Cloudflare(NET)

Material Event filed 2026-05-07

### Added - Added [promql/features](checks/promql/features.md) check. - Added [group/interval](checks/group/interval.md) check. - [rule/dependency](checks/rule/dependency.md) check will now warn when a rule uses a metric produced by a recording rule from a different group, which can introduce evaluation lag. ### Fixed - [promql/vector_matching](checks/promql/vector_matching.md) check no longer reports problems that are also reported by [promql/impossible](checks/promql/impossible.md). - Fixed problem description in [promql/series](checks/promql/series.md) check for disable comments that have no effect. - Fixed invalid suggestions from the [query/cost](checks/query/cost.md) check. - [query/cost](checks/query/cost.md) check will now skip expressions that don't read any time series, like `scalar()`, `vector()`, `time()`, `pi()`, or number literals.

### Patch Changes - [#585](https://github.com/cloudflare/sandbox-sdk/pull/585) [`ab84333`](https://github.com/cloudflare/sandbox-sdk/commit/ab843334764e0fe0fe268e406f2332d3381bd94e) Thanks [@aron-cf](https://github.com/aron-cf)! - Add the sandbox bridge — an HTTP API that translates REST calls into Sandbox Durable Object operations. Deploy the bridge as a standalone Cloudflare Worker to expose session management, command execution, file read/write, PTY, and workspace mount/unmount over HTTP. Includes an optional warm pool Durable Object for pre-provisioning sandboxes to reduce cold-start latency. Import the bridge factory and warm pool from `@cloudflare/sandbox/bridge`. ```ts import { bridge } from '@cloudflare/sandbox/bridge'; export { Sandbox } from '@cloudflare/sandbox'; export { WarmPool } from '@cloudflare/sandbox/bridge'; export default bridge({ fetch(request, env, ctx) { // your code here return new Response('OK'); } }); ```

### Patch Changes - [#577](https://github.com/cloudflare/sandbox-sdk/pull/577) [`a56898c`](https://github.com/cloudflare/sandbox-sdk/commit/a56898cc83944a5d43ce3ab75cdba8025d51e2fc) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - Improve backup restores by mounting backup archives from R2 during restore instead of downloading them into local container storage first.

### Patch Changes - [#570](https://github.com/cloudflare/sandbox-sdk/pull/570) [`8363119`](https://github.com/cloudflare/sandbox-sdk/commit/8363119c5cf70a48a81a7a515fb14a9c0ae890be) Thanks [@aron-cf](https://github.com/aron-cf)! - Fix `unmountBucket()` silently succeeding when the FUSE filesystem fails to unmount. The method now checks the `fusermount` exit code and throws `BucketUnmountError` on failure, cleans up the mount directory after a successful unmount, and the container image includes the `/etc/mtab` symlink that `fusermount` requires. - [#573](https://github.com/cloudflare/sandbox-sdk/pull/573) [`cc14fc7`](https://github.com/cloudflare/sandbox-sdk/commit/cc14fc7e931f7b92cee05010eeb5aa74cc44209b) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - Increase the default `gitCheckout()` clone timeout to 10 minutes so larger repositories and slower Git remotes do not fail after 2 minutes by default. You can now override the git clone subprocess timeout per call with the `clo

### Patch Changes - [#571](https://github.com/cloudflare/sandbox-sdk/pull/571) [`c5db840`](https://github.com/cloudflare/sandbox-sdk/commit/c5db84092ad8d3ea1c0e98b54e1b58d7a953b32b) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - Require `@cloudflare/containers` 0.3.0 so sandbox apps pick up the latest Containers platform updates.

### Patch Changes - [#565](https://github.com/cloudflare/sandbox-sdk/pull/565) [`ffcbd3a`](https://github.com/cloudflare/sandbox-sdk/commit/ffcbd3ab9584c7e717f6d4d19538bb57cbd88d69) Thanks [@whoiskatrin](https://github.com/whoiskatrin)! - Require `@cloudflare/containers` 0.2.3 or newer. - [#550](https://github.com/cloudflare/sandbox-sdk/pull/550) [`1db32ea`](https://github.com/cloudflare/sandbox-sdk/commit/1db32ea02f1374b4c79d9bf05f50424b4166402b) Thanks [@scuffi](https://github.com/scuffi)! - Setting `interceptHttps = true` on your Sandbox will now automatically trust the Cloudflare-injected CA certificate at container startup, enabling outbound HTTPS traffic interception.

## 6.9.0 (2026-04-01) Full Changelog: [v6.8.0...v6.9.0](https://github.com/cloudflare/cloudflare-go/compare/v6.8.0...v6.9.0) In this release, you'll see a number of breaking changes. This is primarily due to changes in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. ## Please ensure you read through the list of changes below before moving to this version - this will help you understand any down or upstream issues it may cause to your environments. --- ## Breaking Changes See the [v6.9.0 Migration Guide](./docs/migration-guides/v6.9.0-migration-guide.md) for before/after code examples and actions needed for each change. ### AI Gateway - AccountID, AccountTag, and InternalID Field Removal The `AccountID`, `AccountTag`, and `InternalID` fields have been removed from all AI Gateway response types: - `AIGatewayNewResponse` - `AIGatewayUpdateResponse` - `AIGatewayListResponse` - `A

## What's Changed * fix: mark provider credential fields as sensitive and update validation by @musa-cf in https://github.com/cloudflare/terraform-provider-cloudflare/pull/6958 **Full Changelog**: https://github.com/cloudflare/terraform-provider-cloudflare/compare/v4.52.6...v4.52.7

## 4.52.6 (March 19th, 2026) BUG FIXES: * resource/cloudflare_zero_trust_access_mtls_certificate: changing `certificate` now correctly forces recreation of the resource instead of a silent no-op update

## 6.8.0 (2026-02-27) Full Changelog: [v6.7.0...v6.8.0](https://github.com/cloudflare/cloudflare-go/compare/v6.7.0...v6.8.0) ## Breaking Changes See the [v6.8.0 Migration Guide](./docs/migration-guides/v6.8.0-migration-guide.md) for before/after code examples and actions needed for each change. - `CloudforceOne.ThreatEvents` — `Delete()` method removed - `SSL.CertificatePacks` — `List()` pagination type changed from `SinglePage` to `V4PagePaginationArray` - `ZeroTrust.DLP.Datasets` — `New()`, `Update()`, `Get()` return types replaced with shared DLP types - `ZeroTrust.DLP.Datasets.Upload` — `New()`, `Edit()` return types replaced with shared DLP types - `ZeroTrust.DLP.Profiles` — `Get()` return type replaced with shared `Profile` type - `ZeroTrust.DLP.Profiles.Custom` — `New()`, `Update()`, `Get()` return types replaced with shared `Profile` type - `ZeroTrust.DLP.Profiles.Predefined` — `Update()`, `Get()` return types replaced with shared `PredefinedProfile` type ## Features ### New AP