---
title: Changelogs
image: https://developers.cloudflare.com/cf-twitter-card.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt  
> Use this file to discover all available pages before exploring further. 

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

All products

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Aug 06, 2025
1. ### [Improvements to Monitoring Using Zone Settings](https://developers.cloudflare.com/changelog/post/2025-08-06-zone-monitoring-improvements/)  
[ Load Balancing ](https://developers.cloudflare.com/load-balancing/)  
Cloudflare Load Balancing Monitors support loading and applying settings for a specific zone to monitoring requests to origin endpoints. This feature has been migrated to new infrastructure to improve reliability, performance, and accuracy.  
All zone monitors have been tested against the new infrastructure. There should be no change to health monitoring results of currently healthy and active pools. Newly created or re-enabled pools may need validation of their monitor zone settings before being introduced to service, especially regarding correct application of mTLS.  
#### What you can expect:

  * More reliable application of zone settings to monitoring requests, including  
    * Authenticated Origin Pulls
    * Aegis Egress IP Pools
    * Argo Smart Routing
    * HTTP/2 to Origin
  * Improved support and bug fixes for retries, redirects, and proxied origin resolution
  * Improved performance and reliability of monitoring requests within the Cloudflare network
  * Unrelated CDN or WAF configuration changes should have no risk of impact to pool health

Aug 06, 2025
1. ### [Certificate Transparency Insights in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-08-04-radar-ct-insights/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now introduces Certificate Transparency (CT) insights, providing visibility into certificate issuance trends based on Certificate Transparency logs currently monitored by Cloudflare.  
The following API endpoints are now available:

  * [/ct/timeseries](https://developers.cloudflare.com/api/resources/radar/subresources/ct/methods/timeseries/): Retrieves certificate issuance time series.
  * [/ct/summary/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/ct/methods/summary/): Retrieves certificate distribution by dimension.
  * [/ct/timeseries\_groups/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/ct/methods/timeseries%5Fgroups/): Retrieves time series of certificate distribution by dimension.
  * [/ct/authorities](https://developers.cloudflare.com/api/resources/radar/subresources/ct/subresources/authorities/methods/list/): Lists certification authorities.
  * [/ct/authorities/{ca\_slug}](https://developers.cloudflare.com/api/resources/radar/subresources/ct/subresources/authorities/methods/get/): Retrieves details about a Certification Authority (CA). CA information is derived from the [Common CA Database (CCADB) ↗](https://www.ccadb.org/).
  * [/ct/logs](https://developers.cloudflare.com/api/resources/radar/subresources/ct/subresources/logs/methods/list/): Lists CT logs.
  * [/ct/logs/{log\_slug}](https://developers.cloudflare.com/api/resources/radar/subresources/ct/subresources/logs/methods/get/): Retrieves details about a CT log. CT log information is derived from the [Google Chrome log list ↗](https://googlechrome.github.io/CertificateTransparency/log%5Flists.html).  
For the `summary` and `timeseries_groups` endpoints, the following dimensions are available (and also usable as filters):

  * `ca`: Certification Authority (certificate issuer)
  * `ca_owner`: Certification Authority Owner
  * `duration`: Certificate validity duration (between NotBefore and NotAfter dates)
  * `entry_type`: Entry type (certificate vs. pre-certificate)
  * `expiration_status`: Expiration status (valid vs. expired)
  * `has_ips`: Presence of IP addresses in certificate [Subject Alternative Names (SANs) ↗](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/#hostname-and-wildcard-coverage)
  * `has_wildcards`: Presence of wildcard DNS names in certificate SANs
  * `log`: CT log name
  * `log_api`: CT log API ([RFC6962 ↗](https://datatracker.ietf.org/doc/html/rfc6962) vs. [Static ↗](https://c2sp.org/static-ct-api))
  * `log_operator`: CT log operator
  * `public_key_algorithm`: Public key algorithm of certificate's key
  * `signature_algorithm`: Signature algorithm used by CA to sign certificate
  * `tld`: Top-level domain for DNS names found in certificates SANs
  * `validation_level`: [Validation level ↗](https://www.cloudflare.com/learning/ssl/types-of-ssl-certificates/)  
Check out the new Certificate Transparency insights in the [new Radar page ↗](https://radar.cloudflare.com/certificate-transparency).

Aug 05, 2025
1. ### [Agents SDK adds MCP Elicitation support, http-streamable support, task queues, email integration and more](https://developers.cloudflare.com/changelog/post/2025-08-05-agents-mcp-update/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
The latest releases of [@cloudflare/agents ↗](https://github.com/cloudflare/agents) brings major improvements to MCP transport protocols support and agents connectivity. Key updates include:  
#### MCP elicitation support  
MCP servers can now request user input during tool execution, enabling interactive workflows like confirmations, forms, and multi-step processes. This feature uses durable storage to preserve elicitation state even during agent hibernation, ensuring seamless user interactions across agent lifecycle events.  
TypeScript  
```  
// Request user confirmation via elicitationconst confirmation = await this.elicitInput({  message: `Are you sure you want to increment the counter by ${amount}?`,  requestedSchema: {    type: "object",    properties: {      confirmed: {        type: "boolean",        title: "Confirm increment",        description: "Check to confirm the increment",      },    },    required: ["confirmed"],  },});  
```  
Check out our [demo ↗](https://github.com/whoiskatrin/agents/tree/main/examples/mcp-elicitation-demo) to see elicitation in action.  
#### HTTP streamable transport for MCP  
MCP now supports HTTP streamable transport which is recommended over SSE. This transport type offers:

  * **Better performance**: More efficient data streaming and reduced overhead
  * **Improved reliability**: Enhanced connection stability and error recover- **Automatic fallback**: If streamable transport is not available, it gracefully falls back to SSE  
TypeScript  
```  
export default MyMCP.serve("/mcp", {  binding: "MyMCP",});  
```  
The SDK automatically selects the best available transport method, gracefully falling back from streamable-http to SSE when needed.  
#### Enhanced MCP connectivity  
Significant improvements to MCP server connections and transport reliability:

  * **Auto transport selection**: Automatically determines the best transport method, falling back from streamable-http to SSE as needed
  * **Improved error handling**: Better connection state management and error reporting for MCP servers
  * **Reliable prop updates**: Centralized agent property updates ensure consistency across different contexts  
#### Lightweight .queue for fast task deferral  
You can use `.queue()` to enqueue background work — ideal for tasks like processing user messages, sending notifications etc.  
TypeScript  
```  
class MyAgent extends Agent {  doSomethingExpensive(payload) {    // a long running process that you want to run in the background  }  
  queueSomething() {    await this.queue("doSomethingExpensive", somePayload); // this will NOT block further execution, and runs in the background    await this.queue("doSomethingExpensive", someOtherPayload); // the callback will NOT run until the previous callback is complete    // ... call as many times as you want  }}  
```  
Want to try it yourself? Just define a method like processMessage in your agent, and you’re ready to scale.  
#### New email adapter  
Want to build an AI agent that can receive and respond to emails automatically? With the new email adapter and onEmail lifecycle method, now you can.  
TypeScript  
```  
export class EmailAgent extends Agent {  async onEmail(email: AgentEmail) {    const raw = await email.getRaw();    const parsed = await PostalMime.parse(raw);  
    // create a response based on the email contents    // and then send a reply  
    await this.replyToEmail(email, {      fromName: "Email Agent",      body: `Thanks for your email! You've sent us "${parsed.subject}". We'll process it shortly.`,    });  }}  
```  
You route incoming mail like this:  
TypeScript  
```  
export default {  async email(email, env) {    await routeAgentEmail(email, env, {      resolver: createAddressBasedEmailResolver("EmailAgent"),    });  },};  
```  
You can find a full example [here ↗](https://github.com/cloudflare/agents/tree/main/examples/email-agent).  
#### Automatic context wrapping for custom methods  
Custom methods are now automatically wrapped with the agent's context, so calling `getCurrentAgent()` should work regardless of where in an agent's lifecycle it's called. Previously this would not work on RPC calls, but now just works out of the box.  
TypeScript  
```  
export class MyAgent extends Agent {  async suggestReply(message) {    // getCurrentAgent() now correctly works, even when called inside an RPC method    const { agent } = getCurrentAgent()!;    return generateText({      prompt: `Suggest a reply to: "${message}" from "${agent.name}"`,      tools: [replyWithEmoji],    });  }}  
```  
Try it out and tell us what you build!

Aug 05, 2025
1. ### [Cloudflare Sandbox SDK adds streaming, code interpreter, Git support, process control and more](https://developers.cloudflare.com/changelog/post/2025-08-05-sandbox-sdk-major-update/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
We’ve shipped a major release for the [@cloudflare/sandbox ↗](https://github.com/cloudflare/sandbox-sdk) SDK, turning it into a full-featured, container-based execution platform that runs securely on Cloudflare Workers.  
This update adds live streaming of output, persistent Python and JavaScript code interpreters with rich output support (charts, tables, HTML, JSON), file system access, Git operations, full background process control, and the ability to expose running services via public URLs.  
This makes it ideal for building AI agents, CI runners, cloud REPLs, data analysis pipelines, or full developer tools — all without managing infrastructure.  
#### Code interpreter (Python, JS, TS)  
Create persistent code contexts with support for rich visual + structured outputs.  
#### createCodeContext(options)  
Creates a new code execution context with persistent state.  
TypeScript  
```  
// Create a Python contextconst pythonCtx = await sandbox.createCodeContext({ language: "python" });  
// Create a JavaScript contextconst jsCtx = await sandbox.createCodeContext({ language: "javascript" });  
```  
Options:

  * language: Programming language ('python' | 'javascript' | 'typescript')
  * cwd: Working directory (default: /workspace)
  * envVars: Environment variables for the context  
#### runCode(code, options)  
Executes code with optional streaming callbacks.  
TypeScript  
```  
// Simple executionconst execution = await sandbox.runCode('print("Hello World")', {  context: pythonCtx,});  
// With streaming callbacksawait sandbox.runCode(  `for i in range(5):    print(f"Step {i}")    time.sleep(1)`,  {    context: pythonCtx,    onStdout: (output) => console.log("Real-time:", output.text),    onResult: (result) => console.log("Result:", result),  },);  
```  
Options:

  * language: Programming language ('python' | 'javascript' | 'typescript')
  * cwd: Working directory (default: /workspace)
  * envVars: Environment variables for the context  
#### Real-time streaming output  
Returns a streaming response for real-time processing.  
TypeScript  
```  
const stream = await sandbox.runCodeStream(  "import time; [print(i) for i in range(10)]",);// Process the stream as needed  
```  
#### Rich output handling  
Interpreter outputs are auto-formatted and returned in multiple formats:

  * text
  * html (e.g., Pandas tables)
  * png, svg (e.g., Matplotlib charts)
  * json (structured data)
  * chart (parsed visualizations)  
TypeScript  
```  
const result = await sandbox.runCode(  `import seaborn as snsimport matplotlib.pyplot as plt  
data = sns.load_dataset("flights")pivot = data.pivot("month", "year", "passengers")sns.heatmap(pivot, annot=True, fmt="d")plt.title("Flight Passengers")plt.show()  
pivot.to_dict()`,  { context: pythonCtx },);  
if (result.png) {  console.log("Chart output:", result.png);}  
```  
#### Preview URLs from Exposed Ports  
Start background processes and expose them with live URLs.  
TypeScript  
```  
await sandbox.startProcess("python -m http.server 8000");const preview = await sandbox.exposePort(8000);  
console.log("Live preview at:", preview.url);  
```  
#### Full process lifecycle control  
Start, inspect, and terminate long-running background processes.  
TypeScript  
```  
const process = await sandbox.startProcess("node server.js");console.log(`Started process ${process.id} with PID ${process.pid}`);  
// Monitor the processconst logStream = await sandbox.streamProcessLogs(process.id);for await (const log of parseSSEStream<LogEvent>(logStream)) {  console.log(`Server: ${log.data}`);}  
```

  * listProcesses() - List all running processes
  * getProcess(id) - Get detailed process status
  * killProcess(id, signal) - Terminate specific processes
  * killAllProcesses() - Kill all processes
  * streamProcessLogs(id, options) - Stream logs from running processes
  * getProcessLogs(id) - Get accumulated process output  
#### Git integration  
Clone Git repositories directly into the sandbox.  
TypeScript  
```  
await sandbox.gitCheckout("https://github.com/user/repo", {  branch: "main",  targetDir: "my-project",});  
```  
Sandboxes are still experimental. We're using them to explore how isolated, container-like workloads might scale on Cloudflare — and to help define the developer experience around them.

Aug 05, 2025
1. ### [OpenAI open models now available on Workers AI](https://developers.cloudflare.com/changelog/post/2025-08-05-openai-open-models/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers AI ](https://developers.cloudflare.com/workers-ai/)  
We're thrilled to be a Day 0 partner with [OpenAI ↗](http://openai.com/index/introducing-gpt-oss) to bring their [latest open models ↗](https://openai.com/index/gpt-oss-model-card/) to Workers AI, including support for Responses API, Code Interpreter, and Web Search (coming soon).  
Get started with the new models at `@cf/openai/gpt-oss-120b` and `@cf/openai/gpt-oss-20b`. Check out the [blog ↗](https://blog.cloudflare.com/openai-gpt-oss-on-workers-ai) for more details about the new models, and the [gpt-oss-120b](https://developers.cloudflare.com/workers-ai/models/gpt-oss-120b) and [gpt-oss-20b](https://developers.cloudflare.com/workers-ai/models/gpt-oss-20b) model pages for more information about pricing and context windows.  
#### Responses API  
If you call the model through:

  * Workers Binding, it will accept/return Responses API – `env.AI.run(“@cf/openai/gpt-oss-120b”)`
  * REST API on `/run` endpoint, it will accept/return Responses API – `https://api.cloudflare.com/client/v4/accounts/<account_id>/ai/run/@cf/openai/gpt-oss-120b`
  * REST API on new `/responses` endpoint, it will accept/return Responses API – `https://api.cloudflare.com/client/v4/accounts/<account_id>/ai/v1/responses`
  * REST API for OpenAI Compatible endpoint, it will return Chat Completions (coming soon) – `https://api.cloudflare.com/client/v4/accounts/<account_id>/ai/v1/chat/completions`  
```  
curl https://api.cloudflare.com/client/v4/accounts/<account_id>/ai/v1/responses \  -H "Content-Type: application/json" \  -H "Authorization: Bearer $CLOUDFLARE_API_KEY" \  -d '{    "model": "@cf/openai/gpt-oss-120b",    "reasoning": {"effort": "medium"},    "input": [      {        "role": "user",        "content": "What are the benefits of open-source models?"      }    ]  }'  
```  
#### Code Interpreter  
The model is natively trained to support stateful code execution, and we've implemented support for this feature using our [Sandbox SDK ↗](https://github.com/cloudflare/sandbox-sdk) and [Containers ↗](https://blog.cloudflare.com/containers-are-available-in-public-beta-for-simple-global-and-programmable/). Cloudflare's Developer Platform is uniquely positioned to support this feature, so we're very excited to bring our products together to support this new use case.  
#### Web Search (coming soon)  
We are working to implement Web Search for the model, where users can bring their own Exa API Key so the model can browse the Internet.

Aug 04, 2025
1. ### [Increased disk space for Workers Builds](https://developers.cloudflare.com/changelog/post/2025-08-04-builds-increased-disk-size/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
As part of the ongoing open beta for [Workers Builds](https://developers.cloudflare.com/workers/ci-cd/builds/), we’ve increased the available disk space for builds from **8 GB** to **20 GB** for both Free and Paid plans.  
This provides more space for larger projects, dependencies, and build artifacts while improving overall build reliability.

| Metric     | Free Plan | Paid Plans |
| ---------- | --------- | ---------- |
| Disk Space | 20 GB     | 20 GB      |  
All other [build limits](https://developers.cloudflare.com/workers/ci-cd/builds/limits-and-pricing/) — including CPU, memory, build minutes, and timeout remain unchanged.

Aug 04, 2025
1. ### [WAF Release - 2025-08-04](https://developers.cloudflare.com/changelog/post/2025-08-04-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
This week's highlight focuses on a series of significant vulnerabilities identified across widely adopted web platforms, from enterprise-grade CMS to essential backend administration tools. The findings reveal multiple vectors for attack, including critical flaws that allow for full server compromise and others that enable targeted attacks against users.

**Key Findings**

  * Sitecore (CVE-2025-34509, CVE-2025-34510, CVE-2025-34511): A hardcoded credential allows remote attackers to access administrative APIs. Once authenticated, they can exploit an additional vulnerability to upload arbitrary files, leading to remote code execution.
  * Grafana (CVE-2025-4123): A cross-site scripting (XSS) vulnerability allows an attacker to redirect users to a malicious website, which can then execute arbitrary JavaScript in the victim's browser.
  * LaRecipe (CVE-2025-53833): Through Server-Side Template Injection, attackers can execute arbitrary commands on the server, potentially access sensitive environment variables, and escalate access depending on server configuration.
  * CentOS WebPanel (CVE-2025-48703): A command injection vulnerability could allow a remote attacker to execute arbitrary commands on the server.
  * WordPress (CVE-2023-5561): This vulnerability allows unauthenticated attackers to determine the email addresses of users who have published public posts on an affected website.
  * WordPress Plugin - WPBookit (CVE-2025-6058): A missing file type validation allows unauthenticated attackers to upload arbitrary files to the server, creating the potential for remote code execution.
  * WordPress Theme - Motors (CVE-2025-4322): Due to improper identity validation, an unauthenticated attacker can change the passwords of arbitrary users, including administrators, to gain access to their accounts.

**Impact**  
These vulnerabilities pose a multi-layered threat to widely adopted web technologies, ranging from enterprise-grade platforms like Sitecore to everyday solutions such as WordPress, and backend tools like CentOS WebPanel. The most severe risks originate in remote code execution (RCE) flaws found in Sitecore, CentOS WebPanel, LaRecipe, and the WPBookit plugin. These allow attackers to bypass security controls and gain deep access to the server, enabling them to steal sensitive data, deface websites, install persistent malware, or use the compromised server as a launchpad for further attacks.  
The privilege escalation vulnerability is the Motors theme, which allows for a complete administrative account takeover on WordPress sites. This effectively hands control of the application to an attacker, who can then manipulate content, exfiltrate user data, and alter site functionality without needing to breach the server itself.  
The Grafana cross-site scripting (XSS) flaw can be used to hijack authenticated user sessions or steal credentials, turning a trusted user's browser into an attack vector.  
Meanwhile, the information disclosure flaw in WordPress core provides attackers with valid user emails, fueling targeted phishing campaigns that aim to secure the same account access achievable through the other exploits.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                                               | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | ------------------------------------------------------------------------- | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...52f30a13 | 100535A        | Sitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511 | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...5045a97f | 100535         | Sitecore - Information Disclosure - CVE:CVE-2025-34509                    | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...579cd3e0 | 100543         | Grafana - Directory Traversal - CVE:CVE-2025-4123                         | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...0cbd9abc | 100545         | WordPress - Information Disclosure - CVE:CVE-2023-5561                    | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...8f634977 | 100820         | CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703              | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...82ae64c1 | 100821         | LaRecipe - SSTI - CVE:CVE-2025-53833                                      | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...194f7b2d | 100822         | WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058     | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...0bf1b661 | 100823         | WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322         | Log             | Block      | This is a New Detection |

Aug 01, 2025
1. ### [Terraform v5.8.2 now available](https://developers.cloudflare.com/changelog/post/2025-08-01-terraform-v582-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
Earlier this year, we announced the launch of the new [Terraform v5 Provider](https://developers.cloudflare.com/changelog/2025-02-03-terraform-v5-provider/). We are aware of the high number of [issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare) reported by the Cloudflare community related to the v5 release. We have committed to releasing improvements on a 2 week cadeance to ensure it's stability and reliability. We have also pivoted from an issue-to-issue approach to a resource-per-resource approach - we will be focusing on specific resources for every release, stabilizing the release and closing all associated bugs with that resource before moving onto resolving migration issues.  
Thank you for continuing to raise issues. We triage them weekly and they help make our products stronger.  
#### Changes

  * Resources stabilized:  
    * `cloudflare_custom_pages`
    * `cloudflare_page_rule`
    * `cloudflare_dns_record`
    * `cloudflare_argo_tiered_caching`
  * Addressed chronic drift issues in `cloudflare_logpush_job`, `cloudflare_zero_trust_dns_location`, `cloudflare_ruleset` & `cloudflare_api_token`
  * `cloudflare_zone_subscription` returns expected values `rate_plan.id` from former versions
  * `cloudflare_workers_script` can now successfully be destroyed with bindings & migration for Durable Objects now recorded in tfstate
  * Ability to configure `add_headers` under `cloudflare_zero_trust_gateway_policy`
  * Other bug fixes  
For a more detailed look at all of the changes, see the [changelog ↗](https://github.com/cloudflare/terraform-provider-cloudflare/releases/tag/v5.8.2) in GitHub.  
#### Issues Closed

  * [#5666: cloudflare\_ruleset example lists id which is a read-only field ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5666)
  * [#5578: cloudflare\_logpush\_job plan always suggests changes ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5578)
  * [#5552: 5.4.0: Since provider update, existing cloudflare\_list\_item would be recreated "created" state ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5552)
  * [#5670: cloudflare\_zone\_subscription: uses wrong ID field in Read/Update ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5670)
  * [#5548: cloudflare\_api\_token resource always shows changes (drift) ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5548)
  * [#5634: cloudflare\_workers\_script with bindings fails to be destroyed ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5634)
  * [#5616: cloudflare\_workers\_script Unable to deploy worker assets ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5616)
  * [#5331: cloudflare\_workers\_script 500 internal server error when uploading python ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5331)
  * [#5701: cloudflare\_workers\_script migrations for Durable Objects not recorded in tfstate; cannot be upgraded between versions ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5701)
  * [#5704: cloudflare\_workers\_script randomly fails to deploy when changing compatibility\_date ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5704)
  * [#5439: cloudflare\_workers\_script (v5.2.0) ignoring content and bindings properties ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5439)
  * [#5522: cloudflare\_workers\_script always detects changes after apply ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5522)
  * [#5693: cloudflare\_zero\_trust\_access\_identity\_provider gives recurring change on OTP pin login ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5693)
  * [#5567: cloudflare\_r2\_custom\_domain doesn't roundtrip jurisdiction properly ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5567)
  * [#5179: Bad request with when creating cloudflare\_api\_shield\_schema resource ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5179)  
If you have an unaddressed issue with the provider, we encourage you to check the [open issues ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues) and open a new one if one does not already exist for what you are experiencing.  
#### Upgrading  
We suggest holding off on migration to v5 while we work on stabilization. This help will you avoid any blocking issues while the Terraform resources are actively being stabilized.  
If you'd like more information on migrating from v4 to v5, please make use of the [migration guide ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/guides/version-5-upgrade). We have provided automated migration scripts using Grit which simplify the transition, although these do not support implementations which use Terraform modules, so customers making use of modules need to migrate manually. Please make use of `terraform plan` to test your changes before applying, and let us know if you encounter any additional issues by reporting to our [GitHub repository ↗](https://github.com/cloudflare/terraform-provider-cloudflare).  
#### For more info

  * [Terraform provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)
  * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)

Aug 01, 2025
1. ### [Develop locally with Containers and the Cloudflare Vite plugin](https://developers.cloudflare.com/changelog/post/2025-08-01-containers-in-vite-dev/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
You can now configure and run [Containers](https://developers.cloudflare.com/containers) alongside your [Worker](https://developers.cloudflare.com/workers) during local development when using the [Cloudflare Vite plugin](https://developers.cloudflare.com/workers/vite-plugin/). Previously, you could only develop locally when using [Wrangler](https://developers.cloudflare.com/workers/wrangler/) as your local development server.  
#### Configuration  
You can simply configure your Worker and your Container(s) in your Wrangler configuration file:

  * [  wrangler.jsonc ](#tab-panel-4867)
  * [  wrangler.toml ](#tab-panel-4868)  
JSONC  
```  
{  "name": "container-starter",  "main": "src/index.js",  "containers": [    {      "class_name": "MyContainer",      "image": "./Dockerfile",      "instances": 5    }  ],  "durable_objects": {    "bindings": [      {        "class_name": "MyContainer",        "name": "MY_CONTAINER"      }    ]  },  "migrations": [    {      "new_sqlite_classes": [        "MyContainer"      ],      "tag": "v1"    }  ],}  
```  
TOML  
```  
name = "container-starter"main = "src/index.js"  
[[containers]]class_name = "MyContainer"image = "./Dockerfile"instances = 5  
[[durable_objects.bindings]]class_name = "MyContainer"name = "MY_CONTAINER"  
[[migrations]]new_sqlite_classes = [ "MyContainer" ]tag = "v1"  
```  
#### Worker Code  
Once your Worker and Containers are configured, you can access the Container instances from your Worker code:  
TypeScript  
```  
import { Container, getContainer } from "@cloudflare/containers";  
export class MyContainer extends Container {  defaultPort = 4000; // Port the container is listening on  sleepAfter = "10m"; // Stop the instance if requests not sent for 10 minutes}  
async fetch(request, env) {  const { "session-id": sessionId } = await request.json();  // Get the container instance for the given session ID  const containerInstance = getContainer(env.MY_CONTAINER, sessionId)  // Pass the request to the container instance on its default port  return containerInstance.fetch(request);}  
```  
#### Local development  
To develop your Worker locally, start a local dev server by running  
Terminal window  
```  
vite dev  
```  
in your terminal.  
#### Resources  
Learn more about [Cloudflare Containers ↗](https://developers.cloudflare.com/containers/) or the [Cloudflare Vite plugin ↗](https://developers.cloudflare.com/workers/vite-plugin/) in our developer docs.

Jul 31, 2025
1. ### [Terraform V5 support for tunnels and routes](https://developers.cloudflare.com/changelog/post/2025-07-31-terraform-v5-tunnels-routes/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
The Cloudflare Terraform provider resources for Cloudflare WAN tunnels and routes now support Terraform provider version 5\. Customers using infrastructure-as-code workflows can manage their tunnel and route configuration with the latest provider version.  
For more information, refer to the [Cloudflare Terraform provider documentation ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).

Jul 30, 2025
1. ### [Magic Transit and Magic WAN health check data is fully compatible with the CMB EU setting.](https://developers.cloudflare.com/changelog/post/2025-07-30-mt-mwan-health-check-cmb-eu/)  
[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Today, we are excited to announce that all Magic Transit and Magic WAN customers with CMB EU ([Customer Metadata Boundary - Europe](https://developers.cloudflare.com/data-localization/metadata-boundary/)) enabled in their account will be able to access GRE, IPsec, and CNI health check and traffic volume data in the Cloudflare dashboard and via API.  
This ensures that all Magic Transit and Magic WAN customers with CMB EU enabled will be able to access all Magic Transit and Magic WAN features.  
Specifically, these two GraphQL endpoints are now compatible with CMB EU:

  * `magicTransitTunnelHealthChecksAdaptiveGroups`
  * `magicTransitTunnelTrafficAdaptiveGroups`

Jul 29, 2025
1. ### [Deploy to Cloudflare buttons now support Worker environment variables, secrets, and Secrets Store secrets](https://developers.cloudflare.com/changelog/post/2025-07-01-workers-deploy-button-supports-environment-variables-and-secrets/)  
[ Workers ](https://developers.cloudflare.com/workers/)[ Secrets Store ](https://developers.cloudflare.com/secrets-store/)  
Any template which uses [Worker environment variables](https://developers.cloudflare.com/workers/configuration/environment-variables/), [secrets](https://developers.cloudflare.com/workers/configuration/secrets/), or [Secrets Store secrets](https://developers.cloudflare.com/secrets-store/) can now be deployed using a [Deploy to Cloudflare button](https://developers.cloudflare.com/workers/platform/deploy-buttons/).  
Define environment variables and secrets store bindings in your Wrangler configuration file as normal:

  * [  wrangler.jsonc ](#tab-panel-4865)
  * [  wrangler.toml ](#tab-panel-4866)  
JSONC  
```  
{  "name": "my-worker",  "main": "./src/index.ts",  // Set this to today's date  "compatibility_date": "2026-07-01",  "vars": {    "API_HOST": "https://example.com",  },  "secrets_store_secrets": [    {      "binding": "API_KEY",      "store_id": "demo",      "secret_name": "api-key"    }  ]}  
```  
TOML  
```  
name = "my-worker"main = "./src/index.ts"# Set this to today's datecompatibility_date = "2026-07-01"  
[vars]API_HOST = "https://example.com"  
[[secrets_store_secrets]]binding = "API_KEY"store_id = "demo"secret_name = "api-key"  
```  
Add secrets to a `.dev.vars.example` or `.env.example` file:  
.dev.vars.example  
```  
COOKIE_SIGNING_KEY=my-secret # comment  
```  
And optionally, you can add a description for these bindings in your template's `package.json` to help users understand how to configure each value:  
package.json  
```  
{  "name": "my-worker",  "private": true,  "cloudflare": {    "bindings": {      "API_KEY": {        "description": "Select your company's API key for connecting to the example service."      },      "COOKIE_SIGNING_KEY": {        "description": "Generate a random string using `openssl rand -hex 32`."      }    }  }}  
```  
These secrets and environment variables will be presented to users in the dashboard as they deploy this template, allowing them to configure each value. Additional information about creating templates and Deploy to Cloudflare buttons can be found in [our documentation](https://developers.cloudflare.com/workers/platform/deploy-buttons/).

Jul 29, 2025
1. ### [Audit logs (version 2) - UI Beta Release](https://developers.cloudflare.com/changelog/post/2025-07-29-audit-logs-v2-ui-beta/)  
[ Audit Logs ](https://developers.cloudflare.com/fundamentals/account/account-security/review-audit-logs/)  
The Audit Logs v2 UI is now available to all Cloudflare customers in Beta. This release builds on the public [Beta of the Audit Logs v2 API](https://developers.cloudflare.com/changelog/product/audit-logs/) and introduces a redesigned user interface with powerful new capabilities to make it easier to investigate account activity.

**Enabling the new UI**  
To try the new user interface, go to **Manage Account > Audit Logs**. The previous version of Audit Logs remains available and can be re-enabled at any time using the **Switch back to old Audit Logs** link in the banner at the top of the page.

**New Features:**

  * **Advanced Filtering**: Filter logs by actor, resource, method, and more for faster insights.
  * **On-hover filter controls**: Easily include or exclude values in queries by hovering over fields within a log entry.
  * **Detailed Log Sidebar**: View rich context for each log entry without leaving the main view.
  * **JSON Log View**: Inspect the raw log data in a structured JSON format.
  * **Custom Time Ranges**: Define your own time windows to view historical activity.
  * **Infinite Scroll**: Seamlessly browse logs without clicking through pages.  
![Audit Logs v2 new UI](https://developers.cloudflare.com/_astro/Audit_logs_v2_filters.Bacd1IHg_f0dJz.webp)  
For more details on Audit Logs v2, see the [Audit Logs documentation ↗](https://developers.cloudflare.com/fundamentals/account/account-security/audit-logs/).

**Known issues**

  * A small number of audit logs may currently be unavailable in Audit Logs v2\. In some cases, certain fields such as actor information may be missing in certain audit logs. We are actively working to improve coverage and completeness for General Availability.
  * Export to CSV is not supported in the new UI.  
We are actively refining the Audit Logs v2 experience and welcome your feedback. You can share overall feedback by clicking the thumbs up or thumbs down icons at the top of the page, or provide feedback on specific audit log entries using the thumbs icons next to each audit log line or by filling out our [feedback form ↗](https://docs.google.com/forms/d/e/1FAIpQLSfXGkJpOG1jUPEh-flJy9B13icmcdBhveFwe-X0EzQjJQnQfQ/viewform?usp=sharing).

Jul 28, 2025
1. ### [Introducing pricing for the Browser Rendering API — $0.09 per browser hour](https://developers.cloudflare.com/changelog/post/2025-07-28-br-pricing/)  
[ Browser Run ](https://developers.cloudflare.com/browser-run/)  
We’ve launched pricing for [Browser Rendering](https://developers.cloudflare.com/browser-run/), including a free tier and a pay-as-you-go model that scales with your needs. Starting **August 20, 2025**, Cloudflare will begin billing for Browser Rendering.  
There are two ways to use Browser Rendering. Depending on the method you use, here’s how billing will work:

  * [**REST API**](https://developers.cloudflare.com/browser-run/quick-actions/): Charged for **Duration** only ($/browser hour)
  * [**Browser Sessions**](https://developers.cloudflare.com/browser-run/#integration-methods): Charged for both **Duration** and **Concurrency** ($/browser hour and # of concurrent browsers)  
Included usage and pricing by plan

| Plan             | Included duration  | Included concurrency                      | Price (beyond included)                                                                                                                                  |
| ---------------- | ------------------ | ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Workers Free** | 10 minutes per day | 3 concurrent browsers                     | N/A                                                                                                                                                      |
| **Workers Paid** | 10 hours per month | 10 concurrent browsers (averaged monthly) | **1\. REST API**: $0.09 per additional browser hour **2\. Workers Bindings**: $0.09 per additional browser hour  $2.00 per additional concurrent browser |  
What you need to know:

  * **Workers Free Plan:** 10 minutes of browser usage per day with 3 concurrent browsers at no charge.
  * **Workers Paid Plan:** 10 hours of browser usage per month with 10 concurrent browsers (averaged monthly) at no charge. Additional usage is charged as shown above.  
You can monitor usage via the [Cloudflare dashboard ↗](https://dash.cloudflare.com/?to=/:account/workers/browser-run). Go to **Compute** \> **Browser Run**.  
![Browser Rendering dashboard](https://developers.cloudflare.com/_astro/dashboard.BQnX87lT_39GAT.webp)  
If you've been using Browser Rendering and do not wish to incur charges, ensure your usage stays within your plan's [included usage](https://developers.cloudflare.com/browser-run/pricing/). To estimate costs, take a look at these [example pricing scenarios](https://developers.cloudflare.com/browser-run/pricing/#examples-of-workers-paid-pricing).

Jul 28, 2025
1. ### [Scam domain category introduced under Security Threats](https://developers.cloudflare.com/changelog/post/2025-07-28-spam-domain-category-introduced/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
We have introduced a new Security Threat category called **Scam**. Relevant domains are marked with the Scam category. Scam typically refers to fraudulent websites and schemes designed to trick victims into giving away money or personal information.

**New category added**

| Parent ID | Parent Name      | Category ID | Category Name |
| --------- | ---------------- | ----------- | ------------- |
| 21        | Security Threats | 191         | Scam          |  
Refer to [Gateway domain categories](https://developers.cloudflare.com/cloudflare-one/traffic-policies/domain-categories/) to learn more.

Jul 28, 2025
1. ### [WAF Release - 2025-07-28](https://developers.cloudflare.com/changelog/post/2025-07-28-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.

**Key Findings**

  * Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
  * Apache Tomcat (CVE-2025-31650): A improper Input Validation vulnerability in Apache Tomcat that could create memory leak when incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request.
  * MongoDB (CVE-2024-53900, CVE:CVE-2025-23061): Improper use of `$where` in match and a nested `$where` filter with a `populate()` match in Mongoose can lead to search injection.

**Impact**  
These vulnerabilities target user-facing components, web application servers, and back-end databases. A SQL injection flaw in Fortinet FortiWeb can lead to data theft or system compromise. A separate issue in Apache Tomcat involves a memory leak from improper input validation, which could be exploited for a denial-of-service (DoS) attack. Finally, a vulnerability in MongoDB's Mongoose library allows attackers to bypass security filters and access unauthorized data through malicious search queries.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                                              | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | ------------------------------------------------------------------------ | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...3461ec9e | 100804         | BerriAI - SSRF - CVE:CVE-2024-6587                                       | Log             | Disabled   | This is a New Detection |
| Cloudflare Managed Ruleset | ...0cb13e1d | 100812         | Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257           | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...67fae7f7 | 100813         | Apache Tomcat - DoS - CVE:CVE-2025-31650                                 | Log             | Disabled   | This is a New Detection |
| Cloudflare Managed Ruleset | ...4b6a5bb1 | 100815         | MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061 | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...688f8e79 | 100816         | MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061 | Log             | Block      | This is a New Detection |

Jul 24, 2025
1. ### [WARP client for Windows (version 2025.6.824.1)](https://developers.cloudflare.com/changelog/post/2025-07-24-warp-windows-beta/)  
[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
A new Beta release for the Windows WARP client is now available on the [beta releases downloads page](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/beta-releases/).  
This release contains minor fixes and improvements.

**Changes and improvements**

  * Improvements to better manage multi-user pre-login registrations.
  * Fixed an issue preventing devices from reaching split-tunneled traffic even when WARP was disconnected.
  * Fix to prevent WARP from re-enabling its firewall rules after a user-initiated disconnect.
  * Improvement to managed network detection checks for faster switching between managed networks.

**Known issues**

  * For Windows 11 24H2 users, Microsoft has confirmed a regression that may lead to performance issues like mouse lag, audio cracking, or other slowdowns. Cloudflare recommends users experiencing these issues upgrade to a minimum [Windows 11 24H2 version KB5062553](https://support.microsoft.com/en-us/topic/july-8-2025-kb5062553-os-build-26100-4652-523e69cb-051b-43c6-8376-6a76d6caeefd) or higher for resolution.
  * Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/#route-traffic-to-fallback-server).
  * Devices with `KB5055523` installed may receive a warning about `Win32/ClickFix.ABA` being present in the installer. To resolve this false positive, update Microsoft Security Intelligence to [version 1.429.19.0](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.429.19.0) or later.
  * DNS resolution may be broken when the following conditions are all true:

    * WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
    * A custom DNS server address is configured on the primary network adapter.
    * The custom DNS server address on the primary network adapter is changed while WARP is connected.  
  To work around this issue, reconnect the WARP client by toggling off and back on.

Jul 24, 2025
1. ### [WARP client for macOS (version 2025.6.824.1)](https://developers.cloudflare.com/changelog/post/2025-07-24-warp-macos-beta/)  
[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
A new Beta release for the macOS WARP client is now available on the [beta releases downloads page](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/beta-releases/).  
This release contains minor fixes and improvements.

**Changes and improvements**

  * Fixed an issue preventing devices from reaching split-tunneled traffic even when WARP was disconnected.
  * Fix to prevent WARP from re-enabling its firewall rules after a user-initiated disconnect.
  * Improvement to managed network detection checks for faster switching between managed networks.

**Known issues**

  * macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later.
  * Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/#route-traffic-to-fallback-server).

Jul 24, 2025
1. ### [Gateway HTTP Filtering on all ports available in open BETA](https://developers.cloudflare.com/changelog/post/2025-07-24-http-inspection-on-all-ports/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
[Gateway](https://developers.cloudflare.com/cloudflare-one/traffic-policies/) can now apply [HTTP filtering](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/) to all proxied HTTP requests, not just traffic on standard HTTP (`80`) and HTTPS (`443`) ports. This means all requests can now be filtered by [A/V scanning](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/antivirus-scanning/), [file sandboxing](https://developers.cloudflare.com/cloudflare-one/traffic-policies/http-policies/file-sandboxing/), [Data Loss Prevention (DLP)](https://developers.cloudflare.com/cloudflare-one/data-loss-prevention/#data-in-transit), and more.  
You can turn this [setting](https://developers.cloudflare.com/cloudflare-one/traffic-policies/network-policies/protocol-detection/#inspect-on-all-ports) on by going to **Settings** \> **Network** \> **Firewall** and choosing _Inspect on all ports_.  
![HTTP Inspection on all ports setting](https://developers.cloudflare.com/_astro/Gateway-Inspection-all-ports.CCmwX6D0_OoDoS.webp)  
To learn more, refer to [Inspect on all ports (Beta)](https://developers.cloudflare.com/cloudflare-one/traffic-policies/network-policies/protocol-detection/#inspect-on-all-ports).

Jul 23, 2025
1. ### [WARP client for Windows (version 2025.5.943.0)](https://developers.cloudflare.com/changelog/post/2025-07-23-warp-windows-ga/)  
[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
A new GA release for the Windows WARP client is now available on the [stable releases downloads page](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/).  
This release contains minor fixes and improvements.

**Changes and improvements**

  * WARP proxy mode now uses the operating system's DNS settings. Changes made to system DNS settings while in proxy mode require the client to be turned off then back on to take effect.
  * Changes to the [SCCM VPN boundary support](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/settings/#sccm-vpn-boundary-support) feature to no longer restart the SMS Agent Host (`ccmexec.exe`) service.
  * Fixed an issue affecting clients in Split Tunnel Include mode, where access to split-tunneled traffic was blocked after reconnecting the client.

**Known issues**

  * For Windows 11 24H2 users, Microsoft has confirmed a regression that may lead to performance issues like mouse lag, audio cracking, or other slowdowns. Cloudflare recommends users experiencing these issues upgrade to a minimum [Windows 11 24H2 version KB5062553](https://support.microsoft.com/en-us/topic/july-8-2025-kb5062553-os-build-26100-4652-523e69cb-051b-43c6-8376-6a76d6caeefd) or higher for resolution.
  * Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/#route-traffic-to-fallback-server).
  * Devices with `KB5055523` installed may receive a warning about `Win32/ClickFix.ABA` being present in the installer. To resolve this false positive, update Microsoft Security Intelligence to [version 1.429.19.0](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.429.19.0) or later.
  * DNS resolution may be broken when the following conditions are all true:

    * WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
    * A custom DNS server address is configured on the primary network adapter.
    * The custom DNS server address on the primary network adapter is changed while WARP is connected.  
  To work around this issue, reconnect the WARP client by toggling off and back on.

Jul 23, 2025
1. ### [WARP client for macOS (version 2025.5.943.0)](https://developers.cloudflare.com/changelog/post/2025-07-23-warp-macos-ga/)  
[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
A new GA release for the macOS WARP client is now available on the [stable releases downloads page](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/).  
This release contains minor fixes and improvements.

**Changes and improvements**

  * WARP proxy mode now uses the operating system's DNS settings. Changes made to system DNS settings while in proxy mode require the client to be turned off then back on to take effect.
  * Fixed an issue affecting clients in Split Tunnel Include mode, where access to split-tunneled traffic was blocked after reconnecting the client.
  * For macOS deployments, the WARP client can now be managed using an `mdm.xml` file placed in `/Library/Application Support/Cloudflare/mdm.xml`. This new configuration option offers an alternative to the still supported method of deploying a managed plist through an MDM solution.

**Known issues**

  * macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later.
  * Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/#route-traffic-to-fallback-server).

Jul 23, 2025
1. ### [WARP client for Linux (version 2025.5.943.0)](https://developers.cloudflare.com/changelog/post/2025-07-23-warp-linux-ga/)  
[ Cloudflare One Client ](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/)  
A new GA release for the Linux WARP client is now available on the [stable releases downloads page](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/download/).  
This release contains minor fixes and improvements.

**Changes and improvements**

  * WARP proxy mode now uses the operating system's DNS settings. Changes made to system DNS settings while in proxy mode require the client to be turned off then back on to take effect.
  * Fixed an issue affecting clients in Split Tunnel Include mode, where access to split-tunneled traffic was blocked after reconnecting the client.

**Known issues**

  * Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](https://developers.cloudflare.com/cloudflare-one/team-and-resources/devices/cloudflare-one-client/configure/route-traffic/local-domains/#route-traffic-to-fallback-server).

Jul 22, 2025
1. ### [Browser Rendering now supports local development](https://developers.cloudflare.com/changelog/post/2025-07-22-br-local-dev/)  
[ Browser Run ](https://developers.cloudflare.com/browser-run/)  
You can now run your Browser Rendering locally using `npx wrangler dev`, which spins up a browser directly on your machine before deploying to Cloudflare's global network. By running tests locally, you can quickly develop, debug, and test changes without needing to deploy or worry about usage costs.  
Get started with this [example guide](https://developers.cloudflare.com/browser-run/how-to/deploy-worker/) that shows how to use Cloudflare's [fork of Puppeteer](https://developers.cloudflare.com/browser-run/puppeteer/) (you can also use [Playwright](https://developers.cloudflare.com/browser-run/playwright/)) to take screenshots of webpages and store the results in [Workers KV](https://developers.cloudflare.com/kv/).

Jul 22, 2025
1. ### [Test out code changes before shipping with per-branch preview deployments for Cloudflare Workers](https://developers.cloudflare.com/changelog/post/2025-07-23-workers-preview-urls/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
Now, when you connect your Cloudflare Worker to a git repository on GitHub or GitLab, each branch of your repository has its own stable preview URL, that you can use to preview code changes before merging the pull request and deploying to production.  
This works the same way that Cloudflare Pages does — every time you create a pull request, you'll automatically get a shareable preview link where you can see your changes running, without affecting production. The link stays the same, even as you add commits to the same branch. These preview URLs are named after your branch and are posted as a comment to each pull request. The URL stays the same with every commit and always points to the latest version of that branch.  
![PR comment preview](https://developers.cloudflare.com/_astro/preview-urls-comment.0wQffFIq_2uQPCz.webp)  
#### Preview URL types  
Each comment includes **two preview URLs** as shown above:

  * **Commit Preview URL**: Unique to the specific version/commit (e.g., `<version-prefix>-<worker-name>.<subdomain>.workers.dev`)
  * **Branch Preview URL**: A stable alias based on the branch name (e.g., `<branch-name>-<worker-name>.<subdomain>.workers.dev`)  
#### How it works  
When you create a pull request:

  * **A preview alias is automatically created** based on the Git branch name (e.g., `<branch-name>` becomes `<branch-name>-<worker-name>.<subdomain>.workers.dev`)
  * **No configuration is needed**, the alias is generated for you
  * **The link stays the same** even as you add commits to the same branch
  * **Preview URLs are posted directly to your pull request as comments** (just like they are in Cloudflare Pages)  
#### Custom alias name  
You can also assign a custom preview alias using the [Wrangler CLI](https://developers.cloudflare.com/workers/wrangler/), by passing the `--preview-alias` flag when [uploading a version](https://developers.cloudflare.com/workers/wrangler/commands/general/#versions-upload) of your Worker:  
Terminal window  
```  
wrangler versions upload --preview-alias staging  
```  
#### Limitations while in beta

  * Only available on the **workers.dev** subdomain (custom domains not yet supported)
  * Requires **Wrangler v4.21.0+**
  * Preview URLs are not generated for Workers that use [Durable Objects](https://developers.cloudflare.com/durable-objects/)
  * Not yet supported for [Workers for Platforms](https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/)

Jul 22, 2025
1. ### [Google Bard Application replaced by Gemini](https://developers.cloudflare.com/changelog/post/2025-08-15-gemini-application-replaces-bard/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)  
The **Google Bard** application (ID: 1198) has been deprecated and fully removed from the system. It has been replaced by the **Gemini** application (ID: 1340). Any existing Gateway policies that reference the old Google Bard application will no longer function. To ensure your policies continue to work as intended, you should update them to use the new Gemini application. We recommend replacing all instances of the deprecated Bard application with the new Gemini application in your Gateway policies. For more information about application policies, please see the [Cloudflare Gateway documentation](https://developers.cloudflare.com/cloudflare-one/traffic-policies/application-app-types/).

```json
{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://developers.cloudflare.com/changelog/29/#page","headline":"Changelogs | Cloudflare Docs","url":"https://developers.cloudflare.com/changelog/29/","inLanguage":"en","image":"https://developers.cloudflare.com/cf-twitter-card.png","publisher":{"@type":"Organization","name":"Cloudflare","url":"https://www.cloudflare.com/"},"isPartOf":{"@type":"WebSite","@id":"https://developers.cloudflare.com/#website","name":"Cloudflare Docs","url":"https://developers.cloudflare.com/"}}
```
