Changelog

Beta

Subscribe to all Changelog posts via RSS.

Unless otherwise noted, all dates refer to the release date of the change.

July 4, 2024

Wrangler

3.63.1

July 3, 2024

WAF

Scheduled changes for 2024-07-10

For more details, refer to the dedicated page for Scheduled changes.

Wrangler

3.63.0

July 1, 2024

Rules

Cloudflare Snippets now available to all paid customers

Cloudflare Snippets (alpha) are now available to all paid customers.

Workers

June 28, 2024

Zero Trust WARP Client

WARP client for macOS (version 2024.6.416.0)

A new GA release for the macOS WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.

New features:

  • Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
  • The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number).

Additional changes and improvements:

  • Fixed a known issue where the certificate was not always properly left behind in /Library/Application Support/Cloudflare/installed_cert.pem.
  • Fixed an issue where re-auth notifications were not cleared from the UI when the user switched configurations.
  • Fixed a macOS firewall rule that allowed all UDP traffic to go outside the tunnel. Relates to TunnelVision ( CVE-2024-3661).
  • Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.

Warning:

  • This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of warp-cli -h.

Known issues:

  • If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
  • There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
    • A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
    • Your account has Regional Services enabled.

Zero Trust WARP Client

WARP client for Windows (version 2024.6.415.0)

A new GA release for the macOS WARP client is now available in the App Center. This release includes some exciting new features. It also includes additional fixes and minor improvements.

New features:

  • Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to Device tunnel protocol. This feature will be rolled out to customers in stages over approximately the next month.
  • The ZT WARP client on Windows devices can now connect before the user completes their Windows login. This Windows pre-login capability allows for connecting to on-premise Active Directory and/or similar resources necessary to complete the Windows login.
  • The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number).

Additional changes and improvements:

  • Added a new Unable to Connect message to the UI to help in troubleshooting.
  • The upgrade window now uses international date formats.
  • Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
  • Fixed a known issue where the certificate was not always properly left behind in %ProgramData%\Cloudflare\installed_cert.pem.
  • Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.
  • Fixed an issue where a silent upgrade was causing certain files to be deleted if the target upgrade version is the same as the current version.

Warning:

  • This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of warp-cli -h.

Known issues:

  • If a user has an MDM file configured to support multiple profiles (for the switch configurations feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the warp-cli registration delete command to clear the registration, and then re-register the client.
  • There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
    • A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
    • Your account has Regional Services enabled.
June 27, 2024

Workers AI

Introducing embedded function calling

June 25, 2024

Gateway

Gateway DNS policy setting to ignore CNAME category matches

Gateway now offers the ability to selectively ignore CNAME domain categories in DNS policies via the ignore_cname_category_matches setting.

Wrangler

3.62.0

June 24, 2024

AI Gateway

Custom cache key headers

AI Gateway now supports custom cache key headers.

Durable Objects

Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a .retryable: true property if the exception was likely due to a transient failure, or populated with an .overloaded: true property if the exception was due to overload.

Workers

  • Exceptions thrown from Durable Object internal operations and tunneled to the caller may now be populated with a .retryable: true property if the exception was likely due to a transient failure, or populated with an .overloaded: true property if the exception was due to overload.
June 23, 2024

Magic WAN

ICMP support for traffic sourced from private IPs

Magic WAN will now support ICMP traffic sourced from private IPs going to the Internet via Gateway.

June 21, 2024

Zaraz

  • Dashboard: Add an option to disable the automatic Pageview event
June 20, 2024

Stream

Generated Captions to Open beta

Stream has introduced automatically generated captions to open beta for all subscribers at no additional cost. While in beta, only English is supported and videos must be less than 2 hours. For more information, refer to the product announcement and deep dive or refer to the captions documentation to get started.

June 19, 2024

Workers

  • When using nodejs_compat compatibility flag, the buffer module now has an implementation of isAscii() and isUtf8() methods.
  • Fixed a bug where exceptions propagated from JS RPC calls to Durable Objects would lack the .remote property that exceptions from fetch() calls to Durable Objects have.

Workers AI

Added support for traditional function calling

  • Function calling is now supported on enabled models
  • Properties added on models page to show which models support function calling
June 18, 2024

AI Gateway

Access an AI Gateway through a Worker

Workers AI now natively supports AI Gateway.

Page Shield

Cookie Monitor now available

Page Shield now captures HTTP cookies set and used by your web application. The list of detected cookies in available in the Cloudflare dashboard or via API.

WAF

2024-06-18 - Emergency

For more details, refer to the dedicated page for 2024-06-18 - Emergency.

Workers AI

Native support for AI Gateways

Workers AI now natively supports AI Gateway.

Wrangler

3.61.0

Zaraz

  • Amplitude Managed Component: Allow users to choose data center
  • Bing Managed Component: Fix e-commerce events handling
  • Google Analytics 4 Managed Component: Mark e-commerce events as conversions
  • Consent Management: Fix IAB Consent Mode tools not showing with purposes
June 17, 2024

Risk score

Okta risk exchange

You can now exchange user risk scores with Okta to inform SSO-level policies.

June 14, 2024

Page Shield

Added filter operators for scripts and connections

You can now filter scripts and connections in the Cloudflare dashboard using the does not contain operator. Pages associated with scripts and connections can be filtered by includes, starts with, and ends with.

Risk score

SentinelOne signal ingestion

You can now configure a predefined risk behavior to evaluate user risk score using device posture attributes from the SentinelOne integration.

Wrangler

3.60.3

June 12, 2024

Workers

June 11, 2024

beacon.min.js

Enhanced to include reporting of Server-Timing headers.

Stream

Updated response codes on requests for errored videos

Stream will now return HTTP error status 424 (failed dependency) when requesting segments, manifests, thumbnails, downloads, or subtitles for videos that are in an errored state. Previously, Stream would return one of several 5xx codes for requests like this.

Workers AI

Deprecation announcement for @cf/meta/llama-2-7b-chat-int8

We will be deprecating @cf/meta/llama-2-7b-chat-int8 on 2024-06-30.

Replace the model ID in your code with a new model of your choice:

If you do not switch to a different model by June 30th, we will automatically start returning inference from @cf/meta/llama-3-8b-instruct-awq.

Wrangler

3.60.2

June 7, 2024

R2

  • Fixed an issue that prevented Sippy from copying over objects from S3 buckets with SSE set up.
June 6, 2024

Access

Scalability improvements to the App Launcher

Applications now load more quickly for customers with a large number of applications or complex policies.

R2

  • R2 will now ignore the x-purpose request parameter.

WAF

2024-06-06 - Emergency

For more details, refer to the dedicated page for 2024-06-06 - Emergency.

June 5, 2024

Magic WAN

Application based prioritization

The Magic WAN Connector can now prioritize traffic on a per-application basis.

June 3, 2024

CASB

Atlassian Bitbucket integration

Customers can now scan their Bitbucket Cloud workspaces for a variety of contextualized security issues such as source code exposure, admin misconfigurations, and more.

DDoS protection

DDoS alerts now available for EU CMB customers

DDoS alerts are now available for EU Customer Metadata Boundary (CMB) customers. This includes all DDoS alert type (Standard and Advanced) for both HTTP DDoS attacks and L3/4 DDoS attacks.

Rules

Cloudflare Snippets now available to all Enterprise customers

Cloudflare Snippets (alpha) are now available to all Enterprise customers. Customers in other paid plans will gradually get access throughout 2024.

May 31, 2024

Magic Cloud Networking

Closed beta launch

Cloudflare launched Magic Cloud Networking in closed beta.

Magic WAN

WARP virtual IP addresses

Customers using Gateway to filter traffic to Magic WAN destinations will now see traffic from Cloudflare egressing with WARP virtual IP addresses (CGNAT range), rather than public Cloudflare IP addresses. This simplifies configuration and improves visibility for customers.

May 30, 2024

WAF

2024-05-30 - Emergency

For more details, refer to the dedicated page for 2024-05-30 - Emergency.

May 29, 2024

WAF

2024-05-29 - Emergency

For more details, refer to the dedicated page for 2024-05-29 - Emergency.

Workers AI

Add new public LoRAs and note on LoRA routing

  • Added documentation on new public LoRAs.
  • Noted that you can now run LoRA inference with the base model rather than explicitly calling the -lora version
May 24, 2024

Hyperdrive

Increased configuration limits

You can now create up to 25 Hyperdrive configurations per account, up from the previous maximum of 10.

Refer to Limits to review the limits that apply to Hyperdrive.

May 23, 2024

CASB

Data-at-rest DLP for Box and Dropbox

You can now scan your Box and Dropbox files for DLP matches.

DLP

Data-at-rest DLP for Box and Dropbox

You can now scan your Box and Dropbox files for DLP matches.

WAF

Improved detection capabilities

WAF attack score now automatically detects and decodes Base64 and JavaScript (Unicode escape sequences) in HTTP requests. This update is available for all customers with access to WAF attack score (Business customers with access to a single field and Enterprise customers).