Cloudflare
npx @buildinternet/releases get cloudflareRecently shipped Internal DNS GA, Wrangler Flagship commands, and Precursor session-based bot detection.
Bot traffic management gained session-based detection with Precursor and new WAF rules. Precursor is client-side JavaScript that continuously evaluates behavioral signals across a session, re-validates challenge clearance, and updates bot scores. All plans can now enable it from the dashboard. WAF added rules for CVE-2026-8451 (Citrix NetScaler memory disclosure) and CVE-2026-8037 (Progress Kemp LoadMaster RCE).
Internal DNS is now generally available for private networks. This provides authoritative and recursive DNS for private networks on the same global control plane as public DNS. Split-horizon DNS is managed through views over shared zones, with resolver policies enforced by Gateway. Setup takes three steps from the dashboard.
The developer platform added Temporary Accounts, MCP elicitation, and more. The Temporary Accounts API lets platforms create preview accounts via the REST API so users can deploy a Worker before signing in. Agents can now handle MCP elicitation requests for structured input or out-of-band flows. R2 Data Catalog automatically optimizes manifest files during compaction to reduce query planning overhead. Email Sending events can be subscribed to via Queues for deliverability tracking. Vary headers are now honored in Cache Rules, allowing multiple cached versions of a URL. DLP source code detection now focuses on whole file uploads, reducing false positives. Markdown for Agents preserves origin security and caching headers.
Workers runtime and Wrangler. Durable Object class lifecycle can now be declared declaratively with exports in Wrangler config, replacing the imperative migrations array. createTestHarness gained evictDurableObject() for graceful eviction testing. Service environments and the legacy_env config field have been removed — breaking change. Wrangler now includes wrangler flagship for managing feature flags from the CLI. @cloudflare/workers-types v5 exposes only the latest runtime types, with an experimental entrypoint for unstable APIs.
Cloudflare One and security. IPsec downgrade protection (beta) with IKE_SA_INIT_FULL_TRANSCRIPT_AUTH. Browser Isolation now supports authorization proxy endpoints, enabling identity-based isolation policies. RDP file transfer controls and bulk PDF printing are available in beta. Gateway gained granular resource-scoped roles for DNS, HTTP, and Network policies. Cloudflare One Virtual Appliance registration is now self-serve from the dashboard. Logpush added the websocket_analytics dataset and account-scoped firewall events. API tokens can be searched by name in the dashboard and via API. Note: Tunnel route endpoints and the connections field retire October 5, 2026; legacy KV namespace routes under /workers/namespaces/ retire October 15, 2026. AMP/SXG reached end of life.
Platform and tooling. DNS Firewall UX refreshed with more dashboard settings. Cloudflare One Client for Windows (2026.6.850.0) hotfixes WebView2 SSO. Web Analytics dashboards now load reliably for accounts with up to 1,000 sites. Cloudflare Fonts improved error handling. Wrangler 4.111.0, miniflare 4.20260710.0, @cloudflare/workers-auth 0.5.0, @cloudflare/workers-utils 0.27.0, @cloudflare/vite-plugin 1.45.0, vitest-pool-workers 0.18.5, and cloudflared 2026.7.2 shipped routine updates.