Cloudflare
138 mises à jour · mai 2026
60 feature updates·12 FEATURE UPDATE·5 new integrations·4 technical updates·3 events·3 product launches·3 security incidents·2 pricing updates
Parcourir d'autres mois de Cloudflare
Cloudflare announced Connect on Tour Sydney, a one-day event on July 30, 2026, at Hilton Sydney, targeting innovators in security, networking, and AI. The event will showcase unified platform solution…
Cloudflare announced the third edition of Immerse São Paulo, a one-day event on April 16, 2026, at the Renaissance São Paulo Hotel. The event focuses on practical strategies for modernizing infrastruc…
Cloudflare announced the rescheduling of its Immerse roadshow in Boston on April 16, 2026, targeting security, IT, and digital leaders. The event will focus on Zero Trust, SASE, DDoS, application secu…
Cloudflare released a new API endpoint in Radar that retrieves HTTP request distributions grouped by 15+ dimensions such as ASN, bot class, content type, device, and TLS version. The endpoint supports…
Cloudflare now allows its own platform to serve as an identity provider for Access policies, enabling authentication based on Cloudflare account membership. Users can restrict access to specific accou…
Pricing updated for Cloudflare: - Free: new promotion — forever
Pricing updated for Cloudflare: - New tier: Pay-as-you-go ($7/mo user) - Removed: Free (Teams) tier - Removed: Pay-as-you-go (Teams) tier - Removed: Contract (Teams) tier
Cloudflare announced Immerse, a premier roadshow event in Toronto on May 20, 2026, targeting security, IT, and digital leaders. The event focuses on Zero Trust, SASE, DDoS, application security, and A…
Pricing updated for Cloudflare: - New tier: Free (Teams) ($0/mo) - New tier: Pay-as-you-go (Teams) ($7/mo per user) - New tier: Contract (Teams) (Custom pricing) - Removed: Teams (under 50 users) tier…
Pricing updated for Cloudflare: - New tier: Teams (under 50 users) ($0/mo) - New tier: Teams (over 50 users) ($7/mo per user) - New tier: Contract (SASE/Workspace) (Custom pricing) - Removed: Pay-as-y…
Cloudflare Radar introduced two new charts on its traffic page: a content type distribution chart and an API traffic share chart. The content type chart breaks down HTTP response types by category wit…
Cloudflare deployed enhancements to its WAF managed ruleset on May 20, 2026, improving detection resilience against web attacks and behavioral coverage. A new rule targeting Sitecore cache poisoning (…
Cloudflare is rolling out a refreshed DNS records page in its dashboard starting May 20, 2026, with opt-in availability for all users. The update introduces resizable columns, advanced filters, a mobi…
Cloudflare Artifacts now emits structured events for repository lifecycle changes (creates, deletes, forks, imports, clones, pushes, fetches) that can be subscribed to via Cloudflare Queues. Developer…
Cloudflare and Anthropic launched an integration enabling Claude Managed Agents to run on Cloudflare Sandboxes, offering enhanced security, observability, and scalability. The integration provides lig…
Pricing updated for Cloudflare: - Free: now includes Teams under 50 users or enterprise proof-of-concept tests. - Contract: now includes Organizations building toward full-featured SASE or workspace s…
Pricing updated for Cloudflare: - Plan features or structure changed
Cloudflare introduced event subscriptions for Artifacts lifecycle events, enabling real-time notifications for repository changes. Developers can now consume these events via Workers to build commit-d…
Cloudflare Radar introduced MRT Explorer, a browser-based tool that parses Multi-Threaded Routing Toolkit (MRT) dump files to inspect BGP messages, AS paths, and community attributes without uploading…
Cloudflare Access now allows users to authenticate using their existing Cloudflare accounts, replacing One-time PINs as the default identity provider for new Zero Trust accounts. The update includes a…
Cloudflare introduced new Wrangler commands to manage Artifacts namespaces, repositories, and repo-scoped tokens, currently in private beta. The commands include listing, creating, retrieving, and del…
Cloudflare now lets developers expose local Wrangler or Vite dev servers via Cloudflare Tunnels, enabling public sharing of previews or webhook testing. Users can generate random or stable hostnames (…
Cloudflare’s Project Glasswing tested Anthropic’s Mythos Preview LLM, finding it capable of constructing exploit chains from multiple vulnerabilities and generating working proofs of concept—capabilit…
Cloudflare discontinued support for the deprecated `wrangler dev --remote` flag for KV-backed Durable Objects on May 18, 2026. The flag was never compatible with the recommended SQLite storage backend…
Cloudflare introduced a feature allowing developers to share local dev sessions through Cloudflare Tunnel using Wrangler or the Vite plugin, generating a public URL for previews, webhook testing, or c…
Cloudflare introduced new Wrangler CLI commands to manage Artifacts namespaces, repos, and repo-scoped tokens directly from the command line. The update includes commands for listing, creating, retrie…
Cloudflare WAN now supports post-quantum IPsec tunnels using ML-KEM-768 hybrid key exchange (RFC 9370) alongside classical DH groups, enhancing resistance to harvest-now-decrypt-later attacks. Both GR…
Cloudflare introduced R2 Data Catalog, a managed Apache Iceberg data catalog integrated directly into R2 buckets, now in public beta. The feature enables standard Iceberg REST catalog interfaces for t…
Cloudflare documented expanded SQL support in R2 SQL, including JOINs (all types), common table expressions (CTEs), and subqueries in FROM/IN/NOT IN/EXISTS clauses. The engine remains in public beta a…
Cloudflare’s Workers AI platform now hosts 78 models, including frontier-scale text generators like Moonshot AI’s Kimi K2.6 and OpenAI’s gpt-oss-120b, multimodal models such as Meta’s Llama 4 Scout, a…
Pricing updated for Cloudflare: - Free: promotion ended (was: forever)
Pricing updated for Cloudflare: - Plan features or structure changed
Cloudflare’s R2 SQL now supports JOINs, subqueries, and multi-table queries for Iceberg tables stored in R2 Data Catalog. This enables complex analytical queries directly on Cloudflare’s global networ…
Cloudflare issued an emergency WAF update on May 15, 2026, adding two new rules to block exploitation attempts targeting a critical nginx heap buffer overflow vulnerability (CVE-2026-42945). The rules…
Pricing updated for Cloudflare: - Free: new promotion — forever
Pricing updated for Cloudflare: - New tier: Free ($0/mo) - New tier: Pro ($25/mo ($20/mo annually, 20% off)) - New tier: Business ($250/mo ($200/mo annually, 20% off)) - New tier: Contract (Custom pri…
Cloudflare introduced Custom Domains for Workers, enabling automatic DNS record creation and certificate issuance for domain or subdomain routing without manual configuration. This simplifies deployme…
Cloudflare Workers now supports two types of preview URLs—versioned and aliased—to test new Worker versions without deploying to production. Versioned previews auto-generate for each new version, whil…
Cloudflare identified a hidden bottleneck in ClickHouse query planning after migrating to a per-namespace partitioning scheme, causing lock contention that slowed billing jobs. They fixed it with shar…
Cloudflare introduced a new Domains tab in the Workers dashboard, enabling users to purchase domains via Cloudflare Registrar, add existing domains, and manage Worker routing in one place. The feature…
Cloudflare introduced new AI chat agent APIs—AIChatAgent and useAgentChat—built on Durable Objects and SQLite for automatic message persistence, resumable streaming, and real-time sync. The APIs suppo…
Cloudflare introduced One-time PIN (OTP) login as an alternative authentication method in its Zero Trust Access service, allowing users to receive a PIN via email instead of relying solely on identity…
Cloudflare rebuilt its Browser Run headless browser service on Cloudflare Containers, increasing concurrent browser capacity from 30 to 120 and spin-up rate from 15 to 60 browsers per minute. Quick Ac…
Cloudflare expanded its Cloudflare Workers starter templates with over 15 new GitHub repositories designed to accelerate project setup, including Astro blogs, AI chat apps, Durable Objects-based chat,…
Cloudflare now blocks AI company crawlers by default via its AI Crawl Control, having launched the feature in September 2024. It is also developing a 'Pay Per Crawl' model to let websites charge AI fi…
Cloudflare released Agents SDK v0.12.4 with chat recovery improvements for interrupted sessions, durable Think submissions that persist across restarts, routing retry configuration, and Voice agent co…
Cloudflare’s /cdn-cgi/rum beacon endpoint now returns a 405 Method Not Allowed (with Allow: POST, OPTIONS header) for non-POST requests instead of 404, clarifying that the endpoint exists but only acc…
Cloudflare introduced two new Logpush datasets—Email Security Post-Delivery Events and Magic Network Monitoring Flow Logs—along with updated fields in existing datasets like Firewall events and HTTP r…
Cloudflare updated its Cloudflare One Appliance documentation to clarify deployment options, including pre-installed hardware appliances and downloadable virtual appliances. Both options enable IPsec …
Cloudflare added support for configuring custom DHCP options in its Cloudflare One Appliance DHCP server, enabling PXE/iPXE boot, VoIP provisioning, and vendor-specific client configurations. Changes …
Cloudflare expanded Cloudflare One Virtual Appliance capabilities with self-serve provisioning via API or Terraform, enabling direct creation, license rotation, and deletion of virtual appliances. The…
Cloudflare introduced new metrics and analytics for R2 Data Catalog, enabling programmatic monitoring of Iceberg REST API operations and table maintenance jobs (compaction, snapshot expiration) via th…
A bug in the Linux CUBIC congestion control algorithm, originally fixed in the kernel, was ported to Cloudflare's QUIC implementation (quiche) where it caused the congestion window to remain pinned at…
Patch Changes #13866 4e44ce6 Thanks @dependabot ! - Update dependencies of "miniflare", "wrangler" The following dependency versions have been updated: Dependency From To workerd 1.20260507.1 1.202605…
Patch Changes #13855 dba84c2 Thanks @courtney-sims ! - Temporarily hardcode asset worker cohort to "ent" for latency testing Disables the lookupCohort RPC call and cohort-based version routing in the …
Patch Changes #13888 2af4ce0 Thanks @jamesopstad ! - Update Vite to v8.0.12 This updates the bundled Vite module runner to include the bug fix in vitejs/vite#22369 . Updated dependencies [ 4e44ce6 , b…
Patch Changes Updated dependencies [ 4e44ce6 , b0cee1d , d878e13 , 971dfe3 , 971dfe3 , 5d936c5 ]: miniflare@4.20260508.0 wrangler@4.90.1
Patch Changes #13873 a6914bd Thanks @dependabot ! - Update dependencies of "create-cloudflare" The following dependency versions have been updated: Dependency From To create-vike 0.0.622 0.0.625 #1387…
Patch Changes Updated dependencies [ 4e44ce6 , 5d936c5 ]: miniflare@4.20260508.0
Minor Changes #8431 5d936c5 Thanks @penalosa ! - Support workerd autogates via the MINIFLARE_WORKERD_AUTOGATES environment variable. Patch Changes #13866 4e44ce6 Thanks @dependabot ! - Update dependen…
Cloudflare deployed and updated WAF rules to block remote code execution (RCE) vulnerabilities, including a new rule for CVE-2025-55182 in React Server Components and enhancements for Monsta FTP, Fort…
Cloudflare introduced new WAF rules to block the Next.js authentication bypass vulnerability (CVE-2025-29927), initially opting rules in for Pro plans and above. The rules target requests with the `x-…
Cloudflare will release three new WAF managed rules on May 11, 2026, targeting Java deserialization-based remote code execution across request body, headers, and URI. These rules will initially be dis…
Cloudflare now enables SSH through Wrangler by default for its Containers product, removing the need to manually set `ssh.enabled` to `true`. Access remains secure, requiring an `ssh-ed25519` public k…
Cloudflare updated its Access login and one-time password pages with a modernized design featuring a unified authentication card, consistent button styling, and improved mobile responsiveness includin…
Cloudflare Gateway now lets administrators create DNS, HTTP, and Network firewall policies by describing desired outcomes in plain language. The AI generates a fully configured rule that incorporates …
Cloudflare’s R2 Data Catalog now exposes metrics via the GraphQL Analytics API, enabling monitoring of Iceberg REST API operations and table maintenance jobs. Two new datasets—`r2CatalogDataOperations…
Cloudflare released the GA version 2026.4.1350.0 of its Windows Cloudflare One Client, featuring a redesigned, cleaner UI with improved navigation and access to common actions. The update is available…
Cloudflare released the GA version 2026.4.1350.0 of its macOS Cloudflare One Client, featuring a redesigned, cleaner UI with improved navigation and access to common actions. The update is available i…
Cloudflare released the general availability version 2026.4.1350.0 of its Linux Cloudflare One Client, featuring a redesigned UI that improves usability and access to common actions. The update is ava…
Cloudflare IPsec now supports standard NAT traversal (NAT-T), allowing IKE to begin on UDP port 500 and switch to port 4500 after NAT detection. Previously, devices behind NAT had to initiate IKE on p…
Cloudflare deployed managed WAF rule enhancements on May 11, 2026, improving detection resilience against web attacks and behavioral coverage. A new rule for Java Deserialization was merged into an ex…
Cloudflare introduced GLM-4.7-Flash, a high-performance multilingual text generation model with a 131,072-token context window, optimized for dialogue, instruction-following, and multi-turn tool calli…
Cloudflare added Google’s Gemma 4 26B a4b-it model to its Workers AI platform, offering a 256,000-token context window, function calling, reasoning, and vision capabilities. Pricing is $0.10 per M inp…
Cloudflare will deprecate 18 older models in its Workers AI catalog on May 30, 2026, replacing them with newer alternatives like GLM-4.7-Flash and Gemma-4-26B. Kimi K2.5 will be aliased to K2.6, which…
Cloudflare announced mitigations for multiple high-severity vulnerabilities in React Server Components and Next.js, including denial-of-service, middleware bypass, SSRF, XSS, and cache poisoning. Exis…
Cloudflare announced a global workforce reduction of over 1,100 employees, citing a need to rearchitect the company for the agentic AI era. The decision is framed as a strategic shift to align with in…
Minor Changes #12279 248bc08 Thanks @penalosa ! - Add deprecation warning for delivery_delay in queue producer bindings The delivery_delay setting in [[queues.producers]] was silently having no effect…
Cloudflare Stream now supports direct API bindings within Workers, enabling programmatic video uploads, direct client-side uploads, video listing, captioning, watermarking, and download management wit…
Cloudflare Workers now offers automatic tracing instrumentation to provide end-to-end visibility into request flows across applications, enabling performance bottleneck identification and debugging wi…
Cloudflare Workers now supports Service Bindings, enabling direct, zero-overhead communication between Workers without public URLs. This feature allows RPC-style method calls or HTTP-based fetch reque…
Cloudflare Workers now supports exporting OpenTelemetry-compliant traces and logs to any OTel-compatible destination, enabling integration with existing observability stacks. Users can configure desti…
Patch Changes #13824 dd3baf3 Thanks @emily-shen ! - Fix container deployment being skipped for Workers for Platforms user workers Previously, deploying a worker with --dispatch-namespace would early-e…
Minor Changes #13055 f3fed88 Thanks @GregBrimble ! - Introducing the cache configuration option for Workers. You can now set { cache: { enabled: true } } in your Wrangler configuration file to enable …
Cloudflare disclosed a Linux kernel local privilege escalation vulnerability (CVE-2026-31431, 'Copy Fail') on April 29, 2026, and confirmed no customer impact or service disruption. Their existing beh…
Cloudflare introduced source-based breakout and prioritization rules for Cloudflare One Appliance, allowing traffic matching by source LAN, VLAN, or CIDR in addition to destination. This enables granu…
Cloudflare introduced automatic trace propagation across Worker-to-Worker subrequests, including service bindings and Durable Objects, replacing disconnected traces with a single unified trace. This e…
Cloudflare enabled custom DHCP option configuration on its Cloudflare One Appliance DHCP server, supporting PXE/iPXE boot, VoIP provisioning, and vendor-specific client setups. Options are validated b…
Cloudflare introduced Stream bindings for Workers, enabling direct video interactions (upload, metadata management, signed URL generation) without API tokens or HTTP requests. This allows programmatic…
Cloudflare introduced API and Terraform support for self-serve provisioning of Cloudflare One Virtual Appliance instances, including license key creation, rotation, and deletion. Users can now automat…
Cloudflare deployed managed WAF rules to mitigate newly disclosed React and Next.js vulnerabilities, including denial-of-service and middleware bypass issues. Existing rules already cover some CVEs, w…
Cloudflare issued an emergency WAF release on May 7, 2026, to address CVE-2026-44575, a critical flaw allowing unauthenticated attackers to bypass Next.js App Router middleware via segment-prefetch ro…
Cloudflare introduced CSV export functionality and adjustable page density (10/25/50 records) for Requests for Information (RFI) in the Cloudforce One platform. These updates target power users managi…
Cloudflare expanded its Radar API with new endpoints to analyze top-level domain (TLD) authoritative nameserver performance. The API now supports summary and timeseries queries grouped by latency, nam…
Cloudflare introduced a new API endpoint in Radar to summarize top-level domain (TLD) authoritative nameserver performance by dimensions like latency, nameserver latency, or location latency. The endp…
Cloudflare expanded its Radar API with a new endpoint to retrieve timeseries data on top-level domain (TLD) authoritative nameserver performance, grouped by latency dimensions. The API supports multip…
Cloudflare updated its Cloudforce One Threat Events API to support querying all event datasets per account, with new output formats like STIX2 and TAXII, and enhanced search operators including 'in' f…
Cloudflare introduced a new API endpoint under Radar to retrieve the top autonomous systems by announced IP space, ranked by IPv4 /24 or IPv6 /48 counts. The endpoint supports filtering by country, da…
Cloudflare introduced a new API endpoint to retrieve RPKI ROA validation ratios over time via `/radar/bgp/rpki/roas/timeseries`. The endpoint supports filtering by ASN, location, and metric type (e.g.…
On May 5, 2026, DENIC published incorrect DNSSEC signatures for the .de TLD, causing validating resolvers like Cloudflare’s 1.1.1.1 to return SERVFAIL for all .de domains. Cloudflare mitigated the iss…
Cloudflare announced Immerse, a roadshow event in Anaheim, CA on May 6, 2026, targeting security and IT leaders to discuss Zero Trust, SASE, DDoS, and AI application deployment. The event highlights C…
Cloudflare Mesh nodes now support advertising IPv6 CIDR routes alongside IPv4, enabling dual-stack or IPv6-only private networks. Users can configure IPv6 routes (e.g., fd00::/64) via dashboard or API…
Cloudflare Radar now tracks TLD authoritative nameserver performance, offering latency metrics, per-nameserver breakdowns, and geographic distribution via new widgets and API endpoints. Users can anal…
Cloudflare’s Threat Events API now supports TAXII format for exporting threat data, enabling direct integration with SIEM, TIP, and SOAR tools. This reduces manual overhead by automating indicator syn…
Cloudflare introduced Cloudy summaries in PhishNet for Office 365, providing AI-generated context for suspicious emails to speed up investigations. The feature leverages existing detection models with…
Cloudflare introduced Instant Bank Payments (IBP) via Link, allowing US-based self-serve accounts to pay directly from bank accounts during checkout. The feature integrates with Link’s one-click walle…
Cloudflare was named a Leader in Forrester’s Edge Development Platforms report for Q1 2026, receiving top scores in Vision, Innovation, Roadmap, and AI application development. The report highlights C…
Cloudflare introduced Terraform support for configuring Pipelines and R2 Data Catalog via the Cloudflare provider (v5.19.0+). The integration automates the creation of R2 buckets, data catalogs, strea…
Cloudflare published a guide demonstrating how to connect Apache Spark (Scala) applications to its R2 Data Catalog for Iceberg table operations. The example includes prerequisites, a sample Scala appl…
Cloudflare added DuckDB support to its R2 Data Catalog, enabling users to query and manage Iceberg tables directly via DuckDB. The integration requires DuckDB 1.4.0+, an R2 API token with catalog perm…
Cloudflare’s cache now runs on Pingora, its Rust-based proxy framework, replacing the previous system. The change delivers lower latency, reduced cache misses, and stricter RFC compliance, including n…
Cloudflare Radar introduced two new routing widgets: a 'Top ASes by announced IP space' chart on country pages and an RPKI ROA deployment timeseries widget. Both provide deeper visibility into BGP ann…
Cloudflare’s May 4, 2026 WAF release introduces new detections for command injection, SQL injection, PHP object injection, remote code execution, and XSS vectors. Several beta rules are merged into ex…
Cloudflare now supports managing Pipelines and R2 Data Catalog via Terraform with provider v5.19.0. Four new resources enable infrastructure-as-code for data ingestion, transformation, and storage wor…
Cloudflare introduced keyboard shortcuts for its dashboard, enabling faster navigation and actions without leaving the keyboard. Users can press `?` to view all shortcuts, which include quick navigati…
Cloudflare added Data Classification to its DLP suite, enabling reusable labels, templates, and data classes to organize and label sensitive content before enforcement. This allows administrators to s…
Cloudflare One added over 60 new predefined detection entries to its Data Loss Prevention (DLP) system, covering sensitive identifiers across 30+ countries, cryptocurrency wallets, and API tokens. The…
Cloudflare finished the 'Code Orange: Fail Small' initiative to prevent future outages like those in November and December 2025. Key changes include safer configuration deployments via Snapstone, redu…
Cloudflare One expanded its DLP detection entries with six new types: pattern entries (Rust regex), Exact Data Match datasets, Custom Wordlist datasets, document entries, and AI prompt topics. Each ty…
Cloudflare launched Dynamic Workers, enabling unlimited runtime-spun Workers for executing arbitrary code in secure sandboxes. This allows AI agents to write and run code directly, reducing inference …
Cloudflare introduced Dynamic Workflows, enabling per-tenant or per-user durable execution by combining Workflows with Dynamic Workers. Each workflow step survives failures, sleeps, or waits for event…
Cloudflare launched dynamic workflows, enabling per-tenant or per-user durable execution by combining Workflows with Dynamic Workers. Each workflow step survives failures, sleeps, or isolate recycling…
Cloudflare introduced Dynamic Workflows, enabling platforms to dynamically deploy tenant-specific durable workflows without pre-binding workflow code. This extends their Dynamic Workers model to durab…
Cloudflare introduced the @cloudflare/dynamic-workflows library, allowing Workflows to run inside Dynamic Workers for durable, multi-step logic loaded at runtime. This solves durability challenges by …
Suivez Cloudflare en pilote automatique