Cloudflare product changelog

DDoS protection - HTTP DDoS managed ruleset - 2023-10-19

Thursday, Oct 19, 2023

Rule ID	Description	Previous Action	New Action	Notes
...61bc58d5	HTTP requests with unusual HTTP headers or URI path (signature #55).	ddos_dynamic	ddos_dynamic	Requests will be challenged by default, larger attacks are blocked.

Wrangler - 3.14.0

Thursday, Oct 19, 2023

#4204 38fdbe9b Thanks @matthewdavidrodgers! - Support user limits for CPU time

User limits provided via script metadata on upload

Example configuration:
```
[limits]
cpu_ms = 20000
```
#2162 a1f212e6 Thanks @WalshyDev! - add support for service bindings in wrangler pages dev by providing the new --service|-s flag which accepts an array of BINDING_NAME=SCRIPT_NAME where BINDING_NAME is the name of the binding and SCRIPT_NAME is the name of the worker (as defined in its wrangler.toml), such workers need to be running locally with with wrangler dev.

For example if a user has a worker named worker-a, in order to locally bind to that they’ll need to open two different terminals, in each navigate to the respective worker/pages application and then run respectively wrangler dev and wrangler pages ./publicDir --service MY_SERVICE=worker-a this will add the MY_SERVICE binding to pages’ worker env object.

Note: additionally after the SCRIPT_NAME the name of an environment can be specified, prefixed by an @ (as in: MY_SERVICE=SCRIPT_NAME@PRODUCTION), this behavior is however experimental and not fully properly defined.

Wrangler - 3.13.2

Tuesday, Oct 17, 2023

#4206 8e927170 Thanks @1000hz! - chore: bump miniflare to 3.20231016.0
#4144 54800f6f Thanks @a-robinson! - Log a warning when using a Hyperdrive binding in local wrangler dev

Wrangler - 3.13.1

Thursday, Oct 12, 2023

#4171 88f15f61 Thanks @penalosa! - patch: This release fixes some regressions related to running wrangler dev that were caused by internal refactoring of the dev server architecture ( #3960). The change has been reverted, and will be added back in a future release.

Wrangler - 3.13.0

Thursday, Oct 12, 2023

#4161 403bc25c Thanks @RamIdeas! - Fix wrangler generated types to match runtime exports
#3960 c36b78b4 Thanks @RamIdeas! - Refactoring the internals of wrangler dev servers (including wrangler dev, wrangler dev --remote and unstable_dev()).

There are no changes required for developers to opt-in. Improvements include:
- fewer ‘address in use’ errors upon reloads
- upon config/source file changes, requests are buffered to guarantee the response is from the new version of the Worker
#3590 f4ad634a Thanks @penalosa! - fix: When a middleware is configured which doesn’t support your Worker’s script format, fail early with a helpful error message

DDoS protection - HTTP DDoS managed ruleset - 2023-10-11

Wednesday, Oct 11, 2023

Rule ID	Description	Previous Action	New Action	Notes
...35675e08	HTTP requests with unusual HTTP headers or URI path (signature #24).	block	block	This rule can cause rare false positives with custom apps sending invalid headers.

WAF - 2023-10-11 - Emergency

Wednesday, Oct 11, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...ec9f34e1	100604	Atlassian Confluence - Privilege Escalation - CVE:CVE-2023-22515	N/A	Block	This rule is released for our Cloudflare Free customers as well, rule ID: ...91935fcb (Detection logic update)

Wrangler - 3.12.0

Wednesday, Oct 11, 2023

#4071 f880a009 Thanks @matthewdavidrodgers! - Support TailEvent messages in Tail sessions

When tailing a tail worker, messages previously had a null event property. Following https://github.com/cloudflare/workerd/pull/1248, these events have a valid event, specifying which scripts produced events that caused your tail worker to run.

As part of rolling this out, we’re filtering out tail events in the internal tail infrastructure, so we control when these new messages are forward to tail sessions, and can merge this freely.

One idiosyncracy to note, however, is that tail workers always report an “OK” status, even if they run out of memory or throw. That is being tracked and worked on separately.
#2397 93833f04 Thanks @a-robinson! - feature: Support Queue consumer events in tail

So that it’s less confusing when tailing a worker that consumes events from a Queue.
#2687 3077016f Thanks @jrf0110! - Fixes large Pages projects failing to complete direct upload due to expiring JWTs

For projects which are slow to upload - either because of client bandwidth or large numbers of files and sizes - It’s possible for the JWT to expire multiple times. Since our network request concurrency is set to 3, it’s possible that each time the JWT expires we get 3 failed attempts. This can quickly exhaust our upload attempt count and cause the entire process to bail.

This change makes it such that jwt refreshes do not count as a failed upload attempt.
#4069 f4d28918 Thanks @a-robinson! - Default new Hyperdrive configs for PostgreSQL databases to port 5432 if the port is not specified

Tenant - New Tenant Admin UI

Tuesday, Oct 10, 2023

Partners can now create and view accounts through the Cloudflare dashboard by going to Tenants > Managed Accounts.

WAF - Scheduled changes

Tuesday, Oct 10, 2023

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Rule ID	Description	Comments
2023-10-10	2023-10-16	Block	100606	...3e3f706d	JetBrains TeamCity - Auth Bypass, Remote Code Execution - CVE:CVE-2023-42793	N/A
2023-10-10	2023-10-16	Block	100607	...469c4a38	Progress WS_FTP - Information Disclosure - CVE:CVE-2023-40044	N/A
2023-10-10	2023-10-16	Block	100608	...7ccccdce	Progress WS_FTP - Remote Code Execution - CVE:CVE-2023-40044	N/A

AI Gateway - 2023-10-09

Monday, Oct 9, 2023

Logs: Logs will now be limited to the last 24h. If you have a use case that requires more logging, please reach out to the team on Discord.
Dashboard: Logs now refresh automatically.
Docs: Fixed Workers AI example in docs and dash.
Caching: Embedding requests are now cacheable. Rate limit will not apply for cached requests.
Bugs: Identical requests to different providers are not wrongly served from cache anymore. Streaming now works as expected, including for the Universal endpoint.
Known Issues: There’s currently a bug with costs that we are investigating.

DDoS protection - HTTP DDoS managed ruleset - 2023-10-09 - Emergency

Monday, Oct 9, 2023

Rule ID	Description	Previous Action	New Action
...02bbdce1	HTTP requests with unusual HTTP headers or URI path (signature #47).	N/A	block
...493cb8a8	HTTP requests with unusual HTTP headers or URI path (signature #52).	N/A	block
...5c344623	HTTP requests from uncommon clients	N/A	block
...6363bb1b	HTTP requests with unusual HTTP headers or URI path (signature #48).	N/A	block
...c1fbd175	HTTP requests trying to impersonate browsers (pattern #4).	N/A	block

Queues - More queues per account - up to 10,000

Saturday, Oct 7, 2023

Developers building on Queues can now create up to 10,000 queues per account, enabling easier per-user, per-job and sharding use-cases.

Refer to Limits to learn more about Queues’ current limits.

Notifications - 2023-10-06

Friday, Oct 6, 2023

Added Traffic Anomalies Alerts to notify customers when traffic to their domain has an unexpected spike or drop.

Queues - Higher consumer concurrency limits

Thursday, Oct 5, 2023

Queue consumers can now scale to 20 concurrent invocations (per queue), up from 10. This allows you to scale out and process higher throughput queues more quickly.

Queues with no explicit limit specified will automatically scale to the new maximum.

This limit will continue to grow during the Queues beta.

Wrangler - 3.11.0

Thursday, Oct 5, 2023

#3726 7d20bdbd Thanks @petebacondarwin! - feat: support partial bundling with configurable external modules

Setting find_additional_modules to true in your configuration file will now instruct Wrangler to look for files in your base_dir that match your configured rules, and deploy them as unbundled, external modules with your Worker. base_dir defaults to the directory containing your main entrypoint.

Wrangler can operate in two modes: the default bundling mode and --no-bundle mode. In bundling mode, dynamic imports (e.g. await import("./large-dep.mjs")) would be bundled into your entrypoint, making lazy loading less effective. Additionally, variable dynamic imports (e.g. await import(`./lang/${language}.mjs`)) would always fail at runtime, as Wrangler would have no way of knowing which modules to upload. The --no-bundle mode sought to address these issues by disabling Wrangler’s bundling entirely, and just deploying code as is. Unfortunately, this also disabled Wrangler’s code transformations (e.g. TypeScript compilation, --assets, --test-scheduled, etc).

With this change, we now additionally support partial bundling. Files are bundled into a single Worker entry-point file unless find_additional_modules is true, and the file matches one of the configured rules. See https://developers.cloudflare.com/workers/wrangler/bundling/ for more details and examples.
#4093 c71d8a0f Thanks @mrbbot! - chore: bump miniflare to 3.20231002.0
#3726 7d20bdbd Thanks @petebacondarwin! - fix: ensure that additional modules appear in the out-dir

When using find_additional_modules (or no_bundle) we find files that will be uploaded to be deployed alongside the Worker.

Previously, if an outDir was specified, only the Worker code was output to this directory. Now all additional modules are also output there too.
#4067 31270711 Thanks @mrbbot! - fix: generate valid source maps with wrangler pages dev on macOS

On macOS, wrangler pages dev previously generated source maps with an incorrect number of ../s in relative paths. This change ensures paths are always correct, improving support for breakpoint debugging.
#4084 9a7559b6 Thanks @RamIdeas! - fix: respect the options.local value in unstable_dev (it was being ignored)
#4107 807ab931 Thanks @mrbbot! - chore: bump miniflare to 3.20231002.1
#3726 7d20bdbd Thanks @petebacondarwin! - fix: allow __STATIC_CONTENT_MANIFEST module to be imported anywhere

__STATIC_CONTENT_MANIFEST can now be imported in subdirectories when --no-bundle or find_additional_modules are enabled.
#3926 f585f695 Thanks @penalosa! - Log more detail about tokens after authentication errors
#3695 1d0b7ad5 Thanks @JacksonKearl! - Fixed pages dev crashing and leaving port open when building a worker script fails
#4066 c8b4a07f Thanks @RamIdeas! - fix: we no longer infer pathnames from route patterns as the host

During local development, inside your worker, the host of request.url is inferred from the routes in your config.

Previously, route patterns like “*/some/path/name” would infer the host as “some”. We now handle this case and determine we cannot infer a host from such patterns.

D1 - Create up to 50,000 D1 databases

Tuesday, Oct 3, 2023

Developers using D1 on a Workers Paid plan can now create up to 50,000 databases as part of ongoing increases to D1’s limits.

This further enables database-per-user use-cases and allows you to isolate data between customers.
Total storage per account is now 50 GB.
D1’s analytics and metrics provide per-database usage data.

If you need to create more than 50,000 databases or need more per-account storage, reach out to the D1 team to discuss.

WAF - 2023-10-04 - Emergency

Tuesday, Oct 3, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...ec9f34e1	100604,100605	Atlassian Confluence - Privilege Escalation - CVE:CVE-2023-22515	N/A	Block	This rule is released for our Cloudflare Free customers as well, rule ID: ...91935fcb

Zaraz - 2023-10-03

Tuesday, Oct 3, 2023

Bugfix: Fixed an issue that prevented some server-side requests from arriving to their destination
Google Analytics 4 Managed Component: Add support for dbg and ir fields.

WAF - 2023-10-02

Monday, Oct 2, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...34780914	100532	Vulnerability scanner activity	N/A	Disabled	This rule was released as 100532_BETA in legacy waf and ...6e298ed7 in new WAF

D1 - The D1 public beta is here

Thursday, Sep 28, 2023

D1 is now in public beta, and storage limits have been increased:

Developers with a Workers Paid plan now have a 2 GB per-database limit (up from 500 MB) and can create 25 databases per account (up from 10). These limits will continue to increase automatically during the public beta.
Developers with a Workers Free plan retain the 500 MB per-database limit and can create up to 10 databases per account.

Databases must be using D1’s new storage subsystem to benefit from the increased database limits.

Read the announcement blog for more details about what is new in the beta and what is coming in the future for D1.

Notifications - 2023-09-28

Thursday, Sep 28, 2023

Added Incident Alerts.

Wrangler - 3.10.1

Thursday, Sep 28, 2023

#4041 6b1c327d Thanks @elithrar! - Fixed a bug in Vectorize that send preset configurations with the wrong key. This was patched on the server-side to work around this for users in the meantime.
#4054 f8c52b93 Thanks @mrbbot! - fix: allow wrangler pages dev sessions to be reloaded

Previously, wrangler pages dev attempted to send messages on a closed IPC channel when sources changed, resulting in an ERR_IPC_CHANNEL_CLOSED error. This change ensures the channel stays open until the user exits wrangler pages dev.

Wrangler - 3.10.0

Tuesday, Sep 26, 2023

#4013 3cd72862 Thanks @elithrar! - Adds wrangler support for Vectorize, Cloudflare’s new vector database, with wrangler vectorize. Visit the developer documentation (https://developers.cloudflare.com/vectorize/) to learn more and create your first vector database with wrangler vectorize create my-first-index.
#3999 ee6f3458 Thanks @OilyLime! - Adds support for Hyperdrive, via wrangler hyperdrive.
#4034 bde9d64a Thanks @ndisidore! - Adds Vectorize support uploading batches of newline delimited json (ndjson) vectors from a source file. Load a dataset with vectorize insert my-index --file vectors.ndjson
#4028 d5389731 Thanks @JacobMGEvans! - fix: Bulk Secret Draft Worker

Fixes the issue of a upload of a Secret when a Worker doesn’t exist yet, the draft worker is created and the secret is uploaded to it.

Fixes https://github.com/cloudflare/wrangler-action/issues/162

Stream - LL-HLS Beta

Monday, Sep 25, 2023

Low-Latency HTTP Live Streaming (LL-HLS) is now in open beta. Enable LL-HLS on your live input for automatic low-latency playback using the Stream built-in player where supported.

For more information, refer to live input and custom player docs.

Wrangler - 3.9.1

Monday, Sep 25, 2023

#3992 35564741 Thanks @edevil! - Add AI binding that will be used to interact with the AI project.

Example wrangler.toml

name = "ai-worker"
main = "src/index.ts"
[ai]
binding = "AI"

Example script:

import Ai from "@cloudflare/ai"
export default {
async fetch(request: Request, env: Env): Promise {
const ai = new Ai(env.AI);
const story = await ai.run({
model: 'llama-2',
input: {
prompt: 'Tell me a story about the future of the Cloudflare dev platform'
}
});
return new Response(JSON.stringify(story));
},
};
export interface Env {
AI: any;
}

#4006 bc8c147a Thanks @rozenmd! - fix: remove warning around using D1’s binding, and clean up the epilogue when running D1 commands
#4027 9e466599 Thanks @jspspike! - Add WebGPU support through miniflare update
#3986 00247a8d Thanks @edevil! - Added AI related CLI commands

DDoS protection - HTTP DDoS managed ruleset - 2023-09-24 - Emergency

Sunday, Sep 24, 2023

Rule ID	Description	Previous Action	New Action	Notes
...0fb54442	HTTP requests with unusual HTTP headers or URI path (signature #49).	N/A	block
...3dd5f188	HTTP requests from known botnet (signature #71).	N/A	block
...97003a74	HTTP requests with unusual HTTP headers or URI path (signature #17).	block	block	Expand rule to catch more attacks.

WAF - 2023-09-22 - Emergency

Friday, Sep 22, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...066c0c9a	100602	Code Injection - CVE:CVE-2023-36845	N/A	Block	N/A
Cloudflare Specials	...0746d000	100603	Information Disclosure - CVE:CVE-2023-28432	N/A	Block	N/A

DDoS protection - HTTP DDoS managed ruleset - 2023-09-21 - Emergency

Thursday, Sep 21, 2023

Rule ID	Description	Previous Action	New Action	Notes
...1d73128d	HTTP requests from known botnet (signature #56).	block	block	Make the rule customizable as it might cause false positive in rare cases.
...4a95ba67	HTTP requests with unusual HTTP headers or URI path (signature #32).	ddos_dynamic	ddos_dynamic	Expand the scope of the rule to catch more attacks.
...6fe7a312	HTTP requests from known botnet (signature #70).	block	block	Update the rule to remove some rare false positives.

Version Management - Support for Bot Management

Wednesday, Sep 20, 2023

Version Management now supports versioning for Bot Management.

Wrangler - 3.9.0

Wednesday, Sep 20, 2023

Note this release changes the layout of persisted data in the .wrangler folder. KV namespaces, R2 buckets and D1 databases will automatically be migrated to the new layout. See the corresponding miniflare@3.20230918.0 release notes for more information.

#3951 e0850ad1 Thanks @mrbbot! - feat: add support for breakpoint debugging to wrangler dev’s --remote and --no-bundle modes

Previously, breakpoint debugging using Wrangler’s DevTools was only supported in local mode, when using Wrangler’s built-in bundler. This change extends that to remote development, and --no-bundle.

When using --remote and --no-bundle together, uncaught errors will now be source-mapped when logged too.
#3951 e0850ad1 Thanks @mrbbot! - feat: add support for Visual Studio Code’s built-in breakpoint debugger

Wrangler now supports breakpoint debugging with Visual Studio Code’s debugger. Create a .vscode/launch.json file with the following contents…

…then run wrangler dev, and launch the configuration.
#3954 bc88f0ec Thanks @dario-piotrowicz! - update wrangler pages dev D1 and DO descriptions
#3928 95b24b1e Thanks @JacobMGEvans! - Colorize Deployed Bundle Size Most bundlers, and other tooling that give you size outputs will colorize their the text to indicate if the value is within certain ranges. The current range values are: red 100% - 90% yellow 89% - 70% green <70%

resolves #1312

WAF - 2023-09-18

Monday, Sep 18, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...25ba9d7c	N/A	SSRF Cloud	N/A	Disabled	N/A

Workers - 2023-09-14

Thursday, Sep 14, 2023

An implementation of the node:crypto API from Node.js is now available when the nodejs_compat compatibility flag is enabled.

Pages - Support for D1's new storage subsystem and build error message improvements

Wednesday, Sep 13, 2023

Added support for D1’s new storage subsystem. All Git builds and deployments done with Wrangler v3.5.0 and up can use the new subsystem.
Builds which fail due to exceeding the build time limit will return a proper error message indicating so rather than Internal error.
New and improved error messages for other build failures

Wrangler - 3.8.0

Wednesday, Sep 13, 2023

#3775 3af30879 Thanks @bthwaites! - R2 Jurisdictional Restrictions guarantee objects in a bucket are stored within a specific jurisdiction. Wrangler now allows you to interact with buckets in a defined jurisdiction.

Wrangler R2 operations now support a -J flag that allows the user to specify a jurisdiction. When passing the -J flag, you will only be able to interact with R2 resources within that jurisdiction.

To access R2 buckets that belong to a jurisdiction from Workers, you will need to specify the jurisdiction as well as the bucket name as part of your bindings in your wrangler.toml:
#3901 a986f19f Thanks @DaniFoldi! - Only require preview_id and preview_bucket_name in remote dev mode
#3912 0ba58841 Thanks @jspspike! - Ignore cached account id when CLOUDFLARE_ACCOUNT_ID is specified

Zaraz - 2023-09-13

Wednesday, Sep 13, 2023

Consent Management: Add support for custom button translations.
Consent Management: Modal stays fixed when scrolling.
Google Analytics 4 Managed Component: hideOriginalIP and ga-audiences can be set from tool event.

Zaraz - 2023-09-11

Monday, Sep 11, 2023

Reddit Managed Component: Support new “Account ID” formats (e.g. “ax_xxxxx”).

Radar - Add Connection Tampering endpoints

Friday, Sep 8, 2023

Added Connection Tampering summary and timeseries endpoints.

Waiting Room - Waiting Room coverage for multiple hostnames and paths

Wednesday, Sep 6, 2023

Advanced Waiting Room customers can now add multiple hostname and path combinations to a single waiting room via the UI and API.

Zaraz - 2023-09-06

Wednesday, Sep 6, 2023

Consent Management: Consent cookie name can now be customized.

DDoS protection - HTTP DDoS managed ruleset - 2023-09-05 - Emergency

Tuesday, Sep 5, 2023

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic	Expand filter to catch attacks more comprehensively.
...4346874d	HTTP requests with unusual HTTP headers or URI path (signature #46).	N/A	block
...6fe7a312	HTTP requests from known botnet (signature #70).	N/A	block	Expand filter to catch more attacks. It is now configurable.

Wrangler - 3.7.0

Tuesday, Sep 5, 2023

#3772 a3b3765d Thanks @jspspike! - Bump esbuild version to 0.17.19. Breaking changes to esbuild are documented here
#3895 40f56562 Thanks @mrbbot! - chore: bump miniflare to 3.20230904.0
#3774 ae2d5cb5 Thanks @mrbbot! - feat: support breakpoint debugging in local mode

wrangler dev now supports breakpoint debugging in local mode! Press d to open DevTools and set breakpoints.

Zaraz - 2023-09-05

Tuesday, Sep 5, 2023

Segment Managed Component: API Endpoint can be customized.

WAF - 2023-09-04

Monday, Sep 4, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...c5f041ac	100597	Information Disclosure - Path Normalization	Log	Block	N/A
Cloudflare Specials	...50cec478	100598	Remote Code Execution - Common Bash Bypass	Log	Block	N/A
Cloudflare Specials	...ec5b0d04	100599	Ivanti - Auth Bypass - CVE:CVE-2023-38035	Log	Block	N/A
Cloudflare Specials	...6912c055	100601	Malware - Polymorphic Encoder	Log	Block	N/A
Cloudflare Specials	...8242627b	100146B	SSRF Local BETA	Log	Disabled	N/A

DDoS protection - HTTP DDoS managed ruleset - 2023-08-30 - Emergency

Wednesday, Aug 30, 2023

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	ddos_dynamic
...46082508	HTTP requests with unusual HTTP headers or URI path (signature #45).	N/A	block

DDoS protection - HTTP DDoS managed ruleset - 2023-08-29 - Emergency

Tuesday, Aug 29, 2023

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...3fe55678	HTTP requests with unusual HTTP headers or URI path (signature #44).	N/A	block

Wrangler - 2.20.1

Monday, Aug 28, 2023

#3820 546c2319 Thanks @GregBrimble! - fix: Prevent wrangler pages dev from serving asset files outside of the build output directory

DDoS protection - HTTP DDoS managed ruleset - 2023-08-25 - Emergency

Friday, Aug 25, 2023

Rule ID	Description	Previous Action	New Action	Notes
...20c5afb5	HTTP requests with unusual HTTP headers or URI path (signature #36).	block	block	This rule was previously readonly, but can cause false positives in rare cases. It is now possible to override it.
...cb26e2e2	HTTP requests from known botnet (signature #69).	N/A	block
...ebff5ef1	HTTP requests with unusual HTTP headers or URI path (signature #43).	N/A	block

Turnstile - 2023-08-24

Thursday, Aug 24, 2023

Added Client-side errors.

Wrangler - 3.6.0

Thursday, Aug 24, 2023

#3727 a5e7c0be Thanks @echen67! - Warn user when the last deployment was via the API
#3762 18dc7b54 Thanks @GregBrimble! - feat: Add internal wrangler pages project validate [directory] command which validates an asset directory
#3758 0adccc71 Thanks @jahands! - fix: Retry deployment errors in wrangler pages publish

This will improve reliability when deploying to Cloudflare Pages

Notifications - 2023-08-23

Wednesday, Aug 23, 2023

Added Logo Match Alert.

Pages - Commit message limit increase

Wednesday, Aug 23, 2023

Commit messages can now be up to 384 characters before being trimmed.

WAF - 2023-08-21

Monday, Aug 21, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...84dadf5a	100595	MobileIron - Auth Bypass - CVE:CVE-2023-35082	Log	Block	N/A
Cloudflare Specials	...48a60154	N/A	SQLi - Keyword + SubExpress + Comment + BETA	N/A	Disabled	N/A

Zaraz - 2023-08-21

Monday, Aug 21, 2023

TikTok Managed Component: Support setting ttp and event_id.
Consent Management: Accessibility improvements.
Facebook Managed Component: Support for using “Limited Data Use” features.

D1 - Row count now returned per query

Saturday, Aug 19, 2023

D1 now returns a count of rows_written and rows_read for every query executed, allowing you to assess the cost of query for both pricing and index optimization purposes.

The meta object returned in D1’s Client API contains a total count of the rows read (rows_read) and rows written (rows_written) by that query. For example, a query that performs a full table scan (for example, SELECT * FROM users) from a table with 5000 rows would return a rows_read value of 5000:

Refer to D1 pricing documentation to understand how reads and writes are measured. D1 remains free to use during the alpha period.

WAF - 2023-08-17 - Emergency

Thursday, Aug 17, 2023

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	...cac42ce2	100596	Citrix Content Collaboration ShareFile - Remote Code Execution - CVE:CVE-2023-24489	N/A	Block	N/A

DDoS protection - HTTP DDoS managed ruleset - 2023-08-16 - Emergency

Wednesday, Aug 16, 2023

Rule ID	Description	Previous Action	New Action	Notes
...9721fd20	HTTP requests trying to impersonate browsers (pattern #3).	N/A	ddos_dynamic

Wrangler - 3.5.1

Tuesday, Aug 15, 2023

#3752 8f5ed7fe Thanks @DaniFoldi! - Changed the binding type of WfP Dispatch Namespaces to DispatchNamespace
#3765 e17d3096 Thanks @RamIdeas! - bump miniflare version to 3.20230814.1

DDoS protection - HTTP DDoS managed ruleset - 2023-08-14

Monday, Aug 14, 2023

Rule ID	Description	Previous Action	New Action	Notes
...22807318	HTTP requests from known botnets.	ddos_dynamic	managed_challenge	Expand the filter to catch more attacks.
...d2f294d7	HTTP requests trying to impersonate browsers.	ddos_dynamic	ddos_dynamic	Expand the filter to catch more attacks.

Radar - Deprecate old layer 3 dataset

Monday, Aug 14, 2023

Added Regional Internet Registry (see field source in response) to get asn by id and get asn by ip endpoints.
Stopped collecting data in the old Layer 3 data source.
Updated Layer 3 timeseries endpoint to start using the new Layer 3 data source by default, fetching the old data source now requires sending the parameter metric=bytes_old.
Deprecated Layer 3 summary endpoint, this will stop receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.
Deprecated Layer 3 timeseries groups endpoint, this will stop receiving data after 2023-08-14.
- To continue getting this data, switch to the new timeseries group protocol endpoint.

DDoS protection - HTTP DDoS managed ruleset - 2023-08-11 - Emergency

Friday, Aug 11, 2023

Rule ID	Description	Previous Action	New Action
...1de9523e	HTTP requests with unusual HTTP headers or URI path (signature #41).	N/A	block
...22807318	HTTP requests from known botnets.	managed_challenge	ddos_dynamic
...aa03a345	HTTP requests from known botnet (signature #68).	N/A	block
...efca86eb	HTTP requests from known botnet (signature #66).	N/A	block
...f93fb5d6	HTTP requests from known botnet (signature #67).	N/A	block

D1 - Bind D1 from the Cloudflare dashboard

Wednesday, Aug 9, 2023

You can now bind a D1 database to your Workers directly in the Cloudflare dashboard. To bind D1 from the Cloudflare dashboard, select your Worker project -> Settings -> Variables -> and select D1 Database Bindings.

Note: If you have previously deployed a Worker with a D1 database binding with a version of wrangler prior to 3.5.0, you must upgrade to wrangler v3.5.0 first before you can edit your D1 database bindings in the Cloudflare dashboard. New Workers projects do not have this limitation.

Legacy D1 alpha users who had previously prefixed their database binding manually with __D1_BETA__ should remove this as part of this upgrade. Your Worker scripts should call your D1 database via env.BINDING_NAME only. Refer to the latest D1 getting started guide for best practices.

We recommend all D1 alpha users begin using wrangler 3.5.0 (or later) to benefit from improved TypeScript types and future D1 API improvements.

Stream - Scheduled Deletion

Tuesday, Aug 8, 2023

Stream now supports adding a scheduled deletion date to new and existing videos. Live inputs support deletion policies for automatic recording deletion.

For more, refer to the video on demand or live input docs.

D1 - Per-database limit now 500 MB

Tuesday, Aug 1, 2023

Databases using D1’s new storage subsystem can now grow to 500 MB each, up from the previous 100 MB limit. This applies to both existing and newly created databases.

Refer to Limits to learn about D1’s limits.

Pages - Support for newer TLDs

Tuesday, Aug 1, 2023

Support newer TLDs such as .party and .music.

DDoS protection - HTTP DDoS managed ruleset - 2023-07-31

Monday, Jul 31, 2023

Rule ID	Description	Previous Action	New Action	Notes
...9aec0913	HTTP requests from known botnet (signature #52).	block	block	Expose existing read-only filter publicly as it might cause false positives in rare cases.
...c5f479f0	HTTP requests from known botnet (signature #62).	N/A	block
...d0e36f9c	HTTP requests from known botnet (signature #63).	N/A	block

DDoS protection - Network-layer DDoS managed ruleset - 2023-07-31

Monday, Jul 31, 2023

Rule ID	Description	Previous Action	New Action	Notes
...aa772b5c	Adaptive DDoS Protection for Location-Based UDP (Available only to Enterprise accounts).	N/A	log	Enable UDP geolocation Adaptive DDoS rule

Radar - Fix HTTP timeseries endpoint urls

Monday, Jul 31, 2023

Updated HTTP timeseries endpoints urls to timeseries_groups ( example) due to consistency. Old timeseries endpoints are still available, but will soon be removed.

Turnstile - 2023-07-31

Monday, Jul 31, 2023

Added [turnstile.isExpired].
Added uk language.

D1 - New default storage subsystem

Thursday, Jul 27, 2023

Databases created via the Cloudflare dashboard and Wrangler (as of v3.4.0) now use D1’s new storage subsystem by default. The new backend can be 6 - 20x faster than D1’s original alpha backend.

To understand which storage subsystem your database uses, run wrangler d1 info YOUR_DATABASE and inspect the version field in the output.

Databases with version: beta use the new storage backend and support the Time Travel API. Databases with version: alpha only use D1’s older, legacy backend.

D1 - Time Travel

Thursday, Jul 27, 2023

Time Travel is now available. Time Travel allows you to restore a D1 database back to any minute within the last 30 days (Workers Paid plan) or 7 days (Workers Free plan), at no additional cost for storage or restore operations.

Refer to the Time Travel documentation to learn how to travel backwards in time.

Databases using D1’s new storage subsystem can use Time Travel. Time Travel replaces the snapshot-based backups used for legacy alpha databases.

Radar - Add URL Scanner endpoints

Thursday, Jul 20, 2023

Added urlscanner endpoints, read more here.

Workers - 2023-07-14

Friday, Jul 14, 2023

An implementation of the util.MIMEType API from Node.js is now available when the nodejs_compat compatibility flag is enabled.

Pages - V2 build system enabled by default

Tuesday, Jul 11, 2023

V2 build system is now default for all new projects.

Pages - Sped up project creation

Monday, Jul 10, 2023

Sped up project creation.

Workers - 2023-07-07

Friday, Jul 7, 2023

An implementation of the process.env API from Node.js is now available when using the nodejs_compat compatibility flag.
An implementation of the diagnostics_channel API from Node.js is now available when using the nodejs_compat compatibility flag.

R2 - 2023-07-05

Wednesday, Jul 5, 2023

Improved performance for ranged reads on very large files. Previously ranged reads near the end of very large files would be noticeably slower than ranged reads on smaller files. Performance should now be consistently good independent of filesize.

D1 - Metrics and analytics

Wednesday, Jun 28, 2023

You can now view per-database metrics via both the Cloudflare dashboard and the GraphQL Analytics API.

D1 currently exposes read & writes per second, query response size, and query latency percentiles.

Workers - 2023-06-22

Thursday, Jun 22, 2023

Added the strict_crypto_checks compatibility flag to enable additional Web Crypto API error and security checking.
Fixes regression in the TCP Sockets API where connect("google.com:443") would fail with a TypeError.

R2 - 2023-06-21

Wednesday, Jun 21, 2023

Multipart ETags are now MD5 hashes.

Radar - Add Quality endpoints

Tuesday, Jun 20, 2023

Added quality endpoints.

Workers - 2023-06-19

Monday, Jun 19, 2023

The TCP Sockets API now reports clearer errors when a connection cannot be established.
Updated V8 to 11.5.

D1 - Generated columns documentation

Friday, Jun 16, 2023

New documentation has been published on how to use D1’s support for generated columns to define columns that are dynamically generated on write (or read). Generated columns allow you to extract data from JSON objects or use the output of other SQL functions.

R2 - 2023-06-16

Friday, Jun 16, 2023

Fixed a bug where calling GetBucket on a non-existent bucket would return a 500 instead of a 404.
Improved S3 compatibility for ListObjectsV1, now nextmarker is only set when truncated is true.
The R2 worker bindings now support parsing conditional headers with multiple etags. These etags can now be strong, weak or a wildcard. Previously the bindings only accepted headers containing a single strong etag.
S3 putObject now supports sha256 and sha1 checksums. These were already supported by the R2 worker bindings.
CopyObject in the S3 compatible api now supports Cloudflare specific headers which allow the copy operation to be conditional on the state of the destination object.

D1 - Deprecating Error.cause

Monday, Jun 12, 2023

As of wrangler v3.1.1 the D1 client API now returns detailed error messages within the top-level Error.message property, and no longer requires developers to inspect the Error.cause.message property.

To facilitate a transition from the previous Error.cause behaviour, detailed error messages will continue to be populated within Error.cause as well as the top-level Error object until approximately July 14th, 2023. Future versions of both wrangler and the D1 client API will no longer populate Error.cause after this date.

Workers - 2023-06-09

Friday, Jun 9, 2023

AbortSignal.any() is now available.
Updated V8 to 11.4.
Following an update to the WHATWG URL spec, the delete() and has() methods of the URLSearchParams class now accept an optional second argument to specify the search parameter’s value. This is potentially a breaking change, so it is gated behind the new urlsearchparams_delete_has_value_arg and url_standard compatibility flags.
Added the strict_compression_checks compatibility flag for additional DecompressionStream error checking.

Radar - Add BGP stats, pfx2as and moas endpoint

Wednesday, Jun 7, 2023

Added BGP stats, pfx2as and moas endpoints.

Workers - 2023-05-26

Friday, May 26, 2023

A new Hibernatable WebSockets API (beta) has been added to Durable Objects. The Hibernatable WebSockets API allows a Durable Object that is not currently running an event handler (for example, processing a WebSocket message or alarm) to be removed from memory while keeping its WebSockets connected (“hibernation”). A Durable Object that hibernates will not incur billable Duration (GB-sec) charges.

Turnstile - 2023-05-25

Thursday, May 25, 2023

Added idempotency support for POST /siteverify requests via the idempotency_key parameter.

D1 - New experimental backend

Friday, May 19, 2023

D1 has a new experimental storage back end that dramatically improves query throughput, latency and reliability. The experimental back end will become the default back end in the near future. To create a database using the experimental backend, use wrangler and set the --experimental-backend flag when creating a database:

Read more about the experimental back end in the announcement blog.

D1 - Location hints

Friday, May 19, 2023

You can now provide a location hint when creating a D1 database, which will influence where the leader (writer) is located. By default, D1 will automatically create your database in a location close to where you issued the request to create a database. In most cases this allows D1 to choose the optimal location for your database on your behalf.

Pages - Build error message improvement

Friday, May 19, 2023

Builds which fail due to Out of memory (OOM) will return a proper error message indicating so rather than Internal error.

D1 - Query JSON

Wednesday, May 17, 2023

New documentation has been published that covers D1’s extensive JSON function support. JSON functions allow you to parse, query and modify JSON directly from your SQL queries, reducing the number of round trips to your database, or data queried.

Pages - V2 build system beta

Wednesday, May 17, 2023

The V2 build system is now available in open beta. Enable the V2 build system by going to your Pages project in the Cloudflare dashboard and selecting Settings > Build & deployments > Build system version.

Pages - Support for Smart Placement

Tuesday, May 16, 2023

Smart placement can now be enabled for Pages within your Pages Project by going to Settings > Functions.

Stream - Multiple audio tracks now generally available

Tuesday, May 16, 2023

Stream supports adding multiple audio tracks to an existing video.

For more, refer to the documentation to get started.

Workers - 2023-05-16

Tuesday, May 16, 2023

The new connect() method allows you to connect to any TCP-speaking services directly from your Workers. To learn more about other protocols supported on the Workers platform, visit the new Protocols documentation.
We have added new native database integrations for popular serverless database providers, including Neon, PlanetScale, and Supabase. Native integrations automatically handle the process of creating a connection string and adding it as a Secret to your Worker.
You can now also connect directly to databases over TCP from a Worker, starting with PostgreSQL. Support for PostgreSQL is based on the popular pg driver, and allows you to connect to any PostgreSQL instance over TLS from a Worker directly.
The R2 Migrator (Super Slurper), which automates the process of migrating from existing object storage providers to R2, is now Generally Available.

Workers - 2023-05-15

Monday, May 15, 2023

Cursor, an experimental AI assistant, trained to answer questions about Cloudflare’s Developer Platform, is now available to preview! Cursor can answer questions about Workers and the Cloudflare Developer Platform, and is itself built on Workers. You can read more about Cursor in the announcement blog.

Workers - 2023-05-12

Friday, May 12, 2023

The performance.now() and performance.timeOrigin APIs can now be used in Cloudflare Workers. Just like Date.now(), for security reasons time only advances after I/O.

Radar - Added `IOS` as an option for the OS parameter in all HTTP

Wednesday, May 10, 2023

Added IOS as an option for the OS parameter in all HTTP endpoints ( example).

Workers - 2023-05-05

Friday, May 5, 2023

The new nodeJsCompatModule type can be used with a Worker bundle to emulate a Node.js environment. Common Node.js globals such as process and Buffer will be present, and require('...') can be used to load Node.js built-ins without the node: specifier prefix.
Fixed an issue where websocket connections would be disconnected when updating workers. Now, only websockets connected to Durable Object instances are disconnected by updates to that Durable Object’s code.

Workers - 2023-04-28

Friday, Apr 28, 2023

The Web Crypto API now supports curves Ed25519 and X25519 defined in the Secure Curves specification.
The global connect method has been moved to a cloudflare:sockets module.

Stream - Player Enhancement Properties

Wednesday, Apr 26, 2023

Cloudflare Stream now supports player enhancement properties.

With player enhancements, you can modify your video player to incorporate elements of your branding, such as your logo, and customize additional options to present to your viewers.

For more, refer to the documentation to get started.

Notifications - 2023-04-19

Wednesday, Apr 19, 2023

Added Maintenance Notification Alerts.

DDoS protection - Network-layer DDoS managed ruleset - 2023-04-17

Monday, Apr 17, 2023

Previously, only a subset of rules were exposed publicly. In rare situations, these rules can cause false positives. When this happens, you can customize their behavior using overrides.

Besides these rules, the DDoS managed rules contain other rules that do not cause issues. Until now, these rules were not shown in the dashboard or referenced in the documentation.

Cloudflare now shows all rules in the dashboard, including these high-confidence rules. This means that packets matching these rules will now have the correct rule identifier. The newly published rules are read-only and you cannot disable them.

Turnstile - 2023-04-17

Monday, Apr 17, 2023

Added references to Turnstile Public API.
Added references for [after-interactive-callback], [before-interactive-callback], and [unsupported-callback].

Workers - 2023-04-14

Friday, Apr 14, 2023

No externally-visible changes this week.

Workers - 2023-04-10

Monday, Apr 10, 2023

URL.canParse(...) is a new standard API for testing that an input string can be parsed successfully as a URL without the additional cost of creating and throwing an error.
The Workers-specific IdentityTransformStream and FixedLengthStream classes now support specifying a highWaterMark for the writable-side that is used for backpressure signaling using the standard writer.desiredSize/writer.ready mechanisms.

R2 - 2023-04-01

Saturday, Apr 1, 2023

GetBucket is now available for use through the Cloudflare API.
Location hints can now be set when creating a bucket, both through the S3 API, and the dashboard.

Queues - Consumer concurrency (enabled)

Tuesday, Mar 28, 2023

Queue consumers will now automatically scale up based on the number of messages being written to the queue. To control or limit concurrency, you can explicitly define a max_concurrency for your consumer.

Workers - 2023-03-24

Friday, Mar 24, 2023

Fixed a bug in Wrangler tail and and live logs on the dashboard that prevented the Administrator Read-Only and Workers Tail Read roles from successfully tailing Workers.

Pages - Git projects can now see files uploaded

Thursday, Mar 23, 2023

Files uploaded are now visible for Git projects, you can view them in the Cloudflare dashboard.

Stream - Limits for downloadable MP4s for live recordings

Tuesday, Mar 21, 2023

Previously, generating a download for a live recording exceeding four hours resulted in failure.

To fix the issue, now video downloads are only available for live recordings under four hours. Live recordings exceeding four hours can still be played but cannot be downloaded.

Pages - Notifications for Pages are now available

Monday, Mar 20, 2023

Notifications for Pages events are now available in the Cloudflare dashboard. Events supported include:
- Deployment started.
- Deployment succeeded.
- Deployment failed.

Radar - Add AS112 and email endpoints

Monday, Mar 20, 2023

Added AS112 endpoints.
Added email endpoints.

R2 - 2023-03-16

Thursday, Mar 16, 2023

The ListParts API has been implemented and is available for use.
HTTP2 is now enabled by default for new custom domains linked to R2 buckets.
Object Lifecycles are now available for use.
Bug fix: Requests to public buckets will now return the Content-Encoding header for gzip files when Accept-Encoding: gzip is used.

Queues - Consumer concurrency (upcoming)

Wednesday, Mar 15, 2023

Queue consumers will soon automatically scale up concurrently as a queues’ backlog grows in order to keep overall message processing latency down. Concurrency will be enabled on all existing queues by 2023-03-28.

To opt-out, or to configure a fixed maximum concurrency, set max_concurrency = 1 in your wrangler.toml file or via the queues dashboard.

To opt-in, you do not need to take any action: your consumer will begin to scale out as needed to keep up with your message backlog. It will scale back down as the backlog shrinks, and/or if a consumer starts to generate a higher rate of errors. To learn more about how consumers scale, refer to the consumer concurrency documentation.

Notifications - 2023-03-13

Monday, Mar 13, 2023

Added Pages Alerts.

Workers - 2023-03-09

Thursday, Mar 9, 2023

No externally-visible changes.

Turnstile - 2023-03-06

Monday, Mar 6, 2023

Added [execution] and [appearance].

Workers - 2023-03-06

Monday, Mar 6, 2023

Workers Logpush now supports 300 characters per log line. This is an increase from the previous limit of 150 characters per line.

Notifications - 2023-03-02

Thursday, Mar 2, 2023

Added Brand Protection Alerts.

Queues - Explicit acknowledgement (new feature)

Thursday, Mar 2, 2023

You can now acknowledge individual messages with a batch by calling .ack() on a message.

This allows you to mark a message as delivered as you process it within a batch, and avoids the entire batch from being redelivered if your consumer throws an error during batch processing. This can be particularly useful when you are calling external APIs, writing messages to a database, or otherwise performing non-idempotent actions on individual messages within a batch.

Queues - Higher per-queue throughput

Wednesday, Mar 1, 2023

The per-queue throughput limit has now been raised to 400 messages per second.

Turnstile - 2023-02-15

Wednesday, Feb 15, 2023

Added the [turnstile.ready] callback.

Pages - Analytics Engine now available in Functions

Tuesday, Feb 14, 2023

Added support for Analytics Engine in Functions.

Workers - 2023-02-06

Monday, Feb 6, 2023

Fixed a bug where transferring large request bodies to a Durable Object was unexpectedly slow.
Previously, an error would be thrown when trying to access unimplemented standard Request and Response properties. Now those will be left as undefined.

Turnstile - 2023-02-01

Wednesday, Feb 1, 2023

Added the [data-]language parameter.

R2 - 2023-01-27

Friday, Jan 27, 2023

R2 authentication tokens created via the R2 token page are now scoped to a single account by default.

Radar - Updated IPv6 calculation method

Monday, Jan 23, 2023

IPv6 percentage started to be calculated as (IPv6 requests / requests for dual-stacked content), where as before it was calculated as (IPv6 requests / IPv4+IPv6 requests).

Workers - 2023-01-13

Friday, Jan 13, 2023

Durable Objects can now use jurisdictions with idFromName via a new subnamespace API.
V8 updated to 10.9.

Radar - Add new layer 3 dataset

Wednesday, Jan 11, 2023

Added new Layer 3 data source and related endpoints.
Updated Layer 3 timeseries endpoint to support fetching both current and new data sources. For retro-compatibility reasons, fetching the new data source requires sending the parameter metric=bytes else the current data source will be returned.
Deprecated old Layer 3 endpoints TimeseriesGroups and Summary. Users should upgrade to newer endpoints.

Pages - Queues now available in Functions

Thursday, Jan 5, 2023

Added support for Queues producer in Functions.

Stream - Earlier detection (and rejection) of non-video uploads

Wednesday, Jan 4, 2023

Cloudflare Stream now detects non-video content on upload using the POST API and returns a 400 Bad Request HTTP error with code 10059.

Previously, if you or one of your users attempted to upload a file that is not a video (ex: an image), the request to upload would appear successful, but then fail to be encoded later on.

With this change, Stream responds to the upload request with an error, allowing you to give users immediate feedback if they attempt to upload non-video content.

Pages - API messaging update

Thursday, Dec 15, 2022

Updated all API messaging to be more helpful.

Queues - sendBatch support

Tuesday, Dec 13, 2022

The JavaScript API for Queue producers now includes a sendBatch method which supports sending up to 100 messages at a time.

Queues - Increased per-account limits

Monday, Dec 12, 2022

Queues now allows developers to create up to 100 queues per account, up from the initial beta limit of 10 per account. This limit will continue to increase over time.

Turnstile - 2022-12-12

Monday, Dec 12, 2022

POST /siteverify supports JSON requests now.

Stream - Faster mp4 downloads of live recordings

Thursday, Dec 8, 2022

Generating MP4 downloads of live stream recordings is now significantly faster. For more, refer to the docs.

R2 - 2022-12-07

Wednesday, Dec 7, 2022

Fix CORS preflight requests for the S3 API, which allows using the S3 SDK in the browser.
Passing a range header to the get operation in the R2 bindings API should now work as expected.

DDoS protection - Network-layer DDoS managed ruleset - 2022-12-02

Friday, Dec 2, 2022

Rule ID	Description	Previous Action	New Action	Notes
...58e4914a	Adaptive DDoS Protection for UDP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...76d5e15c	Adaptive DDoS Protection for Other IPv6 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...8de83ef6	Adaptive DDoS Protection for IPv6 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...938e978c	Adaptive DDoS Protection for IPv6 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...9c173480	Adaptive DDoS Protection for ICMP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ad8078b8	Adaptive DDoS Protection for IPv4 GRE (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...ae3f5e4e	Adaptive DDoS Protection for ICMPv6 (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...c7dc52df	Adaptive DDoS Protection for Other IPv4 Protocols (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives
...e4e7541c	Adaptive DDoS Protection for IPv4 ESP (Available only to Enterprise accounts).	log	log	Lower sensitivity to avoid false positives

Pages - Ability to delete aliased deployments

Thursday, Dec 1, 2022

Aliased deployments can now be deleted. If using the API, you will need to add the query parameter force=true.

R2 - 2022-11-30

Wednesday, Nov 30, 2022

Requests with the header x-amz-acl: public-read are no longer rejected.
Fixed issues with wildcard CORS rules and presigned URLs.
Fixed an issue where ListObjects would time out during delimited listing of unicode-normalized keys.
S3 API’s PutBucketCors now rejects requests with unknown keys in the XML body.
Signing additional headers no longer breaks CORS preflight requests for presigned URLs.

Stream - Multiple audio tracks (closed beta)

Tuesday, Nov 29, 2022

Stream now supports adding multiple audio tracks to an existing video upload. This allows you to:

Provide viewers with audio tracks in multiple languages
Provide dubbed audio tracks, or audio commentary tracks (ex: Director’s Commentary)
Allow your users to customize the customize the audio mix, by providing separate audio tracks for music, speech or other audio tracks.
Provide Audio Description tracks to ensure your content is accessible. ( WCAG 2.0 Guideline 1.2 1)

To request an invite to the beta, refer to this post.

Stream - VP9 support for WebRTC live streams (beta)

Tuesday, Nov 22, 2022

Cloudflare Stream now supports VP9 when streaming using WebRTC (WHIP), currently in beta.

R2 - 2022-11-21

Monday, Nov 21, 2022

Fixed a bug in ListObjects where startAfter would skip over objects with keys that have numbers right after the startAfter prefix.
Add worker bindings for multipart uploads.

Pages - Deep linking to a Pages deployment

Saturday, Nov 19, 2022

You can now deep-link to a Pages deployment in the dashboard with :pages-deployment. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project/:pages-deployment.

Pages - Functions GA and other updates

Thursday, Nov 17, 2022

Pages functions are now GA. For more information, refer to the blog post.
We also made the following updates to Functions:
- Functions metrics are now available in the dashboard.
- Functions billing is now available.
- The Unbound usage model is now available for Functions.
- Secrets are now available.
- Functions tailing is now available via the dashboard or with Wrangler (wrangler pages deployment tail).

R2 - 2022-11-17

Thursday, Nov 17, 2022

Unconditionally return HTTP 206 on ranged requests to match behavior of other S3 compatible implementations.
Fixed a CORS bug where AllowedHeaders in the CORS config were being treated case-sensitively.

Pages - Service bindings now available in Functions

Tuesday, Nov 15, 2022

Service bindings are now available in Functions. For more details, refer to the docs.

Turnstile - 2022-11-11

Friday, Nov 11, 2022

Added retry and retry-interval for controlling retry behavior.

R2 - 2022-11-08

Tuesday, Nov 8, 2022

Copying multipart objects via CopyObject is re-enabled.
UploadPartCopy is re-enabled.

Stream - Reduced time to start WebRTC streaming and playback with Trickle ICE

Tuesday, Nov 8, 2022

Cloudflare Stream’s WHIP and WHEP implementations now support Trickle ICE, reducing the time it takes to initialize WebRTC connections, and increasing compatibility with WHIP and WHEP clients.

For more, refer to the docs.

Stream - Deprecating the 'per-video' Analytics API

Monday, Nov 7, 2022

The “per-video” analytics API is being deprecated. If you still use this API, you will need to switch to using the GraphQL Analytics API by February 1, 2023. After this date, the per-video analytics API will be no longer available.

The GraphQL Analytics API provides the same functionality and more, with additional filters and metrics, as well as the ability to fetch data about multiple videos in a single request. Queries are faster, more reliable, and built on a shared analytics system that you can use across many Cloudflare products.

For more about this change and how to migrate existing API queries, refer to this post and the GraphQL Analytics API docs.

Pages - Ansi color codes in build logs

Thursday, Nov 3, 2022

Build log now supports ansi color codes.

Stream - Create an unlimited number of live inputs

Tuesday, Nov 1, 2022

Cloudflare Stream now has no limit on the number of live inputs you can create. Stream is designed to allow your end-users to go live — live inputs can be created quickly on-demand via a single API request for each of user of your platform or app.

For more on creating and managing live inputs, get started with the docs.

R2 - 2022-10-28

Friday, Oct 28, 2022

Multipart upload part sizes are always expected to be of the same size, but this enforcement is now done when you complete an upload instead of being done very time you upload a part.
Fixed a performance issue where concurrent multipart part uploads would get rejected.

Turnstile - 2022-10-28

Friday, Oct 28, 2022

Renamed the [data-]expired-callback callback to [data-]timeout-callback (called when the challenge times out).
Added the [data-]expired-callback callback (called when the token expires).

R2 - 2022-10-26

Wednesday, Oct 26, 2022

Fixed ranged reads for multipart objects with part sizes unaligned to 64KiB.

Turnstile - 2022-10-24

Monday, Oct 24, 2022

Added response-field and response-field-name for controlling the input element created by Turnstile.
Added option for changing the size of the Turnstile widget.

Stream - More accurate bandwidth estimates for live video playback

Thursday, Oct 20, 2022

When playing live video, Cloudflare Stream now provides significantly more accurate estimates of the bandwidth needs of each quality level to client video players. This ensures that live video plays at the highest quality that viewers have adequate bandwidth to play.

As live video is streamed to Cloudflare, we transcode it to make it available to viewers at mulitple quality levels. During transcoding, we learn about the real bandwidth needs of each segment of video at each quality level, and use this to provide an estimate of the bandwidth requirements of each quality level the in HLS (.m3u8) and DASH (.mpd) manifests.

If a live stream contains content with low visual complexity, like a slideshow presentation, the bandwidth estimates provided in the HLS manifest will be lower, ensuring that the most viewers possible view the highest quality level, since it requires relatively little bandwidth. Conversely, if a live stream contains content with high visual complexity, like live sports with motion and camera panning, the bandwidth estimates provided in the HLS manifest will be higher, ensuring that viewers with inadequate bandwidth switch down to a lower quality level, and their playback does not buffer.

This change is particularly helpful if you’re building a platform or application that allows your end users to create their own live streams, where these end users have their own streaming software and hardware that you can’t control. Because this new functionality adapts based on the live video we receive, rather than just the configuration advertised by the broadcaster, even in cases where your end users’ settings are less than ideal, client video players will not receive excessively high estimates of bandwidth requirements, causing playback quality to decrease unnecessarily. Your end users don’t have to be OBS Studio experts in order to get high quality video playback.

No work is required on your end — this change applies to all live inputs, for all customers of Cloudflare Stream. For more, refer to the docs.

R2 - 2022-10-19

Wednesday, Oct 19, 2022

HeadBucket now sets x-amz-bucket-region to auto in the response.

Turnstile - 2022-10-13

Thursday, Oct 13, 2022

Added validation for action: /^[a-z0-9_-]{0,32}$/i
Added validation for cData: /^[a-z0-9_-]{0,255}$/i

Turnstile - 2022-10-11

Tuesday, Oct 11, 2022

Added turnstile.remove

R2 - 2022-10-06

Thursday, Oct 6, 2022

Temporarily disabled UploadPartCopy while we investigate an issue.

Pages - Deep linking to a Pages project

Wednesday, Oct 5, 2022

You can now deep-link to a Pages project in the dashboard with :pages-project. An example would be https://dash.cloudflare.com?to=/:account/pages/view/:pages-project.

Stream - AV1 Codec support for live streams and recordings (beta)

Wednesday, Oct 5, 2022

Cloudflare Stream now supports playback of live videos and live recordings using the AV1 codec, which uses 46% less bandwidth than H.264.

For more, read the blog post.

R2 - 2022-09-29

Thursday, Sep 29, 2022

Fixed a CORS issue where Access-Control-Allow-Headers was not being set for preflight requests.

R2 - 2022-09-28

Wednesday, Sep 28, 2022

Fixed a bug where CORS configuration was not being applied to S3 endpoint.
No-longer render the Access-Control-Expose-Headers response header if ExposeHeader is not defined.
Public buckets will no-longer return the Content-Range response header unless the response is partial.
Fixed CORS rendering for the S3 HeadObject operation.
Fixed a bug where no matching CORS configuration could result in a 403 response.
Temporarily disable copying objects that were created with multipart uploads.
Fixed a bug in the Workers bindings where an internal error was being returned for malformed ranged .get requests.

R2 - 2022-09-27

Tuesday, Sep 27, 2022

CORS preflight responses and adding CORS headers for other responses is now implemented for S3 and public buckets. Currently, the only way to configure CORS is via the S3 API.
Fixup for bindings list truncation to work more correctly when listing keys with custom metadata that have " or when some keys/values contain certain multi-byte UTF-8 values.
The S3 GetObject operation now only returns Content-Range in response to a ranged request.

Stream - WebRTC live streaming and playback (beta)

Tuesday, Sep 27, 2022

Cloudflare Stream now supports live video streaming over WebRTC, with sub-second latency, to unlimited concurrent viewers.

For more, read the blog post or the get started with example code in the docs.

R2 - 2022-09-19

Monday, Sep 19, 2022

The R2 put() binding options can now be given an onlyIf field, similar to get(), that performs a conditional upload.
The R2 delete() binding now supports deleting multiple keys at once.
The R2 put() binding now supports user-specified SHA-1, SHA-256, SHA-384, SHA-512 checksums in options.
User-specified object checksums will now be available in the R2 get() and head() bindings response. MD5 is included by default for non-multipart uploaded objects.

Stream - Manually control when you start and stop simulcasting

Thursday, Sep 15, 2022

You can now enable and disable individual live outputs via the API or Stream dashboard, allowing you to control precisely when you start and stop simulcasting to specific destinations like YouTube and Twitch. For more, read the docs.

Pages - Increased domain limits

Monday, Sep 12, 2022

Previously, all plans had a maximum of 10 custom domains per project.

Now, the limits are:

Free: 100 custom domains.
Pro: 250 custom domains.
Business and Enterprise: 500 custom domains.

Pages - Support for _routes.json

Thursday, Sep 8, 2022

Pages now offers support for _routes.json. For more details, refer to the documentation.

R2 - 2022-09-06

Tuesday, Sep 6, 2022

The S3 CopyObject operation now includes x-amz-version-id and x-amz-copy-source-version-id in the response headers for consistency with other methods.
The ETag for multipart files uploaded until shortly after Open Beta uploaded now include the number of parts as a suffix.

Pages - Increased build log expiration time

Thursday, Aug 25, 2022

Build log expiration time increased from 2 weeks to 1 year.

R2 - 2022-08-17

Wednesday, Aug 17, 2022

The S3 DeleteObjects operation no longer trims the space from around the keys before deleting. This would result in files with leading / trailing spaces not being able to be deleted. Additionally, if there was an object with the trimmed key that existed it would be deleted instead. The S3 DeleteObject operation was not affected by this.
Fixed presigned URL support for the S3 ListBuckets and ListObjects operations.

Stream - Unique subdomain for your Stream Account

Monday, Aug 15, 2022

URLs in the Stream Dashboard and Stream API now use a subdomain specific to your Cloudflare Account: customer-{CODE}.cloudflarestream.com. This change allows you to:

Use Content Security Policy (CSP) directives specific to your Stream subdomain, to ensure that only videos from your Cloudflare account can be played on your website.
Allowlist only your Stream account subdomain at the network-level to ensure that only videos from a specific Cloudflare account can be accessed on your network.

No action is required from you, unless you use Content Security Policy (CSP) on your website. For more on CSP, read the docs.

Pages - New bindings supported

Monday, Aug 8, 2022

R2 and D1 bindings are now supported.

R2 - 2022-08-06

Saturday, Aug 6, 2022

Uploads will automatically infer the Content-Type based on file body if one is not explicitly set in the PutObject request. This functionality will come to multipart operations in the future.

Stream - Clip videos using the Stream API

Tuesday, Aug 2, 2022

You can now change the start and end times of a video uploaded to Cloudflare Stream. For more information, refer to Clip videos.

R2 - 2022-07-30

Saturday, Jul 30, 2022

Fixed S3 conditionals to work properly when provided the LastModified date of the last upload, bindings fixes will come in the next release.
If-Match / If-None-Match headers now support arrays of ETags, Weak ETags and wildcard (*) as per the HTTP standard and undocumented AWS S3 behavior.

Stream - Live inputs

Tuesday, Jul 26, 2022

The Live Inputs API now supports optional pagination, search, and filter parameters. For more information, refer to the Live Inputs API documentation.

R2 - 2022-07-21

Thursday, Jul 21, 2022

Added dummy implementation of the following operation that mimics the response that a basic AWS S3 bucket will return when first created: GetBucketAcl.

R2 - 2022-07-20

Wednesday, Jul 20, 2022

Added dummy implementations of the following operations that mimic the response that a basic AWS S3 bucket will return when first created:
- GetBucketVersioning
- GetBucketLifecycleConfiguration
- GetBucketReplication
- GetBucketTagging
- GetObjectLockConfiguration

R2 - 2022-07-19

Tuesday, Jul 19, 2022

Fixed an S3 compatibility issue for error responses with MinIO .NET SDK and any other tooling that expects no xmlns namespace attribute on the top-level Error tag.
List continuation tokens prior to 2022-07-01 are no longer accepted and must be obtained again through a new list operation.
The list() binding will now correctly return a smaller limit if too much data would otherwise be returned (previously would return an Internal Error).

R2 - 2022-07-14

Thursday, Jul 14, 2022

Improvements to 500s: we now convert errors, so things that were previously concurrency problems for some operations should now be TooMuchConcurrency instead of InternalError. We’ve also reduced the rate of 500s through internal improvements.
ListMultipartUpload correctly encodes the returned Key if the encoding-type is specified.

R2 - 2022-07-13

Wednesday, Jul 13, 2022

S3 XML documents sent to R2 that have an XML declaration are not rejected with 400 Bad Request / MalformedXML.
Minor S3 XML compatibility fix impacting Arq Backup on Windows only (not the Mac version). Response now contains XML declaration tag prefix and the xmlns attribute is present on all top-level tags in the response.
Beta ListMultipartUploads support.

R2 - 2022-07-06

Wednesday, Jul 6, 2022

Support the r2_list_honor_include compat flag coming up in an upcoming runtime release (default behavior as of 2022-07-14 compat date). Without that compat flag/date, list will continue to function implicitly as include: ['httpMetadata', 'customMetadata'] regardless of what you specify.
cf-create-bucket-if-missing can be set on a PutObject/CreateMultipartUpload request to implicitly create the bucket if it does not exist.
Fix S3 compatibility with MinIO client spec non-compliant XML for publishing multipart uploads. Any leading and trailing quotes in CompleteMultipartUpload are now optional and ignored as it seems to be the actual non-standard behavior AWS implements.

Pages - Added support for .dev.vars in wrangler pages

Tuesday, Jul 5, 2022

Pages now supports .dev.vars in wrangler pages, which allows you to use use environmental variables during your local development without chaining --envs.

This functionality requires Wrangler v2.0.16 or higher.

R2 - 2022-07-01

Friday, Jul 1, 2022

Unsupported search parameters to ListObjects/ListObjectsV2 are now rejected with 501 Not Implemented.
Fixes for Listing:
- Fix listing behavior when the number of files within a folder exceeds the limit (you’d end up seeing a CommonPrefix for that large folder N times where N = number of children within the CommonPrefix / limit).
- Fix corner case where listing could cause objects with sharing the base name of a "folder" to be skipped.
- Fix listing over some files that shared a certain common prefix.
DeleteObjects can now handle 1000 objects at a time.
S3 CreateBucket request can specify x-amz-bucket-object-lock-enabled with a value of false and not have the requested rejected with a NotImplemented error. A value of true will continue to be rejected as R2 does not yet support object locks.

R2 - 2022-06-17

Friday, Jun 17, 2022

Fixed a regression for some clients when using an empty delimiter.
Added support for S3 pre-signed URLs.

R2 - 2022-06-16

Thursday, Jun 16, 2022

Fixed a regression in the S3 API UploadPart operation where TooMuchConcurrency & NoSuchUpload errors were being returned as NoSuchBucket.

Pages - Added deltas to wrangler pages publish

Monday, Jun 13, 2022

Pages has added deltas to wrangler pages publish.

We now keep track of the files that make up each deployment and intelligently only upload the files that we have not seen. This means that similar subsequent deployments should only need to upload a minority of files and this will hopefully make uploads even faster.

This functionality requires Wrangler v2.0.11 or higher.

R2 - 2022-06-13

Monday, Jun 13, 2022

Fixed a bug with the S3 API ListObjectsV2 operation not returning empty folder/s as common prefixes when using delimiters.
The S3 API ListObjectsV2 KeyCount parameter now correctly returns the sum of keys and common prefixes rather than just the keys.
Invalid cursors for list operations no longer fail with an InternalError and now return the appropriate error message.

R2 - 2022-06-10

Friday, Jun 10, 2022

The ContinuationToken field is now correctly returned in the response if provided in a S3 API ListObjectsV2 request.
Fixed a bug where the S3 API AbortMultipartUpload operation threw an error when called multiple times.

Pages - Added branch alias to PR comments

Wednesday, Jun 8, 2022

PR comments for Pages previews now include the branch alias.

R2 - 2022-05-27

Friday, May 27, 2022

Fixed a bug where the S3 API’s PutObject or the .put() binding could fail but still show the bucket upload as successful.
If conditional headers are provided to S3 API UploadObject or CreateMultipartUpload operations, and the object exists, a 412 Precondition Failed status code will be returned if these checks are not met.

Stream - Picture-in-Picture support

Tuesday, May 24, 2022

The Stream Player now displays a button to activate Picture-in-Picture mode, if the viewer’s web browser supports the Picture-in-Picture API.

R2 - 2022-05-20

Friday, May 20, 2022

Fixed a bug when Accept-Encoding was being used in SignedHeaders when sending requests to the S3 API would result in a SignatureDoesNotMatch response.

R2 - 2022-05-17

Tuesday, May 17, 2022

Fixed a bug where requests to the S3 API were not handling non-encoded parameters used for the authorization signature.
Fixed a bug where requests to the S3 API where number-like keys were being parsed as numbers instead of strings.

R2 - 2022-05-16

Monday, May 16, 2022

Add support for S3 virtual-hosted style paths, such as ..r2.cloudflarestorage.com instead of path-based routing (.r2.cloudflarestorage.com/).
Implemented GetBucketLocation for compatibility with external tools, this will always return a LocationConstraint of auto.

Stream - Creator ID property

Friday, May 13, 2022

During or after uploading a video to Stream, you can now specify a value for a new field, creator. This field can be used to identify the creator of the video content, linking the way you identify your users or creators to videos in your Stream account. For more, read the blog post.

R2 - 2022-05-06

Friday, May 6, 2022

S3 API GetObject ranges are now inclusive (bytes=0-0 will correctly return the first byte).
S3 API GetObject partial reads return the proper 206 Partial Content response code.
Copying from a non-existent key (or from a non-existent bucket) to another bucket now returns the proper NoSuchKey / NoSuchBucket response.
The S3 API now returns the proper Content-Type: application/xml response header on relevant endpoints.
Multipart uploads now have a -N suffix on the etag representing the number of parts the file was published with.
UploadPart and UploadPartCopy now return proper error messages, such as TooMuchConcurrency or NoSuchUpload, instead of ‘internal error’.
UploadPart can now be sent a 0-length part.

R2 - 2022-05-05

Thursday, May 5, 2022

When using the S3 API, an empty string and us-east-1 will now alias to the auto region for compatibility with external tools.
GetBucketEncryption, PutBucketEncryption and DeleteBucketEncrypotion are now supported (the only supported value currently is AES256).
Unsupported operations are explicitly rejected as unimplemented rather than implicitly converting them into ListObjectsV2/PutBucket/DeleteBucket respectively.
S3 API CompleteMultipartUploads requests are now properly escaped.

R2 - 2022-05-03

Tuesday, May 3, 2022

Pagination cursors are no longer returned when the keys in a bucket is the same as the MaxKeys argument.
The S3 API ListBuckets operation now accepts cf-max-keys, cf-start-after and cf-continuation-token headers behave the same as the respective URL parameters.
The S3 API ListBuckets and ListObjects endpoints now allow per_page to be 0.
The S3 API CopyObject source parameter now requires a leading slash.
The S3 API CopyObject operation now returns a NoSuchBucket error when copying to a non-existent bucket instead of an internal error.
Enforce the requirement for auto in SigV4 signing and the CreateBucket LocationConstraint parameter.
The S3 API CreateBucket operation now returns the proper location response header.

R2 - 2022-04-14

Thursday, Apr 14, 2022

The S3 API now supports unchunked signed payloads.
Fixed .put() for the Workers R2 bindings.
Fixed a regression where key names were not properly decoded when using the S3 API.
Fixed a bug where deleting an object and then another object which is a prefix of the first could result in errors.
The S3 API DeleteObjects operation no longer returns an error even though an object has been deleted in some cases.
Fixed a bug where startAfter and continuationToken were not working in list operations.
The S3 API ListObjects operation now correctly renders Prefix, Delimiter, StartAfter and MaxKeys in the response.
The S3 API ListObjectsV2 now correctly honors the encoding-type parameter.
The S3 API PutObject operation now works with POST requests for s3cmd compatibility.

R2 - 2022-04-04

Monday, Apr 4, 2022

The S3 API DeleteObjects request now properly returns a MalformedXML error instead of InternalError when provided with more than 128 keys.

Stream - Analytics panel in Stream Dashboard

Thursday, Mar 17, 2022

The Stream Dashboard now has an analytics panel that shows the number of minutes of both live and recorded video delivered. This view can be filtered by Creator ID, Video UID, and Country. For more in-depth analytics data, refer to the bulk analytics documentation.

Stream - Custom letterbox color configuration option for Stream Player

Wednesday, Mar 16, 2022

The Stream Player can now be configured to use a custom letterbox color, displayed around the video (’letterboxing’ or ‘pillarboxing’) when the video’s aspect ratio does not match the player’s aspect ratio. Refer to the documentation on configuring the Stream Player here.

Stream - Support for SRT live streaming protocol

Thursday, Mar 10, 2022

Cloudflare Stream now supports the SRT live streaming protocol. SRT is a modern, actively maintained streaming video protocol that delivers lower latency, and better resilience against unpredictable network conditions. SRT supports newer video codecs and makes it easier to use accessibility features such as captions and multiple audio tracks.

For more, read the blog post.

Stream - Faster video quality switching in Stream Player

Thursday, Feb 17, 2022

When viewers manually change the resolution of video they want to receive in the Stream Player, this change now happens immediately, rather than once the existing resolution playback buffer has finished playing.

Stream - Volume and playback controls accessible during playback of VAST Ads

Wednesday, Feb 9, 2022

When viewing ads in the VAST format in the Stream Player, viewers can now manually start and stop the video, or control the volume.

Stream - DASH and HLS manifest URLs accessible in Stream Dashboard

Tuesday, Jan 25, 2022

If you choose to use a third-party player with Cloudflare Stream, you can now easily access HLS and DASH manifest URLs from within the Stream Dashboard. For more about using Stream with third-party players, read the docs here.

Stream - Input health status in the Stream Dashboard

Saturday, Jan 22, 2022

When a live input is connected, the Stream Dashboard now displays technical details about the connection, which can be used to debug configuration issues.

Stream - Live viewer count in the Stream Player

Thursday, Jan 6, 2022

The Stream Player now shows the total number of people currently watching a video live.

Stream - Webhook notifications for live stream connections events

Tuesday, Jan 4, 2022

You can now configure Stream to send webhooks each time a live stream connects and disconnects. For more information, refer to the Webhooks documentation.

Stream - FedRAMP Support

Tuesday, Dec 7, 2021

The Stream Player can now be served from a FedRAMP compliant subdomain.

Stream - 24/7 Live streaming support

Tuesday, Nov 23, 2021

You can now use Cloudflare Stream for 24/7 live streaming.

Stream - Persistent Live Stream IDs

Wednesday, Nov 17, 2021

You can now start and stop live broadcasts without having to provide a new video UID to the Stream Player (or your own player) each time the stream starts and stops. Read the docs.

Stream - MP4 video file downloads for live videos

Thursday, Oct 14, 2021

Once a live video has ended and been recorded, you can now give viewers the option to download an MP4 video file of the live recording. For more, read the docs here.

Stream - Serverless Live Streaming

Thursday, Sep 30, 2021

Stream now supports live video content! For more information, read the blog post and get started by reading the docs.

Stream - Thumbnail previews in Stream Player seek bar

Monday, Jul 26, 2021

The Stream Player now displays preview images when viewers hover their mouse over the seek bar, making it easier to skip to a specific part of a video.

Stream - MP4 video file downloads (GA)

Monday, Jul 26, 2021

All Cloudflare Stream customers can now give viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.

Stream - Stream Connect (open beta)

Saturday, Jul 10, 2021

You can now opt-in to the Stream Connect beta, and use Cloudflare Stream to restream live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

Stream - Simplified signed URL token generation

Thursday, Jun 10, 2021

You can now obtain a signed URL token via a single API request, without needing to generate signed tokens in your own application. Read the docs.

Stream - Stream Connect (closed beta)

Tuesday, Jun 8, 2021

You can now use Cloudflare Stream to restream or simulcast live video to any platform that accepts RTMPS input, including Facebook, YouTube and Twitch.

For more, read the blog post or the docs.

Stream - MP4 video file downloads (beta)

Monday, May 3, 2021

You can now give your viewers the option to download videos uploaded to Stream as an MP4 video file. For more, read the docs here.

Stream - Picture quality improvements

Monday, Mar 29, 2021

Cloudflare Stream now encodes videos with fewer artifacts, resulting in improved video quality for your viewers.

Stream - Improved client bandwidth hints for third-party video players

Thursday, Mar 25, 2021

If you use Cloudflare Stream with a third party player, and send the clientBandwidthHint parameter in requests to fetch video manifests, Cloudflare Stream now selects the ideal resolution to provide to your client player more intelligently. This ensures your viewers receive the ideal resolution for their network connection.

Stream - Improved client bandwidth hints for third-party video players

Thursday, Mar 25, 2021

Stream - Less bandwidth, identical video quality

Wednesday, Mar 17, 2021

Cloudflare Stream now delivers video using 3-10x less bandwidth, with no reduction in quality. This ensures faster playback for your viewers with less buffering, particularly when viewers have slower network connections.

Stream - Stream Player 2.0 (preview)

Wednesday, Mar 10, 2021

A brand new version of the Stream Player is now available for preview. New features include:

Unified controls across desktop and mobile devices
Keyboard shortcuts
Intelligent mouse cursor interactions with player controls
Phased out support for Internet Explorer 11

For more, refer to this post on the Cloudflare Community Forum.

Stream - Faster video encoding

Thursday, Mar 4, 2021

Videos uploaded to Cloudflare Stream are now available to view 5x sooner, reducing the time your users wait between uploading and viewing videos.

Stream - Removed weekly upload limit, increased max video upload size

Sunday, Jan 17, 2021

You can now upload videos up to 30GB in size to Cloudflare Stream and also now upload an unlimited number of videos to Cloudflare Stream each week

Stream - Tus support for direct creator uploads

Monday, Dec 14, 2020

You can now use the tus protocol when allowing creators (your end users) to upload their own videos directly to Cloudflare Stream.

In addition, all uploads to Cloudflare Stream made using tus are now faster and more reliable as part of this change.

Stream - Multiple audio track mixdown

Wednesday, Dec 9, 2020

Videos with multiple audio tracks (ex: 5.1 surround sound) are now mixed down to stereo when uploaded to Stream. The resulting video, with stereo audio, is now playable in the Stream Player.

Stream - Storage limit notifications

Wednesday, Dec 2, 2020

Cloudflare now emails you if your account is using 75% or more of your prepaid video storage, so that you can take action and plan ahead.