Cloudflare — Cloud, Security product updates and releases, tracked on megachangelog.
AI Gateway logs now include the user agent of clients making requests, making it easier to identify which SDK, library, or application sent the traffic. Users can filter logs by user agent in the dashboard using equals, does not equal, or contains operators.
You can now filter Durable Objects metrics in the dashboard by individual object ID or name, making it easier to isolate and debug specific objects instead of viewing only aggregate namespace-level data. Charts automatically update to show only the selected object's metrics.
Kimi K2.7 Code, a code-optimized variant with 1T total parameters and 32B active per token, is now available on Workers AI. It delivers 21.8% improvement on Kimi Code Bench, uses 30% fewer reasoning tokens, and offers 262.1k token context window with support for vision inputs, thinking mode, and structured outputs.
The Browser Run /snapshot endpoint now accepts a formats parameter to return multiple page formats in a single API call, including Markdown and accessibility tree alongside screenshots. This enables more efficient workflows for AI agents by providing token-efficient content representation and structured page element data.
Cloudflare DLP now supports custom topics for AI prompt protection, allowing you to define organization-specific concepts beyond predefined categories. Custom topics use natural language descriptions to detect contextual matches, enabling detection of unique or proprietary information across ChatGPT, Google Gemini, Perplexity, and Claude.
Customers can now view the number of Dynamic Workers invoked during their billing period from the Workers overview page in the Cloudflare dashboard and query this data via the GraphQL Analytics API using workersInvocationsByOwnerAndScriptGroups and distinctDynamicWorkerCount.
AI Search now supports namespace-level Wrangler CLI commands for creating, listing, updating, and deleting namespaces directly from the terminal. Instance-level commands also support a new --namespace flag for managing instances within specific namespaces.
Enterprise accounts now have account-level DNS records quotas instead of per-zone limits, allowing flexible distribution across zones with separate quotas for public and internal zones (default 1,000,000 each). Existing per-zone quotas remain unchanged for other accounts.
The Cloudflare Flagship API reference is now available, allowing you to programmatically create, update, delete, and manage feature flags and apps without using the dashboard. The API supports apps, flags, changelog entries, and flag evaluation endpoints.
Cloudflare Images now offers an Images binding for Workers, enabling you to upload, list, retrieve, update, and delete images directly from your Worker code without managing API tokens or making HTTP requests.
Brand Protection now includes an automated Cease & Desist workflow that generates custom-branded legal notices for infringing domains hosted outside Cloudflare. The feature automatically looks up registrar and WHOIS contact data, pre-fills templates with metadata, and offers three enforcement tone options (exact match, similar match, friendly tone) with full editing control before PDF download.
Cloudflare is deprecating several Sandbox SDK features including HTTP/WebSocket transports, desktop, expose ports, and default sessions by July 9, 2026. Developers should migrate to newer alternatives like RPC transport, Cloudflare Tunnel, and explicit session management to maintain compatibility with future versions.
This release adds security detections for critical vulnerabilities including SQL injection in Drupal with PostgreSQL (CVE-2026-9082), unsafe deserialization in Mirasvit Cache Warmer (CVE-2026-45247), prototype pollution in Axios (CVE-2026-40175), and obfuscated SQL injection bypass attempts. These new signatures block malicious payloads at the edge before they can exploit vulnerable software.
Cloudflare WAF is adding two new detections scheduled for June 15, 2026: a Ghost CMS SQLi detection for CVE-2026-26980 and an obfuscated boolean SQLi detection for URI parameters.
Cloudflare Email Service now supports authenticated SMTP submission on smtp.mx.cloudflare.net:465 as a third method to send transactional emails, alongside REST API and Workers bindings. This enables existing applications using SMTP libraries to integrate with Cloudflare's email service with identical limits and features.
R2 SQL now supports set operations (UNION, INTERSECT, EXCEPT) and SELECT DISTINCT, allowing you to combine, compare, and deduplicate results from multiple queries on Apache Iceberg tables in R2 Data Catalog.
Post-meeting transcription is now Generally Available in RealtimeKit, allowing completed meetings to automatically generate full transcript files and AI-powered summaries using Workers AI and Whisper Large v3 Turbo. Transcripts and summaries can be delivered via webhooks or REST API without needing separate transcription infrastructure.
Cloudflare Security Center users can now instantly generate WAF rules from Threat Events saved views, automating the process of converting threat intelligence indicators into active firewall rules. This eliminates manual copying and reduces the time between threat discovery and mitigation.
Cloudflare now displays Threat Actor Profiles directly in the Threat Events dashboard, allowing security teams to immediately understand the who, why, and how behind blocked events without leaving the dashboard. The profiles include real-time malicious infrastructure intelligence, MITRE ATT&CK mappings, aliases, and historical threat data powered by Cloudforce One research.
Workflows now supports saga-style rollbacks with compensating logic for each step, executing in reverse order if failures occur. This enables safer multi-step operations across external systems, with dedicated retry and timeout configuration for rollback handlers, plus analytics events for easier debugging.
AI Gateway now supports spend limits that track cumulative dollar spend and block requests when budgets are exceeded, unlike rate limiting. Users can scope limits by model, provider, or custom metadata, and configure time windows with fixed or sliding enforcement for both Unified Billing and BYOK requests.
Cloudflare Radar now provides finer-grained traffic charts for longer time ranges, with daily granularity for 1-3 month views and weekly granularity for views longer than 3 months. This enables users to surface meaningful trends that were previously obscured by coarse weekly or monthly aggregation.
Workers using VPC Network bindings can now route their public Internet traffic through Cloudflare Gateway, applying existing Zero Trust policies (DNS, HTTP, Network) and gaining visibility into worker egress alongside other traffic logs.
Cloudflare Access now supports IdP federation, enabling organizations to configure a single identity provider once in a source account and share it across multiple Cloudflare accounts. Each recipient account receives a read-only connection that securely routes authentication back through a bridge application, eliminating the need to configure the same IdP separately in every account.
Pay-as-you-go customers can now view billable usage and set budget alerts directly from product overview pages for Workers, Pages, D1, R2, KV, Queues, Vectorize, Durable Objects, and Containers. The sidebar widget displays current-period spend and billing cycle dates, with an inline flow to create account-level budget alerts.