---
title: Changelogs
image: https://developers.cloudflare.com/cf-twitter-card.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt  
> Use this file to discover all available pages before exploring further. 

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

All products

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Mar 12, 2025
1. ### [Threaded replies now possible in Email Workers](https://developers.cloudflare.com/changelog/post/2025-03-12-reply-limits/)  
[ Email Service ](https://developers.cloudflare.com/email-service/)  
We’re removing some of the restrictions in Email Routing so that AI Agents and task automation can better handle email workflows, including how Workers can [reply](https://developers.cloudflare.com/email-service/api/route-emails/email-handler/#reply-to-emails) to incoming emails.  
It's now possible to keep a threaded email conversation with an [Email Worker](https://developers.cloudflare.com/email-service/api/route-emails/email-handler/) script as long as:

  * The incoming email has to have valid [DMARC ↗](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/).
  * The email can only be replied to once in the same `EmailMessage` event.
  * The recipient in the reply must match the incoming sender.
  * The outgoing sender domain must match the same domain that received the email.
  * Every time an email passes through Email Routing or another MTA, an entry is added to the `References` list. We stop accepting replies to emails with more than 100 `References` entries to prevent abuse or accidental loops.  
Here's an example of a Worker responding to Emails using a Workers AI model:  
AI model responding to emails  
```  
import PostalMime from "postal-mime";import { createMimeMessage } from "mimetext";import { EmailMessage } from "cloudflare:email";  
export default {  async email(message, env, ctx) {    const email = await PostalMime.parse(message.raw);    const res = await env.AI.run("@cf/meta/llama-2-7b-chat-fp16", {      messages: [        {          role: "user",          content: email.text ?? "",        },      ],    });  
    // message-id is generated by mimetext    const response = createMimeMessage();    response.setHeader("In-Reply-To", message.headers.get("Message-ID")!);    response.setSender("agent@example.com");    response.setRecipient(message.from);    response.setSubject("Llama response");    response.addMessage({      contentType: "text/plain",      data:        res instanceof ReadableStream          ? await new Response(res).text()          : res.response!,    });  
    const replyMessage = new EmailMessage(      "<email>",      message.from,      response.asRaw(),    );    await message.reply(replyMessage);  },} satisfies ExportedHandler<Env>;  
```  
See [Reply to emails from Workers](https://developers.cloudflare.com/email-service/api/route-emails/email-handler/#reply-to-emails) for more information.

Mar 11, 2025
1. ### [WAF Release - 2025-03-11 - Emergency](https://developers.cloudflare.com/changelog/post/2025-03-11-emergency-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                        | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | -------------------------------------------------- | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...73febb31 | 100731         | Apache Camel - Code Injection - CVE:CVE-2025-27636 | N/A             | Block      | This is a New Detection |

Mar 11, 2025
1. ### [Access your Worker's environment variables from process.env](https://developers.cloudflare.com/changelog/post/2025-03-11-process-env-support/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
You can now access [environment variables](https://developers.cloudflare.com/workers/configuration/environment-variables/) and [secrets](https://developers.cloudflare.com/workers/configuration/secrets/) on [process.env](https://developers.cloudflare.com/workers/runtime-apis/nodejs/process/#processenv)when using the [nodejs\_compat compatibility flag](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#nodejs-compatibility-flag).  
JavaScript  
```  
const apiClient = ApiClient.new({ apiKey: process.env.API_KEY });const LOG_LEVEL = process.env.LOG_LEVEL || "info";  
```  
In Node.js, environment variables are exposed via the global `process.env` object. Some libraries assume that this object will be populated, and many developers may be used to accessing variables in this way.  
Previously, the `process.env` object was always empty unless written to in Worker code. This could cause unexpected errors or friction when developing Workers using code previously written for Node.js.  
Now, [environment variables](https://developers.cloudflare.com/workers/configuration/environment-variables/), [secrets](https://developers.cloudflare.com/workers/configuration/secrets/), and [version metadata](https://developers.cloudflare.com/workers/runtime-apis/bindings/version-metadata/)can all be accessed on `process.env`.  
To opt-in to the new `process.env` behaviour now, add the [nodejs\_compat\_populate\_process\_env](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#enable-auto-populating-processenv) compatibility flag to your `wrangler.json` configuration:

  * [  wrangler.jsonc ](#tab-panel-4905)
  * [  wrangler.toml ](#tab-panel-4906)  
JSONC  
```  
{  // Rest of your configuration  // Add "nodejs_compat_populate_process_env" to your compatibility_flags array  "compatibility_flags": ["nodejs_compat", "nodejs_compat_populate_process_env"],  // Rest of your configuration  
```  
TOML  
```  
compatibility_flags = [ "nodejs_compat", "nodejs_compat_populate_process_env" ]  
```  
After April 1, 2025, populating `process.env` will become the default behavior when both `nodejs_compat` is enabled and your Worker's `compatibility_date` is after "2025-04-01".

Mar 10, 2025
1. ### [WAF Release - 2025-03-10](https://developers.cloudflare.com/changelog/post/2025-03-10-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                                | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | ---------------------------------------------------------- | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...b2a51e3d | 100722         | Ivanti - Information Disclosure - CVE:CVE-2025-0282        | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...259073d5 | 100723         | Cisco IOS XE - Information Disclosure - CVE:CVE-2023-20198 | Log             | Block      | This is a New Detection |

Mar 07, 2025
1. ### [Cloudflare One Agent now supports Endpoint Monitoring](https://developers.cloudflare.com/changelog/post/2025-03-07-cloudflare-one-device-health-monitoring/)  
[ Digital Experience Monitoring ](https://developers.cloudflare.com/cloudflare-one/insights/dex/)  
[Digital Experience Monitoring (DEX)](https://developers.cloudflare.com/cloudflare-one/insights/dex/) provides visibility into device, network, and application performance across your Cloudflare SASE deployment. The latest release of the Cloudflare One agent (v2025.1.861) now includes device endpoint monitoring capabilities to provide deeper visibility into end-user device performance which can be analyzed directly from the dashboard.  
Device health metrics are now automatically collected, allowing administrators to:

  * View the last network a user was connected to
  * Monitor CPU and RAM utilization on devices
  * Identify resource-intensive processes running on endpoints  
![Device endpoint monitoring dashboard](https://developers.cloudflare.com/_astro/cloudflare-one-agent-health-monitoring.XXtiRuOp_Z25TN9Q.webp)  
This feature complements existing DEX features like [synthetic application monitoring](https://developers.cloudflare.com/cloudflare-one/insights/dex/tests/) and [network path visualization](https://developers.cloudflare.com/cloudflare-one/insights/dex/tests/traceroute/), creating a comprehensive troubleshooting workflow that connects application performance with device state.  
For more details refer to our [DEX](https://developers.cloudflare.com/cloudflare-one/insights/dex/) documentation.

Mar 07, 2025
1. ### [Hyperdrive reduces query latency by up to 90% and now supports IP access control lists](https://developers.cloudflare.com/changelog/post/2025-03-04-hyperdrive-pooling-near-database-and-ip-range-egress/)  
[ Hyperdrive ](https://developers.cloudflare.com/hyperdrive/)  
Hyperdrive now pools database connections in one or more regions close to your database. This means that your uncached queries and new database connections have up to 90% less latency as measured from connection pools.  
![Hyperdrive query latency decreases by 90% during Hyperdrive's gradual rollout of regional pooling.](https://developers.cloudflare.com/_astro/hyperdrive-regional-pooling-query-latency-improvement.Bzz_xvHZ_rlYbl.webp)  
By improving placement of Hyperdrive database connection pools, Workers' Smart Placement is now more effective when used with Hyperdrive, ensuring that your Worker can be placed as close to your database as possible.  
With this update, Hyperdrive also uses [Cloudflare's standard IP address ranges ↗](https://www.cloudflare.com/ips/) to connect to your database. This enables you to configure the firewall policies (IP access control lists) of your database to only allow access from Cloudflare and Hyperdrive.  
Refer to [documentation on how Hyperdrive makes connecting to regional databases from Cloudflare Workers fast](https://developers.cloudflare.com/hyperdrive/concepts/how-hyperdrive-works/).  
This improvement is enabled on all Hyperdrive configurations.

Mar 07, 2025
1. ### [Updated leaked credentials database](https://developers.cloudflare.com/changelog/post/2025-03-07-updated-leaked-credentials-database/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
Added new records to the leaked credentials database. The record sources are: Have I Been Pwned (HIBP) database, RockYou 2024 dataset, and another third-party database.

Mar 06, 2025
1. ### [One-click Logpush Setup with R2 Object Storage](https://developers.cloudflare.com/changelog/post/2025-03-06-oneclick-logpush/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
We’ve streamlined the [Logpush](https://developers.cloudflare.com/logs/logpush/) setup process by integrating R2 bucket creation directly into the Logpush workflow!  
Now, you no longer need to navigate multiple pages to manually create an R2 bucket or copy credentials. With this update, you can seamlessly **configure a Logpush job to R2 in just one click**, reducing friction and making setup faster and easier.  
This enhancement makes it easier for customers to adopt Logpush and R2.  
For more details refer to our [Logs](https://developers.cloudflare.com/logs/logpush/logpush-job/enable-destinations/r2/) documentation.

Mar 06, 2025
1. ### [Set retention polices for your R2 bucket with bucket locks](https://developers.cloudflare.com/changelog/post/2025-03-06-r2-bucket-locks/)  
[ R2 ](https://developers.cloudflare.com/r2/)  
You can now use [bucket locks](https://developers.cloudflare.com/r2/buckets/bucket-locks/) to set retention policies on your [R2 buckets](https://developers.cloudflare.com/r2/buckets/) (or specific prefixes within your buckets) for a specified period — or indefinitely. This can help ensure compliance by protecting important data from accidental or malicious deletion.  
Locks give you a few ways to ensure your objects are retained (not deleted or overwritten). You can:

  * Lock objects for a specific duration, for example 90 days.
  * Lock objects until a certain date, for example January 1, 2030.
  * Lock objects indefinitely, until the lock is explicitly removed.  
Buckets can have up to 1,000 [bucket lock rules](https://developers.cloudflare.com/r2/buckets/). Each rule specifies which objects it covers (via prefix) and how long those objects must remain retained.  
Here are a couple of examples showing how you can configure bucket lock rules using [Wrangler](https://developers.cloudflare.com/workers/wrangler/):  
#### Ensure all objects in a bucket are retained for at least 180 days  
Terminal window  
```  
npx wrangler r2 bucket lock add <bucket> --name 180-days-all --retention-days 180  
```  
#### Prevent deletion or overwriting of all logs indefinitely (via prefix)  
Terminal window  
```  
npx wrangler r2 bucket lock add <bucket> --name indefinite-logs --prefix logs/ --retention-indefinite  
```  
For more information on bucket locks and how to set retention policies for objects in your R2 buckets, refer to our [documentation](https://developers.cloudflare.com/r2/buckets/bucket-locks/).

Mar 06, 2025
1. ### [Introducing Media Transformations from Cloudflare Stream](https://developers.cloudflare.com/changelog/post/2025-03-06-media-transformations/)  
[ Stream ](https://developers.cloudflare.com/stream/)  
Today, we are thrilled to announce Media Transformations, a new service that brings the magic of [Image Transformations](https://developers.cloudflare.com/images/optimization/transformations/overview/) to _short-form video files,_ wherever they are stored!  
For customers with a huge volume of short video — generative AI output, e-commerce product videos, social media clips, or short marketing content — uploading those assets to Stream is not always practical. Sometimes, the greatest friction to getting started was the thought of all that migrating. Customers want a simpler solution that retains their current storage strategy to deliver small, optimized MP4 files. Now you can do that with Media Transformations.  
To transform a video or image, [enable transformations](https://developers.cloudflare.com/stream/transform-videos/#getting-started) for your zone, then make a simple request with a specially formatted URL. The result is an MP4 that can be used in an HTML video element without a player library. If your zone already has Image Transformations enabled, then it is ready to optimize videos with Media Transformations, too.  
URL format  
```  
https://example.com/cdn-cgi/media/<OPTIONS>/<SOURCE-VIDEO>  
```  
For example, we have a short video of the mobile in Austin's office. The original is nearly 30 megabytes and wider than necessary for this layout. Consider a simple width adjustment:  
Example URL  
```  
https://example.com/cdn-cgi/media/width=640/<SOURCE-VIDEO>https://developers.cloudflare.com/cdn-cgi/media/width=640/https://pub-d9fcbc1abcd244c1821f38b99017347f.r2.dev/aus-mobile.mp4  
```  
The result is less than 3 megabytes, properly sized, and delivered dynamically so that customers do not have to manage the creation and storage of these transformed assets.  
For more information, learn about [Transforming Videos](https://developers.cloudflare.com/stream/transform-videos/).

Mar 04, 2025
1. ### [Gain visibility into user actions in Zero Trust Browser Isolation sessions](https://developers.cloudflare.com/changelog/post/2025-03-03-user-action-logging/)  
[ Browser Isolation ](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/)  
We're excited to announce that new logging capabilities for [Remote Browser Isolation (RBI)](https://developers.cloudflare.com/cloudflare-one/remote-browser-isolation/) through [Logpush](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/) are available in Beta starting today!  
With these enhanced logs, administrators can gain visibility into end user behavior in the remote browser and track blocked data extraction attempts, along with the websites that triggered them, in an isolated session.  
```  
{  "AccountID": "$ACCOUNT_ID",  "Decision": "block",  "DomainName": "www.example.com",  "Timestamp": "2025-02-27T23:15:06Z",  "Type": "copy",  "UserID": "$USER_ID"}  
```  
User Actions available:

  * **Copy & Paste**
  * **Downloads & Uploads**
  * **Printing**  
Learn more about how to get started with Logpush in our [documentation](https://developers.cloudflare.com/logs/logpush/).

Mar 03, 2025
1. ### [New SAML and OIDC Fields and SAML transforms for Access for SaaS](https://developers.cloudflare.com/changelog/post/2025-03-03-saml-oidc-fields-saml-transformations/)  
[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
[Access for SaaS applications](https://developers.cloudflare.com/cloudflare-one/access-controls/applications/http-apps/saas-apps/) now include more configuration options to support a wider array of SaaS applications.

**SAML and OIDC Field Additions**  
OIDC apps now include:

  * Group Filtering via RegEx
  * OIDC Claim mapping from an IdP
  * OIDC token lifetime control
  * Advanced OIDC auth flows including hybrid and implicit flows  
![OIDC field additions](https://developers.cloudflare.com/_astro/oidc-claims.2di8l9Lv_ZrD1mx.webp)  
SAML apps now include improved SAML attribute mapping from an IdP.  
![SAML field additions](https://developers.cloudflare.com/_astro/saml-attribute-statements.CW45j5Qi_1ydeSQ.webp)  

**SAML transformations**  
SAML identities sent to Access applications can be fully customized using JSONata expressions. This allows admins to configure the precise identity SAML statement sent to a SaaS application.  
![Configured SAML statement sent to application](https://developers.cloudflare.com/_astro/transformation-box.DyKn-DdN_2rtirg.webp)

Mar 03, 2025
1. ### [WAF Release - 2025-03-03](https://developers.cloudflare.com/changelog/post/2025-03-03-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                                                                 | Previous Action | New Action | Comments                |
| -------------------------- | ----------- | -------------- | ------------------------------------------------------------------------------------------- | --------------- | ---------- | ----------------------- |
| Cloudflare Managed Ruleset | ...93e63099 | 100721         | Ivanti - Remote Code Execution - CVE:CVE-2024-13159, CVE:CVE-2024-13160, CVE:CVE-2024-13161 | Log             | Block      | This is a New Detection |
| Cloudflare Managed Ruleset | ...cac42ce2 | 100596         | Citrix Content Collaboration ShareFile - Remote Code Execution - CVE:CVE-2023-24489         | N/A             | Block      |                         |

Mar 01, 2025
1. ### [Use Logpush for Email security detections](https://developers.cloudflare.com/changelog/post/2025-03-01-logpush-detections/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
You can now send detection logs to an endpoint of your choice with Cloudflare Logpush.  
Filter logs matching specific criteria you have set and select from over 25 fields you want to send. When creating a new Logpush job, remember to select **Email security alerts** as the dataset.  
![logpush-detections](https://developers.cloudflare.com/_astro/Logpush-Detections.Dc5tHta3_1PsIMk.webp)  
For more information, refer to [Enable detection logs](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/email-security-logs/#enable-detection-logs).  
This feature is available across these Email security packages:

  * **Enterprise**
  * **Enterprise + PhishGuard**

Feb 28, 2025
1. ### [Use the latest JavaScript features with Wrangler CLI v4.0.0-rc.0](https://developers.cloudflare.com/changelog/post/2025-02-28-wrangler-v4-rc/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
We've released a release candidate of the next major version of [Wrangler](https://developers.cloudflare.com/workers/wrangler/), the CLI for Cloudflare Workers — `wrangler@4.0.0-rc.0`.  
You can run the following command to install it and be one of the first to try it out:  
 npm  yarn  pnpm  bun  
```  
npm i wrangler@v4-rc  
```  
```  
yarn add wrangler@v4-rc  
```  
```  
pnpm add wrangler@v4-rc  
```  
```  
bun add wrangler@v4-rc  
```  
Unlike previous major versions of Wrangler, which were [foundational rewrites ↗](https://blog.cloudflare.com/wrangler-v2-beta/) and [rearchitectures ↗](https://blog.cloudflare.com/wrangler3/) — Version 4 of Wrangler includes a much smaller set of changes. If you use Wrangler today, your workflow is very unlikely to change. Before we release Wrangler v4 and advance past the release candidate stage, we'll share a detailed migration guide in the Workers developer docs. But for the vast majority of cases, you won't need to do anything to migrate — things will just work as they do today. We are sharing this release candidate in advance of the official release of v4, so that you can try it out early and share feedback.  
#### New JavaScript language features that you can now use with Wrangler v4  
Version 4 of Wrangler updates the version of [esbuild ↗](https://esbuild.github.io/) that Wrangler uses internally, allowing you to use modern JavaScript language features, including:  
##### The `using` keyword from Explicit Resource Management  
The [using keyword from the Explicit Resource Management standard](https://developers.cloudflare.com/workers/runtime-apis/rpc/lifecycle/#explicit-resource-management) makes it easier to work with the [JavaScript-native RPC system built into Workers](https://developers.cloudflare.com/workers/runtime-apis/rpc/). This means that when you obtain a stub, you can ensure that it is automatically disposed when you exit scope it was created in:  
JavaScript  
```  
function sendEmail(id, message) {  using user = await env.USER_SERVICE.findUser(id);  await user.sendEmail(message);  
  // user[Symbol.dispose]() is implicitly called at the end of the scope.}  
```  
##### Import attributes  
[Import attributes ↗](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import/with) allow you to denote the type or other attributes of the module that your code imports. For example, you can import a JSON module, using the following syntax:  
JavaScript  
```  
import data from "./data.json" with { type: "json" };  
```  
#### Other changes  
##### `--local` is now the default for all CLI commands  
All commands that access resources (for example, `wrangler kv`, `wrangler r2`, `wrangler d1`) now access local datastores by default, ensuring consistent behavior.  
##### Clearer policy for the minimum required version of Node.js required to run Wrangler  
Moving forward, the [active, maintenance, and current versions of Node.js ↗](https://nodejs.org/en/about/previous-releases) will be officially supported by Wrangler. This means the minimum officially supported version of Node.js you must have installed for Wrangler v4 will be Node.js v18 or later. This policy mirrors how many other packages and CLIs support older versions of Node.js, and ensures that as long as you are using a version of Node.js that the Node.js project itself supports, this will be supported by Wrangler as well.  
##### Features previously deprecated in Wrangler v3 are now removed in Wrangler v4  
All previously deprecated features in [Wrangler v2 ↗](https://developers.cloudflare.com/workers/wrangler/deprecations/#wrangler-v2) and in [Wrangler v3 ↗](https://developers.cloudflare.com/workers/wrangler/deprecations/#wrangler-v3) have now been removed. Additionally, the following features that were deprecated during the Wrangler v3 release have been removed:

  * Legacy Assets (using `wrangler dev/deploy --legacy-assets` or the `legacy_assets` config file property). Instead, we recommend you [migrate to Workers assets ↗](https://developers.cloudflare.com/workers/static-assets/).
  * Legacy Node.js compatibility (using `wrangler dev/deploy --node-compat` or the `node_compat` config file property). Instead, use the [nodejs\_compat compatibility flag ↗](https://developers.cloudflare.com/workers/runtime-apis/nodejs). This includes the functionality from legacy `node_compat` polyfills and natively implemented Node.js APIs.
  * `wrangler version`. Instead, use `wrangler --version` to check the current version of Wrangler.
  * `getBindingsProxy()` (via `import { getBindingsProxy } from "wrangler"`). Instead, use the [getPlatformProxy() API ↗](https://developers.cloudflare.com/workers/wrangler/api/#getplatformproxy), which takes exactly the same arguments.
  * `usage_model`. This no longer has any effect, after the [rollout of Workers Standard Pricing ↗](https://blog.cloudflare.com/workers-pricing-scale-to-zero/).  
We'd love your feedback! If you find a bug or hit a roadblock when upgrading to Wrangler v4, [open an issue on the cloudflare/workers-sdk repository on GitHub ↗](https://github.com/cloudflare/workers-sdk/issues/new?template=bug-template.yaml).

Feb 27, 2025
1. ### [Check status of Email security or Area 1](https://developers.cloudflare.com/changelog/post/2025-02-07-check-status/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
Concerns about performance for Email security or Area 1? You can now check the operational status of both on the [Cloudflare Status page ↗](https://www.cloudflarestatus.com/).  
For Email security, look under **Cloudflare Sites and Services**.

  * **Dashboard** is the dashboard for Cloudflare, including Email security
  * **Email security (Zero Trust)** is the processing of email
  * **API** are the Cloudflare endpoints, including the ones for Email security  
For Area 1, under **Cloudflare Sites and Services**:

  * **Area 1 - Dash** is the dashboard for Cloudflare, including Email security
  * **Email security (Area1)** is the processing of email
  * **Area 1 - API** are the Area 1 endpoints  
![Status-page](https://developers.cloudflare.com/_astro/Status-Page.DcFJ1286_2qTtkN.webp)  
This feature is available across these Email security packages:

  * **Advantage**
  * **Enterprise**
  * **Enterprise + PhishGuard**

Feb 27, 2025
1. ### [New REST API is in open beta!](https://developers.cloudflare.com/changelog/post/2025-02-27-br-rest-api-beta/)  
[ Browser Run ](https://developers.cloudflare.com/browser-run/)  
We've released a new REST API for [Browser Rendering](https://developers.cloudflare.com/browser-run/) in open beta, making interacting with browsers easier than ever. This new API provides endpoints for common browser actions, with more to be added in the future.  
With the **REST API** you can:

  * **Capture screenshots** – Use `/screenshot` to take a screenshot of a webpage from provided URL or HTML.
  * **Generate PDFs** – Use `/pdf` to convert web pages into PDFs.
  * **Extract HTML content** – Use `/content` to retrieve the full HTML from a page. **Snapshot (HTML + Screenshot)** – Use `/snapshot` to capture both the page's HTML and a screenshot in one request
  * **Scrape Web Elements** – Use `/scrape` to extract specific elements from a page.  
For example, to capture a screenshot:  
Screenshot example  
```  
curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<accountId>/browser-rendering/screenshot' \  -H 'Authorization: Bearer <apiToken>' \  -H 'Content-Type: application/json' \  -d '{    "html": "Hello World!",    "screenshotOptions": {      "type": "webp",      "omitBackground": true    }  }' \  --output "screenshot.webp"  
```  
Learn more in our [documentation](https://developers.cloudflare.com/browser-run/quick-actions/).

Feb 27, 2025
1. ### [DNS Insights in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-02-27-radar-dns-insights/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) has expanded its DNS insights, providing visibility into aggregated traffic and usage trends observed by our [1.1.1.1](https://developers.cloudflare.com/1.1.1.1/) DNS resolver. In addition to global, location, and ASN traffic trends, we are also providing perspectives on protocol usage, query/response characteristics, and DNSSEC usage.  
Previously limited to the [top](https://developers.cloudflare.com/api/resources/radar/subresources/dns/subresources/top/) locations and ASes endpoints, we have now introduced the following endpoints:

  * [/dns/timeseries](https://developers.cloudflare.com/api/resources/radar/subresources/dns/methods/timeseries/): Retrieves DNS query volume over time.
  * [/dns/summary/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/dns/subresources/summary/): Retrieves summaries of DNS query distribution across ten different dimensions.
  * [/dns/timeseries\_groups/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/dns/subresources/timeseries%5Fgroups/): Retrieves timeseries data for DNS query distribution across ten different dimensions.  
For the `summary` and `timeseries_groups` endpoints, the following dimensions are available, displaying the distribution of DNS queries based on:

  * `cache_hit`: Cache status (hit vs. miss).
  * `dnsssec`: DNSSEC support status (secure, insecure, invalid or other).
  * `dnsssec_aware`: DNSSEC client awareness (aware vs. not-aware).
  * `dnsssec_e2e`: End-to-end security (secure vs. insecure).
  * `ip_version`: IP version (IPv4 vs. IPv6).
  * `matching_answer`: Matching answer status (match vs. no-match).
  * `protocol`: Transport protocol (UDP, TLS, HTTPS or TCP).
  * `query_type`: Query type (`A`, `AAAA`, `PTR`, etc.).
  * `response_code`: Response code (`NOERROR`, `NXDOMAIN`, `REFUSED`, etc.).
  * `response_ttl`: Response TTL.  
Learn more about the new Radar DNS insights in our [blog post ↗](https://blog.cloudflare.com/new-dns-section-on-cloudflare-radar/), and check out the [new Radar page ↗](https://radar.cloudflare.com/dns).

Feb 26, 2025
1. ### [Introducing Guardrails in AI Gateway](https://developers.cloudflare.com/changelog/post/2025-02-26-guardrails/)  
[ AI Gateway ](https://developers.cloudflare.com/ai-gateway/)  
[AI Gateway](https://developers.cloudflare.com/ai-gateway/) now includes [Guardrails](https://developers.cloudflare.com/ai-gateway/features/guardrails/), to help you monitor your AI apps for harmful or inappropriate content and deploy safely.  
Within the AI Gateway settings, you can configure:

  * **Guardrails**: Enable or disable content moderation as needed.
  * **Evaluation scope**: Select whether to moderate user prompts, model responses, or both.
  * **Hazard categories**: Specify which categories to monitor and determine whether detected inappropriate content should be blocked or flagged.  
![Guardrails in AI Gateway](https://developers.cloudflare.com/_astro/Guardrails.BTNc0qeC_Z1HC20z.webp)  
Learn more in the [blog ↗](https://blog.cloudflare.com/guardrails-in-ai-gateway/) or our [documentation](https://developers.cloudflare.com/ai-gateway/features/guardrails/).

Feb 25, 2025
1. ### [Use DLP Assist for M365](https://developers.cloudflare.com/changelog/post/2025-02-25-dlp-assist-for-m365/)  
[ Email security ](https://developers.cloudflare.com/cloudflare-one/email-security/)  
Cloudflare Email security customers who have Microsoft 365 environments can quickly deploy an Email DLP (Data Loss Prevention) solution for free.  
Simply deploy our add-in, create a DLP policy in Cloudflare, and configure Outlook to trigger behaviors like displaying a banner, alerting end users before sending, or preventing delivery entirely.  
Refer to [Outbound Data Loss Prevention](https://developers.cloudflare.com/cloudflare-one/email-security/outbound-dlp/) to learn more about this feature.  
In GUI alert:  
![DLP-Alert](https://developers.cloudflare.com/_astro/DLP-Alert.5s-fbKn3_1xfB14.webp)  
Alert before sending:  
![DLP-Pop-up](https://developers.cloudflare.com/_astro/DLP-Pop-up.0gkYy7o5_ZgIo8K.webp)  
Prevent delivery:  
![DLP-Blocked](https://developers.cloudflare.com/_astro/DLP-Blocked.CmQkGrnM_ZewJi3.webp)  
This feature is available across these Email security packages:

  * **Enterprise**
  * **Enterprise + PhishGuard**

Feb 25, 2025
1. ### [Introducing the Agents SDK](https://developers.cloudflare.com/changelog/post/2025-02-25-agents-sdk/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
We've released the [Agents SDK ↗](http://blog.cloudflare.com/build-ai-agents-on-cloudflare/), a package and set of tools that help you build and ship AI Agents.  
You can get up and running with a [chat-based AI Agent ↗](https://github.com/cloudflare/agents-starter) (and deploy it to Workers) that uses the Agents SDK, tool calling, and state syncing with a React-based front-end by running the following command:  
Terminal window  
```  
npm create cloudflare@latest agents-starter -- --template="cloudflare/agents-starter"# open up README.md and follow the instructions  
```  
You can also add an Agent to any existing Workers application by installing the `agents` package directly  
Terminal window  
```  
npm i agents  
```  
... and then define your first Agent:  
TypeScript  
```  
import { Agent } from "agents";  
export class YourAgent extends Agent<Env> {  // Build it out  // Access state on this.state or query the Agent's database via this.sql  // Handle WebSocket events with onConnect and onMessage  // Run tasks on a schedule with this.schedule  // Call AI models  // ... and/or call other Agents.}  
```  
Head over to the [Agents documentation](https://developers.cloudflare.com/agents/) to learn more about the Agents SDK, the SDK APIs, as well as how to test and deploying agents to production.

Feb 25, 2025
1. ### [Workers AI now supports structured JSON outputs.](https://developers.cloudflare.com/changelog/post/2025-02-25-json-mode/)  
[ Workers AI ](https://developers.cloudflare.com/workers-ai/)  
Workers AI now supports structured JSON outputs with [JSON mode](https://developers.cloudflare.com/workers-ai/features/json-mode/), which allows you to request a structured output response when interacting with AI models.  
This makes it much easier to retrieve structured data from your AI models, and avoids the (error prone!) need to parse large unstructured text responses to extract your data.  
JSON mode in Workers AI is compatible with the OpenAI SDK's [structured outputs ↗](https://platform.openai.com/docs/guides/structured-outputs) `response_format` API, which can be used directly in a Worker:

  * [  JavaScript ](#tab-panel-4909)
  * [  TypeScript ](#tab-panel-4910)  
JavaScript  
```  
import { OpenAI } from "openai";  
// Define your JSON schema for a calendar eventconst CalendarEventSchema = {  type: "object",  properties: {    name: { type: "string" },    date: { type: "string" },    participants: { type: "array", items: { type: "string" } },  },  required: ["name", "date", "participants"],};  
export default {  async fetch(request, env) {    const client = new OpenAI({      apiKey: env.OPENAI_API_KEY,      // Optional: use AI Gateway to bring logs, evals & caching to your AI requests      // https://developers.cloudflare.com/ai-gateway/usage/providers/openai/      // baseUrl: "https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/openai"    });  
    const response = await client.chat.completions.create({      model: "gpt-4o-2024-08-06",      messages: [        { role: "system", content: "Extract the event information." },        {          role: "user",          content: "Alice and Bob are going to a science fair on Friday.",        },      ],      // Use the `response_format` option to request a structured JSON output      response_format: {        // Set json_schema and provide ra schema, or json_object and parse it yourself        type: "json_schema",        schema: CalendarEventSchema, // provide a schema      },    });  
    // This will be of type CalendarEventSchema    const event = response.choices[0].message.parsed;  
    return Response.json({      calendar_event: event,    });  },};  
```  
TypeScript  
```  
import { OpenAI } from "openai";  
interface Env {  OPENAI_API_KEY: string;}  
// Define your JSON schema for a calendar eventconst CalendarEventSchema = {  type: "object",  properties: {    name: { type: "string" },    date: { type: "string" },    participants: { type: "array", items: { type: "string" } },  },  required: ["name", "date", "participants"],};  
export default {  async fetch(request: Request, env: Env) {    const client = new OpenAI({      apiKey: env.OPENAI_API_KEY,      // Optional: use AI Gateway to bring logs, evals & caching to your AI requests      // https://developers.cloudflare.com/ai-gateway/usage/providers/openai/      // baseUrl: "https://gateway.ai.cloudflare.com/v1/{account_id}/{gateway_id}/openai"    });  
    const response = await client.chat.completions.create({      model: "gpt-4o-2024-08-06",      messages: [        { role: "system", content: "Extract the event information." },        {          role: "user",          content: "Alice and Bob are going to a science fair on Friday.",        },      ],      // Use the `response_format` option to request a structured JSON output      response_format: {        // Set json_schema and provide ra schema, or json_object and parse it yourself        type: "json_schema",        schema: CalendarEventSchema, // provide a schema      },    });  
    // This will be of type CalendarEventSchema    const event = response.choices[0].message.parsed;  
    return Response.json({      calendar_event: event,    });  },};  
```  
To learn more about JSON mode and structured outputs, visit the [Workers AI documentation](https://developers.cloudflare.com/workers-ai/features/json-mode/).

Feb 25, 2025
1. ### [Concurrent Workflow instances limits increased.](https://developers.cloudflare.com/changelog/post/2025-02-25-workflows-concurrency-increased/)  
[ Workflows ](https://developers.cloudflare.com/workflows/)  
[Workflows](https://developers.cloudflare.com/workflows/) now supports up to 4,500 concurrent (running) instances, up from the previous limit of 100\. This limit will continue to increase during the Workflows open beta. This increase applies to all users on the Workers Paid plan, and takes effect immediately.  
Review the Workflows [limits documentation](https://developers.cloudflare.com/workflows/reference/limits) and/or dive into the [get started guide](https://developers.cloudflare.com/workflows/get-started/guide/) to start building on Workflows.

Feb 24, 2025
1. ### [Bind the Images API to your Worker](https://developers.cloudflare.com/changelog/post/2025-02-21-images-bindings-in-workers/)  
[ Cloudflare Images ](https://developers.cloudflare.com/images/)  
You can now [interact with the Images API](https://developers.cloudflare.com/images/optimization/binding/) directly in your Worker.  
This allows more fine-grained control over transformation request flows and cache behavior. For example, you can resize, manipulate, and overlay images without requiring them to be accessible through a URL.  
The Images binding can be configured in the Cloudflare dashboard for your Worker or in the Wrangler configuration file in your project's directory:

  * [  wrangler.jsonc ](#tab-panel-4907)
  * [  wrangler.toml ](#tab-panel-4908)  
JSONC  
```  
{  "images": {    "binding": "IMAGES", // i.e. available in your Worker on env.IMAGES  },}  
```  
TOML  
```  
[images]binding = "IMAGES"  
```  
Within your Worker code, you can interact with this binding by using `env.IMAGES`.  
Here's how you can rotate, resize, and blur an image, then output the image as AVIF:  
TypeScript  
```  
const info = await env.IMAGES.info(stream);// stream contains a valid image, and width/height is available on the info object  
const response = (  await env.IMAGES.input(stream)    .transform({ rotate: 90 })    .transform({ width: 128 })    .transform({ blur: 20 })    .output({ format: "image/avif" })).response();  
return response;  
```  
For more information, refer to [Images Bindings](https://developers.cloudflare.com/images/optimization/binding/).

Feb 24, 2025
1. ### [Super Slurper now supports migrations from all S3-compatible storage providers](https://developers.cloudflare.com/changelog/post/2025-02-24-r2-super-slurper-s3-compatible-support/)  
[ R2 ](https://developers.cloudflare.com/r2/)  
[Super Slurper](https://developers.cloudflare.com/r2/data-migration/super-slurper/) can now migrate data from any S3-compatible object storage provider to [Cloudflare R2](https://developers.cloudflare.com/r2/). This includes transfers from services like MinIO, Wasabi, Backblaze B2, and DigitalOcean Spaces.  
![Super Slurper S3-Compatible Source](https://developers.cloudflare.com/_astro/super-slurper-s3-compat-screenshot-border.D8Gd5eye_dt8CT.webp)  
For more information on Super Slurper and how to migrate data from your existing S3-compatible storage buckets to R2, refer to our [documentation](https://developers.cloudflare.com/r2/data-migration/super-slurper/).

```json
{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://developers.cloudflare.com/changelog/37/#page","headline":"Changelogs | Cloudflare Docs","url":"https://developers.cloudflare.com/changelog/37/","inLanguage":"en","image":"https://developers.cloudflare.com/cf-twitter-card.png","publisher":{"@type":"Organization","name":"Cloudflare","url":"https://www.cloudflare.com/"},"isPartOf":{"@type":"WebSite","@id":"https://developers.cloudflare.com/#website","name":"Cloudflare Docs","url":"https://developers.cloudflare.com/"}}
```
