A new wrangler containers instances command lists all instances for a given Container application. This mirrors the instances view in the Cloudflare dashboard.
The command displays each instance’s ID, name, state, location, version, and creation time:
wranglercontainersinstances<APPLICATION_ID>
Use the --json flag for machine-readable output, which is also the default format in non-interactive environments such as CI pipelines.
We’re excited to partner with NVIDIA to bring @cf/nvidia/nemotron-3-120b-a12b to Workers AI. NVIDIA Nemotron 3 Super is a Mixture-of-Experts (MoE) model with a hybrid Mamba-transformer architecture, 120B total parameters, and 12B active parameters per forward pass.
The model is optimized for running many collaborating agents per application. It delivers high accuracy for reasoning, tool calling, and instruction following across complex multi-step tasks.
Key capabilities:
Hybrid Mamba-transformer architecture delivers over 50% higher token generation throughput compared to leading open models, reducing latency for real-world applications
Tool calling support for building AI agents that invoke tools across multiple conversation turns
Multi-Token Prediction (MTP) accelerates long-form text generation by predicting several future tokens simultaneously in a single forward pass
32,000 token context window for retaining conversation history and plan states across multi-step agent workflows
Cloudflare-generated 1xxx errors now return structured JSON when clients send Accept: application/json or Accept: application/problem+json. JSON responses follow RFC 9457 (Problem Details for HTTP APIs), so any HTTP client that understands Problem Details can parse the base members without Cloudflare-specific code.
Breaking change
The Markdown frontmatter field http_status has been renamed to status. Agents consuming Markdown frontmatter should update parsers accordingly.
Changes
JSON format. Clients sending Accept: application/json or Accept: application/problem+json now receive a structured JSON object with the same operational fields as Markdown frontmatter, plus RFC 9457 standard members.
RFC 9457 standard members (JSON only):
type — URI pointing to Cloudflare documentation for the specific error code
status — HTTP status code (matching the response status)
title — short, human-readable summary
detail — human-readable explanation specific to this occurrence
instance — Ray ID identifying this specific error occurrence
Field renames:
http_status -> status (JSON and Markdown)
what_happened -> detail (JSON only — Markdown prose sections are unchanged)
Content-Type mirroring. Clients sending Accept: application/problem+json receive Content-Type: application/problem+json; charset=utf-8 back; Accept: application/json receives application/json; charset=utf-8. Same body in both cases.
Negotiation behavior
Request header sent
Response format
Accept: application/json
JSON (application/json content type)
Accept: application/problem+json
JSON (application/problem+json content type)
Accept: application/json, text/markdown;q=0.9
JSON
Accept: text/markdown
Markdown
Accept: text/markdown, application/json
Markdown (equal q, first-listed wins)
Accept: */*
HTML (default)
Availability
Available now for Cloudflare-generated 1xxx errors.
We’re excited to partner with NVIDIA to bring @cf/nvidia/nemotron-3-120b-a12b to Workers AI. NVIDIA Nemotron 3 Super is a Mixture-of-Experts (MoE) model with a hybrid Mamba-transformer architecture, 120B total parameters, and 12B active parameters per forward pass.
The model is optimized for running many collaborating agents per application. It delivers high accuracy for reasoning, tool calling, and instruction following across complex multi-step tasks.
Key capabilities:
Hybrid Mamba-transformer architecture delivers over 50% higher token generation throughput compared to leading open models, reducing latency for real-world applications
Tool calling support for building AI agents that invoke tools across multiple conversation turns
Multi-Token Prediction (MTP) accelerates long-form text generation by predicting several future tokens simultaneously in a single forward pass
32,000 token context window for retaining conversation history and plan states across multi-step agent workflows
Cloudflare-generated 1xxx errors now return structured JSON when clients send Accept: application/json or Accept: application/problem+json. JSON responses follow RFC 9457 (Problem Details for HTTP APIs), so any HTTP client that understands Problem Details can parse the base members without Cloudflare-specific code.
Breaking change
The Markdown frontmatter field http_status has been renamed to status. Agents consuming Markdown frontmatter should update parsers accordingly.
Changes
JSON format. Clients sending Accept: application/json or Accept: application/problem+json now receive a structured JSON object with the same operational fields as Markdown frontmatter, plus RFC 9457 standard members.
RFC 9457 standard members (JSON only):
type — URI pointing to Cloudflare documentation for the specific error code
status — HTTP status code (matching the response status)
title — short, human-readable summary
detail — human-readable explanation specific to this occurrence
instance — Ray ID identifying this specific error occurrence
Field renames:
http_status -> status (JSON and Markdown)
what_happened -> detail (JSON only — Markdown prose sections are unchanged)
Content-Type mirroring. Clients sending Accept: application/problem+json receive Content-Type: application/problem+json; charset=utf-8 back; Accept: application/json receives application/json; charset=utf-8. Same body in both cases.
Negotiation behavior
Request header sent
Response format
Accept: application/json
JSON (application/json content type)
Accept: application/problem+json
JSON (application/problem+json content type)
Accept: application/json, text/markdown;q=0.9
JSON
Accept: text/markdown
Markdown
Accept: text/markdown, application/json
Markdown (equal q, first-listed wins)
Accept: */*
HTML (default)
Availability
Available now for Cloudflare-generated 1xxx errors.
This release contains minor fixes and introduces a brand new visual style for the client interface. The new Cloudflare One Client interface changes connectivity management from a toggle to a button and brings useful connectivity settings to the home screen. The redesign also introduces a collapsible navigation bar. When expanded, more client information can be accessed including connectivity, settings, and device profile information. If you have any feedback or questions, visit the Cloudflare Community forum and let us know.
Changes and improvements
Empty MDM files are now rejected instead of being incorrectly accepted as a single MDM config.
Fixed an issue in proxy mode where the client could become unresponsive due to upstream connection timeouts.
Fixed emergency disconnect state from a previous organization incorrectly persisting after switching organizations.
Consumer-only CLI commands are now clearly distinguished from Zero Trust commands.
Added detailed QUIC connection metrics to diagnostic logs for better troubleshooting.
Added monitoring for tunnel statistics collection timeouts.
Switched tunnel congestion control algorithm to Cubic for improved reliability across platforms.
Fixed initiating managed network detection checks when no network is available, which caused device profile flapping.
Known issues
The client may become stuck in a Connecting state. To resolve this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface. Alternatively, change the client’s operation mode.
The client may display an empty white screen upon the device waking from sleep. To resolve this issue, exit and then open the client to re-launch it.
Canceling login during a single MDM configuration setup results in an empty page with no way to resume authentication. To work around this issue, exit and relaunch the client.
This release contains minor fixes and introduces a brand new visual style for the client interface. The new Cloudflare One Client interface changes connectivity management from a toggle to a button and brings useful connectivity settings to the home screen. The redesign also introduces a collapsible navigation bar. When expanded, more client information can be accessed including connectivity, settings, and device profile information. If you have any feedback or questions, visit the Cloudflare Community forum and let us know.
Changes and improvements
Empty MDM files are now rejected instead of being incorrectly accepted as a single MDM config.
Fixed an issue in proxy mode where the client could become unresponsive due to upstream connection timeouts.
Fixed emergency disconnect state from a previous organization incorrectly persisting after switching organizations.
Consumer-only CLI commands are now clearly distinguished from Zero Trust commands.
Added detailed QUIC connection metrics to diagnostic logs for better troubleshooting.
Added monitoring for tunnel statistics collection timeouts.
Switched tunnel congestion control algorithm to Cubic for improved reliability across platforms.
Fixed initiating managed network detection checks when no network is available, which caused device profile flapping.
Known issues
The client may become stuck in a Connecting state. To resolve this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface. Alternatively, change the client’s operation mode.
The client may display an empty white screen upon the device waking from sleep. To resolve this issue, exit and then open the client to re-launch it.
Canceling login during a single MDM configuration setup results in an empty page with no way to resume authentication. To work around this issue, exit and relaunch the client.
This release contains minor fixes and introduces a brand new visual style for the client interface. The new Cloudflare One Client interface changes connectivity management from a toggle to a button and brings useful connectivity settings to the home screen. The redesign also introduces a collapsible navigation bar. When expanded, more client information can be accessed including connectivity, settings, and device profile information. If you have any feedback or questions, visit the Cloudflare Community forum and let us know.
Changes and improvements
Consumer-only CLI commands are now clearly distinguished from Zero Trust commands.
Added detailed QUIC connection metrics to diagnostic logs for better troubleshooting.
Added monitoring for tunnel statistics collection timeouts.
Switched tunnel congestion control algorithm to Cubic for improved reliability across platforms.
Fixed packet capture failing on tunnel interface when the tunnel interface is renamed by SCCM VPN boundary support.
Fixed unnecessary registration deletion caused by RDP connections in multi-user mode.
Fixed increased tunnel interface start-up time due to a race between duplicate address detection (DAD) and disabling NetBT.
Fixed tunnel failing to connect when the system DNS search list contains unexpected characters.
Empty MDM files are now rejected instead of being incorrectly accepted as a single MDM config.
Fixed an issue in proxy mode where the client could become unresponsive due to upstream connection timeouts.
Fixed emergency disconnect state from a previous organization incorrectly persisting after switching organizations.
Fixed initiating managed network detection checks when no network is available, which caused device profile flapping.
Known issues
The client may unexpectedly terminate during captive portal login. To work around this issue, use a web browser to authenticate with the captive portal and then re-launch the client.
An error indicating that Microsoft Edge can’t read and write to its data directory may be displayed during captive portal login; this error is benign and can be dismissed.
The client may become stuck in a Connecting state. To resolve this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface. Alternatively, change the client’s operation mode.
The client may display an empty white screen upon the device waking from sleep. To resolve this issue, exit and then open the client to re-launch it.
Canceling login during a single MDM configuration setup results in an empty page with no way to resume authentication. To work around this issue, exit and relaunch the client.
For Windows 11 24H2 users, Microsoft has confirmed a regression that may lead to performance issues like mouse lag, audio cracking, or other slowdowns. Cloudflare recommends users experiencing these issues upgrade to a minimum Windows 11 24H2 version KB5062553 or higher for resolution.
Devices with KB5055523 installed may receive a warning about Win32/ClickFix.ABA being present in the installer. To resolve this false positive, update Microsoft Security Intelligence to version 1.429.19.0 or later. This warning will be omitted from future release notes. This Microsoft Security Intelligence update was released in May 2025.
DNS resolution may be broken when the following conditions are all true:
The client is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
A custom DNS server address is configured on the primary network adapter.
The custom DNS server address on the primary network adapter is changed while the client is connected.
To work around this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface.
This release contains minor fixes and introduces a brand new visual style for the client interface. The new Cloudflare One Client interface changes connectivity management from a toggle to a button and brings useful connectivity settings to the home screen. The redesign also introduces a collapsible navigation bar. When expanded, more client information can be accessed including connectivity, settings, and device profile information. If you have any feedback or questions, visit the Cloudflare Community forum and let us know.
Changes and improvements
Consumer-only CLI commands are now clearly distinguished from Zero Trust commands.
Added detailed QUIC connection metrics to diagnostic logs for better troubleshooting.
Added monitoring for tunnel statistics collection timeouts.
Switched tunnel congestion control algorithm to Cubic for improved reliability across platforms.
Fixed packet capture failing on tunnel interface when the tunnel interface is renamed by SCCM VPN boundary support.
Fixed unnecessary registration deletion caused by RDP connections in multi-user mode.
Fixed increased tunnel interface start-up time due to a race between duplicate address detection (DAD) and disabling NetBT.
Fixed tunnel failing to connect when the system DNS search list contains unexpected characters.
Empty MDM files are now rejected instead of being incorrectly accepted as a single MDM config.
Fixed an issue in proxy mode where the client could become unresponsive due to upstream connection timeouts.
Fixed emergency disconnect state from a previous organization incorrectly persisting after switching organizations.
Fixed initiating managed network detection checks when no network is available, which caused device profile flapping.
Known issues
The client may unexpectedly terminate during captive portal login. To work around this issue, use a web browser to authenticate with the captive portal and then re-launch the client.
An error indicating that Microsoft Edge can’t read and write to its data directory may be displayed during captive portal login; this error is benign and can be dismissed.
The client may become stuck in a Connecting state. To resolve this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface. Alternatively, change the client’s operation mode.
The client may display an empty white screen upon the device waking from sleep. To resolve this issue, exit and then open the client to re-launch it.
Canceling login during a single MDM configuration setup results in an empty page with no way to resume authentication. To work around this issue, exit and relaunch the client.
For Windows 11 24H2 users, Microsoft has confirmed a regression that may lead to performance issues like mouse lag, audio cracking, or other slowdowns. Cloudflare recommends users experiencing these issues upgrade to a minimum Windows 11 24H2 version KB5062553 or higher for resolution.
Devices with KB5055523 installed may receive a warning about Win32/ClickFix.ABA being present in the installer. To resolve this false positive, update Microsoft Security Intelligence to version 1.429.19.0 or later. This warning will be omitted from future release notes. This Microsoft Security Intelligence update was released in May 2025.
DNS resolution may be broken when the following conditions are all true:
The client is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
A custom DNS server address is configured on the primary network adapter.
The custom DNS server address on the primary network adapter is changed while the client is connected.
To work around this issue, reconnect the client by selecting Disconnect and then Connect in the client user interface.
Audit Logs v2 is now generally available to all Cloudflare customers.
Audit Logs v2 provides a unified and standardized system for tracking and recording all user and system actions across Cloudflare products. Built on Cloudflare’s API Shield / OpenAPI gateway, logs are generated automatically without requiring manual instrumentation from individual product teams, ensuring consistency across ~95% of Cloudflare products.
What’s available at GA:
Standardized logging — Audit logs follow a consistent format across all Cloudflare products, making it easier to search, filter, and investigate activity.
Expanded product coverage — ~95% of Cloudflare products covered, up from ~75% in v1.
Granular filtering — Filter by actor, action type, action result, resource, raw HTTP method, zone, and more. Over 20 filter parameters available via the API.
Enhanced context — Each log entry includes authentication method, interface (API or dashboard), Cloudflare Ray ID, and actor token details.
18-month retention — Logs are retained for 18 months. Full history is accessible via the API or Logpush.
Access:
Dashboard: Go to Manage Account > Audit Logs. Audit Logs v2 is shown by default.
API: GET https://api.cloudflare.com/client/v4/accounts/{account_id}/logs/audit
Logpush: Available via the audit_logs_v2 account-scoped dataset.
Important notes:
Approximately 30 days of logs from the Beta period (back to ~February 8, 2026) are available at GA. These Beta logs will expire on ~April 9, 2026. Logs generated after GA will be retained for the full 18 months. Older logs remain available in Audit Logs v1.
The UI query window is limited to 90 days for performance reasons. Use the API or Logpush for access to the full 18-month history.
GET requests (view actions) and 4xx error responses are not logged at GA. GET logging will be selectively re-enabled for sensitive read operations in a future release.
Audit Logs v1 continues to run in parallel. A deprecation timeline will be communicated separately.
Before and after values — the ability to see what a value changed from and to — is a highly requested feature and is on our roadmap for a post-GA release. In the meantime, we recommend using Audit Logs v1 for before and after values. Audit Logs v1 will continue to run in parallel until this feature is available in v2.
