---
title: Changelogs
image: https://developers.cloudflare.com/cf-twitter-card.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt  
> Use this file to discover all available pages before exploring further. 

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

All products

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Mar 06, 2026
1. ### [Workflow steps now expose retry attempt number via step context](https://developers.cloudflare.com/changelog/post/2026-03-06-step-context-available/)  
[ Workflows ](https://developers.cloudflare.com/workflows/)[ Workers ](https://developers.cloudflare.com/workers/)  
Cloudflare Workflows allows you to configure specific retry logic for each step in your workflow execution. Now, you can access **which** retry attempt is currently executing for calls to `step.do()`:  
TypeScript  
```  
await step.do("my-step", async (ctx) => {  // ctx.attempt is 1 on first try, 2 on first retry, etc.  console.log(`Attempt ${ctx.attempt}`);});  
```  
You can use the step context for improved logging & observability, progressive backoff, or conditional logic in your workflow definition.  
Note that the current attempt number is 1-indexed. For more information on retry behavior, refer to [Sleeping and Retrying](https://developers.cloudflare.com/workflows/build/sleeping-and-retrying/).

Mar 06, 2026
1. ### [Region Filtering, AS Traffic Volume, and Navigation Improvements on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-03-06-radar-region-filtering-traffic-volume-navigation/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) ships several new features that improve the flexibility and usability of the platform, as well as visibility into what is happening on the Internet.  
#### Region filtering  
All location-aware pages now support filtering by region, including continents, geographic subregions ([Middle East ↗](https://radar.cloudflare.com/middle-east), [Eastern Asia ↗](https://radar.cloudflare.com/eastern-asia), etc.), political regions ([EU ↗](https://radar.cloudflare.com/european-union), [African Union ↗](https://radar.cloudflare.com/african-union)), and US Census regions/divisions (for example, [New England ↗](https://radar.cloudflare.com/traffic/us-new-england), [US Northeast ↗](https://radar.cloudflare.com/traffic/us-northeast)).  
![Screenshot of region filtering on Radar - Middle east](https://developers.cloudflare.com/_astro/region-filtering-middle-east.D__dYNBw_i7aR.webp)  
#### Traffic volume by top autonomous systems and locations  
A new traffic volume view shows the top autonomous systems and countries/territories for a given location. This is useful for quickly determining which network providers in a location may be experiencing connectivity issues, or how traffic is distributed across a region.  
![Screenshot of traffic volume by top autonomous systems in US](https://developers.cloudflare.com/_astro/traffic-volume-top-as-us.DhnbB8gy_ZyvEEM.webp)  
The new AS and location dimensions have also been added to the [Data Explorer ↗](https://radar.cloudflare.com/explorer) for the HTTP, DNS, and NetFlows datasets. Combined with other available filters, this provides a powerful tool for generating unique insights.  
![Screenshot of AS and location dimensions in Data Explorer](https://developers.cloudflare.com/_astro/data-explorer-top-as-pt.DAWOCd_b_1riM1l.webp)  
Finally, breadcrumb navigation is now available on most pages, allowing easier navigation between parent and related pages.  
Check out these features on [Cloudflare Radar ↗](https://radar.cloudflare.com).

Mar 06, 2026
1. ### [Real-time transcription in RealtimeKit now supports 10 languages with regional variants](https://developers.cloudflare.com/changelog/post/2026-03-06-realtimekit-multilingual-transcription/)  
[ Workers AI ](https://developers.cloudflare.com/workers-ai/)[ Realtime ](https://developers.cloudflare.com/realtime/)  
[Real-time transcription](https://developers.cloudflare.com/realtime/realtimekit/ai/transcription/) in RealtimeKit now supports 10 languages with regional variants, powered by [Deepgram Nova-3](https://developers.cloudflare.com/workers-ai/models/nova-3/) running on [Workers AI](https://developers.cloudflare.com/workers-ai/).  
During a meeting, participant audio is routed through [AI Gateway](https://developers.cloudflare.com/ai-gateway/) to Nova-3 on Workers AI — so transcription runs on Cloudflare's network end-to-end, reducing latency compared to routing through external speech-to-text services.  
Set the language when [creating a meeting](https://developers.cloudflare.com/realtime/realtimekit/concepts/meeting/) via `ai_config.transcription.language`:  
```  
{  "ai_config": {    "transcription": {      "language": "fr"    }  }}  
```  
Supported languages include English, Spanish, French, German, Hindi, Russian, Portuguese, Japanese, Italian, and Dutch — with regional variants like `en-AU`, `en-GB`, `en-IN`, `en-NZ`, `es-419`, `fr-CA`, `de-CH`, `pt-BR`, and `pt-PT`. Use `multi` for automatic multilingual detection.  
If you are building voice agents or real-time translation workflows, your agent can now transcribe in the caller's language natively — no extra services or routing logic needed.

  * [Transcription docs](https://developers.cloudflare.com/realtime/realtimekit/ai/transcription/)
  * [Nova-3 model page](https://developers.cloudflare.com/workers-ai/models/nova-3/)
  * [Workers AI](https://developers.cloudflare.com/workers-ai/)
  * [AI Gateway](https://developers.cloudflare.com/ai-gateway/)

Mar 06, 2026
1. ### [Dismiss and filter matches in Brand Protection](https://developers.cloudflare.com/changelog/post/2026-03-06-brand-protection-dismiss-match/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
We have introduced new triage controls to help you manage your Brand Protection results more efficiently. You can now clear out the noise by dismissing matches while maintaining full visibility into your historical decisions.  
#### What's new

  * **Dismiss matches**: Users can now mark specific results as dismissed if they are determined to be benign or false positives, removing them from the primary triage view.
  * **Show/Hide toggle**: A new visibility control allows you to instantly switch between viewing only active matches and including previously dismissed ones.
  * **Persistent review states**: Dismissed status is saved across sessions, ensuring that your workspace remains organized and focused on new or high-priority threats.  
#### Key benefits of the dismiss match functionality:

  * Reduce alert fatigue by hiding known-safe results, allowing your team to focus exclusively on unreviewed or high-risk infringements.
  * Auditability and recovery through the visibility toggle, ensuring that no match is ever truly "lost" and can be re-evaluated if a site's content changes.
  * Improved collaboration as your team members can see which matches have already been vetted and dismissed by others.  
Ready to clean up your match queue? Learn more in our [Brand Protection documentation](https://developers.cloudflare.com/security-center/brand-protection/).

Mar 04, 2026
1. ### [Browser Rendering: 3x higher REST API request rate](https://developers.cloudflare.com/changelog/post/2026-03-04-br-rest-api-limit-increase/)  
[ Browser Run ](https://developers.cloudflare.com/browser-run/)  
[Browser Rendering](https://developers.cloudflare.com/browser-run/) REST API rate limits for Workers Paid plans have been increased from 3 requests per second (180/min) to **10 requests per second (600/min)**. No action is needed to benefit from the higher limit.  
![Browser Rendering REST API rate limit increased from 3 to 10 requests per second](https://developers.cloudflare.com/_astro/rest-api-limit-increase.DJHY7xYF_1U7IJn.webp)  
The [REST API](https://developers.cloudflare.com/browser-run/quick-actions/) lets you perform common browser tasks with a single API call, and you can now do it at a higher rate.

  * [/content - Fetch HTML](https://developers.cloudflare.com/browser-run/quick-actions/content-endpoint/)
  * [/screenshot - Capture screenshot](https://developers.cloudflare.com/browser-run/quick-actions/screenshot-endpoint/)
  * [/pdf - Render PDF](https://developers.cloudflare.com/browser-run/quick-actions/pdf-endpoint/)
  * [/markdown - Extract Markdown from a webpage](https://developers.cloudflare.com/browser-run/quick-actions/markdown-endpoint/)
  * [/snapshot - Take a webpage snapshot](https://developers.cloudflare.com/browser-run/quick-actions/snapshot/)
  * [/scrape - Scrape HTML elements](https://developers.cloudflare.com/browser-run/quick-actions/scrape-endpoint/)
  * [/json - Capture structured data using AI](https://developers.cloudflare.com/browser-run/quick-actions/json-endpoint/)
  * [/links - Retrieve links from a webpage](https://developers.cloudflare.com/browser-run/quick-actions/links-endpoint/)  
If you use the [Browser Sessions](https://developers.cloudflare.com/browser-run/#integration-methods) method, increases to concurrent browser and new browser limits are coming soon. Stay tuned.  
For full details, refer to the [Browser Rendering limits page](https://developers.cloudflare.com/browser-run/limits/).

Mar 04, 2026
1. ### [User risk score selector in Access policies](https://developers.cloudflare.com/changelog/post/2026-03-04-user-risk-score-access-policies/)  
[ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
You can now use [user risk scores](https://developers.cloudflare.com/cloudflare-one/team-and-resources/users/risk-score/) in your [Access policies](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/). The new **User Risk Score** selector allows you to create Access policies that respond to user behavior patterns detected by Cloudflare's risk scoring system, including impossible travel, high DLP policy matches, and more.  
For more information, refer to [Use risk scores in Access policies](https://developers.cloudflare.com/cloudflare-one/team-and-resources/users/risk-score/#use-risk-scores-in-access-policies).

Mar 04, 2026
1. ### [Gateway Authorization Proxy and hosted PAC files (open beta)](https://developers.cloudflare.com/changelog/post/2026-03-04-gateway-authorization-proxy-open-beta/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
The [Gateway Authorization Proxy](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#authorization-endpoint) and [PAC file hosting](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#create-a-hosted-pac-file) are now in open beta for all plan types.  
Previously, [proxy endpoints](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#source-ip-endpoint) relied on static source IP addresses to authorize traffic, providing no user-level identity in logs or policies. The new authorization proxy replaces IP-based authorization with [Cloudflare Access](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) authentication, verifying who a user is before applying Gateway filtering without installing the WARP client.  
This is ideal for environments where you cannot deploy a device client, such as virtual desktops (VDI), mergers and acquisitions, or compliance-restricted endpoints.  
#### Key capabilities

  * **Identity-aware proxy traffic** — Users authenticate through your identity provider (Okta, Microsoft Entra ID, Google Workspace, and others) via Cloudflare Access. Logs now show exactly which user accessed which site, and you can write [identity-based policies](https://developers.cloudflare.com/cloudflare-one/traffic-policies/identity-selectors/) like "only the Finance team can access this accounting tool."
  * **Multiple identity providers** — Display one or multiple login methods simultaneously, giving flexibility for organizations managing users across different identity systems.
  * **Cloudflare-hosted PAC files** — Create and host [PAC files](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#create-a-hosted-pac-file) directly in Cloudflare One with pre-configured templates for Okta and Azure, hosted at `https://pac.cloudflare-gateway.com/<account-id>/<slug>` on Cloudflare's global network.
  * **Simplified billing** — Each user occupies a seat, exactly like they do with the Cloudflare One Client. No new metrics to track.  
#### Get started

  1. In [Cloudflare One ↗](https://one.dash.cloudflare.com/), go to **Networks** \> **Resolvers & Proxies** \> **Proxy endpoints**.
  2. [Create an authorization proxy endpoint](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#authorization-endpoint) and configure Access policies.
  3. [Create a hosted PAC file](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#create-a-hosted-pac-file) or write your own.
  4. [Configure browsers](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/#3b-configure-browser-to-use-pac-file) to use the PAC file URL.
  5. [Install the Cloudflare certificate](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/user-side-certificates/) for HTTPS inspection.  
For more details, refer to the [proxy endpoints documentation](https://developers.cloudflare.com/cloudflare-one/networks/resolvers-and-proxies/proxy-endpoints/) and the [announcement blog post ↗](https://blog.cloudflare.com/gateway-authorization-proxy-identity-aware-policies/).

Mar 04, 2026
1. ### [New conversion options for Markdown Conversion](https://developers.cloudflare.com/changelog/post/2026-03-04-new-markdown-conversion-options/)  
[ Workers AI ](https://developers.cloudflare.com/workers-ai/)  
You can now customize how the [Markdown Conversion](https://developers.cloudflare.com/workers-ai/features/markdown-conversion/) service processes different file types by passing a `conversionOptions` object.  
Available options:

  * **Images**: Set the language for AI-generated image descriptions
  * **HTML**: Use CSS selectors to extract specific content, or provide a hostname to resolve relative links
  * **PDF**: Exclude metadata from the output  
Use the [env.AI](https://developers.cloudflare.com/workers-ai/features/markdown-conversion/usage/binding/) binding:

  * [  JavaScript ](#tab-panel-4787)
  * [  TypeScript ](#tab-panel-4788)  
JavaScript  
```  
await env.AI.toMarkdown(  { name: "page.html", blob: new Blob([html]) },  {    conversionOptions: {      html: { cssSelector: "article.content" },      image: { descriptionLanguage: "es" },    },  },);  
```  
TypeScript  
```  
await env.AI.toMarkdown(  { name: "page.html", blob: new Blob([html]) },  {    conversionOptions: {      html: { cssSelector: "article.content" },      image: { descriptionLanguage: "es" },    },  },);  
```  
Or call the REST API:  
Terminal window  
```  
curl https://api.cloudflare.com/client/v4/accounts/{ACCOUNT_ID}/ai/tomarkdown \  -H 'Authorization: Bearer {API_TOKEN}' \  -F 'files=@index.html' \  -F 'conversionOptions={"html": {"cssSelector": "article.content"}}'  
```  
For more details, refer to [Conversion Options](https://developers.cloudflare.com/workers-ai/features/markdown-conversion/conversion-options/).

Mar 03, 2026
1. ### [Workflows step limit increased to 25,000 steps per instance](https://developers.cloudflare.com/changelog/post/2026-03-03-step-limits-to-25k/)  
[ Workflows ](https://developers.cloudflare.com/workflows/)[ Workers ](https://developers.cloudflare.com/workers/)  
Each Workflow on Workers Paid now supports 10,000 steps by default, configurable up to 25,000 steps in your `wrangler.jsonc` file:  
```  
{  "workflows": [    {      "name": "my-workflow",      "binding": "MY_WORKFLOW",      "class_name": "MyWorkflow",      "limits": {        "steps": 25000      }    }  ]}  
```  
Previously, each instance was limited to 1,024 steps. Now, Workflows can support more complex, long-running executions without the additional complexity of recursive or child workflow calls.  
Note that the maximum persisted state limit per Workflow instance remains **100 MB** for Workers Free and **1 GB** for Workers Paid. Refer to [Workflows limits](https://developers.cloudflare.com/workflows/reference/limits/) for more information.

Mar 03, 2026
1. ### [Real-time file watching in Sandboxes](https://developers.cloudflare.com/changelog/post/2026-03-03-sandbox-watch-file-events/)  
[ Agents ](https://developers.cloudflare.com/agents/)  
[Sandboxes](https://developers.cloudflare.com/sandbox/) now support real-time filesystem watching via `sandbox.watch()`. The method returns a [Server-Sent Events ↗](https://developer.mozilla.org/en-US/docs/Web/API/Server-sent%5Fevents) stream backed by native inotify, so your Worker receives `create`, `modify`, `delete`, and `move` events as they happen inside the container.  
#### `sandbox.watch(path, options)`  
Pass a directory path and optional filters. The returned stream is a standard `ReadableStream` you can proxy directly to a browser client or consume server-side.

  * [  JavaScript ](#tab-panel-4789)
  * [  TypeScript ](#tab-panel-4790)  
JavaScript  
```  
// Stream events to a browser clientconst stream = await sandbox.watch("/workspace/src", {  recursive: true,  include: ["*.ts", "*.js"],});  
return new Response(stream, {  headers: { "Content-Type": "text/event-stream" },});  
```  
TypeScript  
```  
// Stream events to a browser clientconst stream = await sandbox.watch("/workspace/src", {  recursive: true,  include: ["*.ts", "*.js"],});  
return new Response(stream, {  headers: { "Content-Type": "text/event-stream" },});  
```  
#### Server-side consumption with `parseSSEStream`  
Use `parseSSEStream` to iterate over events inside a Worker without forwarding them to a client.

  * [  JavaScript ](#tab-panel-4791)
  * [  TypeScript ](#tab-panel-4792)  
JavaScript  
```  
import { parseSSEStream } from "@cloudflare/sandbox";  
const stream = await sandbox.watch("/workspace/src", { recursive: true });  
for await (const event of parseSSEStream(stream)) {  console.log(event.type, event.path);}  
```  
TypeScript  
```  
import { parseSSEStream } from "@cloudflare/sandbox";import type { FileWatchSSEEvent } from "@cloudflare/sandbox";  
const stream = await sandbox.watch("/workspace/src", { recursive: true });  
for await (const event of parseSSEStream<FileWatchSSEEvent>(stream)) {  console.log(event.type, event.path);}  
```  
Each event includes a `type` field (`create`, `modify`, `delete`, or `move`) and the affected `path`. Move events also include a `from` field with the original path.  
#### Options

| Option    | Type       | Description                                                 |
| --------- | ---------- | ----------------------------------------------------------- |
| recursive | boolean    | Watch subdirectories. Defaults to false.                    |
| include   | string\[\] | Glob patterns to filter events. Omit to receive all events. |  
#### Upgrade  
To update to the latest version:  
Terminal window  
```  
npm i @cloudflare/sandbox@latest  
```  
For full API details, refer to the [Sandbox file watching reference](https://developers.cloudflare.com/sandbox/api/file-watching/).

Mar 03, 2026
1. ### [Network Quality Test on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-03-03-radar-network-quality-test/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now includes a [Network Quality Test ↗](https://radar.cloudflare.com/speedtest) page. The tool measures Internet connection quality and performance, showing connection details such as IP address, server location, network (ASN), and IP version. For more detailed speed test results, the page links to [speed.cloudflare.com ↗](https://speed.cloudflare.com/).  
![Screenshot of the Network Quality Test page on Radar](https://developers.cloudflare.com/_astro/network-quality-test.BwQ-CoTH_Z90pOd.webp)

Mar 02, 2026
1. ### [Agents SDK v0.7.0: Observability rewrite, keepAlive, and waitForMcpConnections](https://developers.cloudflare.com/changelog/post/2026-03-02-agents-sdk-v070/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
The latest release of the [Agents SDK ↗](https://github.com/cloudflare/agents) rewrites observability from scratch with `diagnostics_channel`, adds `keepAlive()` to prevent Durable Object eviction during long-running work, and introduces `waitForMcpConnections` so MCP tools are always available when `onChatMessage` runs.  
#### Observability rewrite  
The previous observability system used `console.log()` with a custom `Observability.emit()` interface. v0.7.0 replaces it with structured events published to [diagnostics channels](https://developers.cloudflare.com/workers/runtime-apis/nodejs/diagnostics-channel/) — silent by default, zero overhead when nobody is listening.  
Every event has a `type`, `payload`, and `timestamp`. Events are routed to seven named channels:

| Channel          | Event types                                                                                                                                      |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
| agents:state     | state:update                                                                                                                                     |
| agents:rpc       | rpc, rpc:error                                                                                                                                   |
| agents:message   | message:request, message:response, message:clear, message:cancel, message:error, tool:result, tool:approval                                      |
| agents:schedule  | schedule:create, schedule:execute, schedule:cancel, schedule:retry, schedule:error, queue:retry, queue:error                                     |
| agents:lifecycle | connect, destroy                                                                                                                                 |
| agents:workflow  | workflow:start, workflow:event, workflow:approved, workflow:rejected, workflow:terminated, workflow:paused, workflow:resumed, workflow:restarted |
| agents:mcp       | mcp:client:preconnect, mcp:client:connect, mcp:client:authorize, mcp:client:discover                                                             |  
Use the typed `subscribe()` helper from `agents/observability` for type-safe access:

  * [  JavaScript ](#tab-panel-4801)
  * [  TypeScript ](#tab-panel-4802)  
JavaScript  
```  
import { subscribe } from "agents/observability";  
const unsub = subscribe("rpc", (event) => {  if (event.type === "rpc") {    console.log(`RPC call: ${event.payload.method}`);  }  if (event.type === "rpc:error") {    console.error(      `RPC failed: ${event.payload.method} — ${event.payload.error}`,    );  }});  
// Clean up when doneunsub();  
```  
TypeScript  
```  
import { subscribe } from "agents/observability";  
const unsub = subscribe("rpc", (event) => {  if (event.type === "rpc") {    console.log(`RPC call: ${event.payload.method}`);  }  if (event.type === "rpc:error") {    console.error(      `RPC failed: ${event.payload.method} — ${event.payload.error}`,    );  }});  
// Clean up when doneunsub();  
```  
In production, all diagnostics channel messages are automatically forwarded to [Tail Workers](https://developers.cloudflare.com/workers/observability/logs/tail-workers/) — no subscription code needed in the agent itself:

  * [  JavaScript ](#tab-panel-4797)
  * [  TypeScript ](#tab-panel-4798)  
JavaScript  
```  
export default {  async tail(events) {    for (const event of events) {      for (const msg of event.diagnosticsChannelEvents) {        // msg.channel is "agents:rpc", "agents:workflow", etc.        console.log(msg.timestamp, msg.channel, msg.message);      }    }  },};  
```  
TypeScript  
```  
export default {  async tail(events) {    for (const event of events) {      for (const msg of event.diagnosticsChannelEvents) {        // msg.channel is "agents:rpc", "agents:workflow", etc.        console.log(msg.timestamp, msg.channel, msg.message);      }    }  },};  
```  
The custom `Observability` override interface is still supported for users who need to filter or forward events to external services.  
For the full event reference, refer to the [Observability documentation](https://developers.cloudflare.com/agents/runtime/operations/observability/).  
#### `keepAlive()` and `keepAliveWhile()`  
Durable Objects are evicted after a period of inactivity (typically 70-140 seconds with no incoming requests, WebSocket messages, or alarms). During long-running operations — streaming LLM responses, waiting on external APIs, running multi-step computations — the agent can be evicted mid-flight.  
`keepAlive()` prevents this by creating a 30-second heartbeat schedule. The alarm firing resets the inactivity timer. Returns a disposer function that cancels the heartbeat when called.

  * [  JavaScript ](#tab-panel-4795)
  * [  TypeScript ](#tab-panel-4796)  
JavaScript  
```  
const dispose = await this.keepAlive();try {  const result = await longRunningComputation();  await sendResults(result);} finally {  dispose();}  
```  
TypeScript  
```  
const dispose = await this.keepAlive();try {  const result = await longRunningComputation();  await sendResults(result);} finally {  dispose();}  
```  
`keepAliveWhile()` wraps an async function with automatic cleanup — the heartbeat starts before the function runs and stops when it completes:

  * [  JavaScript ](#tab-panel-4793)
  * [  TypeScript ](#tab-panel-4794)  
JavaScript  
```  
const result = await this.keepAliveWhile(async () => {  const data = await longRunningComputation();  return data;});  
```  
TypeScript  
```  
const result = await this.keepAliveWhile(async () => {  const data = await longRunningComputation();  return data;});  
```  
Key details:

  * **Multiple concurrent callers** — Each `keepAlive()` call returns an independent disposer. Disposing one does not affect others.
  * **AIChatAgent built-in** — `AIChatAgent` automatically calls `keepAlive()` during streaming responses. You do not need to add it yourself.
  * **Uses the scheduling system** — The heartbeat does not conflict with your own schedules. It shows up in `getSchedules()` if you need to inspect it.  
Note  
`keepAlive()` is marked `@experimental` and may change between releases.  
For the full API reference and when-to-use guidance, refer to [Schedule tasks — Keeping the agent alive](https://developers.cloudflare.com/agents/runtime/execution/schedule-tasks/#keeping-the-agent-alive).  
#### `waitForMcpConnections`  
`AIChatAgent` now waits for MCP server connections to settle before calling `onChatMessage`. This ensures `this.mcp.getAITools()` returns the full set of tools, especially after Durable Object hibernation when connections are being restored in the background.

  * [  JavaScript ](#tab-panel-4803)
  * [  TypeScript ](#tab-panel-4804)  
JavaScript  
```  
export class ChatAgent extends AIChatAgent {  // Default — waits up to 10 seconds  // waitForMcpConnections = { timeout: 10_000 };  
  // Wait forever  waitForMcpConnections = true;  
  // Disable waiting  waitForMcpConnections = false;}  
```  
TypeScript  
```  
export class ChatAgent extends AIChatAgent {  // Default — waits up to 10 seconds  // waitForMcpConnections = { timeout: 10_000 };  
  // Wait forever  waitForMcpConnections = true;  
  // Disable waiting  waitForMcpConnections = false;}  
```

| Value                | Behavior                                      |
| -------------------- | --------------------------------------------- |
| { timeout: 10\_000 } | Wait up to 10 seconds (default)               |
| { timeout: N }       | Wait up to N milliseconds                     |
| true                 | Wait indefinitely until all connections ready |
| false                | Do not wait (old behavior before 0.2.0)       |  
For lower-level control, call `this.mcp.waitForConnections()` directly inside `onChatMessage` instead.  
#### Other improvements

  * **MCP deduplication by name and URL** — `addMcpServer` with HTTP transport now deduplicates on both server name and URL. Calling it with the same name but a different URL creates a new connection. URLs are normalized before comparison (trailing slashes, default ports, hostname case).
  * **`callbackHost` optional for non-OAuth servers** — `addMcpServer` no longer requires `callbackHost` when connecting to MCP servers that do not use OAuth.
  * **MCP URL security** — Server URLs are validated before connection to prevent SSRF. Private IP ranges, loopback addresses, link-local addresses, and cloud metadata endpoints are blocked.
  * **Custom denial messages** — `addToolOutput` now supports `state: "output-error"` with `errorText` for custom denial messages in human-in-the-loop tool approval flows.
  * **`requestId` in chat options** — `onChatMessage` options now include a `requestId` for logging and correlating events.  
#### Upgrade  
To update to the latest version:  
Terminal window  
```  
npm i agents@latest @cloudflare/ai-chat@latest  
```

Mar 02, 2026
1. ### [Get started with AI Gateway automatically](https://developers.cloudflare.com/changelog/post/2026-03-02-default-gateway/)  
[ AI Gateway ](https://developers.cloudflare.com/ai-gateway/)  
You can now start using AI Gateway with a single API call — no setup required. Use `default` as your gateway ID, and AI Gateway creates one for you automatically on the first request.  
To try it out, [create an API token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) with `AI Gateway - Read`, `AI Gateway - Edit`, and `Workers AI - Read` permissions, then run:  
Terminal window  
```  
curl -X POST https://gateway.ai.cloudflare.com/v1/$CLOUDFLARE_ACCOUNT_ID/default/compat/chat/completions \  --header "cf-aig-authorization: Bearer $CLOUDFLARE_API_TOKEN" \  --header 'Content-Type: application/json' \  --data '{    "model": "workers-ai/@cf/meta/llama-3.3-70b-instruct-fp8-fast",    "messages": [      {        "role": "user",        "content": "What is Cloudflare?"      }    ]  }'  
```  
AI Gateway gives you logging, caching, rate limiting, and access to multiple AI providers through a single endpoint. For more information, refer to [Get started](https://developers.cloudflare.com/ai-gateway/get-started/).

Mar 02, 2026
1. ### [Copy Cloudflare One resources as JSON or POST requests](https://developers.cloudflare.com/changelog/post/2026-03-copy-resources-as-json-or-post-requests/)  
[ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)  
You can now copy Cloudflare One resources as JSON or as a ready-to-use API POST request directly from the dashboard. This makes it simple to transition workflows into API calls, automation scripts, or infrastructure-as-code pipelines.  
To use this feature, click the overflow menu (⋮) on any supported resource and select **Copy as JSON** or **Copy as POST request**. The copied output includes only the fields present on your resource, giving you a clean and minimal starting point for your own API calls.  
Initially supported resources:

  * Access applications
  * Access policies
  * Gateway policies
  * Resolver policies
  * Service tokens
  * Identity providers  
We will continue to add support for more resources throughout 2026.

Mar 02, 2026
1. ### [WAF Release - 2026-03-02](https://developers.cloudflare.com/changelog/post/2026-03-02-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
This week's release introduces new detections for vulnerabilities in SmarterTools SmarterMail (CVE-2025-52691 and CVE-2026-23760), alongside improvements to an existing Command Injection (nslookup) detection to enhance coverage.

**Key Findings**

  * CVE-2025-52691: SmarterTools SmarterMail mail server is vulnerable to Arbitrary File Upload, allowing an unauthenticated attacker to upload files to any location on the mail server, potentially enabling remote code execution.
  * CVE-2026-23760: SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API permitting unaunthenticated to reset system administrator accounts failing to verify existing password or reset token.

**Impact**  
Successful exploitation of these SmarterMail vulnerabilities could lead to full system compromise or unauthorized administrative access to mail servers. Administrators are strongly encouraged to apply vendor patches without delay.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                          | Previous Action | New Action | Comments                                                                                      |
| -------------------------- | ----------- | -------------- | ---------------------------------------------------- | --------------- | ---------- | --------------------------------------------------------------------------------------------- |
| Cloudflare Managed Ruleset | ...966ec6b1 | N/A            | SmarterMail - Arbitrary File Upload - CVE-2025-52691 | Log             | Block      | This is a new detection.                                                                      |
| Cloudflare Managed Ruleset | ...ee964a8c | N/A            | SmarterMail - Authentication Bypass - CVE-2026-23760 | Log             | Block      | This is a new detection.                                                                      |
| Cloudflare Managed Ruleset | ...75b64d99 | N/A            | Command Injection - Nslookup - Beta                  | Log             | Block      | This rule is merged into the original rule "Command Injection - Nslookup" (ID: ...b090ba9a  ) |

Mar 01, 2026
1. ### [Clipboard controls for browser-based RDP](https://developers.cloudflare.com/changelog/post/2026-03-01-rdp-clipboard-controls/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
You can now configure clipboard controls for browser-based RDP with Cloudflare Access. Clipboard controls allow administrators to restrict whether users can copy or paste text between their local machine and the remote Windows server.  
![Enable users to copy and paste content from their local machine to remote RDP sessions in the Cloudflare One dashboard](https://developers.cloudflare.com/_astro/rdp-clipboard-controls.B0ZmliDb_Z1Ne5yg.webp)  
This feature is useful for organizations that support bring-your-own-device (BYOD) policies or third-party contractors using unmanaged devices. By restricting clipboard access, you can prevent sensitive data from being transferred out of the remote session to a user's personal device.  
#### Configuration options  
Clipboard controls are configured per policy within your Access application. For each policy, you can independently allow or deny:

  * **Copy from local client to remote RDP session** — Users can copy/paste text from their local machine into the browser-based RDP session.
  * **Copy from remote RDP session to local client** — Users can copy/paste text from the browser-based RDP session to their local machine.  
By default, both directions are denied for new policies. For existing Access applications created before this feature was available, clipboard access remains enabled to preserve backwards compatibility.  
When a user attempts a restricted clipboard action, the clipboard content is replaced with an error message informing them that the action is not allowed.  
For more information, refer to [Clipboard controls for browser-based RDP](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/use-cases/rdp/rdp-browser/#clipboard-controls).

Feb 27, 2026
1. ### [Export MCP server portal logs with Logpush](https://developers.cloudflare.com/changelog/post/2026-02-27-mcp-portal-logpush/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
Availability  
Only available on Enterprise plans.  
[MCP server portals](https://developers.cloudflare.com/cloudflare-one/access-controls/ai-controls/mcp-portals/) now supports [Logpush](https://developers.cloudflare.com/logs/logpush/) integration. You can automatically export MCP server portal activity logs to third-party storage destinations or security information and event management (SIEM) tools for analysis and auditing.  
#### Available log fields  
The MCP server portal logs dataset includes fields such as:

  * `Datetime` — Timestamp of the request
  * `PortalID` / `PortalAUD` — Portal identifiers
  * `ServerID` / `ServerURL` — Upstream MCP server details
  * `Method` — JSON-RPC method (for example, `tools/call`, `prompts/get`, `resources/read`)
  * `ToolCallName` / `PromptGetName` / `ResourceReadURI` — Method-specific identifiers
  * `UserID` / `UserEmail` — Authenticated user information
  * `Success` / `Error` — Request outcome
  * `ServerResponseDurationMs` — Response time from upstream server  
For the complete field reference, refer to [MCP portal logs](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/mcp%5Fportal%5Flogs/).  
#### Set up Logpush  
To configure Logpush for MCP server portal logs, refer to [Logpush integration](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/).  
Note  
MCP server portals is currently in beta.

Feb 27, 2026
1. ### [New protocols added for Gateway Protocol Detection (Beta)](https://developers.cloudflare.com/changelog/post/2026-02-27-new-protocol-detection-protocols/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
Gateway [Protocol Detection](https://developers.cloudflare.com/cloudflare-one/traffic-policies/network-policies/protocol-detection/) now supports seven additional protocols in beta:

| Protocol     | Notes                                              |
| ------------ | -------------------------------------------------- |
| IMAP         | Internet Message Access Protocol — email retrieval |
| POP3         | Post Office Protocol v3 — email retrieval          |
| SMTP         | Simple Mail Transfer Protocol — email sending      |
| MYSQL        | MySQL database wire protocol                       |
| RSYNC-DAEMON | rsync daemon protocol                              |
| LDAP         | Lightweight Directory Access Protocol              |
| NTP          | Network Time Protocol                              |  
These protocols join the existing set of detected protocols (HTTP, HTTP2, SSH, TLS, DCERPC, MQTT, and TPKT) and can be used with the _Detected Protocol_ selector in [Network policies](https://developers.cloudflare.com/cloudflare-one/traffic-policies/network-policies/) to identify and filter traffic based on the application-layer protocol, without relying on port-based identification.  
If protocol detection is enabled on your account, these protocols will automatically be logged when detected in your Gateway network traffic.  
For more information on using Protocol Detection, refer to the [Protocol detection documentation](https://developers.cloudflare.com/cloudflare-one/traffic-policies/network-policies/protocol-detection/).

Feb 27, 2026
1. ### [Post-Quantum Encryption and Key Transparency on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-27-radar-pq-key-transparency/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now tracks post-quantum encryption support on origin servers, provides a tool to test any host for post-quantum compatibility, and introduces a Key Transparency dashboard for monitoring end-to-end encrypted messaging audit logs.  
#### Post-quantum origin support  
The new [Post-Quantum](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/) API provides the following endpoints:

  * [/post\_quantum/tls/support](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/subresources/tls/methods/support/) \- Tests whether a host supports post-quantum TLS key exchange.
  * [/post\_quantum/origin/summary/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/methods/summary/) \- Returns origin post-quantum data summarized by key agreement algorithm.
  * [/post\_quantum/origin/timeseries\_groups/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/methods/timeseries%5Fgroups/) \- Returns origin post-quantum timeseries data grouped by key agreement algorithm.  
The new [Post-Quantum Encryption ↗](https://radar.cloudflare.com/post-quantum) page shows the share of customer origins supporting [X25519MLKEM768](https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/#x25519mlkem768), derived from daily automated TLS scans of TLS 1.3-compatible origins. The scanner tests for algorithm support rather than the origin server's configured preference.  
![Screenshot of the origin post-quantum support graph on Radar](https://developers.cloudflare.com/_astro/pq-origin-support.Bn5Dw_It_Z12sKNz.webp)  
A host test tool allows checking any publicly accessible website for post-quantum encryption compatibility. Enter a hostname and optional port to see whether the server negotiates a post-quantum key exchange algorithm.  
![Screenshot of the post-quantum host test tool on Radar](https://developers.cloudflare.com/_astro/pq-host-test.dRqwoOvo_Z2hjMhW.webp)  
#### Key Transparency  
A new [Key Transparency ↗](https://radar.cloudflare.com/key-transparency) section displays the audit status of Key Transparency logs for end-to-end encrypted messaging services. The page launches with two monitored logs: WhatsApp and Facebook Messenger Transport.  
Each log card shows the current status, last signed epoch, last verified epoch, and the root hash of the Auditable Key Directory tree. The data is also available through the [Key Transparency Auditor API](https://developers.cloudflare.com/key-transparency/api/).  
![Screenshot of the Key Transparency dashboard on Radar](https://developers.cloudflare.com/_astro/key-transparency-dashboard.DNQgLsb0_25IWgQ.webp)  
Learn more about these features in our [blog post ↗](https://blog.cloudflare.com/radar-origin-pq-key-transparency-aspa) and check out the [Post-Quantum Encryption ↗](https://radar.cloudflare.com/post-quantum) and [Key Transparency ↗](https://radar.cloudflare.com/key-transparency) pages to explore the data.

Feb 26, 2026
1. ### [Asynchronous stale-while-revalidate](https://developers.cloudflare.com/changelog/post/2026-02-26-async-stale-while-revalidate/)  
[ Cache / CDN ](https://developers.cloudflare.com/cache/)  
Cloudflare's [stale-while-revalidate](https://developers.cloudflare.com/cache/concepts/cache-control/#revalidation) support is now fully asynchronous. Previously, the first request for a stale (expired) asset in cache had to wait for an origin response, after which that visitor received a REVALIDATED or EXPIRED status. Now, the first request after the asset expires triggers revalidation in the background and immediately receives stale content with an UPDATING status. All following requests also receive stale content with an `UPDATING` status until the origin responds, after which subsequent requests receive fresh content with a `HIT` status.  
`stale-while-revalidate` is a `Cache-Control` directive set by your origin server that allows Cloudflare to serve an expired cached asset while a fresh copy is fetched from the origin.  
Asynchronous revalidation brings:

  * **Lower latency**: No visitor is waiting for the origin when the asset is already in cache. Every request is served from cache during revalidation.
  * **Consistent experience**: All visitors receive the same cached response during revalidation.
  * **Reduced error exposure**: The first request is no longer vulnerable to origin timeouts or errors. All visitors receive a cached response while revalidation happens in the background.  
#### Availability  
This change is live for all Free, Pro, and Business zones. Approximately 75% of Enterprise zones have been migrated, with the remaining zones rolling out throughout the quarter.  
#### Get started  
To use this feature, make sure your origin includes the `stale-while-revalidate` directive in the `Cache-Control` header. Refer to the [Cache-Control documentation](https://developers.cloudflare.com/cache/concepts/cache-control/#revalidation) for details.

Feb 26, 2026
1. ### [Markdown responses for Cloudflare 1xxx errors](https://developers.cloudflare.com/changelog/post/2026-02-26-markdown-responses-for-1xxx-errors/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)  
Cloudflare now returns structured Markdown responses for Cloudflare-generated 1xxx errors when clients send `Accept: text/markdown`.  
Each response includes YAML frontmatter plus guidance sections (`What happened` / `What you should do`) so agents can make deterministic retry and escalation decisions without parsing HTML.  
In measured 1,015 comparisons, Markdown reduced payload size and token footprint by over 98% versus HTML.  
Included frontmatter fields:

  * `error_code`, `error_name`, `error_category`, `http_status`
  * `ray_id`, `timestamp`, `zone`
  * `cloudflare_error`, `retryable`, `retry_after` (when applicable), `owner_action_required`  
Default behavior is unchanged: clients that do not explicitly request Markdown continue to receive HTML error pages.  
#### Negotiation behavior  
Cloudflare uses standard HTTP content negotiation on the `Accept` header.

  * `Accept: text/markdown` \-> Markdown
  * `Accept: text/markdown, text/html;q=0.9` \-> Markdown
  * `Accept: text/*` \-> Markdown
  * `Accept: */*` \-> HTML (default browser behavior)  
When multiple values are present, Cloudflare selects the highest-priority supported media type using `q` values. If Markdown is not explicitly preferred, HTML is returned.  
#### Availability  
Available now for Cloudflare-generated 1xxx errors.  
#### Get started  
Terminal window  
```  
curl -H "Accept: text/markdown" https://<your-domain>/cdn-cgi/error/1015  
```  
Reference: [Cloudflare 1xxx error documentation](https://developers.cloudflare.com/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/)

Feb 25, 2026
1. ### [Agents SDK v0.6.0: RPC transport for MCP, optional OAuth, hardened schema conversion, and @cloudflare/ai-chat fixes](https://developers.cloudflare.com/changelog/post/2026-02-25-agents-sdk-v060/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
The latest release of the [Agents SDK ↗](https://github.com/cloudflare/agents) lets you define an Agent and an McpAgent in the same Worker and connect them over RPC — no HTTP, no network overhead. It also makes OAuth opt-in for simple MCP connections, hardens the schema converter for production workloads, and ships a batch of `@cloudflare/ai-chat` reliability fixes.  
#### RPC transport for MCP  
You can now connect an Agent to an McpAgent in the same Worker using a Durable Object binding instead of an HTTP URL. The connection stays entirely within the Cloudflare runtime — no network round-trips, no serialization overhead.  
Pass the Durable Object namespace directly to `addMcpServer`:

  * [  JavaScript ](#tab-panel-4805)
  * [  TypeScript ](#tab-panel-4806)  
JavaScript  
```  
import { Agent } from "agents";  
export class MyAgent extends Agent {  async onStart() {    // Connect via DO binding — no HTTP, no network overhead    await this.addMcpServer("counter", env.MY_MCP);  
    // With props for per-user context    await this.addMcpServer("counter", env.MY_MCP, {      props: { userId: "user-123", role: "admin" },    });  }}  
```  
TypeScript  
```  
import { Agent } from "agents";  
export class MyAgent extends Agent {  async onStart() {    // Connect via DO binding — no HTTP, no network overhead    await this.addMcpServer("counter", env.MY_MCP);  
    // With props for per-user context    await this.addMcpServer("counter", env.MY_MCP, {      props: { userId: "user-123", role: "admin" },    });  }}  
```  
The `addMcpServer` method now accepts `string | DurableObjectNamespace` as the second parameter with full TypeScript overloads, so HTTP and RPC paths are type-safe and cannot be mixed.  
Key capabilities:

  * **Hibernation support** — RPC connections survive Durable Object hibernation automatically. The binding name and props are persisted to storage and restored on wake-up, matching the behavior of HTTP MCP connections.
  * **Deduplication** — Calling `addMcpServer` with the same server name returns the existing connection instead of creating duplicates. Connection IDs are stable across hibernation restore.
  * **Smaller surface area** — The RPC transport internals have been rewritten and reduced from 609 lines to 245 lines. `RPCServerTransport` now uses `JSONRPCMessageSchema` from the MCP SDK for validation instead of hand-written checks.  
Note  
RPC transport is experimental. The API may change based on feedback. Refer to [the tracking issue ↗](https://github.com/cloudflare/agents/issues/565) for updates.  
#### Optional OAuth for MCP connections  
`addMcpServer()` no longer eagerly creates an OAuth provider for every connection. For servers that do not require authentication, a simple call is all you need:

  * [  JavaScript ](#tab-panel-4799)
  * [  TypeScript ](#tab-panel-4800)  
JavaScript  
```  
// No callbackHost, no OAuth config — just worksawait this.addMcpServer("my-server", "https://mcp.example.com");  
```  
TypeScript  
```  
// No callbackHost, no OAuth config — just worksawait this.addMcpServer("my-server", "https://mcp.example.com");  
```  
If the server responds with a 401, the SDK throws a clear error: `"This MCP server requires OAuth authentication. Provide callbackHost in addMcpServer options to enable the OAuth flow."` The restore-from-storage flow also handles missing callback URLs gracefully, skipping auth provider creation for non-OAuth servers.  
#### Hardened JSON Schema to TypeScript converter  
The schema converter used by `generateTypes()` and `getAITools()` now handles edge cases that previously caused crashes in production:

  * **Depth and circular reference guards** — Prevents stack overflows on recursive or deeply nested schemas
  * **`$ref` resolution** — Supports internal JSON Pointers (`#/definitions/...`, `#/$defs/...`, `#`)
  * **Tuple support** — `prefixItems` (JSON Schema 2020-12) and array `items` (draft-07)
  * **OpenAPI 3.0 `nullable: true`** — Supported across all schema branches
  * **Per-tool error isolation** — One malformed schema cannot crash the full pipeline in `generateTypes()` or `getAITools()`
  * **Missing `inputSchema` fallback** — `getAITools()` falls back to `{ type: "object" }` instead of throwing  
#### `@cloudflare/ai-chat` fixes

  * **Tool denial flow** — Denied tool approvals (`approved: false`) now transition to `output-denied` with a `tool_result`, fixing Anthropic provider compatibility. Custom denial messages are supported via `state: "output-error"` and `errorText`.
  * **Abort/cancel support** — Streaming responses now properly cancel the reader loop when the abort signal fires and send a done signal to the client.
  * **Duplicate message persistence** — `persistMessages()` now reconciles assistant messages by content and order, preventing duplicate rows when clients resend full history.
  * **`requestId` in `OnChatMessageOptions`** — Handlers can now send properly-tagged error responses for pre-stream failures.
  * **`redacted_thinking` preservation** — The message sanitizer no longer strips Anthropic `redacted_thinking` blocks.
  * **`/get-messages` reliability** — Endpoint handling moved from a prototype `onRequest()` override to a constructor wrapper, so it works even when users override `onRequest` without calling `super.onRequest()`.
  * **Client tool APIs undeprecated** — `createToolsFromClientSchemas`, `clientTools`, `AITool`, `extractClientToolSchemas`, and the `tools` option on `useAgentChat` are restored for SDK use cases where tools are defined dynamically at runtime.
  * **`jsonSchema` initialization** — Fixed `jsonSchema not initialized` error when calling `getAITools()` in `onChatMessage`.  
#### Upgrade  
To update to the latest version:  
Terminal window  
```  
npm i agents@latest @cloudflare/ai-chat@latest  
```

Feb 25, 2026
1. ### [Run 15x more Containers with higher resource limits](https://developers.cloudflare.com/changelog/post/2026-02-25-higher-container-resource-limits/)  
[ Containers ](https://developers.cloudflare.com/containers/)  
You can now run more [Containers](https://developers.cloudflare.com/containers/) concurrently with significantly higher limits on memory, vCPU, and disk.

| Limit                                          | Previous Limit | New Limit |
| ---------------------------------------------- | -------------- | --------- |
| Memory for concurrent live Container instances | 400GiB         | 6TiB      |
| vCPU for concurrent live Container instances   | 100            | 1,500     |
| Disk for concurrent live Container instances   | 2TB            | 30TB      |  
This 15x increase enables larger-scale workloads on Containers. You can now run 15,000 instances of the `lite` instance type, 6,000 instances of `basic`, over 1,500 instances of `standard-1`, or over 1,000 instances of `standard-2` concurrently.  
Refer to [Limits](https://developers.cloudflare.com/containers/platform-details/limits/) for more details on the available instance types and limits.

Feb 25, 2026
1. ### [RPKI ASPA Deployment Insights on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-25-radar-aspa-insights/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now includes [Autonomous System Provider Authorization (ASPA) ↗](https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/) deployment insights, providing visibility into the adoption and verification of ASPA objects across the global routing ecosystem.  
#### New API endpoints  
The new [ASPA](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/) API provides the following endpoints:

  * [/bgp/rpki/aspa/snapshot](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/snapshot/) \- Retrieves current or historical ASPA objects.
  * [/bgp/rpki/aspa/changes](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/changes/) \- Retrieves changes to ASPA objects over time.
  * [/bgp/rpki/aspa/timeseries](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/timeseries/) \- Retrieves ASPA object counts over time as a timeseries.  
#### New Radar widgets  
The [global routing page ↗](https://radar.cloudflare.com/routing) now shows the ASPA deployment trend over time by counting daily ASPA objects.  
![Screenshot of the ASPA deployment trend chart](https://developers.cloudflare.com/_astro/aspa-global-trend.CXGWGFL4_ZEk9sF.webp)  
The global routing page also displays the most recent ASPA objects, searchable by ASN or AS name.  
![Screenshot of the ASPA objects table](https://developers.cloudflare.com/_astro/aspa-global-table.vHUyNoTh_17BSkd.webp)  
On country and region routing pages, a new widget shows the ASPA deployment rate for ASNs registered in the selected country or region.  
![Screenshot of the ASPA deployment trent chart for Germany](https://developers.cloudflare.com/_astro/aspa-germany-trend.DIH6CESC_Z1CWuGi.webp)  
On AS routing pages, the connectivity table now includes checkmarks for ASPA-verified upstreams. All ASPA upstreams are listed in a dedicated table, and a timeline shows ASPA changes at daily granularity.  
![Screenshot of the ASPA changes timeline on an AS routing page](https://developers.cloudflare.com/_astro/aspa-asn-timeline.Bnl6upJs_Z1DgRWG.webp)  
Check out the [Radar routing page ↗](https://radar.cloudflare.com/routing) to explore the data.

Feb 25, 2026
1. ### [Better Windows support for Python Workers](https://developers.cloudflare.com/changelog/post/2026-02-13-pywrangler-windows-support/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
[Pywrangler ↗](https://github.com/cloudflare/workers-py?tab=readme-ov-file#pywrangler), the CLI tool for managing Python Workers and packages, now supports Windows, allowing you to develop and deploy Python Workers from Windows environments. Previously, Pywrangler was only available on macOS and Linux.  
You can install and use Pywrangler on Windows the same way you would on other platforms. [Specify your Worker's Python dependencies](https://developers.cloudflare.com/workers/languages/python/packages/) in your `pyproject.toml` file, then use the following commands to develop and deploy:  
Terminal window  
```  
uvx --from workers-py pywrangler devuvx --from workers-py pywrangler deploy  
```  
All existing Pywrangler functionality, including package management, local development, and deployment, works on Windows without any additional configuration.  
#### Requirements  
This feature requires the following minimum versions:

  * `wrangler` \>= 4.64.0
  * `workers-py` \>= 1.72.0
  * `uv` \>= 0.29.8  
To upgrade `workers-py` (which includes Pywrangler) in your project, run:  
Terminal window  
```  
uv tool upgrade workers-py  
```  
To upgrade `wrangler`, run:  
Terminal window  
```  
npm install -g wrangler@latest  
```  
To upgrade `uv`, run:  
Terminal window  
```  
uv self update  
```  
To get started with Python Workers on Windows, refer to the [Python packages documentation](https://developers.cloudflare.com/workers/languages/python/packages/) for full details on Pywrangler.

```json
{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://developers.cloudflare.com/changelog/14/#page","headline":"Changelogs | Cloudflare Docs","url":"https://developers.cloudflare.com/changelog/14/","inLanguage":"en","image":"https://developers.cloudflare.com/cf-twitter-card.png","publisher":{"@type":"Organization","name":"Cloudflare","url":"https://www.cloudflare.com/"},"isPartOf":{"@type":"WebSite","@id":"https://developers.cloudflare.com/#website","name":"Cloudflare Docs","url":"https://developers.cloudflare.com/"}}
```
