Core Platform Release Notes

Logpush Health Dashboards

We’re excited to introduce Logpush Health Dashboards, giving customers real-time visibility into the status, reliability, and performance of their Logpush jobs. Health dashboards make it easier to detect delivery issues, monitor job stability, and track performance across destinations. The dashboards are divided into two sections:

Upload Health

See how much data was successfully uploaded, where drops occurred, and how your jobs are performing overall. This includes data completeness, success rate, and upload volume.

Upload Reliability

Diagnose issues impacting stability, retries, or latency, and monitor key metrics such as retry counts, upload duration, and destination availability.

Health Dashboards can be accessed from the Logpush page in the Cloudflare dashboard at the account or zone level, under the Health tab. For more details, refer to our Logpush Health Dashboards documentation, which includes a comprehensive troubleshooting guide to help interpret and resolve common issues.

What's new

Status code distribution chart

The Metrics tab includes a status code distribution chart showing HTTP response codes (2xx, 3xx, 4xx, 5xx) over time. Filter by individual crawler, category, operator, or time range to analyze how specific crawlers interact with your site.

Extended actions menu

Each crawler row includes a three-dot menu with per-crawler actions:

• View Metrics — Filter the AI Crawl Control Metrics page to the selected crawler.
• View on Cloudflare Radar — Access verified crawler details on Cloudflare Radar.
• Copy User Agent — Copy user agent strings for use in WAF custom rules, Redirect Rules, or robots.txt files.
• View in Security Analytics — Filter Security Analytics by detection IDs (Bot Management customers).
• Copy Detection ID — Copy detection IDs for use in WAF custom rules (Bot Management customers).

Get started

• Log in to the Cloudflare dashboard, and select your account and domain.
• Go to AI Crawl Control > Metrics to access the status code distribution chart.
• Go to AI Crawl Control > Crawlers and select the three-dot menu for any crawler to access per-crawler actions.
• Select multiple crawlers to use bulk copy buttons for user agents or detection IDs.

Learn more about AI Crawl Control.

Permissions

Permissions for managing Logpush jobs related to Zero Trust datasets (Access, Gateway, and DEX) have been updated to improve data security and enforce appropriate access controls.

To view, create, update, or delete Logpush jobs for Zero Trust datasets, users must now have both of the following permissions:

• Logs Edit
• Zero Trust: PII Read

Note: Update your UI, API or Terraform configurations to include the new permissions. Requests to Zero Trust datasets will fail due to insufficient access without the additional permission.

What's New

• Refreshed member invite flow
  We overhauled the Invite Members UI to simplify inviting users and assigning permissions.

• Refreshed Members Overview Page
  We've updated the Members Overview Page to clearly display:

  • Member 2FA status
  • Which members hold Super Admin privileges
  • API access settings per member
  • Member onboarding state (accepted vs pending invite)

• New Member Permission Policies Details View
  We've created a new member details screen that shows all permission policies associated with a member; including policies inherited from group associations to make it easier for members to understand the effective permissions they have.

• Improved Member Permission Workflow
  We redesigned the permission management experience to make it faster and easier for administrators to review roles and grant access.

• Account-scoped Policies Restrictions Relaxed
  Previously, customers could only associate a single account-scoped policy with a member. We've relaxed this restriction, and now Administrators can now assign multiple account-scoped policies to the same member; bringing policy assignment behavior in-line with user-groups and providing greater flexibility in managing member permissions.

What's New

Refreshed member invite flow

We overhauled the Invite Members UI to simplify inviting users and assigning permissions.

Refreshed Members Overview Page

We've updated the Members Overview Page to clearly display:

• Member 2FA status
• Which members hold Super Admin privileges
• API access settings per member
• Member onboarding state (accepted vs pending invite)

New Member Permission Policies Details View

We've created a new member details screen that shows all permission policies associated with a member; including policies inherited from group associations to make it easier for members to understand the effective permissions they have.

Improved Member Permission Workflow

We redesigned the permission management experience to make it faster and easier for administrators to review roles and grant access.

Account-scoped Policies Restrictions Relaxed

Previously, customers could only associate a single account-scoped policy with a member. We've relaxed this restriction, and now Administrators can now assign multiple account-scoped policies to the same member; bringing policy assignment behavior in-line with user-groups and providing greater flexibility in managing member permissions.

Two-factor authentication (2FA)

Two-factor authentication (2FA) is one of the best ways to protect your account from the risk of account takeover. Cloudflare has offered phishing resistant 2FA options including hardware based keys (for example, a Yubikey) and app based TOTP (time-based one-time password) options which use apps like Google or Microsoft's Authenticator app. Unfortunately, while these solutions are very secure, they can be lost if you misplace the hardware based key, or lose the phone which includes that app. The result is that users sometimes get locked out of their accounts and need to contact support.

Today, we are announcing the addition of email as a 2FA factor for all Cloudflare accounts. Email 2FA is in wide use across the industry as a least common denominator for 2FA because it is low friction, loss resistant, and still improves security over username/password login only. We also know that most commercial email providers already require 2FA, so your email address is usually well protected already.

You can now enable email 2FA on the Cloudflare dashboard:

• Go to Profile at the top right corner.
• Select Authentication.
• Under Two-Factor Authentication, select Set up.

Sign-in security best practices

Cloudflare is critical infrastructure, and you should protect it as such. Review the following best practices and make sure you are doing your part to secure your account:

• Use a unique password for every website, including Cloudflare, and store it in a password manager like 1Password or Keeper. These services are cross-platform and simplify the process of managing secure passwords.
• Use 2FA to make it harder for an attacker to get into your account in the event your password is leaked.
• Store your backup codes securely. A password manager is the best place since it keeps the backup codes encrypted, but you can also print them and put them somewhere safe in your home.
• If you use an app to manage your 2FA keys, enable cloud backup, so that you don't lose your keys in the event you lose your phone.
• If you use a custom email domain to sign in, configure SSO.
• If you use a public email domain like Gmail or Hotmail, you can also use social login with Apple, GitHub, or Google to sign in.
• If you manage a Cloudflare account for work:
  • Have at least two administrators in case one of them unexpectedly leaves your company.
  • Use SCIM to automate permissions management for members in your Cloudflare account.

What’s New

• Refreshed member invite flow

  • We overhauled the Invite Members UI to simplify inviting users and assigning permissions.

• Refreshed Members Overview Page

  • We've updated the Members Overview Page to clearly display:
  • ◦ Member 2FA status
  • ◦ Which members hold Super Admin privileges
  • ◦ API access settings per member
  • ◦ Member onboarding state (accepted vs pending invite)

• New Member Permission Policies Details View

  • We've created a new member details screen that shows all permission policies associated with a member; including policies inherited from group associations to make it easier for members to understand the effective permissions they have.

• Improved Member Permission Workflow

  • We redesigned the permission management experience to make it faster and easier for administrators to review roles and grant access.

• Account-scoped Policies Restrictions Relaxed

  • Previously, customers could only associate a single account-scoped policy with a member. We've relaxed this restriction, and now Administrators can now assign multiple account-scoped policies to the same member; bringing policy assignment behavior in-line with user-groups and providing greater flexibility in managing member permissions.

New fields

Cloudflare now provides two new request fields in the Ruleset engine that let you make decisions based on whether a request used TCP and the measured TCP round-trip time between the client and Cloudflare. These fields help you understand protocol usage across your traffic and build policies that respond to network performance. For example, you can distinguish TCP from QUIC traffic or route high latency requests to alternative origins when needed.

Field | Type | Description
cf.edge.client_tcp | Boolean | Indicates whether the request used TCP. A value of true means the client connected using TCP instead of QUIC.
cf.timings.client_tcp_rtt_msec | Number | Reports the smoothed TCP round-trip time between the client and Cloudflare in milliseconds. For example, a value of 20 indicates roughly twenty milliseconds of RTT.

Example filter expression:

cf.edge.client_tcp && cf.timings.client_tcp_rtt_msec < 100

More information can be found in the Rules language fields reference.

Logpush now supports integration with Microsoft Sentinel

Logpush now supports integration with Microsoft Sentinel. The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.

This upgrade significantly streamlines log ingestion, improves security, and provides greater control:

• Simplified Implementation: Easier for engineering teams to set up and maintain.
• Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.
• Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.
• ata Lake Integration: Includes native integration with Data Lake.

Find the new solution here and refer to the Cloudflare's developer documention for more information on the connector, including setup steps, supported logs and Microsfot's resources.

Logpush now supports integration with Microsoft Sentinel

Logpush now supports integration with Microsoft Sentinel. The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.

This upgrade significantly streamlines log ingestion, improves security, and provides greater control:

• Simplified Implementation: Easier for engineering teams to set up and maintain.
• Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.
• Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.
• ata Lake Integration: Includes native integration with Data Lake.

Find the new solution here and refer to the Cloudflare's developer documention for more information on the connector, including setup steps, supported logs and Microsfot's resources.