WAF - WAF Release - 2026-05-11

Key Findings

• Existing rule enhancements have been deployed to improve detection resilience against broad classes of web attacks and strengthen behavioral coverage.

Continuous Rule Improvements

We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed.

Ruleset

Rule ID

Legacy Rule ID

Description

Previous Action

New Action

Comments

Cloudflare Managed Ruleset

23ac4a9e53f94467ba470c9468b3c389

N/A

Remote Code Execution - Java Deserialization - Body - Beta

Block

Disabled

This is a new detection. This rule is merged into the original rule "Remote Code Execution - Java Deserialization" (ID: 36b0532eb3c941449afed2d3744305c4 ).