Home / Companies / Cloudflare / Blog / May 2025

May 2025 Summaries

14 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare Email Security has been recognized as a Strong Performer in the 'current offering' category by Forrester, with the highest scores possible in nine key evaluation criteria and among the top three providers. This recognition is due to Cloudflare's ability to deliver stronger security outcomes across email and collaboration tools. The platform offers advanced features such as sandboxing, malicious URL detection, threat intelligence, content analysis, reporting, user quarantine, email authentication, and product security. With a comprehensive real-time threat intelligence ecosystem, Cloudflare operates one of the most extensive systems that ingest over 4.4 trillion signals daily across DNS, HTTP, and email layers. The platform is designed to protect email inboxes and workspaces from phishing threats and other types of attacks, with a focus on integrating email security into a broader SASE and Zero Trust strategy. Cloudflare will continue to build AI-driven automation, deepen integrations across the ecosystem, enhance real-time user coaching, develop best-in-class detections, and provide free access to its Retro Scan tool for organizations to use its predictive AI models to scan existing inbox messages.
May 30, 2025 1,035 words in the original blog post.
The Cloudflare Workers Builds is a CI/CD product that makes it easy to build and deploy Workers applications. However, the current system had issues with reliability, speed, and user experience due to manual error detection and lack of automation. To address these issues, Cloudflare built an error detection system using the Cloudflare Developer Platform's Durable Objects, Queues, and Workers KV storage. This system uses a queue to process build errors and detects issues in build logs using AI-powered matchers. The system also includes an alarm that runs every second to fetch builds from Postgres and send them to the queue for processing. With this new system, Cloudflare was able to automate error detection, improve reliability, and reduce the time spent on fixing issues. This project demonstrates the power of building on the Cloudflare Developer Platform and showcases the ease with which developers can build and deploy applications using Workers.
May 29, 2025 2,895 words in the original blog post.
Cloudflare has been named in the Gartner Magic Quadrant for Security Service Edge (SSE) report for the third consecutive year, recognizing it as one of only nine vendors that meet the criteria. The company's SSE platform provides a range of features, including Zero Trust Network Access, secure web gateway, and data protection capabilities. Cloudflare is positioned in the leader quadrant due to its ability to deliver a comprehensive SASE platform with both networking and security components. The company is committed to delivering innovative solutions with velocity and resilience, and has made significant investments in its SSE platform since 2018. With its unified platform built on a global network, Cloudflare offers customers faster and easier deployment, a more consistent user experience, and agile architecture for modernization. The company plans to continue delivering new capabilities by mid-2026, including AI-based DLP detections, innovative forensics, and classifying sensitive data in the public cloud. Cloudflare is recognized as a pioneer in the SASE market, offering a holistic platform capable of addressing broader spectrum of requirements for both public and private resources. The company's commitment to delivering new security features with no cost to customers, including a free trial for teams of up to 50 users, positions it for continued growth and success in the market.
May 23, 2025 3,125 words in the original blog post.
Cloudflare discovered a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework, which was exploited by a security researcher using Cloudflare's Content Delivery Network (CDN) free tier. The vulnerability allowed an attacker to inject malicious requests into subsequent valid requests on the same connection. This exploit could enable modifying request headers and/or URL sent to customer origins. Cloudflare quickly isolated the issue, mitigated it within 22 hours, and released a patch fix to prevent further exploitation. Customers using the caching functionality in the Pingora framework are advised to update to version 0.5.0 or later to avoid potential cache poisoning issues. The discovery highlights the importance of security testing and responsible disclosure through Cloudflare's Bug Bounty Program, which allowed for swift identification and mitigation of the vulnerability.
May 22, 2025 1,415 words in the original blog post.
The Cloudflare Radar system now offers a real-time BGP route lookup service, providing users with near-instantaneous insights into global Internet routing. This feature leverages real-time data streams from RouteViews and RIPE RIS, moving beyond historical archives to deliver up-to-the-minute information. Users can visualize routes in real time on Cloudflare Radar's prefix pages with intuitive Sankey diagrams that detail complete route information. Furthermore, the Cloudflare Radar API provides programmatic access to this data, allowing for seamless integration into custom tools and workflows. The system is designed to handle large data volumes from multiple BGP route collectors and enables horizontal scalability, making it suitable for monitoring stable routing information and detecting dynamic events such as route leaks and hijacks.
May 21, 2025 1,733 words in the original blog post.
Measuring performance is a complex task that requires careful consideration of accuracy, precision, and the type of latency being measured. Cloudflare's experience with customer performance escalations has led to the realization that traditional metrics like Time to First Byte (TTFB) may not be the best representation of true web performance. A more nuanced approach is needed, taking into account the number of requests made by a user and the probability distribution of latency across different percentiles. By using percentile-based metrics and visualizations, such as CDF plots and QQ-plots, Cloudflare has gained a deeper understanding of its customers' experiences with latency and can now provide more accurate and actionable insights to improve performance.
May 20, 2025 3,205 words in the original blog post.
IPv4 addresses have become a costly commodity due to their growing scarcity, leading organizations to rely on the secondary market for acquisition. The prices of these addresses have surged, with costs varying based on block size and demand. In response, Cloudflare has introduced new flexibility in how they handle Bring Your Own IP (BYOIP) prefixes, allowing customers to use parts of any prefix for additional use with CDN or Spectrum. This enhancement provides much-needed flexibility while keeping costs under control. To address the challenges of migrating BYOIP prefixes between services, Cloudflare has developed a dynamic reallocation process that involves updating IP address lists and firewall rules on each server. They have also created an eBPF-based service called Tubular, which allows services to listen on a single socket dynamically, without requiring a restart when addresses change. This solution enables businesses to optimize their IP address usage while minimizing disruptions. Cloudflare is actively working to replace its current ingress proxy with a new one by 2026 and has implemented systems that will reduce the transition time of IP address prefixes between services from hours to just minutes, significantly improving reliability. The company envisions a future where customers have granular control over how their traffic moves through its global network, not just by service, but down to the port level, enabling programmable traffic orchestration across different services.
May 19, 2025 1,626 words in the original blog post.
Cloudflare has joined the United States Cybersecurity and Infrastructure Security Agency’s (CISA) “Secure by Design” pledge, committing to strengthen the resilience of the digital ecosystem. This pledge promotes transparency in vulnerability reporting, a value deeply embedded in Cloudflare's Product Security program. Transparency is essential for building trust between companies and customers, as it enables rapid remediation and clear disclosure of vulnerabilities' nature, impact, and resolution. As an authorized CVE Numbering Authority (CNA), Cloudflare can assign CVE identifiers for vulnerabilities discovered within its products and ecosystems. The company has issued and disclosed multiple CVEs, primarily in areas such as denial of service, local privilege escalation, logical flaws, and improper input validation. Cloudflare's commitment to transparency and security is rooted in its values of openness, discipline, and technical excellence, and the company aims to meet and exceed expectations set out in the CISA pledge.
May 16, 2025 1,492 words in the original blog post.
Cloudflare is introducing two proposals for bots and agents to authenticate themselves: HTTP Message Signatures and request mTLS. These mechanisms aim to provide a tamper-proof way for bot owners and developers of AI agents to identify themselves, allowing site owners to control the traffic they allow. HTTP Message Signatures rely on a standard that defines the cryptographic authentication of a request sender, while request mTLS uses the TLS Flags extension to convey signatures between clients and servers. Both approaches aim to address the limitations of existing bot verification mechanisms, such as user agent headers and IP addresses, which are easily spoofable or prone to change. By adopting these standards-based approaches, developers can ensure that their bots and agents are authenticated in a reliable manner, empowering site owners to monitor automated requests and improve the overall security of the Internet.
May 15, 2025 2,731 words in the original blog post.
Google has launched a direct integration of its Google Tag Gateway for Advertisers, which allows website owners to serve their Google tags from their own first-party infrastructure without the need for a separate server. This integration is made possible through Cloudflare's security and performance infrastructure, enabling seamless deployment with minimal effort required from web developers. The setup requires only a few clicks, and it offers improved performance and measurement accuracy, with early testers seeing an 11% uplift in data signals. The feature is now available for free on any Cloudflare plan, making it accessible to all customers.
May 08, 2025 900 words in the original blog post.
The Cloudflare team has developed a solution to handle graceful restarts of UDP servers without dropping any packets, a challenging problem due to the stateful nature of modern UDP protocols. The solution is called udpgrm, a lightweight daemon that uses Linux's `SO_REUSEPORT` API and eBPF programs to route incoming packets to the correct instance, preserving flow stickiness. The daemon provides a clean API using `setsockopt()` calls, careful socket-stealing logic, powerful and expressive configurable dissectors, and well-thought-out integration with systemd. udpgrm supports three dissector modes: DISSECTOR_FLOW, DISSECTOR_CBPF, and DISSECTOR_NOOP, which can be used to handle different protocols and scenarios. The solution is intended to be easy to use but solves a genuinely hard problem in the Linux Sockets API.
May 07, 2025 2,806 words in the original blog post.
Cloudflare's Health Mediated Deployments (HMD) is a data-driven solution that automates software updates across its global network, using Prometheus metrics to determine whether new code should continue to roll out or be reverted. HMD uses Thanos, a system for storing and scaling Prometheus metrics, to query the performance of Cloudflare's services and detect potential issues. If the success rate is unexpectedly decreasing, HMD reverts the change in order to stabilize the system. The solution has improved Thanos' ability to handle high-load queries, reducing batch runtimes by 15x. Additionally, HMD introduces an adaptive priority-based concurrency control mechanism to tackle spiky load patterns and prioritize on-call engineer queries over HMD batch requests. The project also explores optimizing time series storage for object storage using Parquet files.
May 05, 2025 1,902 words in the original blog post.
You can now connect to Cloudflare's first publicly available remote Model Context Protocol (MCP) servers from Claude.ai and other MCP clients like Cursor, Windsurf, or the AI Playground, unlocking Cloudflare tools, resources, and real-time information. These MCP servers provide access to a suite of tools, including a Documentation server for up-to-date reference information, a Workers Bindings server for building with developer resources, an Observability server for debugging applications, and more. The servers can be accessed through a natural language interface, allowing users to query the servers using simple commands, such as "What is my average latency for my AI Gateway logs in the Cloudflare Radar account?" or "Tell me about restoring an Amiga 1000 using the blog-celso AutoRAG." Users can also build their own MCP servers by following best practices discovered through building out Cloudflare's existing servers.
May 01, 2025 2,405 words in the original blog post.
Today, Cloudflare is excited to collaborate with several companies including Anthropic, Asana, Atlassian, Block, Intercom, Linear, PayPal, Sentry, Stripe, and Webflow to bring remote MCP servers built on Cloudflare, enabling users to manage projects, generate invoices, query databases, and deploy full stack applications without ever leaving the chat interface. This collaboration aims to make AI agents a reality by connecting services through the Model Context Protocol (MCP). With this integration, users can access an MCP server in the same way they would a website, type a URL and go. Cloudflare has been focused on building out the tooling that simplifies the development of remote MCP servers, allowing customers' engineering teams to focus on building out the MCP tools for their application. Industry leaders are taking advantage of this ease of use to deliver new AI-powered experiences to their users. The integration makes it easy for developers to build and deploy remote MCP servers, with features such as support for the latest MCP standards, pre-built servers, and one-click deployment. This collaboration is expected to revolutionize the way businesses interact with AI tools and make them more accessible to a wider audience.
May 01, 2025 2,723 words in the original blog post.