Earlier this year, external researchers identified a vulnerability in Cloudflare’s deprecated SSL for SaaS v1 product, prompting the company to accelerate the transition to the more secure SSL for SaaS v2. SSL for SaaS v1, introduced in 2017, allowed SaaS providers to use Cloudflare's security and performance features but carried risks due to its reliance on IP-based routing, which could be exploited by malicious actors through DNS manipulation or cross-site scripting. In response, Cloudflare launched SSL for SaaS v2, which moves away from IP-based routing to a verified custom hostname model, enhancing security by ensuring only authorized hostnames are routed to their respective origins. Despite officially deprecating v1 in 2021, some customers remained on the platform due to extenuating circumstances, but Cloudflare has since worked to migrate most to v2, implementing additional controls for those still using v1. The company has emphasized its commitment to security and transparency, thanking researchers for their disclosure and reassuring customers of continued efforts to prioritize the security of its platform.