Cloudflare

Cloudflare is a global cloud platform that delivers a broad range of network services to businesses of all sizes, making them more secure while enhancing performance and reliability.

https://cloudflare.com ↗

Products

Cloudflare

Cloudflare Workers

Changelogs

RSS

Cloudflare Radar adds ASPA monitoring to detect BGP route leaks in real time//Cloudflare has introduced ASPA (Autonomous System Provider Authorization) deployment monitoring to Cloudflare Radar, enabling operators to track and verify the path Internet traffic takes across networks. ASPA builds on RPKI to detect route leaks—misdirected traffic caused by configuration errors or malicious actions—by cryptographically validating the chain of authorized providers in the AS path.

featuresecurityplatform

Cloudflare Radar adds post-quantum monitoring for origin connections, key transparency dashboards//Cloudflare expands Radar with new security datasets including post-quantum encryption support tracking for origin servers (now at ~10% adoption), a real-time Key Transparency dashboard for end-to-end messaging services like WhatsApp, and expanded BGP routing security metrics via ASPA deployment tracking.

featuresecurityapiplatform

Cloudflare Radar adds post-quantum encryption tracking and Key Transparency audit dashboard//Cloudflare Radar now provides visibility into post-quantum cryptography adoption with new APIs and dashboards tracking X25519MLKEM768 support across origins. A Key Transparency dashboard was also added to monitor audit logs for end-to-end encrypted messaging services like WhatsApp and Facebook Messenger.

releasefeatureapisecurityplatform

Cloudflare Cache now revalidates asynchronously, reducing latency and error exposure//Cloudflare has made stale-while-revalidate fully asynchronous across its cache service, allowing expired assets to be served immediately while fresh copies are fetched in the background. This eliminates visitor wait times during revalidation and provides more consistent performance across all requests.

featureperformanceapi

Cloudflare adds Markdown error responses for 1xxx errors; reduces payload size by 98%//Cloudflare now supports structured Markdown responses for its 1xxx error codes when clients request `Accept: text/markdown`. The new format includes YAML frontmatter with actionable metadata and guidance sections, dramatically reducing payload size and token footprint compared to HTML error pages.

featureapiperformance

Agents SDK v0.6.0 adds RPC transport for MCP, optional OAuth, and schema hardening//Cloudflare's Agents SDK v0.6.0 introduces RPC transport for MCP connections within Workers, eliminating network overhead and enabling direct Durable Object bindings. The release also makes OAuth optional for simple MCP connections and hardens the JSON Schema converter with circular reference guards and better error handling.

releasefeatureapisdkperformance

Wrangler 4.68.0 brings automatic configuration; projects deploy without config files//Cloudflare Workers' Wrangler CLI now automatically detects project frameworks and deploys without requiring manual configuration. The feature, which graduated from experimental status, simplifies onboarding by auto-generating wrangler.jsonc files and installing required adapters.

featurereleasesdk

Cloudflare extends Python Workers to Windows with Pywrangler support//Pywrangler, the CLI tool for managing Cloudflare Python Workers, now supports Windows environments alongside macOS and Linux. Developers can develop and deploy Python Workers on Windows using the same commands and workflows as other platforms with no additional configuration.

featuresdkplatform

Cloudflare Containers now support 15x higher resource limits, up to 6TB memory and 30TB disk//Cloudflare has significantly expanded the resource limits for its Containers platform, enabling users to run concurrent workloads at much larger scale. The new limits support up to 6TB of memory (from 400GB), 1,500 vCPUs (from 100), and 30TB of disk (from 2TB) across concurrent live instances.

platformfeature

Cloudflare Workers Observability adds structured query language for logs and traces//Workers Observability now includes a query language that lets developers write structured queries to filter logs and traces directly in the search bar. The feature supports free text search, field-level queries, comparison operators, functions like regex and startsWith, and boolean logic, with two-way sync between the search bar and Query Builder sidebar.

featureplatform

Cloudflare Radar adds RPKI ASPA deployment tracking with new API endpoints//Cloudflare Radar now provides visibility into Autonomous System Provider Authorization (ASPA) adoption across the global routing ecosystem. The update includes three new API endpoints for retrieving ASPA snapshots, changes, and timeseries data, plus new dashboard widgets for tracking ASPA deployment trends globally and by region.

featureapiplatform

Cloudflare WAF adds three new detection rules for SmarterMail flaws and command injection//Cloudflare is releasing scheduled WAF updates on March 2, 2026, introducing two new detections for SmarterMail vulnerabilities (CVE-2025-52691 and CVE-2026-23760) plus a beta rule for command injection via Nslookup. All rules will initially log violations without blocking traffic.

releasesecuritybugfixapi

Cloudflare releases Vinext, Next.js-compatible framework built on Vite that builds 4.4x faster//Cloudflare unveiled Vinext, a drop-in replacement for Next.js built on Vite that deploys directly to Cloudflare Workers. Early benchmarks show production builds 4.4x faster and client bundles 57% smaller than Next.js 16, developed in one week with AI assistance.

releasefeatureplatformintegrationperformance

Cloudflare WARP Client for Windows reaches GA with multi-user mode improvements//Cloudflare has released version 2026.1.150.0 of the WARP client for Windows as a stable GA release. The update includes fixes for multi-user mode MDM configuration loss, a new NetBIOS over TCP/IP management feature, and several bug fixes addressing DNS failures and local network exclusion issues.

releasebugfixfeatureplatform

Cloudflare releases WARP macOS client v2026.1.150.0 with DNS, tunnel fixes//Cloudflare has released a new GA version of its WARP client for macOS, addressing several critical bugs affecting local network exclusion, DNS configuration, and tunnel connectivity. The update focuses on reliability improvements for enterprise users managing Zero Trust device security.

releasebugfixplatform

Cloudflare releases WARP client v2026.1.150.0 for Linux with DNS and local network fixes//Cloudflare has released a new general availability version of the WARP client for Linux, addressing DNS failures, local network exclusion issues, and improving device reporting in the Cloudflare One dashboard. Users must update their Linux package public key if they installed before September 12, 2025 to maintain repository access beyond December 4, 2025.

releasebugfix

Cloudflare Containers raises resource limits 15x; now supports up to 6TB memory and 30TB disk//Cloudflare has significantly expanded the capacity of its Containers platform, increasing memory limits to 6TiB (from 400GiB), vCPU to 1,500 (from 100), and disk space to 30TB (from 2TB). This 15-fold increase enables developers to run larger-scale workloads concurrently, supporting up to 1,500+ standard instances simultaneously.

releasefeatureplatform

Cloudflare Stream adds ability to disable and enable live inputs//Cloudflare Stream now allows developers to disable live inputs to reject incoming RTMPS and SRT connections, giving more control over broadcasts. The feature can be toggled via API or Dashboard, enabling temporary pauses, programmatic broadcast termination, and prevention of new streams on specific inputs.

featureapi

Cloudflare Pipelines adds dropped event metrics, typed bindings, and streamlined setup//Cloudflare has shipped three improvements to Pipelines: new dashboard and GraphQL metrics for tracking dropped events with detailed error messages, schema-specific TypeScript types for Pipeline bindings to catch data quality issues at compile time, and a simplified setup command that auto-configures R2 buckets and sensible defaults.

featureapiplatform

Cloudflare Pipelines adds dropped event metrics, typed bindings, and simplified setup//Cloudflare Pipelines now surfaces dropped event metrics with detailed error categorization via dashboard and GraphQL, generates schema-specific TypeScript types for Pipeline bindings to catch schema mismatches at compile time, and streamlines initial setup with automated R2 bucket creation and sensible defaults.

featureapiplatformrelease

Cloudflare Workers: deleteAll() now clears Durable Object alarms automatically//Cloudflare Workers' deleteAll() method now removes both stored data and alarms in a single API call for Durable Objects with compatibility date 2026-02-24 or later. This change eliminates the need for separate deleteAlarm() calls and applies to both KV-backed and SQLite-backed storage.

featureapibugfix

Cloudflare's deleteAll() now clears Durable Object alarms, reducing API calls//Cloudflare's `deleteAll()` method for Durable Objects now automatically deletes alarms alongside stored data, consolidating cleanup operations. This change applies to both KV-backed and SQLite-backed Durable Objects with a compatibility date of 2026-02-24 or later.

featureapibugfix

Cloudflare rolls out asynchronous stale-while-revalidate, eliminating cache revalidation latency//Cloudflare has made its stale-while-revalidate caching feature fully asynchronous, eliminating the need for end users to wait for origin round-trips during cache revalidation. The change is live for all Free, Pro, and Business tiers, with Enterprise zones rolling out throughout the quarter.

featureperformanceapi

Cloudflare One becomes first SASE platform with post-quantum encryption across all components//Cloudflare One now offers post-quantum hybrid ML-KEM encryption across its entire Secure Access Service Edge platform, including Secure Web Gateway, Zero Trust, and Wide Area Network services. The expansion covers Cloudflare IPsec (in closed beta) and Cloudflare One Appliance (generally available), enabling organizations to secure their enterprise network traffic against future quantum threats ahead of NIST's 2030 cryptographic transition deadline.

releasesecurityfeatureplatform

Cloudflare adds saved views to Security Center's Threat Events dashboard//Cloudflare Security Center now lets users create and save custom filtered views of the Threat Events dashboard, enabling analysts to instantly return to specific configurations like industry-specific attack patterns or regional data flows. The feature eliminates repetitive manual filter reapplication and helps teams maintain consistent threat intelligence views.

featuresecurity

Cloudflare Security Center adds saved views for Threat Events dashboard//Cloudflare Security Center now lets users save custom dashboard configurations for Threat Events, enabling analysts to instantly access pre-filtered views without manual reconfiguration. The feature supports complex filtering scenarios like industry-specific attacks and geographic filtering, improving workflow efficiency for Cloudforce One subscribers.

featuresecurityplatform

Cloudflare Sandbox SDK adds backup and restore API for persistent environments//Cloudflare Sandbox now supports `createBackup()` and `restoreBackup()` methods to create point-in-time snapshots of directories, eliminating the need to re-run expensive setup steps like git clones and npm installs. Backups are stored in R2 with support for TTLs and can be reused across multiple sandbox sessions.

featureapiplatform

Hyperdrive stops caching queries with PostgreSQL STABLE functions to prevent stale data//Hyperdrive now treats PostgreSQL STABLE functions (like NOW(), CURRENT_TIMESTAMP) as uncacheable, preventing incorrect cached results from being served across transactions. This aligns with PostgreSQL's function volatility semantics and may require application code changes for affected queries.

bugfixapi

Cloudflare Sandbox SDK adds backup and restore API for point-in-time snapshots//Cloudflare's Sandbox SDK now supports `createBackup()` and `restoreBackup()` methods for creating and restoring point-in-time snapshots of directories, eliminating the need to repeat expensive setup steps like git clones and npm installs across sandbox sessions. Backups are stored in R2 with configurable TTLs and can be forked across multiple sandbox instances.

featureapiplatform

Cloudflare launches MCP server using Code Mode, reducing API context requirements by 99.9%//Cloudflare introduced a new Model Context Protocol (MCP) server that provides access to the entire Cloudflare API using just two tools and consuming only ~1,000 tokens. The approach, called Code Mode, allows AI agents to write JavaScript code against a typed SDK to explore and execute API operations, reducing token usage from 1.17M to 1K compared to traditional MCP implementations.

integrationapifeaturesdkopen-source

Cloudflare Tunnel management now available in core dashboard//Cloudflare Tunnel is now accessible directly from the main Cloudflare Dashboard under Networking > Tunnels, enabling developers to create, configure, and monitor tunnels in one place. The new interface includes full lifecycle management, native integrations with DNS and Workers VPC, and a unified routing map for managing all ingress routes.

featureplatformintegration

Cloudflare releases @cloudflare/codemode v0.1.0 with runtime-agnostic architecture//Cloudflare has rewritten its Code Mode SDK into a modular, runtime-agnostic package that allows LLMs to generate and execute code for orchestrating tools. The new version removes the built-in LLM integration, introduces a minimal `Executor` interface for code sandboxing, and includes a `DynamicWorkerExecutor` for running code in Cloudflare Workers with network isolation and console capture.

releasesdkfeaturebreaking-change

Cloudflare Tunnel now available in main Dashboard with full lifecycle management//Cloudflare Tunnel management is now integrated into the main Cloudflare Dashboard, eliminating the need to switch between interfaces. The new experience provides complete tunnel lifecycle management, native integrations with DNS and Workers VPC, real-time health monitoring, and a unified routing map for all ingress routes.

featureplatformintegration

Cloudflare releases @cloudflare/codemode v0.1.0 with runtime-agnostic SDK architecture//Cloudflare has rewritten its codemode package into a modular, runtime-agnostic SDK that enables LLMs to write and execute code for tool orchestration. The new version introduces a standard `Executor` interface and includes a prebuilt `DynamicWorkerExecutor` for running generated code in Dynamic Workers with network isolation and console capture.

releasesdkapibreaking-changefeature

Cloudflare CASB now includes AI-powered Cloudy Summaries for instant security findings//Cloudflare has launched Cloudy Summaries for CASB, integrating AI-powered plain-language explanations of security misconfigurations and data exposures. The feature reduces triage time by providing contextual explanations, risk assessments, and actionable remediation guidance across all major SaaS integrations.

featureintegrationplatform

Cloudflare improves AI Gateway and Workers AI dashboard experience with navigation, onboarding enhancements//Cloudflare has rolled out a series of dashboard improvements to AI Gateway and Workers AI to streamline the developer experience. Updates include dedicated top-level AI navigation, simplified onboarding flows with step-by-step guidance, enhanced route builder performance, and improved accessibility features.

featureplatformintegration

Cloudflare adds threat visualization to Cloudforce One dashboard with Sankey diagrams//Cloudflare Security Center now includes dynamic visualizations for Cloudforce One Threat Events, featuring Sankey diagrams to trace attack flows geographically and charts showing campaign distribution over time. Subscribers can explore these new analytics views to better understand emerging threat patterns and drill down into specific attack vectors.

featuresecurityplatform

Cloudflare DEX now complies with EU Customer Metadata Boundary settings//Digital Experience Monitoring (DEX) now fully supports Cloudflare's Customer Metadata Boundary (CMB) for the EU, ensuring DEX logs remain within EU data residency requirements when enabled. Users can export DEX data via LogPush to build custom analytics dashboards while maintaining compliance.

featureapiplatformsecurity

Cloudflare improves AI Gateway and Workers AI dashboard with better navigation and onboarding//Cloudflare has rolled out a series of dashboard improvements for AI Gateway and Workers AI, including a dedicated top-level AI section in the sidebar, streamlined onboarding with OpenAI-compatible endpoints, and enhancements to dynamic routing and observability. The update also brings accessibility improvements to keyboard navigation and filtering components.

featureplatformintegration

Cloudflare adds threat event visualizations to Security Center dashboard//Cloudforce One customers can now view dynamic Sankey diagrams and attack distribution graphs in the Threat Events dashboard to identify emerging attack patterns and regional threat infrastructure. The new visualizations enable filtering and drill-down analysis directly from the charts.

featureplatform

Cloudflare adds cfWorker metric to Server-Timing header for performance debugging//Cloudflare has introduced a new `cfWorker` metric in the Server-Timing header that separately measures time spent executing Workers and their subrequests. This enables developers to more accurately diagnose whether latency originates from Worker code, external API calls, or slow origin servers.

featureapiperformancesdk

Cloudflare Containers and Sandboxes gain Docker-in-Docker support//Cloudflare's Containers and Sandboxes services now support Docker-in-Docker functionality, enabling developers to run full containerized environments within sandboxes. This feature is particularly useful for CI/CD workflows, testing container images, and running isolated development environments.

featureplatformsdk

Cloudflare Access now supports policies for bookmark applications//Cloudflare has extended Access policies to bookmark applications, allowing administrators to control which users see specific bookmarks in the App Launcher based on identity, device posture, and other policy rules. This replaces the previous behavior where all bookmarks were visible to everyone in the organization.

featureapi

Cloudflare Access adds streamlined clientless access for private applications//Cloudflare has introduced a new "Allow clientless access" setting that simplifies how organizations grant access to private self-hosted applications without requiring a device client. Users who pass Access policies can now directly access these applications through their App Launcher, with automatic handling of the prefixed Clientless Web Isolation URL.

featureplatform

Cloudflare Access streamlines clientless app access with new policy setting//Cloudflare has introduced an "Allow clientless access" setting that simplifies how organizations grant browser-based access to private self-hosted applications without requiring a device client. Users can now manage this capability directly within their Access application policies rather than creating separate bookmark applications.

featureapi

Cloudflare adds Docker-in-Docker support to Containers and Sandboxes//Cloudflare's Containers and Sandboxes now support Docker-in-Docker configurations, enabling developers to run full containerized development environments within sandboxed contexts. This capability is useful for testing, CI/CD workflows, and running arbitrary images at runtime.

featureplatformsdk

Cloudflare Agents SDK v0.5.0 ships retry utilities, protocol message control, and @cloudflare/ai-chat v0.1.0//The latest Agents SDK release adds built-in retry utilities with exponential backoff, per-connection protocol message control for non-standard clients, and a completely rewritten @cloudflare/ai-chat library featuring data parts, tool approval persistence, and zero breaking changes for existing code.

releasefeaturesdkapi

Cloudflare Agents SDK v0.5.0 adds retry utilities, protocol message control, and data parts//The Agents SDK v0.5.0 release introduces built-in retry utilities with exponential backoff, per-connection protocol message control for non-standard clients, and a major rewrite of @cloudflare/ai-chat with data parts support and tool approval persistence—all without breaking changes. Synchronous queue and schedule operations no longer require async/await, and improvements address stream resumption race conditions and TypeScript depth errors.

releasefeaturesdkapi

Cloudflare Access now supports policies for bookmark applications//Cloudflare has added Access policy support to bookmark applications, allowing administrators to control which users see specific bookmarks in the App Launcher based on identity, device posture, and group membership. Previously, all bookmarks were visible to all users; now they can be restricted to specific audiences while maintaining backward compatibility for unpolicied bookmarks.

featureapiplatform

Cloudflare WAF adds detections for Zimbra LFI and Vite path traversal vulnerabilities//Cloudflare's Web Application Firewall has released new rule detections for CVE-2025-68645 affecting Zimbra Collaboration Suite and CVE-2025-31125 affecting Vite's development server. Both vulnerabilities now trigger automatic blocking by default in the Cloudflare Managed Ruleset.

securityfeatureplatform

Cloudflare Markdown for Agents now supports content encoding, raises 1MB limit to 2MB//Cloudflare has improved its Markdown for Agents feature with support for content-encoded responses and increased origin response limits. AI systems can now more efficiently request markdown-formatted content from Cloudflare-protected websites.

featureapiplatform

Cloudflare boosts Markdown for Agents with content encoding support, doubles response limit//Cloudflare has enhanced its Markdown for Agents feature, which automatically converts HTML to Markdown for AI systems. The update raises the origin response limit from 1 MB to 2 MB, removes the requirement for content-length headers, and adds support for content-encoded responses.

featureapiplatform

Cloudflare WAF adds protections for Zimbra LFI and Vite path traversal CVEs//Cloudflare's Web Application Firewall now includes new detection rules for two critical vulnerabilities: CVE-2025-68645 affecting Zimbra Collaboration Suite and CVE-2025-31125 in Vite's development server. Both new rules are set to block attacks by default.

securitybugfix

Cloudflare open-sources ecdysis, a Rust library for zero-downtime service restarts//After five years of production use, Cloudflare has open-sourced ecdysis, a Rust library that enables graceful restarts of network services without dropping connections or refusing requests. The library implements a fork-based approach pioneered by NGINX, allowing parent and child processes to seamlessly share socket file descriptors during upgrades.

open-sourcefeaturesdkrelease

Cloudflare Python SDK v5.0.0-beta.1 adds 40+ new API resources with breaking changes//Cloudflare released Python SDK v5.0.0-beta.1 featuring 40+ new API resources including AI Gateway, R2 Data Catalog, and Real-time Kit integrations. The beta includes significant breaking changes across 15+ existing resources due to OpenAPI schema improvements, requiring developers to review the migration guide before upgrading.

releasesdkbreaking-changeapi

Cloudflare adds GLM-4.7-Flash model and TanStack AI support to Workers AI//Cloudflare has launched GLM-4.7-Flash, a multilingual AI model with 131K token context and multi-turn tool calling, alongside new TanStack AI adapters and enhanced Vercel AI SDK support. The updates enable developers to build and run AI agents entirely at the edge with expanded capabilities including transcription, speech synthesis, and document reranking.

releasefeaturemodelapisdkintegration

Workers VPC now supports Cloudflare Origin CA certificates for HTTPS connections//Workers VPC has added support for Cloudflare Origin CA certificates when connecting to private services over HTTPS. Previously limited to publicly trusted certificate authorities, developers can now use free Origin CA certificates on origin servers within private networks.

featureapisecurity

Cloudflare Python SDK v5.0.0-beta.1 introduces major breaking changes and 40+ new API resources//Cloudflare released the first beta version of Python SDK v5.0.0, featuring significant breaking changes driven by OpenAPI schema improvements and code generation updates. The release adds over 40 new API resources including AI-powered features, brand protection tools, D1 database management, and Real-time Kit integrations, alongside general fixes for type inference, request handling, and response parsing.

sdkreleasebreaking-changeapifeature

Cloudflare launches GLM-4.7-Flash on Workers AI with multi-turn tool calling for edge agents//Cloudflare has added GLM-4.7-Flash, a multilingual model with 131k token context, to Workers AI alongside new TanStack AI adapters and expanded workers-ai-provider capabilities. Developers can now build and deploy AI agents entirely at the edge with support for transcription, text-to-speech, and reranking.

releasefeaturemodelapisdkintegration

Cloudflare Workers VPC now supports Origin CA certificates for private HTTPS connections//Workers VPC has expanded its TLS certificate support to include Cloudflare Origin CA certificates, enabling developers to encrypt traffic between VPC tunnels and private origin servers without relying on public certificate authorities. This builds on Workers VPC's existing support for publicly trusted CAs like Let's Encrypt and DigiCert.

featureplatformapi

Cloudflare launches Markdown for Agents, cutting token usage 80% with automatic HTML-to-markdown conversion//Cloudflare now automatically converts HTML pages to markdown when AI agents request them via Accept headers, enabling structured content consumption at the CDN edge. The conversion reduces token usage by approximately 80% compared to raw HTML, and includes Content Signal headers to communicate content usage policies.

featureapiplatformintegration

Cloudflare enhances logo matching with configurable thresholds starting at 75%//Cloudflare's Security Center now offers enhanced logo matching capabilities for brand protection, enabling detection of subtle brand asset variations and impersonations. The update introduces configurable match thresholds, visual match scores with color-coded severity indicators, and direct logo previews in the dashboard.

featuresecurity

Cloudflare enhances logo matching for brand protection with configurable detection thresholds//Cloudflare's Security Center now offers configurable logo matching thresholds starting at 75% similarity, allowing users to detect subtle brand impersonations and variations. The update includes visual match scores, color-coded severity indicators, and direct logo previews to streamline threat triage.

featuresecurity

Cloudflare launches Markdown for Agents, enabling AI systems to request HTML-to-markdown conversion via content negotiation//Cloudflare's network now supports real-time HTML-to-markdown conversion for AI systems using content negotiation headers. When enabled on a zone, AI agents can request `text/markdown` via the `Accept` header and receive optimized markdown-formatted content automatically converted on the fly.

featureapiplatformintegration

Cloudflare Radar adds content type dimension for AI bot traffic analysis//Cloudflare Radar now provides content type insights for AI crawler traffic through new API endpoints and dashboard views. The update shows the distribution of MIME types being served to AI bots, helping developers understand what content types are being accessed by AI crawlers.

featureapiplatform

Cloudflare WAN dashboard now displays Anycast IPs for tunnels//Cloudflare WAN customers can now view their Anycast IP addresses directly in the dashboard when configuring IPsec or GRE tunnels. This replaces the previous workflow requiring manual API calls or onboarding retrieval, streamlining tunnel setup and reducing configuration errors.

featureplatform

Cloudflare launches Markdown for Agents, auto-converts HTML via content negotiation//Cloudflare's network now automatically converts HTML to Markdown for AI systems that request it via Accept headers, reducing token consumption and improving AI processing efficiency. The feature is available for enabled zones and uses standard HTTP content negotiation.

featureapiplatform

Cloudflare Terraform provider v5.17.0 adds AI Search support and Workers placement controls//Cloudflare's Terraform v5 provider reaches v5.17.0 with new capabilities for AI Search, enhanced Workers Script placement controls, and 25+ bug fixes. The provider continues its 2-3 week release cadence with an expanding list of stable resources and a migration tool planned for March 2026.

releasesdkapifeature

Cloudflare Radar adds content type insights for AI bot traffic via new API dimension//Cloudflare Radar now provides visibility into the content types served to AI bots and crawlers through a new `content_type` dimension and filter. The feature categorizes MIME types across 16 content categories and is available through two new API endpoints and the Radar dashboard.

featureapiplatform

Cloudflare Terraform Provider v5.17.0 adds AI Search support and targeted Workers script placement//Cloudflare releases Terraform v5.17.0 with new capabilities for AI Search, enhanced Workers Script placement controls, and dozens of bug fixes. The provider continues on a 2-3 week release cadence with a migration tool planned for March 2026 to help users transition from v4 to v5.

releasefeaturesdkplatform

Cloudflare Workers lifts 1000-subrequest limit to 10,000 by default; configurable to 10 million//Cloudflare Workers no longer enforces a hard 1000-subrequest limit per invocation, enabling long-running workloads like websockets and Workflows to operate without hitting the barrier. Paid plans now default to 10,000 subrequests and can be configured up to 10 million via Wrangler configuration.

featureapiplatform

Cloudflare Vite plugin adds React Server Components support with child environments//The Cloudflare Vite plugin now integrates the official Vite React Server Components plugin, enabling developers to use multiple environments within a single Worker. A new `childEnvironments` option allows the parent environment to import modules from child environments, supporting typical RSC patterns used by frameworks like React Router.

featuresdkintegration

Cloudflare Workers lifts 1,000 subrequest limit; paid plans now support up to 10 million per invocation//Cloudflare has removed the hard 1,000 subrequest limit that previously constrained Workers invocations, with paid plans now defaulting to 10,000 subrequests and allowing configuration up to 10 million. This change particularly benefits long-running operations like WebSocket connections on Durable Objects and Workflows that frequently exceeded the prior constraint.

featureplatformapi

Cloudflare Vite plugin adds seamless React Server Components support via childEnvironments//The Cloudflare Vite plugin now integrates the official Vite React Server Components plugin (@vitejs/plugin-rsc), enabling developers to build RSC applications on Cloudflare Workers. A new childEnvironments option allows using multiple module graphs within a single Worker environment.

featureintegrationsdk

Cloudflare WAF adds detection rules for Zimbra and Vite vulnerabilities//Cloudflare is deploying two new security detection rules to its Web Application Firewall on February 16, 2026. The new rules target vulnerabilities in Zimbra (local file inclusion) and Vite (WASM import path traversal), launching initially in log mode to detect threats without blocking traffic.

securityfeaturerelease

Cloudflare disables fake Google Bot detection rule in WAF//Cloudflare has disabled the "Anomaly:Header:User-Agent - Fake Google Bot" rule in its Managed Ruleset, changing it from a blocking action to disabled status. This prevents the WAF from blocking requests that appear to be spoofed Google Bot traffic.

bugfixsecurityplatform

Cloudflare Sandbox SDK adds PTY terminal support for browser-based shell access//Cloudflare's Sandbox SDK now supports pseudo-terminal (PTY) passthrough via WebSocket, enabling interactive browser-based terminals to connect to sandbox shells. The update includes a new xterm.js addon with automatic reconnection and output buffering, plus support for multiple isolated terminals per sandbox.

featuresdkapirelease

Cloudflare Agents SDK v0.4.0 adds readonly connections, MCP OAuth customization, and x402 v2 support//The Agents SDK v0.4.0 introduces readonly WebSocket connections for dashboards and spectator views, custom OAuth providers for MCP server authentication, and upgrades the MCP SDK to prevent cross-client response leakage. The release also completes migration to x402 v2 with new network identifiers and lazy server initialization.

releasefeatureapisecuritybreaking-changesdk

Cloudflare AI Crawl Control adds path grouping, referral analytics, and data transfer metrics//Cloudflare has enhanced its AI Crawl Control analytics with new visualization and filtering capabilities to help developers understand crawler behavior. Updates include path pattern grouping, referral traffic trends, bandwidth consumption metrics, and image export functionality.

featureplatform

Cloudflare AI Search adds granular indexing controls for faster updates, selective sitemaps//Cloudflare AI Search now allows developers to reindex individual files and crawl specific sitemaps instead of requiring full rescans. These granular controls help reduce indexing time and give users more precise management over what content gets indexed.

featureplatform

Cloudflare adds approximate aggregation functions to R2 SQL for faster large-dataset queries//R2 SQL now supports five approximate aggregation functions including APPROX_PERCENTILE_CONT, APPROX_DISTINCT, and APPROX_TOP_K. These functions trade minor precision for significantly improved performance when analyzing large datasets with high-cardinality data.

featureapiperformance

Cloudflare Workers Observability dashboard adds data visualization, exports, and shareable links//Cloudflare has released major updates to the Workers Observability dashboard, making it easier for developers to debug applications and collaborate with teams. The new features include data visualization tools, JSON/CSV exports, shareable event links, and improved table customization with keyboard shortcuts.

featureplatformrelease

Cloudflare releases AI Crawl Control reference documentation with GraphQL API and bot detection//Cloudflare has published comprehensive reference documentation for AI Crawl Control, including a GraphQL API reference, bot detection identifiers for major AI crawlers, and Worker templates for monetizing crawler access. Developers can now integrate crawler detection and access control directly into their applications.

featureapidocumentationplatform

Cloudflare Workflows gains visual diagram tool for debugging and code understanding//Cloudflare Workflows now automatically generates visual diagrams from your code, letting developers understand step execution, loops, and conditional logic at a glance. The feature is available in beta for all JavaScript and TypeScript Workflows in the Cloudflare dashboard.

featureplatform

Cloudflare Queues launches on Workers Free plan with 10,000 daily operations//Cloudflare Queues, the company's message delivery service, is now available to all free-tier Workers accounts. Free users get 10,000 operations per day and access to up to 10,000 queues, with all existing features included except message retention is capped at 24 hours instead of 14 days.

featurepricingrelease

Cloudflare launches R2 Local Uploads in beta; up to 75% faster cross-region uploads//Cloudflare has released Local Uploads for R2 object storage, an open beta feature that writes upload data to storage near the client first, then replicates asynchronously to the bucket's primary location. The feature reduces upload latency by up to 75% for cross-region uploads while maintaining strong consistency and immediate data accessibility.

releasefeatureperformance

Cloudflare Security Center adds threat actor alias lookup to simplify cross-vendor identification//Cloudflare Threat Events now include an "Also known as" field displaying common aliases and industry-standard names for tracked threat groups. This feature is available in both the dashboard and via API, helping security teams map actors to other vendors' naming conventions without manual cross-referencing.

featureapisecurity

Cloudflare R2 Local Uploads enters open beta; reduces upload latency by up to 75%//Cloudflare has launched R2 Local Uploads in open beta, allowing users to dramatically improve upload performance for globally distributed clients. Data is written to storage near the client and asynchronously replicated to the primary bucket, maintaining strong consistency while reducing Time to Last Byte by up to 75%.

featureperformancerelease

Cloudflare Agents SDK v0.3.7 adds Workflows integration and synchronous state management//The latest Agents SDK release brings native integration with Cloudflare Workflows, enabling agents to handle real-time communication while workflows manage durable, long-running tasks. The update also introduces synchronous state updates with validation hooks, a new `scheduleEvery()` method for recurring tasks, and improvements to the callable system.

releasefeatureapisdkplatform

Cloudflare Email Security improves monitoring dashboard with search, accessibility enhancements//Cloudflare has updated its Email Security monitoring page with improved visual layouts, enhanced accessibility features, and new search functionality across widgets. The update includes stacked bar charts for better data visualization, widget search for Policies and Submitters, and granular data breakdowns by month and threat type across all Email Security tiers.

featureplatform

Cloudflare WAF adds detections for Django SQL injection and XWiki RCE vulnerabilities//Cloudflare has released new WAF rules to block two critical vulnerabilities: CVE-2025-64459 affecting Django ORM and CVE-2025-24893 enabling unauthenticated RCE in XWiki. Both detections are now set to block mode by default in the Cloudflare Managed Ruleset.

releasesecurityfeature

Cloudflare launches Moltworker: serverless AI agent platform achieves 98.5% npm package compatibility//Cloudflare has introduced Moltworker, a middleware that enables running Moltbot (an open-source AI personal assistant) on Cloudflare Workers instead of dedicated hardware. The launch coincides with a milestone: Cloudflare Workers now supports 98.5% of the top 1,000 npm packages natively, thanks to expanded Node.js API compatibility.

releasefeatureplatformsdk