Home / Companies / Cloudflare / Blog / November 2025

November 2025 Summaries

14 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
FLUX.2, developed by Black Forest Lab and now available on Cloudflare's Workers AI platform, represents a significant advancement in image generation models, boasting enhanced photorealism, physical world grounding, and multi-language support. Building on its predecessor FLUX.1, the model excels in generating detailed and consistent images, addressing issues like stochastic drift through multi-reference image inputs. FLUX.2 is particularly suited for business applications such as creating consistent ad variations and product shots, and it offers granular control over image details via JSON prompting and specific hex codes. This model can generate high-quality digital assets, understand context across languages, and maintain character consistency, making it a versatile tool for various creative and commercial purposes.
Nov 25, 2025 1,189 words in the original blog post.
Cloudflare's Web Application Firewall (WAF) is designed to protect against various layer 7 attacks by utilizing a suite of tools including managed, custom, and rate-limiting rules, all built on the Rulesets engine. These tools help mitigate attacks by executing actions when rule expressions are matched, but they can also generate false positives due to the high volume of requests processed. To address this, Cloudflare has introduced payload logging, which provides detailed insights into which specific request fields triggered a rule, thereby aiding in fine-tuning rules and reducing ambiguities. The underlying technology includes a compiler written in Rust, which supports the evaluation and re-evaluation of expressions, logging fields that match rule conditions. These logs, encrypted with customer-provided public keys, can be decrypted and analyzed through various methods, allowing customers to better understand rule matches and refine their WAF configurations. Improvements have been made to handle array-type fields, enhancing the precision and clarity of the logging process.
Nov 24, 2025 899 words in the original blog post.
On November 18, 2025, Cloudflare experienced a significant network outage that affected its core services, not due to a cyber attack, but because of an internal database permission change. This change inadvertently caused a critical feature file used by Cloudflare's Bot Management system to double in size, surpassing the software's capacity and leading to system failures. This resulted in widespread HTTP 5xx errors affecting Cloudflare's CDN, Workers KV, and Access services, among others. The problem was compounded by the distribution of inconsistent configuration files across the network, which initially led the team to suspect a DDoS attack. By identifying and rolling back the faulty feature file, Cloudflare managed to restore traffic flow by 14:30 UTC, with full functionality achieved by 17:06 UTC. The incident prompted Cloudflare to initiate measures to prevent similar occurrences, emphasizing the outage's impact on its reputation and the internet ecosystem.
Nov 18, 2025 2,919 words in the original blog post.
On November 18, 2025, Cloudflare's network experienced significant disruptions due to a permissions change in their database system, which inadvertently caused a feature file used by their Bot Management system to double in size, exceeding the software's size limit and resulting in failures across their network. Initially misdiagnosed as a potential DDoS attack, the core issue was identified and resolved by reverting to an earlier version of the feature file, thereby restoring normal traffic flow by 14:30 UTC. The incident affected several Cloudflare services, including their CDN, Workers KV, and Access, leading to elevated error rates and authentication failures, although email delivery remained largely unaffected. The outage resulted from duplicated feature rows in configuration files due to a change in ClickHouse query behavior that expanded access permissions; this caused the Bot Management system to exceed its feature limit, triggering system failures. Cloudflare has since undertaken measures to harden their systems against similar failures, emphasizing the critical need for resilience in their network architecture to prevent such widespread impacts in the future.
Nov 18, 2025 2,919 words in the original blog post.
Cloudflare has announced its acquisition of Replicate, a leading platform for running AI models, with the integration aimed at enhancing Cloudflare's Workers developer platform by making it easier to deploy AI models. This union will allow existing Replicate users to benefit from Cloudflare's global network, while Workers AI users will gain access to an expanded model catalog and the ability to run custom models. The collaboration seeks to address the complexities of deploying AI models by leveraging Replicate's platform, which simplifies running open-source models through a unified API. This move is part of Cloudflare's broader strategy to build an AI Cloud infrastructure that includes serverless GPU inference, data storage solutions, and orchestration tools, ultimately offering developers a comprehensive stack for AI-driven applications. By combining Replicate's extensive model catalog and community with Cloudflare's robust network, the partnership aims to create a hub for AI exploration and experimentation, enhancing the capabilities and reach of both platforms.
Nov 17, 2025 1,346 words in the original blog post.
At Cloudflare, the challenge of identifying the root cause of configuration management failures amidst a surge of changes across thousands of servers was addressed by improving the infrastructure around Salt, a configuration management tool. By solving an architectural issue, they developed a self-service mechanism to efficiently trace failures back to their origins, such as specific git commits or external service disruptions, reducing release delays and repetitive triage tasks for Site Reliability Engineers (SREs). Salt, with its master-minion architecture, allows Cloudflare to manage large server fleets, ensuring configurations remain consistent and traceable. Failures often stem from misconfigurations, such as syntax errors or missing data, which are reported with specific retcodes. To streamline failure analysis, Cloudflare created an automated system that caches job results on minions, enabling immediate retrieval and error attribution. This led to the development of the Salt Blame module, which identifies the first failure in job history and correlates it with potential causes, significantly accelerating the troubleshooting process. Automation further enhanced this system, allowing engineers to triage failures more efficiently, even across multiple datacenters, reducing the time spent on manual root cause analysis by over 5%. By implementing mechanisms to measure and analyze failure causes, Cloudflare aims to improve their release process and reduce operational toil, ultimately enhancing the reliability and speed of their service delivery.
Nov 13, 2025 3,415 words in the original blog post.
Remote bindings, now generally available on the Cloudflare platform, allow developers to connect their local development environment to deployed resources such as R2 buckets and D1 databases, enabling testing against real data without constant redeployment. This advancement enhances the Cloudflare Workers platform by integrating with existing tools like Wrangler, Vite, and Vitest, providing a seamless development experience that combines the benefits of both local and remote modes. Previous limitations of the remote mode, such as slow iteration speed and unstable debugging, prompted a shift towards a unified system where developers can choose per-binding whether to use local or remote resources. This flexibility allows for dynamic workflows where some bindings are locally simulated, while others connect to real remote resources, thus improving the developer experience and ensuring the application works as expected in production. This solution leverages existing production APIs and introduces capabilities for JSRPC-backed bindings, ensuring that both HTTP and modern connection types are supported, all without requiring extensive management of API keys or credentials.
Nov 12, 2025 1,542 words in the original blog post.
Cloudflare has introduced Python Workflows, extending its Cloudflare Workflows platform to support Python, which is widely used in data pipelines, AI, and task automation. This update allows developers to use Python to orchestrate multi-step applications, automate sequences with error handling and retries, and utilize Python's ecosystem, including packages like matplotlib and pandas. Python Workflows are integrated directly into the Cloudflare Workers runtime, ensuring compatibility with existing infrastructure and offering feature parity with the JavaScript SDK. This development enhances the ability to build robust, automated workflows and agents, such as AI models or grocery management systems, by leveraging Python's capabilities for task orchestration. The platform uses Transcrypt and Pyodide for seamless interaction between Python and JavaScript, ensuring smooth execution of workflows while maintaining Pythonic conventions through the use of decorators and idiomatic interfaces.
Nov 10, 2025 1,243 words in the original blog post.
Cloudflare has launched a self-serve Bring-Your-Own-IP (BYOIP) API, streamlining the process for customers to onboard and manage their IP address space, which was previously cumbersome and time-consuming. This new approach automates the verification of IP prefix ownership and authorization using the Resource Public Key Infrastructure (RPKI) and Route Origin Authorization (ROA) objects, significantly enhancing security and efficiency compared to the traditional manual review of documents. By allowing modifications through either Internet Routing Registry (IRR) records or reverse DNS, Cloudflare offers a more straightforward and secure method for customers to demonstrate their rights to use a prefix. The self-serve model also mitigates the risk of "blackholing" traffic by requiring a default service binding for every IP prefix. This advancement not only reduces the need for Letters of Authorization (LOAs) but also integrates IP management into existing workflows, enabling organizations to automate network tasks, improve security, and optimize their network infrastructures.
Nov 07, 2025 2,137 words in the original blog post.
Cloudflare has announced the open sourcing of tokio-quiche, an asynchronous QUIC library that combines the quiche QUIC implementation with the Rust-based Tokio async runtime. Previously used internally for systems like Cloudflare's Proxy B in Apple iCloud Private Relay and the Cloudflare Warp MASQUE client, tokio-quiche is designed to handle millions of HTTP/3 requests per second with low latency and high throughput. This library builds on the sans-io design of quiche, which allows for flexible integration into a variety of applications by implementing the QUIC transport protocol without presuming specific I/O operations. By integrating tokio-quiche with the popular Tokio runtime, Cloudflare aims to lower the barrier for integrating QUIC and HTTP/3 into new projects, promoting wider adoption of these technologies. The library includes components like the H3Driver, which facilitates the creation of asynchronous HTTP/3 clients and servers, and uses an actor model to manage tasks and messages efficiently. This open-source release is part of Cloudflare's broader effort to advance the QUIC and HTTP/3 ecosystem, with future plans for additional tools and resources to support developers.
Nov 06, 2025 1,152 words in the original blog post.
Cloudflare Stream has introduced a new audio extraction feature that allows developers to efficiently extract audio from video files without processing the entire video, addressing the demand for workflows where only audio is necessary, such as podcasts or AI inference pipelines. This feature can be accessed via a simple API call or through the Stream dashboard, enabling users to extract and download audio in M4A format with two methods: on-the-fly extraction through Media Transformations for short-form videos and direct audio downloads for content managed within Stream. The implementation involved extending Cloudflare's existing video pipelines, including the video-on-demand (VOD) and on-the-fly-encoding (OTFE) pipelines, to support audio-only extraction by validating audio tracks and creating a handler to deliver high-quality audio files. This development aims to simplify and reduce costs in use cases like content moderation and speech recognition, while maintaining backward compatibility and offering new API endpoints for streamlined audio processing.
Nov 06, 2025 1,436 words in the original blog post.
Cloudflare has announced the launch of VPC Services, a key milestone in their Workers VPC initiative, which allows users to connect to APIs, containers, virtual machines, serverless functions, and databases in regional private networks via Cloudflare Tunnels from Workers globally. This development simplifies cross-cloud application building by enabling Workers to securely access private APIs and databases, overcoming traditional cloud lock-in and security complexities. VPC Services streamline network configuration by using Cloudflare Tunnels to connect Workers with private services, ensuring secure access control and making Workers immune to Server-Side Request Forgery attacks. The initiative aims to enhance flexibility and integration with enterprise networks by expanding protocol support to include TCP services and facilitating bidirectional connections with Cloudflare resources. VPC Services are currently available in open beta, allowing developers to modernize legacy applications and create cross-cloud architectures with greater ease and security.
Nov 05, 2025 2,060 words in the original blog post.
Cloudflare Workflows is a serverless engine designed to facilitate the creation of long-running, multi-step applications that can endure failures, offering developers the ability to manage complex processes beyond the scope of traditional stateless functions. Initially, testing these workflows was challenging due to limited visibility into intermediate steps, which complicated debugging and led to a poor developer experience. To address this, Cloudflare introduced a new set of APIs that enable detailed and isolated testing of workflows, enhancing reliability and efficiency. These updates, accessible through the cloudflare:test module with vitest-pool-workers version 0.9.0 and above, allow developers to perform comprehensive tests offline without network dependency by utilizing local architecture and Remote Procedure Calls (RPC). The new testing framework supports mocking of workflow steps and events, significantly improving the testing experience and encouraging broader adoption of Workflows in Cloudflare applications.
Nov 04, 2025 1,836 words in the original blog post.
Cloudflare's blog post explores the recent unblocking of over 3 billion IP addresses in Turkmenistan, as reported by turkmen.news, suggesting the country might be testing a new firewall. This event led to a surge in HTTP requests from Turkmenistan, as observed on Cloudflare Radar, which is designed to track TCP connection resets and timeouts. The data from Radar revealed changes in connection anomalies across different networks in Turkmenistan, indicating potential large-scale firewall activity. Despite limitations in data interpretation, such as the inability to attribute causes definitively, the trends observed align with the hypothesis of firewall testing. The post emphasizes the importance of analyzing these resets and timeouts data both retrospectively and in the context of larger patterns, offering insights into Internet activity in Turkmenistan before and after the unblocking event. Additionally, Cloudflare shares its methodologies for detecting and logging these anomalies, encouraging similar observability practices in other networks to enhance Internet measurement science.
Nov 03, 2025 1,283 words in the original blog post.