries to reduce queries to the origin database.
Workers
- Workers now support the
allow_custom_ports
compatibility flag which enables using thefetch()
calls to custom ports.
16th August 2024
Magic Firewall
Magic Firewall Analytics Rule Log Enhancement
Customers who create a rule in a disabled mode will see the rule as Log (rule disabled).
Rules
Cloud Connector now available to all free customers
Cloud Connector (beta) is now available to all free and a subset of paid customers. This rollout will be gradually extended to all Cloudflare users, simplifying multi-cloud management and enhancing integration with Cloudflare's Connectivity Cloud. For more information, refer to the blog post.
15th August 2024
Stream
Full HD encoding for Portrait Videos
Stream now supports full HD encoding for portrait/vertical videos. Videos with a height greater than their width will now be constrained and prepared for adaptive bitrate renditions based on their width. No changes are required to benefit from this update. For more information, refer to the announcement.
Zero Trust WARP Client
WARP client for Linux (version 2024.6.497.0)
A new GA release for the Linux WARP client is now available in the package repository. This release includes some exciting new features. It also includes additional fixes and minor improvements.
New features:
- The WARP client now supports operation on Ubuntu 24.04.
- Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
- The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN =
123456.mycompany
, where 123456 is the device serial number). - TCP MSS clamping is now used where necessary to meet the MTU requirements of the tunnel interface. This will be especially helpful in Docker use cases.
Warning:
- Ubuntu 16.04 and 18.04 are not supported by this version of the client.
- This is the last GA release that will be supporting older, deprecated
warp-cli
commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output ofwarp-cli -h
.
Known issues:
- There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. To check the migration status, contact your account team.
- Your account has Regional Services enabled.
- The Linux client GUI does not yet support all GUI features found in the Windows and macOS clients. Future releases of the Linux client will be adding these GUI features.
- The Zero Trust team name is not visible in the GUI if you upgraded from the previous GA release using an MDM tool.
- Sometimes the WARP icon will remain gray (disconnected state) while in dark mode.
Workers
- Updated v8 to version 12.8.
- You can now use
Promise.try()
in Cloudflare Workers. Refer totc39/proposal-promise-try
for more context on this API that has recently been added to the JavaScript language.
Zaraz
- Automatic Actions: Automatic Pageview tracking is now fully available
- Google Analytics 4: Support Google Consent signals when using e-commerce tracking
- HTTP Events API: Ignore bot score detection on the HTTP Events API endpoint
- Zaraz Debugger: Show client-side network requests initiated by Managed Components
14th August 2024
Vectorize
Vectorize v1 is deprecated
With the new Vectorize storage engine, which supports substantially larger indexes (up to 5 million vector dimensions) and reduced query latencies, we are deprecating the original "legacy" (v1) storage subsystem.
To continue interacting with legacy (v1) indexes in wrangler versions after 3.71.0
, pass the --deprecated-v1
flag.
For example: 'wrangler vectorize --deprecated-v1' flag to create
, get
, list
, delete
and insert
vectors into legacy Vectorize v1 indexes. There is no currently no ability to migrate existing indexes from v1 to v2. Existing Workers querying or clients to use the REST API against legacy Vectorize indexes will continue to function.
Vectorize
Vectorize v2 in public beta
Vectorize now has a new underlying storage subsystem (Vectorize v2) that supports significantly larger indexes, improved query latency, and changes to metadata filtering.
Specifically:
- Indexes can now support up to 5 million vector dimensions each, up from 200,000 per index.
- Metadata filtering now requires explicitly defining the metadata properties that will be filtered on.
- Reduced query latency: queries will now return faster and with lower-latency.
- You can now return up to 100 results (
topK
), up from the previous limit of 20.
Workers
- When using the
nodejs_compat_v2
compatibility flag, thesetImmediate(fn)
API from Node.js is now available at the global scope. - The
internal_writable_stream_abort_clears_queue
compatibility flag will ensure that certainWritableStream
abort()
operations are handled immediately rather than lazily, ensuring that the stream is appropriately aborted when the consumer of the stream is no longer active.
13th August 2024
Hyperdrive
Hyperdrive audit logs now available in the Cloudflare Dashboard
Actions that affect Hyperdrive configs in an account will now appear in the audit logs for that account.
12th August 2024
Rules
Cloudflare Snippets limits have been upgraded
Cloudflare Snippets (alpha) now allow multiple subrequests depending on your plan. For more information, refer to the Availability.
Turnstile
- Added
[flexible]
width widget size. - Added new dimensions for Turnstile's compact size.
- Added a Feedback Report toggle on the widget's configuration.
Zaraz
- Automatic Actions: New tools now support Automatic Pageview tracking
- HTTP Events API: Respect Google consent signals
9th August 2024
Stream
Hide Viewer Count in Live Streams
A new property hideLiveViewerCount
has been added to Live Inputs to block access to the count of viewers in a live stream and remove it from the player. For more information, refer to Start a Live Stream.
8th August 2024
Browser Rendering
Update puppeteer to 21.1.0
- Rebased the fork on the original implementation up till version 21.1.0
Workers KV
New KV Analytics API
Workers KV now has a new metrics dashboard and analytics API that leverages the GraphQL Analytics API used by many other Cloudflare products. The new analytics API provides per-account and per-namespace metrics for both operations and storage, including latency metrics for read and write operations to Workers KV.
The legacy Workers KV analytics REST API will be turned off as of January 31st, 2025. Developers using this API will receive a series of email notifications prior to the shutdown of the legacy API.
6th August 2024
Email Security
Microsoft Graph API deployment.
Customers using Microsoft Office 365 can set up Email Security via Microsoft Graph API.
Cloudflare Tunnel
cloudflared builds available in GitHub for Apple silicon
macOS users can now download cloudflared-arm64.pkg
directly from GitHub, in addition to being available via Homebrew.
5th August 2024
2nd August 2024
31st July 2024
Rules
Wildcard support added to Ruleset Engine products
Wildcards are now supported across our Ruleset Engine-based products, including Single Redirects, Cache Rules, Transform Rules, WAF, Waiting Room, and more:
- You can now use the
wildcard
andstrict wildcard
operators with any string field in the Ruleset Engine, such as full URI, host, headers, cookies, user-agent, and country. For more details, refer to Operators and Wildcard matching. - In Single Redirects, the
wildcard_replace()
function allows you to use segments matched by thewildcard
andstrict wildcard
operators in redirect URL targets. For more information, refer to Functions.
30th July 2024
Gateway
UK NCSC indicator feed publicly available in Gateway
Gateway users on any plan can now use the PDNS threat intelligence feed provided by the UK National Cyber Security Centre (NCSC) in DNS policies.
Zero Trust WARP Client
WARP client for macOS (version 2024.6.474.0)
A new GA release for the macOS WARP client is now available in the App Center. This release contains fixes to improve the client; no new features are included.
Notable updates:
- Fixed an issue which caused alternate network detection to fail if the beacon host was using TLS 1.2 without TLS Extended Master Secret (EMS) enabled.
- Improved the stability of device profile switching based on alternate network detection.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client. - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.
Zero Trust WARP Client
WARP client for Windows (version 2024.6.473.0)
A new GA release for the Windows WARP client is now available in the App Center. This release contains fixes to improve the client; no new features are included.
Notable updates:
- Fixed an issue which caused alternate network detection to fail if the beacon host was using TLS 1.2 without TLS Extended Master Secret (EMS) enabled.
- Improved the stability of device profile switching based on alternate network detection.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client. - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.
29th July 2024
26th July 2024
D1
Fixed bug in TypeScript typings for run() API
The run()
method as part of the D1 Client API had an incorrect (outdated) type definition, which has now been addressed as of @cloudflare/workers-types
version 4.20240725.0
.
The correct type definition is stmt.run<T>(): D1Result
, as run()
returns the result rows of the query. The previously incorrect type definition was stmt.run(): D1Response
, which only returns query metadata and no results.
24th July 2024
23rd July 2024
Stream
New Live Webhooks for Error States
Stream has added a new notification event for Live broadcasts to alert (via email or webhook) on various error conditions including unsupported codecs, bad GOP/keyframe interval, or quota exhaustion.
When creating/editing a notification, subscribe to live_input.errored
to receive the new event type. Existing notification subscriptions will not be changed automatically. For more information, refer to Receive Live Webhooks.
Zaraz
- Embeds: Add support for server-side rendering of X (Twitter) and Instagram embeds
- CSP Compliance: Remove
eval
dependency - Google Analytics 4 Managed Component: Allow customizing the document title and client ID fields
- Custom HTML Managed Component: Scripts included in a Custom HTML will preserve their running order
- Google Ads Managed Component: Allow linking data with Google Analytics 4 instances
- TikTok Managed Component: Use the new TikTok Events API v2
- Reddit Managed Component: Support custom events
- Twitter Managed Component: Support setting the
event_id
, using custom fields, and improve conversion tracking - Bugfix: Cookie life-time cannot exceed one year anymore
- Bugfix: Zaraz Debugger UI does not break when presenting really long lines of information
22nd July 2024
Security Center
- Customers can now archive multiple Security Insights at the same time. Go to Security Center > Security Insights and select the insights to archive.
19th July 2024
Cache
Generic tiered cache
Generic Global Tiered Cache topology leverages all Cloudflare data centers as upper-tier cache network. It now hashes content within a region reducing duplication in upper-tier caches, which increases cache HIT
ratio.
Workers
- Workers with the mTLS binding now support Gradual Deployments.
18th July 2024
Workers
- Added a new
truncated
flag to Tail Worker events to indicate when the event buffer is full and events are being dropped.
17th July 2024
14th July 2024
Gateway
Gateway DNS filter non-authenticated queries
Gateway users can now select which endpoints to use for a given DNS location. Available endpoints include IPv4, IPv6, DNS over HTTPS (DoH), and DNS over TLS (DoT). Users can protect each configured endpoint by specifying allowed source networks. Additionally, for the DoH endpoint, users can filter traffic based on source networks and/or authenticate user identity tokens.
11th July 2024
Workers AI
New community-contributed tutorial
- Added community contributed tutorial on how to create APIs to recommend products on e-commerce sites using Workers AI and Stripe.
Workers
- Added community contributed tutorial on how to create custom access control for files in R2 using D1 and Workers.
- Added community contributed tutorial on how to send form submissions using Astro and Resend.
- Added community contributed tutorial on how to create a sitemap from Sanity CMS with Workers.
10th July 2024
AI Gateway
Custom metadata
AI Gateway now supports adding custom metadata to requests, improving tracking and analysis of incoming requests.
9th July 2024
8th July 2024
API Shield
API Discovery's hostname variables
Customers can now see when API Discovery groups similar subdomains with the same methods and paths, making it easy to discover and manage APIs that share many vanity domains or subdomains.
R2
- Added migration log for Super Slurper to the migration summary in the dashboard.
3rd July 2024
Workers
- The
node:crypto
implementation now includes the scrypt(...) and scryptSync(...) APIs. - Workers now support the standard EventSource API.
- Fixed a bug where when writing to an HTTP Response body would sometimes hang when the client disconnected (and sometimes throw an exception). It will now always throw an exception.
2nd July 2024
API Shield
Route API requests using API Routing
Customers can now route requests to different back-end services through API Routing, creating a unified front for their APIs distributed across otherwise disparate systems.
BYOIP
Address Maps for BYOIP and Static IPs
Address Maps is available via API and via dashboard. Address Maps allows customers with BYOIP prefixes or account-level Static IPs to specify which IP addresses should be mapped to DNS records when they are proxied through Cloudflare. Refer to the documentation for details.
1st July 2024
Magic Cloud Networking
Closed beta launch
The Magic Cloud Networking closed beta release is available, with the managed cloud on-ramps feature.
Rules
Cloudflare Snippets now available to all paid customers
Cloudflare Snippets (alpha) are now available to all paid customers.
Workers
- When using Gradual Deployments, you can now use version overrides to send a request to a specific version of your Worker.
28th June 2024
Zero Trust WARP Client
WARP client for macOS (version 2024.6.416.0)
A new GA release for the macOS WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.
New features:
- Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
- The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN =
123456.mycompany
, where 123456 is the device serial number).
Additional changes and improvements:
- Fixed a known issue where the certificate was not always properly left behind in
/Library/Application Support/Cloudflare/installed_cert.pem
. - Fixed an issue where re-auth notifications were not cleared from the UI when the user switched configurations.
- Fixed a macOS firewall rule that allowed all UDP traffic to go outside the tunnel. Relates to TunnelVision (CVE-2024-3661).
- Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.
Warning:
- This is the last GA release that will be supporting older, deprecated
warp-cli
commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output ofwarp-cli -h
.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client. - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.
Zero Trust WARP Client
WARP client for Windows (version 2024.6.415.0)
A new GA release for the Windows WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.
New features:
- Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
- The ZT WARP client on Windows devices can now connect before the user completes their Windows login. This Windows pre-login capability allows for connecting to on-premise Active Directory and/or similar resources necessary to complete the Windows login.
- The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN =
123456.mycompany
, where 123456 is the device serial number).
Additional changes and improvements:
- Added a new Unable to Connect message to the UI to help in troubleshooting.
- The upgrade window now uses international date formats.
- Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
- Fixed a known issue where the certificate was not always properly left behind in
%ProgramData%\Cloudflare\installed_cert.pem
. - Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.
- Fixed an issue where a silent upgrade was causing certain files to be deleted if the target upgrade version is the same as the current version.
Warning:
- This is the last GA release that will be supporting older, deprecated
warp-cli
commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output ofwarp-cli -h
.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client. - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
- A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
- Your account has Regional Services enabled.
Workers
- Fixed a bug which caused
Date.now()
to return skewed results if called before the first I/O of the first request after a Worker first started up. The value returned would be offset backwards by the amount of CPU time spent starting the Worker (compiling and running global scope), making it seem like the first I/O (e.g. first fetch()) was slower than it really was. This skew had nothing to do with Spectre mitigations; it was simply a longstanding bug.
27th June 2024
Radar
Change TCP connection tampering API endpoints to TCP Resets Timeouts
- Changed the connection tampering summary and timeseries API endpoints to TCP resets timeouts summary and timeseries, respectively.
Zero Trust WARP Client
Cloudflare One Agent for iOS (version 1.4)
A new GA release for the iOS Cloudflare One Agent is now available in the iOS App Store.
Notable updates:
- Fixed an issue with endpoint IP settings in MDM files
- Cleaned up some erroneous links
- Updated the Terms of Service
Workers AI
Introducing embedded function calling
- A new way to do function calling with Embedded function calling
- Published new
@cloudflare/ai-utils
npm package - Open-sourced
ai-utils on Github
25th June 2024
Gateway
Gateway DNS policy setting to ignore CNAME category matches
Gateway now offers the ability to selectively ignore CNAME domain categories in DNS policies via the Ignore CNAME domain categories setting in the policy builder and the ignore_cname_category_matches
setting in the API.
24th June 2024
Durable Objects
Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a .retryable: true
property if the exception was likely due to a transient failure, or populated with an .overloaded: true
property if the exception was due to overload.
Workers
- Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a
.retryable: true
property if the exception was likely due to a transient failure, or populated with an.overloaded: true
property if the exception was due to overload.
23rd June 2024
Magic WAN
ICMP support for traffic sourced from private IPs
Magic WAN will now support ICMP traffic sourced from private IPs going to the Internet via Gateway.
21st June 2024
Zaraz
- Dashboard: Add an option to disable the automatic
Pageview
event
20th June 2024
Stream
Generated Captions to Open beta
Stream has introduced automatically generated captions to open beta for all subscribers at no additional cost. While in beta, only English is supported and videos must be less than 2 hours. For more information, refer to the product announcement and deep dive or refer to the captions documentation to get started.
Workers
- We now prompt for extra confirmation if attempting to rollback to a version of a Worker using the Deployments API where the value of a secret is different than the currently deployed version. A
?force=true
query parameter can be specified to proceed with the rollback.
19th June 2024
Workers AI
Added support for traditional function calling
- Function calling is now supported on enabled models
- Properties added on models page to show which models support function calling
Workers
- When using
nodejs_compat
compatibility flag, thebuffer
module now has an implementation ofisAscii()
andisUtf8()
methods. - Fixed a bug where exceptions propagated from JS RPC calls to Durable Objects would lack the
.remote
property that exceptions fromfetch()
calls to Durable Objects have.
18th June 2024
Page Shield
Cookie Monitor now available
Page Shield now captures HTTP cookies set and used by your web application. The list of detected cookies in available in the Cloudflare dashboard or via API.
Zaraz
- Amplitude Managed Component: Allow users to choose data center
- Bing Managed Component: Fix e-commerce events handling
- Google Analytics 4 Managed Component: Mark e-commerce events as conversions
- Consent Management: Fix IAB Consent Mode tools not showing with purposes
17th June 2024
D1
HTTP API now returns a HTTP 429 error for overloaded D1 databases
Previously, D1's HTTP API returned a HTTP 500 Internal Server
error for queries that came in while a D1 database was overloaded. These requests now correctly return a HTTP 429 Too Many Requests
error.
D1's Workers API is unaffected by this change.
Risk score
Okta risk exchange
You can now exchange user risk scores with Okta to inform SSO-level policies.
14th June 2024
Page Shield
Added filter operators for scripts and connections
You can now filter scripts and connections in the Cloudflare dashboard using the does not contain
operator. Pages associated with scripts and connections can be filtered by includes
, starts with
, and ends with
.
Risk score
SentinelOne signal ingestion
You can now configure a predefined risk behavior to evaluate user risk score using device posture attributes from the SentinelOne integration.
12th June 2024
R2
- Super Slurper now supports migrating objects up to 1TB in size.
11th June 2024
beacon.min.js
Enhanced to include reporting of Server-Timing headers.
Stream
Updated response codes on requests for errored videos
Stream will now return HTTP error status 424 (failed dependency) when requesting segments, manifests, thumbnails, downloads, or subtitles for videos that are in an errored state. Previously, Stream would return one of several 5xx codes for requests like this.
Workers AI
Deprecation announcement for @cf/meta/llama-2-7b-chat-int8
We will be deprecating @cf/meta/llama-2-7b-chat-int8
on 2024-06-30.
Replace the model ID in your code with a new model of your choice:
@cf/meta/llama-3-8b-instruct
is the newest model in the Llama family (and is currently free for a limited time on Workers AI).@cf/meta/llama-3-8b-instruct-awq
is the new Llama 3 in a similar precision to your currently selected model. This model is also currently free for a limited time.
If you do not switch to a different model by June 30th, we will automatically start returning inference from @cf/meta/llama-3-8b-instruct-awq
.
7th June 2024
R2
- Fixed an issue that prevented Sippy from copying over objects from S3 buckets with SSE set up.
6th June 2024
5th June 2024
Magic WAN
Application based prioritization
The Magic WAN Connector can now prioritize traffic on a per-application basis.
3rd June 2024
CASB
Atlassian Bitbucket integration
You can now scan your Bitbucket Cloud workspaces for a variety of contextualized security issues such as source code exposure, admin misconfigurations, and more.
DDoS protection
2024-06-03
DDoS alerts now available for EU CMB customers
For more details, refer to the changelog page.
Rules
Cloudflare Snippets now available to all Enterprise customers
Cloudflare Snippets (alpha) are now available to all Enterprise customers. Customers in other paid plans will gradually get access throughout 2024.
Workers
- Workers with Smart Placement enabled now support Gradual Deployments.
31st May 2024
Magic WAN
WARP virtual IP addresses
Customers using Gateway to filter traffic to Magic WAN destinations will now see traffic from Cloudflare egressing with WARP virtual IP addresses (CGNAT range), rather than public Cloudflare IP addresses. This simplifies configuration and improves visibility for customers.
30th May 2024
29th May 2024
R2
- Added support for Infrequent Access storage class (beta).
Workers AI
Add new public LoRAs and note on LoRA routing
- Added documentation on new public LoRAs.
- Noted that you can now run LoRA inference with the base model rather than explicitly calling the
-lora
version
24th May 2024
Hyperdrive
Increased configuration limits
You can now create up to 25 Hyperdrive configurations per account, up from the previous maximum of 10.
Refer to Limits to review the limits that apply to Hyperdrive.
R2
- Added create temporary access tokens endpoint.
23rd May 2024
22nd May 2024
beacon.min.js
Introducing new metric fields, transferSize and decodedBodySize are included.
Data Localization Suite
Expanded Regional Services for more precise data localization.
- Added Austria, Brazil, France, Hong Kong, Italy, NATO, the Netherlands, Russia, Saudi Arabia, South Africa, Spain, Switzerland, and Taiwan. Some regions may not appear in the dropdown as they require Cloudflare approval. Contact your account team for more information.
- Introduced Exclusive of Hong Kong and Macau, and Exclusive of Russia and Belarus options.
- Launched the Cloudflare Green Energy region, using renewable-powered data centers.
Hyperdrive
Driver performance improvements
Compatibility improvements to how Hyperdrive interoperates with the popular Postgres.js driver have been released. These improvements allow queries made via Postgres.js to be correctly cached (when enabled) in Hyperdrive.
Developers who had previously set prepare: false
can remove this configuration when establishing a new Postgres.js client instance.
Read the documentation on supported drivers to learn more about database driver interoperability with Hyperdrive.
Zero Trust WARP Client
WARP client for Windows (version 2024.5.310.1)
A new beta release for the Windows WARP client is now available in the App Center.
Notable updates:
- Added a new Unable to Connect message to the UI to help in troubleshooting.
- In the upgrade window, a change was made to use international date formats to resolve an issue with localization.
- Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
- Fixed a known issue where the certificate was not always properly left behind in
%ProgramData%\Cloudflare\installed_cert.pem
. - Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client.
21st May 2024
Zero Trust WARP Client
WARP client for macOS (version 2024.5.287.1)
A new beta release for the macOS WARP client is now available in the App Center
Notable updates:
- Fixed a known issue where the certificate was not always properly left behind in
/Library/Application Support/Cloudflare/installed_cert.pem
. - Fixed an issue so that the reauth notification is cleared from the UI when the user switches configurations.
- Fixed an issue by correcting the WARP client setting of macOS firewall rules. This relates to TunnelVision (CVE-2024-3661).
- Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.
Known issues:
- If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the
warp-cli registration delete
command to clear the registration, and then re-register the client.
20th May 2024
Digital Experience Monitoring
Last seen ISP
Admins can view the last ISP seen for a device by going to My Team > Devices. Requires setting up a traceroute test.
17th May 2024
Workers AI
Add OpenAI compatible API endpoints
Added OpenAI compatible API endpoints for /v1/chat/completions
and /v1/embeddings
. For more details, refer to Configurations.
Workers
- Updated v8 to version 12.6.
16th May 2024
15th May 2024
Workers
- The new
fetch_standard_url
compatibility flag will become active by default on June 3rd, 2024 and ensures that URLs passed into thefetch(...)
API, thenew Request(...)
constructor, and redirected requests will be parsed using the standard WHATWG URL parser. - DigestStream is now more efficient and exposes a new
bytesWritten
property that indicates that number of bytes written to the digest.
14th May 2024
Rules
Page Rules migration
The Page Rules migration guide is now available for users interested in transitioning to modern Rules features instead of Page Rules. Explore the guide for detailed instructions on migrating your configurations.
13th May 2024
API Shield
Use JWT claims in Advanced Rate Limiting, Transform Rules, and as session IDs
Customers can now use the fields inside JSON Web Tokens (known as claims) as session identifiers in API Shield, to count values in Advanced Rate Limiting, and to send on useful information in Transform Rules.
Digital Experience Monitoring
DEX alerts
Admins can now set DEX alerts using Cloudflare Notifications. Three new DEX alert types:
- Device connectivity anomaly
- Test latency
- Test low availability
Rules
New Configuration Rules setting for Web Analytics (RUM)
You can now turn off Cloudflare Web Analytics, also known as Real User Monitoring (RUM), for specific requests using a configuration rule.
Workers
- Updated v8 to version 12.5.
- A bug in the fetch API implementation would cause the content type of a Blob to be incorrectly set. The fix is being released behind a new
blob_standard_mime_type
compatibility flag.
10th May 2024
Zero Trust WARP Client
Cloudflare One Agent for Android (version 1.7)
A new GA release for the Android Cloudflare One Agent is now available in the Google Play Store. This release fixes an issue where the user was not prompted to select the client certificate in the browser during Access registration.
9th May 2024
AI Gateway
- Added new endpoints to the REST API.
Zero Trust WARP Client
Crowdstrike posture checks for online status
Two new Crowdstrike attributes, Last Seen and State, are now available to be used as selectors in the Crowdstrike service provider integration.
8th May 2024
Zero Trust WARP Client
WARP client for macOS (version 2024.3.444.0)
A new GA release for the macOS WARP client is now available in the App Center. This releases fixes an issue with how the WARP client sets macOS firewall rules and addresses the TunnelVision (CVE-2024-3661) vulnerability.
6th May 2024
3rd May 2024
Workers
- Fixed RPC to/from Durable Objects not honoring the output gate.
- The
internal_stream_byob_return_view
compatibility flag can be used to improve the standards compliance of theReadableStreamBYOBReader
implementation when working with BYOB streams provided by the runtime (like inresponse.body
orrequest.body
). The flag ensures that the final read result will always include avalue
field whose value is set to an emptyUint8Array
whose underlyingArrayBuffer
is the same memory allocation as the one passed in on the call toread()
. - The Web platform standard
reportError(err)
global API is now available in workers. The reported error will first be emitted as an 'error' event on the global scope then reported in both the console output and tail worker exceptions by default.
Zaraz
- Dashboard: Add setting for Google Consent mode default
- Bugfix: Cookie values are now decoded
- Bugfix: Ensure context enricher worker can access the
context.system.consent
object - Google Ads Managed Component: Add conversion linker on pageviews without sending a pageview event
- Pinterest Conversion API Managed Component: Bugfix handling of partial e-commerce event payloads
30th April 2024
API Shield
Build Sequence Mitigation rules via the Cloudflare dashboard
Customers can now build Sequence Mitigation rules with a new user interface inside the API Shield section of the Cloudflare dashboard.
D1
D1 alpha databases will stop accepting live SQL queries on August 15, 2024
Previously deprecated alpha D1 databases need to be migrated by August 15, 2024 to accept new queries.
Refer to alpha database migration guide to migrate to the new, generally available, database architecture.
29th April 2024
Rules
New Configuration Rules setting for Cloudflare Fonts
You can now turn on or off Cloudflare Fonts for specific requests using a configuration rule.
28th April 2024
Access
Add option to bypass CORS to origin server
Access admins can defer all CORS enforcement to their origin server for specific Access applications.
26th April 2024
Page Shield
Suggestions for the default directive
When creating a policy in the dashboard, default directive aggregates suggestions of monitored scripts and connections data, enabling defining default directive easier.
Workers
- Updated v8 to version 12.4.
24th April 2024
22nd April 2024
19th April 2024
Zaraz
- Instagram Managed Component: Improve performance of Instagram embeds
- Mixpanel Managed Component: Include
gclid
andfbclid
values in Mixpanel requests if available - Consent Management: Ensure consent platform is enabled when using IAB TCF compliant mode when there's at least one TCF-approved vendor configured
- Bugfix: Ensure track data payload keys take priority over preset-keys when using enrich-payload feature for custom actions
17th April 2024
beacon.min.js
Introducing new metric fields, deliveryType (dt) and navigationType (nt) are included.
DDoS protection
2024-04-17
Network Analytics now supported for EU CMB customers
For more details, refer to the changelog page.
16th April 2024
CASB
Export CASB findings to CSV
You can now export all top-level CASB findings or every instance of your findings to CSV.
DLP
Optical character recognition
DLP can now detect sensitive data in jpeg, jpg, and png files. This helps companies prevent the leak of sensitive data in images, such as screenshots.
Workers for Platforms
Workers for Platforms available to all users
Workers for Platforms will be available for all users through the new pay-as-you-go plan. For more information, refer to the blog post.
15th April 2024
Access
Zero Trust User identity audit logs
All user identity changes via SCIM or Authentication events are logged against a user's registry identity.
Trace
Cloudflare Trace now supports Workers
Starting today, customers can use Cloudflare Trace to confirm if a request to a specific URL within their zone is routed through a Workers script.
12th April 2024
D1
HTTP API now returns a HTTP 400 error for invalid queries
Previously, D1's HTTP API returned a HTTP 500 Internal Server
error for an invalid query. An invalid SQL query now correctly returns a HTTP 400 Bad Request
error.
D1's Workers API is unaffected by this change.
11th April 2024
Stream
Live Instant Clipping for live broadcasts and recordings
Clipping is now available in open beta for live broadcasts and recordings. For more information, refer to Live instant clipping documentation.
Workers AI
Add AI native binding
- Added new AI native binding, you can now run models with
const resp = await env.AI.run(modelName, inputs)
- Deprecated
@cloudflare/ai
npm package. While existing solutions using the @cloudflare/ai package will continue to work, no new Workers AI features will be supported. Moving to native AI bindings is highly recommended
Workers
- Improve Streams API spec compliance by exposing
desiredSize
and other properties on stream class prototypes - The new
URL.parse(...)
method is implemented. This provides an alternative to the URL constructor that does not throw exceptions on invalid URLs. - R2 bindings objects now have a
storageClass
option. This can be set on object upload to specify the R2 storage class - Standard or Infrequent Access. The property is also returned with object metadata.
10th April 2024
Turnstile
- Added
[refresh-timeout]
and document new automatic interactive timeout-refresh.
8th April 2024
Zaraz
- Consent Management: Add
consent
object tocontext.system
for finer control over consent preferences - Consent Management: Add support for IAB-compliant consent mode
- Consent Management: Add "zarazConsentChoicesUpdated" event
- Consent Management: Modal now respects system dark mode prefs when present
- Google Analytics 4 Managed Component: Add support for Google Consent Mode v2
- Google Ads Managed Component: Add support for Google Consent Mode v2
- Twitter Managed Component: Enable tweet embeds
- Bing Managed Component: Support running without setting cookies
- Bugfix:
client.get
for Custom Managed Components fixed - Bugfix: Prevent duplicate pageviews in monitoring after consent granting
- Bugfix: Prevent Managed Component routes from blocking origin routes unintentionally
5th April 2024
D1
D1 alpha databases are deprecated
Now that D1 is generally available and production ready, alpha D1 databases are deprecated and should be migrated for better performance, reliability, and ongoing support.
Refer to alpha database migration guide to migrate to the new, generally available, database architecture.
Gateway
Gateway file type control improvements
Gateway now offers a more extensive, categorized list of files to control uploads and downloads.
Workers
- A new JavaScript-native remote procedure call (RPC) API is now available, allowing you to communicate more easily across Workers and between Workers and Durable Objects.
4th April 2024
Calls
Orange Meets availability
Orange Meets, Cloudflare's internal video conferencing app, is open source and available for use from Github.
Calls
Cloudflare Calls open beta
Cloudflare Calls is in open beta and available from the Cloudflare Dashboard.
Images
Images upload widget
Use the upload widget to integrate Cloudflare Images into your application by embedding the script into a static HTML page or installing a package that works with your preferred framework. To try out the upload widget, sign up for the the closed beta.
Images
Face cropping
Crop and resize images of people's faces at scale using the existing gravity parameter and saliency detection, which sets the focal point of an image based on the most visually interesting pixels. To apply face cropping to your image optimization, sign up for the closed beta.
Page Shield
Individual threat intelligence categories
Instead of aggregating categories of URL and domain data from threat intelligence, they are now listed per type.
Workers
- There is no longer an explicit limit on the total amount of data which may be uploaded with Cache API
put()
per request. Other Cache API Limits continue to apply. - The Web standard
ReadableStream.from()
API is now implemented. The API enables creating aReadableStream
from a either a sync or async iterable.
3rd April 2024
Durable Objects
Durable Objects support for Oceania region
Durable Objects can reside in Oceania, lowering Durable Objects request latency for eyeball Workers in Oceania locations.
Refer to Durable Objects to provide location hints to objects.
R2
- Event notifications for R2 is now available as an open beta.
- Super Slurper now supports migration from Google Cloud Storage.
Workers
- When the
brotli_content_encoding
compatibility flag is enabled, the Workers runtime now supports compressing and decompressing request bodies encoded using the Brotli compression algorithm. Refer to this docs section for more detail.
2nd April 2024
Browser Rendering
Browser Rendering Available for everyone
- Browser Rendering is now out of beta and available to all customers with Workers Paid Plan. Analytics and logs are available in Cloudflare's dashboard, under "Worker & Pages".
Workers
- You can now write Workers in Python
1st April 2024
D1
D1 is generally available
D1 is now generally available and production ready. Read the blog post for more details on new features in GA and to learn more about the upcoming D1 read replication API.
- Developers with a Workers Paid plan now have a 10GB GB per-database limit (up from 2GB), which can be combined with existing limit of 50,000 databases per account.
- Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.
- D1 databases can be exported as a SQL file.
Durable Objects
Billing reduction for WebSocket messages
Durable Objects request billing applies a 20:1 ratio for incoming WebSocket messages. For example, 1 million Websocket received messages across connections would be charged as 50,000 Durable Objects requests.
This is a billing-only calculation and does not impact Durable Objects metrics and analytics.
Hyperdrive
Hyperdrive is now Generally Available
Hyperdrive is now Generally Available and ready for production applications.
Read the announcement blog to learn more about the Hyperdrive and the roadmap, including upcoming support for MySQL databases.
Workers
- The new
unwrap_custom_thenables
compatibility flag enables workers to accept custom thenables in internal APIs that expect a promise (for instance, thectx.waitUntil(...)
method). - TransformStreams created with the TransformStream constructor now have a cancel algorithm that is called when the stream is canceled or aborted. This change is part of the implementation of the WHATWG Streams standard.
- The
nodejs_compat
compatibility flag now includes an implementation of theMockTracker
API fromnode:test
. This is not an implementation of the fullnode:test
module, and mock timers are currently not included. - Exceptions reported to Tail Workers now include a "stack" property containing the exception's stack trace, if available.
26th March 2024
AI Gateway
- LLM Side Channel vulnerability fixed
- Providers: Added Anthropic, Google Vertex, Perplexity as providers.
Queues
Delay messages published to a queue
Messages published to a queue and/or marked for retry from a queue consumer can now be explicitly delayed. Delaying messages allows you to defer tasks until later, and/or respond to backpressure when consuming from a queue.
Refer to Batching and Retries to learn how to delay messages written to a queue.
25th March 2024
Queues
Support for pull-based consumers
Queues now supports pull-based consumers. A pull-based consumer allows you to pull from a queue over HTTP from any environment and/or programming language outside of Cloudflare Workers. A pull-based consumer can be useful when your message consumption rate is limited by upstream infrastructure or long-running tasks.
Review the documentation on pull-based consumers to configure HTTP-based pull.
Turnstile
- Added more supported languages.
22nd March 2024
Rules
New TLS fields in rule expressions
Customers can now use new fields cf.tls_client_hello_length
(the length of the client hello message sent in a TLS handshake), cf.tls_client_random
(the value of the 32-byte random value provided by the client in a TLS handshake), and cf.tls_client_extensions_sha1
(the SHA-1 fingerprint of TLS client extensions) in various products built on Ruleset Engine.
21st March 2024
Browser Isolation
Removed third-party cookie dependencies
Removed dependency on third-party cookies in the isolated browser, fixing an issue that previously caused intermittent disruptions for users maintaining multi-site, cross-tab sessions in the isolated browser.
20th March 2024
Rules
Origin Rules now allow port numbers in Host Header Override
Customers can now use arbitrary port numbers in Host Header Override in Origin Rules. Previously, only hostname was allowed as a value (for example, example.com
). Now, you can set the value to hostname:port
(for example, example.com:1234
) as well.
19th March 2024
Hyperdrive
Improved local development configuration
Hyperdrive now supports a WRANGLER_HYPERDRIVE_LOCAL_CONNECTION_STRING_<BINDING_NAME>
environmental variable for configuring local development to use a test/non-production database, in addition to the localConnectionString
configuration in wrangler.toml
.
Refer to Local development for instructions on how to configure Hyperdrive locally.
18th March 2024
Queues
Default content type now set to JSON
The default content type for messages published to a queue is now json
, which improves compatibility with the upcoming pull-based queues.
Any Workers created on or after the compatibility date of 2024-03-18
, or that explicitly set the queues_json_messages
compatibility flag, will use the new default behaviour. Existing Workers with a compatibility date prior will continue to use v8
as the default content type for published messages.
12th March 2024
D1
Change in wrangler d1 execute
default
As of wrangler@3.33.0
, wrangler d1 execute
and wrangler d1 migrations apply
now default to using a local database, to match the default behavior of wrangler dev
.
It is also now possible to specify one of --local
or --remote
to explicitly tell wrangler which environment you wish to run your commands against.
Trace
Cloudflare Trace now supports grey-clouded hostnames
Even if the hostname is not proxied by Cloudflare, Cloudflare Trace will now return all the configurations that Cloudflare would have applied to the request.
11th March 2024
Workers
- Built-in APIs that return Promises will now produce stack traces when the Promise rejects. Previously, the rejection error lacked a stack trace.
- A new compat flag
fetcher_no_get_put_delete
removes theget()
,put()
, anddelete()
methods on service bindings and Durable Object stubs. This will become the default as of compatibility date 2024-03-26. These methods were designed as simple convenience wrappers aroundfetch()
, but were never documented. - Updated v8 to version 12.3.
5th March 2024
D1
Billing for D1 usage
As of 2024-03-05, D1 usage will start to be counted and may incur charges for an account's future billing cycle.
Developers on the Workers Paid plan with D1 usage beyond included limits will incur charges according to D1's pricing.
Developers on the Workers Free plan can use up to the included limits. Usage beyond the limits below requires signing up for the $5/month Workers Paid plan.
Account billable metrics are available in the Cloudflare Dashboard and GraphQL API.
4th March 2024
26th February 2024
Version Management
Support for API Shield
- API Shield no longer prevents Version Management enablement and zone settings configurations.
24th February 2024
Queues
Explicit retries no longer impact consumer concurrency/scaling.
Calling retry()
or retryAll()
on a message or message batch will no longer have an impact on how Queues scales consumer concurrency.
Previously, using explicit retries via retry()
or retryAll()
would count as an error and could result in Queues scaling down the number of concurrent consumers.
Workers
- v8 updated to version 12.2.
- You can now use Iterator helpers in Workers.
- You can now use new methods on
Set
, such asSet.intersection
andSet.union
, in Workers.
23rd February 2024
API Shield
Endpoint Management supports hostname variables
Customers can now save endpoints in Endpoint Management that contain variables in the hostname. Hostname variables are supported across all product features.
Workers
- Sockets now support an
opened
attribute. - Durable Object alarm handlers now impose a maximum wall time of 15 minutes.
22nd February 2024
Access
Access for SaaS OIDC Support
Access for SaaS applications can be setup with OIDC as an authentication method. OIDC and SAML 2.0 are now both fully supported.
Access
WARP as an identity source for Access
Allow users to log in to Access applications with their WARP session identity. Users need to reauthenticate based on default session durations. WARP authentication identity must be turned on in your device enrollment permissions and can be enabled on a per application basis.
20th February 2024
R2
- When an
OPTIONS
request against the public entrypoint does not include anorigin
header, anHTTP 400
instead of anHTTP 401
is returned.
19th February 2024
16th February 2024
D1
API changes to run()
A previous change (made on 2024-02-13) to the run()
query statement method has been reverted.
run()
now returns a D1Result
, including the result rows, matching its original behavior prior to the change on 2024-02-13.
Future change to run()
to return a D1ExecResult
, as originally intended and documented, will be gated behind a compatibility date as to avoid breaking existing Workers relying on the way run()
currently works.
Stream
Tonemapping improvements for HDR content
In certain cases, videos uploaded with an HDR colorspace (such as footage from certain mobile devices) appeared washed out or desaturated when played back. This issue is resolved for new uploads.
15th February 2024
Durable Objects
Optional alarmInfo
parameter for Durable Object Alarms
Durable Objects Alarms now have a new alarmInfo
argument that provides more details about an alarm invocation, including the retryCount
and isRetry
to signal if the alarm was retried.
Zaraz
- Single Page Applications: Introduce
zaraz.spaPageview()
for manually triggering SPA pageviews - Pinterest Managed Component: Add ecommerce support
- Google Ads Managed Component: Append url and rnd params to pagead/landing endpoint
- Bugfix: Add noindex robots headers for Zaraz GET endpoint responses
- Bugfix: Gracefully handle responses from custom Managed Components without mapped endpoints
13th February 2024
D1
API changes to raw()
, all()
and run()
D1's raw()
, all()
and run()
query statement methods have been updated to reflect their intended behavior and improve compatibility with ORM libraries.
raw()
now correctly returns results as an array of arrays, allowing the correct handling of duplicate column names (such as when joining tables), as compared to all()
, which is unchanged and returns an array of objects. To include an array of column names in the results when using raw()
, use raw({columnNames: true})
.
run()
no longer incorrectly returns a D1Result
and instead returns a D1ExecResult
as originally intended and documented.
This may be a breaking change for some applications that expected raw()
to return an array of objects.
Refer to D1 client API to review D1's query methods, return types and TypeScript support in detail.
12th February 2024
8th February 2024
6th February 2024
R2
- The response shape of
GET /buckets/:bucket/sippy
has changed. - The
/buckets/:bucket/sippy/validate
endpoint is exposed over APIGW to validate Sippy's configuration. - The shape of the configuration object when modifying Sippy's configuration has changed.
5th February 2024
Zaraz
- Dashboard: rename "tracks" to "events" for consistency
- Pinterest Conversion API Managed Component: update parameters sent to api
- HTTP Managed Component: update _settings prefix usage handling
- Bugfix: better minification of client-side js
- Bugfix: fix bug where anchor link click events were not bubbling when using click listener triggers
- API update: begin migration support from deprecated
tool.neoEvents
array totool.actions
object config schema migration
30th January 2024
R2
- Fixed a bug where the API would accept empty strings in the
AllowedHeaders
property ofPutBucketCors
actions.
26th January 2024
R2
- Parts are now automatically sorted in ascending order regardless of input during
CompleteMultipartUpload
.
25th January 2024
23rd January 2024
Magic WAN
Network segmentation
You can define policies in your Connector to either allow traffic to flow between your LANs without it leaving your local premises or to forward it via the Cloudflare network where you can add additional security features.
22nd January 2024
18th January 2024
D1
Support for LIMIT on UPDATE and DELETE statements
D1 now supports adding a LIMIT
clause to UPDATE
and DELETE
statements, which allows you to limit the impact of a potentially dangerous operation.
17th January 2024
Vectorize
HTTP API query vectors request and response format change
Vectorize /query
HTTP endpoint has the following changes:
returnVectors
request body property is deprecated in favor ofreturnValues
andreturnMetadata
properties.- Response format has changed to the below format to match [Workers API change]:(/workers/configuration/compatibility-flags/#vectorize-query-with-metadata-optionally-returned)
{
"result": {
"count": 1,
"matches": [
{
"id": "4",
"score": 0.789848214,
"values": [ 75.0999984741211, 67.0999984741211, 29.899999618530273],
"metadata": {
"url": "/products/sku/418313",
"streaming_platform": "netflix"
}
}
]
},
"errors": [],
"messages": [],
"success": true
}
16th January 2024
15th January 2024
11th January 2024
R2
- Sippy is available for Google Cloud Storage (GCS) beta.
5th January 2024
4th January 2024
20th December 2023
Access
Unique Entity IDs in Access for SaaS
All new Access for SaaS applications have unique Entity IDs. This allows for multiple integrations with the same SaaS provider if required. The unique Entity ID has the application audience tag appended. Existing apps are unchanged.
19th December 2023
Zaraz
- Google Analytics 4 Managed Component: Fix Google Analytics 4 average engagement time metric.
18th December 2023
D1
Legacy alpha automated backups disabled
Databases using D1's legacy alpha backend will no longer run automated hourly backups. You may still choose to take manual backups of these databases.
The D1 team recommends moving to D1's new production backend, which will require you to export and import your existing data. D1's production backend is faster than the original alpha backend. The new backend also supports Time Travel, which allows you to restore your database to any minute in the past 30 days without relying on hourly or manual snapshots.
Turnstile
- Added Pre-Clearance mode.
15th December 2023
Access
Default relay state support in Access for SaaS
Allows Access admins to set a default relay state on Access for SaaS apps.
14th December 2023
11th December 2023
R2
- The
x-id
query param forS3 ListBuckets
action is now ignored. - The
x-id
query param is now ignored for all S3 actions.
8th December 2023
6th December 2023
Vectorize
Metadata filtering
Vectorize now supports metadata filtering with equals ($eq
) and not equals ($neq
) operators. Metadata filtering limits query()
results to only vectors that fulfill new filter
property.
let metadataMatches = await env.YOUR_INDEX.query(queryVector,
{
topK: 3,
filter: { streaming_platform: "netflix" },
returnValues: true,
returnMetadata: true
})
Only new indexes created on or after 2023-12-06 support metadata filtering. Currently, there is no way to migrate previously created indexes to work with metadata filtering.
4th December 2023
Workers
- The Web Platform standard
navigator.sendBeacon(...)
API is now provided by the Workers runtime. - V8 updated to 12.0.
29th November 2023
27th November 2023
Radar
Add more meta information's
- Added meta.lastUpdated to all summaries and top endpoints (timeseries and timeseriesGroups already had this).
- Fix meta.dateRange to return date ranges for all requested series.
22nd November 2023
16th November 2023
Radar
Add new Layer 3 endpoints and Layer 7 dimensions
- Added Layer 3 top origin locations and top target location.
- Added Layer 7 Summaries by
http_method
,http_version
,ip_version
,managed_rules
,mitigation_product
. - Added Layer 7 Timeseries Groups by
http_method
,http_version
,ip_version
,managed_rules
,mitigation_product
,industry
,vertical
. - Added Layer 7 Top by
industry
,vertical
. - Deprecated Layer 7 timeseries groups without dimension.
- To continue getting this data, switch to the new timeseries group by mitigation_product endpoint.
- Deprecated Layer 7 summary without dimension).
- To continue getting this data, switch to the new summary by mitigation_product endpoint.
- Added new Error codes.
13th November 2023
Zaraz
- HTTP Request Managed Component: Re-added
__zarazTrack
property.
10th November 2023
8th November 2023
Vectorize
Metadata API changes
Vectorize now supports distinct returnMetadata
and returnValues
arguments when querying an index, replacing the now-deprecated returnVectors
argument. This allows you to return metadata without needing to return the vector values, reducing the amount of unnecessary data returned from a query. Both returnMetadata
and returnValues
default to false.
For example, to return only the metadata from a query, set returnMetadata: true
.
let matches = await env.YOUR_INDEX.query(queryVector, { topK: 5, returnMetadata: true })
New Workers projects created on or after 2023-11-08 or that update the compatibility date for an existing project will use the new return type.
7th November 2023
Stream
HLS improvements for on-demand TS output
HLS output from Cloudflare Stream on-demand videos that use Transport Stream file format now includes a 10 second offset to timestamps. This will have no impact on most customers. A small percentage of customers will see improved playback stability. Caption files were also adjusted accordingly.
31st October 2023
Radar
Add new Layer 3 direction parameter
- Added a
direction
parameter to all Layer 3 endpoints. Use together withlocation
parameter to filter by origin or target location timeseries groups.
Zaraz
- Google Analytics 4 Managed Component: Remove
debug_mode
key if falsy orfalse
.
30th October 2023
Workers
- A new usage model called Workers Standard is available for Workers and Pages Functions pricing. This is now the default usage model for accounts that are first upgraded to the Workers Paid plan. Read the blog post for more information.
- The usage model set in a script's wrangler.toml will be ignored after an account has opted-in to Workers Standard pricing. It must be configured through the dashboard (Workers & Pages > Select your Worker > Settings > Usage Model).
- Workers and Pages Functions on the Standard usage model can set custom CPU limits for their Workers
26th October 2023
AI Gateway
- Real-time Logs: Logs are now real-time, showing logs for the last hour. If you have a need for persistent logs, please let the team know on Discord. We are building out a persistent logs feature for those who want to store their logs for longer.
- Providers: Azure OpenAI is now supported as a provider!
- Docs: Added Azure OpenAI example.
- Bug Fixes: Errors with costs and tokens should be fixed.
Zaraz
- Custom HTML: Added support for non-JavaScript script tags.
23rd October 2023
R2
PutBucketCors
now only accepts valid origins.
20th October 2023
Workers
- Added the
crypto_preserve_public_exponent
compatibility flag to correct a wrong type being used in the algorithm field of RSA keys in the WebCrypto API.
Zaraz
- Bing Managed Component: Fixed an issue where some events were not being sent to Bing even after being triggered.
- Dashboard: Improved welcome screen for new Zaraz users.
19th October 2023
18th October 2023
beacon.min.js
Manages A/B testing tags.
Workers
- The limit of 3 Cron Triggers per Worker has been removed. Account-level limits on the total number of Cron Triggers across all Workers still apply.
12th October 2023
Workers
- A TCP Socket's WritableStream now ensures the connection has opened before resolving the promise returned by
close
.
11th October 2023
10th October 2023
Stream
SRT Audio Improvements
In some cases, playback via SRT protocol was missing an audio track regardless of existence of audio in the broadcast. This issue is now resolved.
Tenant
New Tenant Admin UI
- Partners can now create and view accounts through the Cloudflare dashboard by going to Tenants > Managed Accounts.
9th October 2023
AI Gateway
- Logs: Logs will now be limited to the last 24h. If you have a use case that requires more logging, please reach out to the team on Discord.
- Dashboard: Logs now refresh automatically.
- Docs: Fixed Workers AI example in docs and dash.
- Caching: Embedding requests are now cacheable. Rate limit will not apply for cached requests.
- Bug Fixes: Identical requests to different providers are not wrongly served from cache anymore. Streaming now works as expected, including for the Universal endpoint.
- Known Issues: There's currently a bug with costs that we are investigating.
Workers
- The Web Platform standard
CustomEvent
class is now available in Workers. - Fixed a bug in the WebCrypto API where the
publicExponent
field of the algorithm of RSA keys would have the wrong type. Use thecrypto_preserve_public_exponent
compatibility flag to enable the new behavior.
7th October 2023
6th October 2023
Notifications
- Added Traffic Anomalies Alerts to notify customers when traffic to their domain has an unexpected spike or drop.
5th October 2023
Queues
Higher consumer concurrency limits
Queue consumers can now scale to 20 concurrent invocations (per queue), up from 10. This allows you to scale out and process higher throughput queues more quickly.
Queues with no explicit limit specified will automatically scale to the new maximum.
This limit will continue to grow during the Queues beta.
3rd October 2023
D1
Create up to 50,000 D1 databases
Developers using D1 on a Workers Paid plan can now create up to 50,000 databases as part of ongoing increases to D1's limits.
- This further enables database-per-user use-cases and allows you to isolate data between customers.
- Total storage per account is now 50 GB.
- D1's analytics and metrics provide per-database usage data.
If you need to create more than 50,000 databases or need more per-account storage, reach out to the D1 team to discuss.
Vectorize
Increased indexes per account limits
You can now create up to 100 Vectorize indexes per account. Read the limits documentation for details on other limits, many of which will increase during the beta period.
Zaraz
- Bugfix: Fixed an issue that prevented some server-side requests from arriving to their destination
- Google Analytics 4 Managed Component: Add support for
dbg
andir
fields.
28th September 2023
D1
The D1 public beta is here
D1 is now in public beta, and storage limits have been increased:
- Developers with a Workers Paid plan now have a 2 GB per-database limit (up from 500 MB) and can create 25 databases per account (up from 10). These limits will continue to increase automatically during the public beta.
- Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.
Databases must be using D1's new storage subsystem to benefit from the increased database limits.
Read the announcement blog for more details about what is new in the beta and what is coming in the future for D1.
Hyperdrive
Hyperdrive now available
Hyperdrive is now available in public beta to any developer with a Workers paid plan.
To start using Hyperdrive, visit the get started guide or read the announcement blog to learn more.
Notifications
- Added Incident Alerts.
27th September 2023
Vectorize
Vectorize now in public beta
Vectorize, Cloudflare's vector database, is now in public beta. Vectorize allows you to store and efficiently query vector embeddings from AI/ML models from Workers AI, OpenAI, and other embeddings providers or machine-learning workflows.
To get started with Vectorize, see the guide.
25th September 2023
Stream
LL-HLS Beta
Low-Latency HTTP Live Streaming (LL-HLS) is now in open beta. Enable LL-HLS on your live input for automatic low-latency playback using the Stream built-in player where supported.
For more information, refer to live input and custom player docs.
24th September 2023
21st September 2023
20th September 2023
Version Management
Support for Bot Management
- Version Management now supports versioning for Bot Management.
15th September 2023
Access
App launcher supports tags and filters
Access admins can now tag applications and allow users to filter by those tags in the App Launcher.
Access
App launcher customization
Allow Access admins to configure the App Launcher page within Zero Trust.
Access
View active Access user identities in the dashboard and API
Access admins can now view the full contents of a user's identity and device information for all active application sessions.
14th September 2023
Workers
- An implementation of the
node:crypto
API from Node.js is now available when thenodejs_compat
compatibility flag is enabled.
13th September 2023
Pages
Support for D1's new storage subsystem and build error message improvements
- Added support for D1's new storage subsystem. All Git builds and deployments done with Wrangler v3.5.0 and up can use the new subsystem.
- Builds which fail due to exceeding the build time limit will return a proper error message indicating so rather than
Internal error
. - New and improved error messages for other build failures
Zaraz
- Consent Management: Add support for custom button translations.
- Consent Management: Modal stays fixed when scrolling.
- Google Analytics 4 Managed Component:
hideOriginalIP
andga-audiences
can be set from tool event.
11th September 2023
Zaraz
- Reddit Managed Component: Support new "Account ID" formats (e.g. "ax_xxxxx").
8th September 2023
Access
Custom OIDC claims for named IdPs
Access admins can now add custom claims to the existing named IdP providers. Previously this was locked to the generic OIDC provider.
Radar
Add Connection Tampering endpoints
- Added Connection Tampering summary and timeseries endpoints.
6th September 2023
Waiting Room
Waiting Room coverage for multiple hostnames and paths
- Advanced Waiting Room customers can now add multiple hostname and path combinations to a single waiting room via the UI and API.
Zaraz
- Consent Management: Consent cookie name can now be customized.
5th September 2023
Zaraz
- Segment Managed Component: API Endpoint can be customized.
1st September 2023
R2
- Fixed an issue with
ListBuckets
where thename_contains
parameter would also search over the jurisdiction name.
30th August 2023
29th August 2023
25th August 2023
24th August 2023
Turnstile
- Added Client-side errors.
23rd August 2023
Notifications
- Added Logo Match Alert.
Pages
Commit message limit increase
- Commit messages can now be up to 384 characters before being trimmed.
R2
- Config Audit Logs GA.
21st August 2023
Zaraz
- TikTok Managed Component: Support setting
ttp
andevent_id
. - Consent Management: Accessibility improvements.
- Facebook Managed Component: Support for using "Limited Data Use" features.
19th August 2023
D1
Row count now returned per query
D1 now returns a count of rows_written
and rows_read
for every query executed, allowing you to assess the cost of query for both pricing and index optimization purposes.
The meta
object returned in D1's Client API contains a total count of the rows read (rows_read
) and rows written (rows_written
) by that query. For example, a query that performs a full table scan (for example, SELECT * FROM users
) from a table with 5000 rows would return a rows_read
value of 5000
:
"meta": {
"duration": 0.20472300052642825,
"size_after": 45137920,
"rows_read": 5000,
"rows_written": 0
}
Refer to D1 pricing documentation to understand how reads and writes are measured. D1 remains free to use during the alpha period.
16th August 2023
14th August 2023
Radar
Deprecate old layer 3 dataset
- Added Regional Internet Registry (see field
source
in response) to get asn by id and get asn by ip endpoints. - Stopped collecting data in the old Layer 3 data source.
- Updated Layer 3
timeseries endpoint
to start using the new Layer 3 data source by default, fetching the old data source now requires sending the parameter
metric=bytes_old
. - Deprecated Layer 3
summary endpoint, this will stop
receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.
- Deprecated Layer 3
timeseries groups
endpoint, this will stop receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.
11th August 2023
R2
- Users can now complete conditional multipart publish operations. When a condition failure occurs when publishing an upload, the upload is no longer available and is treated as aborted.
9th August 2023
D1
Bind D1 from the Cloudflare dashboard
You can now bind a D1 database to your Workers directly in the Cloudflare dashboard. To bind D1 from the Cloudflare dashboard, select your Worker project -> Settings -> Variables -> and select D1 Database Bindings.
Note: If you have previously deployed a Worker with a D1 database binding with a version of wrangler
prior to 3.5.0
, you must upgrade to wrangler v3.5.0
first before you can edit your D1 database bindings in the Cloudflare dashboard. New Workers projects do not have this limitation.
Legacy D1 alpha users who had previously prefixed their database binding manually with __D1_BETA__
should remove this as part of this upgrade. Your Worker scripts should call your D1 database via env.BINDING_NAME
only. Refer to the latest D1 getting started guide for best practices.
We recommend all D1 alpha users begin using wrangler 3.5.0
(or later) to benefit from improved TypeScript types and future D1 API improvements.
8th August 2023
Stream
Scheduled Deletion
Stream now supports adding a scheduled deletion date to new and existing videos. Live inputs support deletion policies for automatic recording deletion.
For more, refer to the video on demand or live input docs.
2nd August 2023
Access
Azure AD authentication contexts
Support Azure AD authentication contexts directly in Access policies.
1st August 2023
D1
Per-database limit now 500 MB
Databases using D1's new storage subsystem can now grow to 500 MB each, up from the previous 100 MB limit. This applies to both existing and newly created databases.
Refer to Limits to learn about D1's limits.
31st July 2023
Radar
Fix HTTP timeseries endpoint urls
- Updated HTTP
timeseries
endpoints urls totimeseries_groups
(example) due to consistency. Old timeseries endpoints are still available, but will soon be removed.
Turnstile
- Added
[turnstile.isExpired]
. - Added
uk
language.
27th July 2023
D1
New default storage subsystem
Databases created via the Cloudflare dashboard and Wrangler (as of v3.4.0
) now use D1's new storage subsystem by default. The new backend can be 6 - 20x faster than D1's original alpha backend.
To understand which storage subsystem your database uses, run wrangler d1 info YOUR_DATABASE
and inspect the version field in the output.
Databases with version: beta
use the new storage backend and support the Time Travel API. Databases with version: alpha
only use D1's older, legacy backend.
D1
Time Travel
Time Travel is now available. Time Travel allows you to restore a D1 database back to any minute within the last 30 days (Workers Paid plan) or 7 days (Workers Free plan), at no additional cost for storage or restore operations.
Refer to the Time Travel documentation to learn how to travel backwards in time.
Databases using D1's new storage subsystem can use Time Travel. Time Travel replaces the snapshot-based backups used for legacy alpha databases.
25th July 2023
beacon.min.js
Fixed ETag format in the response header.
20th July 2023
Radar
Add URL Scanner endpoints
- Added urlscanner endpoints. For more information, refer to URL Scanner.
14th July 2023
Workers
- An implementation of the
util.MIMEType
API from Node.js is now available when thenodejs_compat
compatibility flag is enabled.
13th July 2023
beacon.min.js
Fixed the issue that was causing an illegal invocation error.
11th July 2023
10th July 2023
7th July 2023
Workers
- An implementation of the
process.env
API from Node.js is now available when using thenodejs_compat
compatibility flag. - An implementation of the
diagnostics_channel
API from Node.js is now available when using thenodejs_compat
compatibility flag.
5th July 2023
R2
- Improved performance for ranged reads on very large files. Previously ranged reads near the end of very large files would be noticeably slower than ranged reads on smaller files. Performance should now be consistently good independent of filesize.
28th June 2023
D1
Metrics and analytics
You can now view per-database metrics via both the Cloudflare dashboard and the GraphQL Analytics API.
D1 currently exposes read & writes per second, query response size, and query latency percentiles.
27th June 2023
Spectrum
- Argo Smart Routing is available for UDP applications, providing faster and more reliable traffic routing.
23rd June 2023
Access
Custom block pages for Access applications
Allow Access admins to customize the block pages presented by Access to end users.
22nd June 2023
Workers
- Added the
strict_crypto_checks
compatibility flag to enable additional Web Crypto API error and security checking. - Fixes regression in the TCP Sockets API where
connect("google.com:443")
would fail with aTypeError
.
21st June 2023
R2
- Multipart ETags are now MD5 hashes.
20th June 2023
19th June 2023
Workers
- The TCP Sockets API now reports clearer errors when a connection cannot be established.
- Updated V8 to 11.5.
16th June 2023
D1
Generated columns documentation
New documentation has been published on how to use D1's support for generated columns to define columns that are dynamically generated on write (or read). Generated columns allow you to extract data from JSON objects or use the output of other SQL functions.
R2
- Fixed a bug where calling GetBucket on a non-existent bucket would return a 500 instead of a 404.
- Improved S3 compatibility for ListObjectsV1, now nextmarker is only set when truncated is true.
- The R2 worker bindings now support parsing conditional headers with multiple etags. These etags can now be strong, weak or a wildcard. Previously the bindings only accepted headers containing a single strong etag.
- S3 putObject now supports sha256 and sha1 checksums. These were already supported by the R2 worker bindings.
- CopyObject in the S3 compatible api now supports Cloudflare specific headers which allow the copy operation to be conditional on the state of the destination object.
12th June 2023
D1
Deprecating Error.cause
As of wrangler v3.1.1
the D1 client API now returns detailed error messages within the top-level Error.message
property, and no longer requires developers to inspect the Error.cause.message
property.
To facilitate a transition from the previous Error.cause
behaviour, detailed error messages will continue to be populated within Error.cause
as well as the top-level Error
object until approximately July 14th, 2023. Future versions of both wrangler
and the D1 client API will no longer populate Error.cause
after this date.
9th June 2023
Workers
AbortSignal.any()
is now available.- Updated V8 to 11.4.
- Following an update to the WHATWG URL spec, the
delete()
andhas()
methods of theURLSearchParams
class now accept an optional second argument to specify the search parameter’s value. This is potentially a breaking change, so it is gated behind the newurlsearchparams_delete_has_value_arg
andurl_standard
compatibility flags. - Added the
strict_compression_checks
compatibility flag for additionalDecompressionStream
error checking.
7th June 2023
26th May 2023
Workers
- A new Hibernatable WebSockets API (beta) has been added to Durable Objects. The Hibernatable WebSockets API allows a Durable Object that is not currently running an event handler (for example, processing a WebSocket message or alarm) to be removed from memory while keeping its WebSockets connected (“hibernation”). A Durable Object that hibernates will not incur billable Duration (GB-sec) charges.
25th May 2023
Turnstile
- Added idempotency support for
POST /siteverify
requests via theidempotency_key
parameter.
19th May 2023
D1
New experimental backend
D1 has a new experimental storage back end that dramatically improves query throughput, latency and reliability. The experimental back end will become the default back end in the near future. To create a database using the experimental backend, use wrangler
and set the --experimental-backend
flag when creating a database:
$ wrangler d1 create your-database --experimental-backend
Read more about the experimental back end in the announcement blog.
D1
Location hints
You can now provide a location hint when creating a D1 database, which will influence where the leader (writer) is located. By default, D1 will automatically create your database in a location close to where you issued the request to create a database. In most cases this allows D1 to choose the optimal location for your database on your behalf.
Pages
Build error message improvement
- Builds which fail due to Out of memory (OOM) will return a proper error message indicating so rather than
Internal error
.
18th May 2023
Workers for Platforms
Outbound Workers, Custom Limits and Tail Workers
Outbound Workers, Custom Limits and Tail Workers are now available.
17th May 2023
D1
Query JSON
New documentation has been published that covers D1's extensive JSON function support. JSON functions allow you to parse, query and modify JSON directly from your SQL queries, reducing the number of round trips to your database, or data queried.
Pages
V2 build system beta
- The V2 build system is now available in open beta. Enable the V2 build system by going to your Pages project in the Cloudflare dashboard and selecting Settings > Build & deployments > Build system version.
16th May 2023
Pages
Support for Smart Placement
- Smart placement can now be enabled for Pages within your Pages Project by going to Settings > Functions.
Stream
Multiple audio tracks now generally available
Stream supports adding multiple audio tracks to an existing video.
For more, refer to the documentation to get started.
Workers
- The new
connect()
method allows you to connect to any TCP-speaking services directly from your Workers. To learn more about other protocols supported on the Workers platform, visit the new Protocols documentation. - We have added new native database integrations for popular serverless database providers, including Neon, PlanetScale, and Supabase. Native integrations automatically handle the process of creating a connection string and adding it as a Secret to your Worker.
- You can now also connect directly to databases over TCP from a Worker, starting with PostgreSQL. Support for PostgreSQL is based on the popular
pg
driver, and allows you to connect to any PostgreSQL instance over TLS from a Worker directly. - The R2 Migrator (Super Slurper), which automates the process of migrating from existing object storage providers to R2, is now Generally Available.
15th May 2023
Workers
- Cursor, an experimental AI assistant, trained to answer questions about Cloudflare's Developer Platform, is now available to preview! Cursor can answer questions about Workers and the Cloudflare Developer Platform, and is itself built on Workers. You can read more about Cursor in the announcement blog.
12th May 2023
Workers
- The
performance.now()
andperformance.timeOrigin
APIs can now be used in Cloudflare Workers. Just likeDate.now()
, for security reasons time only advances after I/O.
10th May 2023
5th May 2023
Workers
- The new
nodeJsCompatModule
type can be used with a Worker bundle to emulate a Node.js environment. Common Node.js globals such asprocess
andBuffer
will be present, andrequire('...')
can be used to load Node.js built-ins without thenode:
specifier prefix. - Fixed an issue where websocket connections would be disconnected when updating workers. Now, only WebSockets connected to Durable Objects are disconnected by updates to that Durable Object’s code.
28th April 2023
Workers
- The Web Crypto API now supports curves Ed25519 and X25519 defined in the Secure Curves specification.
- The global
connect
method has been moved to acloudflare:sockets
module.
26th April 2023
Stream
Player Enhancement Properties
Cloudflare Stream now supports player enhancement properties.
With player enhancements, you can modify your video player to incorporate elements of your branding, such as your logo, and customize additional options to present to your viewers.
For more, refer to the documentation to get started.
19th April 2023
beacon.min.js
Reports additional LCP diagnostic information using web-vitals library's attribution build.
Notifications
- Added Maintenance Notification Alerts.
17th April 2023
Turnstile
- Added references to Turnstile Public API.
- Added references for
[after-interactive-callback]
,[before-interactive-callback]
, and[unsupported-callback]
.
14th April 2023
Workers
- No externally-visible changes this week.
10th April 2023
Workers
URL.canParse(...)
is a new standard API for testing that an input string can be parsed successfully as a URL without the additional cost of creating and throwing an error.- The Workers-specific
IdentityTransformStream
andFixedLengthStream
classes now support specifying ahighWaterMark
for the writable-side that is used for backpressure signaling using the standardwriter.desiredSize
/writer.ready
mechanisms.
6th April 2023
beacon.min.js
Updated webpack configuration to output code in ECMAScript 3 (ES3) format.
1st April 2023
R2
- GetBucket is now available for use through the Cloudflare API.
- Location hints can now be set when creating a bucket, both through the S3 API, and the dashboard.
28th March 2023
Queues
Consumer concurrency (enabled)
Queue consumers will now automatically scale up based on the number of messages being written to the queue. To control or limit concurrency, you can explicitly define a max_concurrency
for your consumer.
24th March 2023
Workers
- Fixed a bug in Wrangler tail and live logs on the dashboard that prevented the Administrator Read-Only and Workers Tail Read roles from successfully tailing Workers.
23rd March 2023
beacon.min.js
Updated Google's web-vitals library (version 3.1.1) and removed experimental server-timing
header.
Pages
Git projects can now see files uploaded
- Files uploaded are now visible for Git projects, you can view them in the Cloudflare dashboard.
21st March 2023
Stream
Limits for downloadable MP4s for live recordings
Previously, generating a download for a live recording exceeding four hours resulted in failure.
To fix the issue, now video downloads are only available for live recordings under four hours. Live recordings exceeding four hours can still be played but cannot be downloaded.
20th March 2023
Pages
Notifications for Pages are now available
- Notifications for Pages events are now available in the Cloudflare dashboard. Events supported include:
- Deployment started.
- Deployment succeeded.
- Deployment failed.
16th March 2023
R2
- The ListParts API has been implemented and is available for use.
- HTTP2 is now enabled by default for new custom domains linked to R2 buckets.
- Object Lifecycles are now available for use.
- Bug fix: Requests to public buckets will now return the
Content-Encoding
header for gzip files whenAccept-Encoding: gzip
is used.
15th March 2023
Queues
Consumer concurrency (upcoming)
Queue consumers will soon automatically scale up concurrently as a queues' backlog grows in order to keep overall message processing latency down. Concurrency will be enabled on all existing queues by 2023-03-28.
To opt-out, or to configure a fixed maximum concurrency, set max_concurrency = 1
in your wrangler.toml
file or via the queues dashboard.
To opt-in, you do not need to take any action: your consumer will begin to scale out as needed to keep up with your message backlog. It will scale back down as the backlog shrinks, and/or if a consumer starts to generate a higher rate of errors. To learn more about how consumers scale, refer to the consumer concurrency documentation.
13th March 2023
Notifications
- Added Pages Alerts.
9th March 2023
Workers
- No externally-visible changes.
6th March 2023
Turnstile
- Added
[execution]
and[appearance]
.
Workers
- Workers Logpush now supports 300 characters per log line. This is an increase from the previous limit of 150 characters per line.
2nd March 2023
Notifications
- Added Brand Protection Alerts.
Queues
Explicit acknowledgement (new feature)
You can now acknowledge individual messages with a batch by calling .ack()
on a message.
This allows you to mark a message as delivered as you process it within a batch, and avoids the entire batch from being redelivered if your consumer throws an error during batch processing. This can be particularly useful when you are calling external APIs, writing messages to a database, or otherwise performing non-idempotent actions on individual messages within a batch.
1st March 2023
Queues
Higher per-queue throughput
The per-queue throughput limit has now been raised to 400 messages per second.
15th February 2023
Turnstile
- Added the
[turnstile.ready]
callback.
14th February 2023
6th February 2023
Workers
- Fixed a bug where transferring large request bodies to a Durable Object was unexpectedly slow.
- Previously, an error would be thrown when trying to access unimplemented standard
Request
andResponse
properties. Now those will be left asundefined
.
1st February 2023
Turnstile
- Added the
[data-]language
parameter.
31st January 2023
Workers
- The
request.cf
object now includes two additional properties,tlsClientHelloLength
andtlsClientRandom
.
27th January 2023
R2
- R2 authentication tokens created via the R2 token page are now scoped to a single account by default.
23rd January 2023
Radar
Updated IPv6 calculation method
- IPv6 percentage started to be calculated as (IPv6 requests / requests for dual-stacked content), where as before it was calculated as (IPv6 requests / IPv4+IPv6 requests).
13th January 2023
Workers
- Durable Objects can now use jurisdictions with
idFromName
via a new subnamespace API. - V8 updated to 10.9.
11th January 2023
Radar
Add new layer 3 dataset
- Added new Layer 3 data source and related endpoints.
- Updated Layer 3
timeseries endpoint
to support fetching both current and new data sources. For retro-compatibility
reasons, fetching the new data source requires sending the parameter
metric=bytes
else the current data source will be returned. - Deprecated old Layer 3 endpoints TimeseriesGroups and Summary. Users should upgrade to newer endpoints.
5th January 2023
4th January 2023
Stream
Earlier detection (and rejection) of non-video uploads
Cloudflare Stream now detects non-video content on upload using the POST API and returns a 400 Bad Request HTTP error with code 10059
.
Previously, if you or one of your users attempted to upload a file that is not a video (ex: an image), the request to upload would appear successful, but then fail to be encoded later on.
With this change, Stream responds to the upload request with an error, allowing you to give users immediate feedback if they attempt to upload non-video content.
15th December 2022
13th December 2022
Queues
sendBatch support
The JavaScript API for Queue producers now includes a sendBatch
method which supports sending up to 100 messages at a time.
12th December 2022
Queues
Increased per-account limits
Queues now allows developers to create up to 100 queues per account, up from the initial beta limit of 10 per account. This limit will continue to increase over time.
Turnstile
POST /siteverify
supports JSON requests now.
8th December 2022
7th December 2022
R2
- Fix CORS preflight requests for the S3 API, which allows using the S3 SDK in the browser.
- Passing a range header to the
get
operation in the R2 bindings API should now work as expected.
2nd December 2022
1st December 2022
Pages
Ability to delete aliased deployments
- Aliased deployments can now be deleted. If using the API, you will need to add the query parameter
force=true
.
30th November 2022
R2
- Requests with the header
x-amz-acl: public-read
are no longer rejected. - Fixed issues with wildcard CORS rules and presigned URLs.
- Fixed an issue where
ListObjects
would time out during delimited listing of unicode-normalized keys. - S3 API's
PutBucketCors
now rejects requests with unknown keys in the XML body. - Signing additional headers no longer breaks CORS preflight requests for presigned URLs.
29th November 2022
Stream
Multiple audio tracks (closed beta)
Stream now supports adding multiple audio tracks to an existing video upload. This allows you to:
- Provide viewers with audio tracks in multiple languages
- Provide dubbed audio tracks, or audio commentary tracks (ex: Director’s Commentary)
- Allow your users to customize the customize the audio mix, by providing separate audio tracks for music, speech or other audio tracks.
- Provide Audio Description tracks to ensure your content is accessible. (WCAG 2.0 Guideline 1.2 1)
To request an invite to the beta, refer to this post.
22nd November 2022
Stream
VP9 support for WebRTC live streams (beta)
Cloudflare Stream now supports VP9 when streaming using WebRTC (WHIP), currently in beta.
21st November 2022
R2
- Fixed a bug in
ListObjects
wherestartAfter
would skip over objects with keys that have numbers right after thestartAfter
prefix. - Add worker bindings for multipart uploads.
19th November 2022
Pages
Deep linking to a Pages deployment
- You can now deep-link to a Pages deployment in the dashboard with
:pages-deployment
. An example would behttps://dash.cloudflare.com?to=/:account/pages/view/:pages-project/:pages-deployment
.
17th November 2022
Pages
Functions GA and other updates
- Pages functions are now GA. For more information, refer to the blog post.
- We also made the following updates to Functions:
- Functions metrics are now available in the dashboard.
- Functions billing is now available.
- The Unbound usage model is now available for Functions.
- Secrets are now available.
- Functions tailing is now available via the dashboard or with Wrangler (
wrangler pages deployment tail
).
R2
- Unconditionally return HTTP 206 on ranged requests to match behavior of other S3 compatible implementations.
- Fixed a CORS bug where
AllowedHeaders
in the CORS config were being treated case-sensitively.
15th November 2022
11th November 2022
Turnstile
- Added
retry
andretry-interval
for controlling retry behavior.
8th November 2022
R2
- Copying multipart objects via
CopyObject
is re-enabled. UploadPartCopy
is re-enabled.
Stream
Reduced time to start WebRTC streaming and playback with Trickle ICE
Cloudflare Stream's WHIP and WHEP implementations now support Trickle ICE, reducing the time it takes to initialize WebRTC connections, and increasing compatibility with WHIP and WHEP clients.
For more, refer to the docs.
7th November 2022
Stream
Deprecating the 'per-video' Analytics API
The “per-video” analytics API is being deprecated. If you still use this API, you will need to switch to using the GraphQL Analytics API by February 1, 2023. After this date, the per-video analytics API will be no longer available.
The GraphQL Analytics API provides the same functionality and more, with additional filters and metrics, as well as the ability to fetch data about multiple videos in a single request. Queries are faster, more reliable, and built on a shared analytics system that you can use across many Cloudflare products.
For more about this change and how to migrate existing API queries, refer to this post and the GraphQL Analytics API docs.
3rd November 2022
1st November 2022
Stream
Create an unlimited number of live inputs
Cloudflare Stream now has no limit on the number of live inputs you can create. Stream is designed to allow your end-users to go live — live inputs can be created quickly on-demand via a single API request for each of user of your platform or app.
For more on creating and managing live inputs, get started with the docs.
28th October 2022
R2
- Multipart upload part sizes are always expected to be of the same size, but this enforcement is now done when you complete an upload instead of being done very time you upload a part.
- Fixed a performance issue where concurrent multipart part uploads would get rejected.
Turnstile
- Renamed the
[data-]expired-callback
callback to[data-]timeout-callback
(called when the challenge times out). - Added the
[data-]expired-callback
callback (called when the token expires).
26th October 2022
R2
- Fixed ranged reads for multipart objects with part sizes unaligned to 64KiB.
24th October 2022
Turnstile
- Added
response-field
andresponse-field-name
for controlling the input element created by Turnstile. - Added option for changing the size of the Turnstile widget.
20th October 2022
Stream
More accurate bandwidth estimates for live video playback
When playing live video, Cloudflare Stream now provides significantly more accurate estimates of the bandwidth needs of each quality level to client video players. This ensures that live video plays at the highest quality that viewers have adequate bandwidth to play.
As live video is streamed to Cloudflare, we transcode it to make it available to viewers at multiple quality levels. During transcoding, we learn about the real bandwidth needs of each segment of video at each quality level, and use this to provide an estimate of the bandwidth requirements of each quality level the in HLS (.m3u8
) and DASH (.mpd
) manifests.
If a live stream contains content with low visual complexity, like a slideshow presentation, the bandwidth estimates provided in the HLS manifest will be lower, ensuring that the most viewers possible view the highest quality level, since it requires relatively little bandwidth. Conversely, if a live stream contains content with high visual complexity, like live sports with motion and camera panning, the bandwidth estimates provided in the HLS manifest will be higher, ensuring that viewers with inadequate bandwidth switch down to a lower quality level, and their playback does not buffer.
This change is particularly helpful if you're building a platform or application that allows your end users to create their own live streams, where these end users have their own streaming software and hardware that you can't control. Because this new functionality adapts based on the live video we receive, rather than just the configuration advertised by the broadcaster, even in cases where your end users' settings are less than ideal, client video players will not receive excessively high estimates of bandwidth requirements, causing playback quality to decrease unnecessarily. Your end users don't have to be OBS Studio experts in order to get high quality video playback.
No work is required on your end — this change applies to all live inputs, for all customers of Cloudflare Stream. For more, refer to the docs.
19th October 2022
R2
HeadBucket
now setsx-amz-bucket-region
toauto
in the response.
17th October 2022
beacon.min.js
Updated to report new metrics such as time to first byte (TTFB), interaction to next paint (INP), and first contentful paint (FCP). Additionally, it reports navigator.webdriver
, server-timing
header (experimental), and protocol info (nextHopProtocol
).
13th October 2022
Turnstile
- Added validation for action:
/^[a-z0-9_-]{0,32}$/i
- Added validation for cData:
/^[a-z0-9_-]{0,255}$/i
11th October 2022
Turnstile
- Added
turnstile.remove
6th October 2022
R2
- Temporarily disabled
UploadPartCopy
while we investigate an issue.
5th October 2022
Pages
Deep linking to a Pages project
- You can now deep-link to a Pages project in the dashboard with
:pages-project
. An example would behttps://dash.cloudflare.com?to=/:account/pages/view/:pages-project
.
29th September 2022
R2
- Fixed a CORS issue where
Access-Control-Allow-Headers
was not being set for preflight requests.
28th September 2022
R2
- Fixed a bug where CORS configuration was not being applied to S3 endpoint.
- No-longer render the
Access-Control-Expose-Headers
response header ifExposeHeader
is not defined. - Public buckets will no-longer return the
Content-Range
response header unless the response is partial. - Fixed CORS rendering for the S3
HeadObject
operation. - Fixed a bug where no matching CORS configuration could result in a
403
response. - Temporarily disable copying objects that were created with multipart uploads.
- Fixed a bug in the Workers bindings where an internal error was being returned for malformed ranged
.get
requests.
27th September 2022
Calls
Cloudflare Calls closed beta
Cloudflare Calls is available as a closed beta for users who request an invitation. Refer to the blog post for more information.
R2
- CORS preflight responses and adding CORS headers for other responses is now implemented for S3 and public buckets. Currently, the only way to configure CORS is via the S3 API.
- Fixup for bindings list truncation to work more correctly when listing keys with custom metadata that have
"
or when some keys/values contain certain multi-byte UTF-8 values. - The S3
GetObject
operation now only returnsContent-Range
in response to a ranged request.
19th September 2022
R2
- The R2
put()
binding options can now be given anonlyIf
field, similar toget()
, that performs a conditional upload. - The R2
delete()
binding now supports deleting multiple keys at once. - The R2
put()
binding now supports user-specified SHA-1, SHA-256, SHA-384, SHA-512 checksums in options. - User-specified object checksums will now be available in the R2
get()
andhead()
bindings response. MD5 is included by default for non-multipart uploaded objects.
15th September 2022
Stream
Manually control when you start and stop simulcasting
You can now enable and disable individual live outputs via the API or Stream dashboard, allowing you to control precisely when you start and stop simulcasting to specific destinations like YouTube and Twitch. For more, read the docs.
12th September 2022
Pages
Increased domain limits
Previously, all plans had a maximum of 10 custom domains per project.
Now, the limits are:
- Free: 100 custom domains.
- Pro: 250 custom domains.
- Business and Enterprise: 500 custom domains.
8th September 2022
Pages
Support for _routes.json
- Pages now offers support for
_routes.json
. For more details, refer to the documentation.
6th September 2022
R2
- The S3
CopyObject
operation now includesx-amz-version-id
andx-amz-copy-source-version-id
in the response headers for consistency with other methods. - The
ETag
for multipart files uploaded until shortly after Open Beta uploaded now include the number of parts as a suffix.
25th August 2022
Pages
Increased build log expiration time
Build log expiration time increased from 2 weeks to 1 year.
17th August 2022
R2
- The S3
DeleteObjects
operation no longer trims the space from around the keys before deleting. This would result in files with leading / trailing spaces not being able to be deleted. Additionally, if there was an object with the trimmed key that existed it would be deleted instead. The S3DeleteObject
operation was not affected by this. - Fixed presigned URL support for the S3
ListBuckets
andListObjects
operations.
15th August 2022
Stream
Unique subdomain for your Stream Account
URLs in the Stream Dashboard and Stream API now use a subdomain specific to your Cloudflare Account: customer-{CODE}.cloudflarestream.com
. This change allows you to:
Use Content Security Policy (CSP) directives specific to your Stream subdomain, to ensure that only videos from your Cloudflare account can be played on your website.
Allowlist only your Stream account subdomain at the network-level to ensure that only videos from a specific Cloudflare account can be accessed on your network.
No action is required from you, unless you use Content Security Policy (CSP) on your website. For more on CSP, read the docs.
6th August 2022
R2
- Uploads will automatically infer the
Content-Type
based on file body if one is not explicitly set in thePutObject
request. This functionality will come to multipart operations in the future.
2nd August 2022
Stream
Clip videos using the Stream API
You can now change the start and end times of a video uploaded to Cloudflare Stream. For more information, refer to Clip videos.
30th July 2022
R2
- Fixed S3 conditionals to work properly when provided the
LastModified
date of the last upload, bindings fixes will come in the next release. If-Match
/If-None-Match
headers now support arrays of ETags, Weak ETags and wildcard (*
) as per the HTTP standard and undocumented AWS S3 behavior.
26th July 2022
Stream
Live inputs
The Live Inputs API now supports optional pagination, search, and filter parameters. For more information, refer to the Live Inputs API documentation.
21st July 2022
R2
- Added dummy implementation of the following operation that mimics
the response that a basic AWS S3 bucket will return when first created:
GetBucketAcl
.
20th July 2022
R2
Added dummy implementations of the following operations that mimic the response that a basic AWS S3 bucket will return when first created:
GetBucketVersioning
GetBucketLifecycleConfiguration
GetBucketReplication
GetBucketTagging
GetObjectLockConfiguration
19th July 2022
R2
- Fixed an S3 compatibility issue for error responses with MinIO .NET SDK and any other tooling that expects no
xmlns
namespace attribute on the top-levelError
tag. - List continuation tokens prior to 2022-07-01 are no longer accepted and must be obtained again through a new
list
operation. - The
list()
binding will now correctly return a smaller limit if too much data would otherwise be returned (previously would return anInternal Error
).
14th July 2022
R2
- Improvements to 500s: we now convert errors, so things that were previously concurrency problems for some operations should now be
TooMuchConcurrency
instead ofInternalError
. We've also reduced the rate of 500s through internal improvements. ListMultipartUpload
correctly encodes the returnedKey
if theencoding-type
is specified.
13th July 2022
R2
- S3 XML documents sent to R2 that have an XML declaration are not rejected with
400 Bad Request
/MalformedXML
. - Minor S3 XML compatibility fix impacting Arq Backup on Windows only (not the Mac version). Response now contains XML declaration tag prefix and the xmlns attribute is present on all top-level tags in the response.
- Beta
ListMultipartUploads
support.
6th July 2022
R2
- Support the
r2_list_honor_include
compat flag coming up in an upcoming runtime release (default behavior as of 2022-07-14 compat date). Without that compat flag/date, list will continue to function implicitly asinclude: ['httpMetadata', 'customMetadata']
regardless of what you specify. cf-create-bucket-if-missing
can be set on aPutObject
/CreateMultipartUpload
request to implicitly create the bucket if it does not exist.- Fix S3 compatibility with MinIO client spec non-compliant XML for publishing multipart uploads. Any leading and trailing quotes in
CompleteMultipartUpload
are now optional and ignored as it seems to be the actual non-standard behavior AWS implements.
5th July 2022
Pages
Added support for .dev.vars in wrangler pages
Pages now supports .dev.vars
in wrangler pages
, which allows you to use use environmental variables during your local development without chaining --env
s.
This functionality requires Wrangler v2.0.16 or higher.
1st July 2022
R2
- Unsupported search parameters to
ListObjects
/ListObjectsV2
are now rejected with501 Not Implemented
. - Fixes for Listing:
- Fix listing behavior when the number of files within a folder exceeds the limit (you'd end up seeing a CommonPrefix for that large folder N times where N = number of children within the CommonPrefix / limit).
- Fix corner case where listing could cause objects with sharing the base name of a "folder" to be skipped.
- Fix listing over some files that shared a certain common prefix.
DeleteObjects
can now handle 1000 objects at a time.- S3
CreateBucket
request can specifyx-amz-bucket-object-lock-enabled
with a value offalse
and not have the requested rejected with aNotImplemented
error. A value oftrue
will continue to be rejected as R2 does not yet support object locks.
17th June 2022
R2
- Fixed a regression for some clients when using an empty delimiter.
- Added support for S3 pre-signed URLs.
16th June 2022
R2
- Fixed a regression in the S3 API
UploadPart
operation whereTooMuchConcurrency
&NoSuchUpload
errors were being returned asNoSuchBucket
.
13th June 2022
Pages
Added deltas to wrangler pages publish
Pages has added deltas to wrangler pages publish
.
We now keep track of the files that make up each deployment and intelligently only upload the files that we have not seen. This means that similar subsequent deployments should only need to upload a minority of files and this will hopefully make uploads even faster.
This functionality requires Wrangler v2.0.11 or higher.
R2
- Fixed a bug with the S3 API
ListObjectsV2
operation not returning empty folder/s as common prefixes when using delimiters. - The S3 API
ListObjectsV2
KeyCount
parameter now correctly returns the sum of keys and common prefixes rather than just the keys. - Invalid cursors for list operations no longer fail with an
InternalError
and now return the appropriate error message.
10th June 2022
R2
- The
ContinuationToken
field is now correctly returned in the response if provided in a S3 APIListObjectsV2
request. - Fixed a bug where the S3 API
AbortMultipartUpload
operation threw an error when called multiple times.
8th June 2022
Pages
Added branch alias to PR comments
- PR comments for Pages previews now include the branch alias.
27th May 2022
R2
- Fixed a bug where the S3 API's
PutObject
or the.put()
binding could fail but still show the bucket upload as successful. - If conditional headers are provided to S3 API
UploadObject
orCreateMultipartUpload
operations, and the object exists, a412 Precondition Failed
status code will be returned if these checks are not met.
24th May 2022
Stream
Picture-in-Picture support
The Stream Player now displays a button to activate Picture-in-Picture mode, if the viewer's web browser supports the Picture-in-Picture API.
20th May 2022
R2
- Fixed a bug when
Accept-Encoding
was being used inSignedHeaders
when sending requests to the S3 API would result in aSignatureDoesNotMatch
response.
17th May 2022
R2
- Fixed a bug where requests to the S3 API were not handling non-encoded parameters used for the authorization signature.
- Fixed a bug where requests to the S3 API where number-like keys were being parsed as numbers instead of strings.
16th May 2022
R2
- Add support for S3 virtual-hosted style paths, such as
<BUCKET>.<ACCOUNT_ID>.r2.cloudflarestorage.com
instead of path-based routing (<ACCOUNT_ID>.r2.cloudflarestorage.com/<BUCKET>
). - Implemented
GetBucketLocation
for compatibility with external tools, this will always return aLocationConstraint
ofauto
.
13th May 2022
Stream
Creator ID property
During or after uploading a video to Stream, you can now specify a value for a new field, creator
. This field can be used to identify the creator of the video content, linking the way you identify your users or creators to videos in your Stream account. For more, read the blog post.
10th May 2022
Workers for Platforms
Workers for Platform announced
Workers for Platforms, built on top of Cloudflare Workers, allows you to deploy custom code on behalf of your users or lets your users directly deploy their own code to your platform. For more information, refer to the announcement blog post.
6th May 2022
R2
- S3 API
GetObject
ranges are now inclusive (bytes=0-0
will correctly return the first byte). - S3 API
GetObject
partial reads return the proper206 Partial Content
response code. - Copying from a non-existent key (or from a non-existent bucket) to another bucket now returns the proper
NoSuchKey
/NoSuchBucket
response. - The S3 API now returns the proper
Content-Type: application/xml
response header on relevant endpoints. - Multipart uploads now have a
-N
suffix on the etag representing the number of parts the file was published with. UploadPart
andUploadPartCopy
now return proper error messages, such asTooMuchConcurrency
orNoSuchUpload
, instead of 'internal error'.UploadPart
can now be sent a 0-length part.
5th May 2022
R2
- When using the S3 API, an empty string and
us-east-1
will now alias to theauto
region for compatibility with external tools. GetBucketEncryption
,PutBucketEncryption
andDeleteBucketEncrypotion
are now supported (the only supported value currently isAES256
).- Unsupported operations are explicitly rejected as unimplemented rather than implicitly converting them into
ListObjectsV2
/PutBucket
/DeleteBucket
respectively. - S3 API
CompleteMultipartUploads
requests are now properly escaped.
3rd May 2022
R2
- Pagination cursors are no longer returned when the keys in a bucket is the same as the
MaxKeys
argument. - The S3 API
ListBuckets
operation now acceptscf-max-keys
,cf-start-after
andcf-continuation-token
headers behave the same as the respective URL parameters. - The S3 API
ListBuckets
andListObjects
endpoints now allowper_page
to be 0. - The S3 API
CopyObject
source parameter now requires a leading slash. - The S3 API
CopyObject
operation now returns aNoSuchBucket
error when copying to a non-existent bucket instead of an internal error. - Enforce the requirement for
auto
in SigV4 signing and theCreateBucket
LocationConstraint
parameter. - The S3 API
CreateBucket
operation now returns the properlocation
response header.
14th April 2022
R2
- The S3 API now supports unchunked signed payloads.
- Fixed
.put()
for the Workers R2 bindings. - Fixed a regression where key names were not properly decoded when using the S3 API.
- Fixed a bug where deleting an object and then another object which is a prefix of the first could result in errors.
- The S3 API
DeleteObjects
operation no longer returns an error even though an object has been deleted in some cases. - Fixed a bug where
startAfter
andcontinuationToken
were not working in list operations. - The S3 API
ListObjects
operation now correctly rendersPrefix
,Delimiter
,StartAfter
andMaxKeys
in the response. - The S3 API
ListObjectsV2
now correctly honors theencoding-type
parameter. - The S3 API
PutObject
operation now works withPOST
requests fors3cmd
compatibility.
4th April 2022
R2
- The S3 API
DeleteObjects
request now properly returns aMalformedXML
error instead ofInternalError
when provided with more than 128 keys.
17th March 2022
Stream
Analytics panel in Stream Dashboard
The Stream Dashboard now has an analytics panel that shows the number of minutes of both live and recorded video delivered. This view can be filtered by Creator ID, Video UID, and Country. For more in-depth analytics data, refer to the bulk analytics documentation.
16th March 2022
Stream
Custom letterbox color configuration option for Stream Player
The Stream Player can now be configured to use a custom letterbox color, displayed around the video ('letterboxing' or 'pillarboxing') when the video's aspect ratio does not match the player's aspect ratio. Refer to the documentation on configuring the Stream Player here.
10th March 2022
Stream
Support for SRT live streaming protocol
Cloudflare Stream now supports the SRT live streaming protocol. SRT is a modern, actively maintained streaming video protocol that delivers lower latency, and better resilience against unpredictable network conditions. SRT supports newer video codecs and makes it easier to use accessibility features such as captions and multiple audio tracks.
For more, read the blog post.
17th February 2022
Stream
Faster video quality switching in Stream Player
When viewers manually change the resolution of video they want to receive in the Stream Player, this change now happens immediately, rather than once the existing resolution playback buffer has finished playing.
9th February 2022
Stream
Volume and playback controls accessible during playback of VAST Ads
When viewing ads in the VAST format in the Stream Player, viewers can now manually start and stop the video, or control the volume.
25th January 2022
22nd January 2022
Stream
Input health status in the Stream Dashboard
When a live input is connected, the Stream Dashboard now displays technical details about the connection, which can be used to debug configuration issues.
6th January 2022
Stream
Live viewer count in the Stream Player
The Stream Player now shows the total number of people currently watching a video live.
4th January 2022
Stream
Webhook notifications for live stream connections events
You can now configure Stream to send webhooks each time a live stream connects and disconnects. For more information, refer to the Webhooks documentation.
14th December 2021
beacon.min.js
Improved site filtering.
7th December 2021
23rd November 2021
17th November 2021
Stream
Persistent Live Stream IDs
You can now start and stop live broadcasts without having to provide a new video UID to the Stream Player (or your own player) each time the stream starts and stops. Read the docs.
16th November 2021
beacon.min.js
When using the automatic installation feature of the JavaScript Beacon (available only to customers proxied through Cloudflare - also known as orange-clouded customers), Subresource Integrity (SRI) is now enabled by default. SRI is a security feature that enables browsers to verify that resources they fetch are delivered without unexpected manipulation.
14th October 2021
30th September 2021
1st September 2021
beacon.min.js
Improved to report debugging information for Core Web Vitals.
26th July 2021
Stream
Thumbnail previews in Stream Player seek bar
The Stream Player now displays preview images when viewers hover their mouse over the seek bar, making it easier to skip to a specific part of a video.
10th July 2021
10th June 2021
Stream
Simplified signed URL token generation
You can now obtain a signed URL token via a single API request, without needing to generate signed tokens in your own application. Read the docs.
8th June 2021
28th May 2021
beacon.min.js
startsWith
function replaced with indexOf
function, which prevents rendering if multiple beacon scripts are loaded.
12th May 2021
beacon.min.js
Reporting endpoint changed from /cdn-cgi/beacon/performance
to /cdn-cgi/rum
(for Browser Insights only).
3rd May 2021
29th March 2021
Stream
Picture quality improvements
Cloudflare Stream now encodes videos with fewer artifacts, resulting in improved video quality for your viewers.
25th March 2021
Stream
Improved client bandwidth hints for third-party video players
If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint
parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.
Stream
Improved client bandwidth hints for third-party video players
If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint
parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.
17th March 2021
Stream
Less bandwidth, identical video quality
Cloudflare Stream now delivers video using 3-10x less bandwidth, with no reduction in quality. This ensures faster playback for your viewers with less buffering, particularly when viewers have slower network connections.
10th March 2021
Stream
Stream Player 2.0 (preview)
A brand new version of the Stream Player is now available for preview. New features include:
- Unified controls across desktop and mobile devices
- Keyboard shortcuts
- Intelligent mouse cursor interactions with player controls
- Phased out support for Internet Explorer 11
For more, refer to this post on the Cloudflare Community Forum.
4th March 2021
Stream
Faster video encoding
Videos uploaded to Cloudflare Stream are now available to view 5x sooner, reducing the time your users wait between uploading and viewing videos.
17th January 2021
Stream
Removed weekly upload limit, increased max video upload size
You can now upload videos up to 30GB in size to Cloudflare Stream and also now upload an unlimited number of videos to Cloudflare Stream each week
14th December 2020
Stream
Tus support for direct creator uploads
You can now use the tus protocol when allowing creators (your end users) to upload their own videos directly to Cloudflare Stream.
In addition, all uploads to Cloudflare Stream made using tus are now faster and more reliable as part of this change.
9th December 2020
Stream
Multiple audio track mixdown
Videos with multiple audio tracks (ex: 5.1 surround sound) are now mixed down to stereo when uploaded to Stream. The resulting video, with stereo audio, is now playable in the Stream Player.
2nd December 2020
Stream
Storage limit notifications
Cloudflare now emails you if your account is using 75% or more of your prepaid video storage, so that you can take action and plan ahead.
7th November 2019
Spectrum
- Argo Smart Routing is available for optimizing traffic on TCP applications, ensuring faster and more reliable routing.
2nd October 2018
Spectrum
- Users can set up Spectrum with Cloudflare Load Balancing to enable TCP health checks, failover support, and traffic steering, ensuring high resilience for your Spectrum applications.