Author: guillaume

You can now share local dev sessions through Cloudflare Tunnel and get a public URL when using either Wrangler or the Cloudflare Vite plugin. This is useful when you need to share a preview, test a webhook, or access your app from another device.

This lets you either:

• start a temporary Quick tunnel with a random *.trycloudflare.com hostname, or
• use an existing named tunnel for a stable hostname and to restrict access with Cloudflare Access.

To start a tunnel, press t in Wrangler or t + Enter in Vite while your dev server is running. For details on setting up a named tunnel, refer to Share a local dev server.

You can now manage Artifacts namespaces, repos, and repo-scoped tokens directly from Wrangler CLI.

Available commands:

• wrangler artifacts namespaces list — List Artifacts namespaces in your account.
• wrangler artifacts namespaces get — Get metadata for a namespace.
• wrangler artifacts repos create — Create a repo in a namespace.
• wrangler artifacts repos list — List repos in a namespace.
• wrangler artifacts repos get — Get metadata for a repo.
• wrangler artifacts repos delete — Delete a repo.
• wrangler artifacts repos issue-token — Issue a repo-scoped token for Git access.

To get started, refer to the Wrangler Artifacts commands documentation.

This emergency release introduces two new rules to detect nginx heap buffer overflow and heap spray exploitation attempts targeting the rewrite module’s is_args stale-state bug (CVE-2026-42945).

Key Findings

CVE-2026-42945: nginx Heap Buffer Overflow via Stale is_args in Rewrite Module

Successful exploitation allows remote attackers to trigger a heap buffer overflow in nginx’s rewrite module by sending crafted URIs containing escapable characters. A length/copy pass mismatch in ngx_http_script_copy_capture_code() causes the copy pass to write escaped data into an undersized buffer, leading to heap corruption. This enables denial of service (worker process crash) and, with heap feng shui techniques, potential remote code execution.

We strongly recommend upgrading to nginx 1.30.1 (or later) immediately to address the underlying vulnerability. If you cannot upgrade immediately, avoid rewrite directives with ? in the replacement string followed by set or if referencing capture groups.

R2 SQL is Cloudflare’s serverless, distributed SQL engine for querying Apache Iceberg tables stored in R2 Data Catalog. R2 SQL runs directly on Cloudflare’s global network with no infrastructure to manage, so you can analyze data in R2 without exporting it to an external warehouse.

R2 SQL now supports joining multiple Iceberg tables in a single query. You can combine tables with JOINs, filter with subqueries, and define multi-table CTEs to build complex analytical queries.

New capabilities

• JOINs — INNER JOIN, LEFT JOIN, RIGHT JOIN, FULL OUTER JOIN, CROSS JOIN, and implicit joins (comma-separated FROM with conditions in WHERE)
• Subqueries — IN / NOT IN, EXISTS / NOT EXISTS, scalar subqueries in SELECT / WHERE / HAVING, and derived tables (subqueries in FROM)
• Multi-table CTEs — WITH clauses can reference different tables and include JOINs
• Self-joins — join a table with itself using different aliases
• Multi-way joins — join three or more tables in a single query

Examples

Two-table JOIN with aggregation

SELECT z.domain, z.plan, COUNT(*) AS request_count
FROM my_namespace.zones z
INNER JOIN my_namespace.http_requests h ON z.zone_id = h.zone_id
WHERE z.plan = 'enterprise'
GROUP BY z.domain, z.plan
ORDER BY request_count DESC
LIMIT 20

EXISTS subquery

SELECT z.domain, z.plan
FROM my_namespace.zones z
WHERE EXISTS (
    SELECT 1 FROM my_namespace.firewall_events f
    WHERE f.zone_id = z.zone_id AND f.action = 'block'
)
ORDER BY z.domain
LIMIT 20

Multi-table CTE with JOIN

WITH top_zones AS (
    SELECT zone_id, COUNT(*) AS req_count
    FROM my_namespace.http_requests
    GROUP BY zone_id
    ORDER BY req_count DESC
    LIMIT 50
),
zone_threats AS (
    SELECT zone_id, COUNT(*) AS threat_count
    FROM my_namespace.firewall_events
    WHERE risk_score > 0.5
    GROUP BY zone_id
)
SELECT tz.zone_id, tz.req_count, COALESCE(zt.threat_count, 0) AS threat_count
FROM top_zones tz
LEFT JOIN zone_threats zt ON tz.zone_id = zt.zone_id
ORDER BY tz.req_count DESC
LIMIT 20

For the full syntax reference, refer to the SQL reference. For performance guidance with joins, refer to Limitations and best practices.

This emergency release introduces two new rules to detect nginx heap buffer overflow and heap spray exploitation attempts targeting the rewrite module’s is_args stale-state bug (CVE-2026-42945).

Key Findings

CVE-2026-42945: nginx Heap Buffer Overflow via Stale is_args in Rewrite Module

Successful exploitation allows remote attackers to trigger a heap buffer overflow in nginx’s rewrite module by sending crafted URIs containing escapable characters. A length/copy pass mismatch in ngx_http_script_copy_capture_code() causes the copy pass to write escaped data into an undersized buffer, leading to heap corruption. This enables denial of service (worker process crash) and, with heap feng shui techniques, potential remote code execution.

We strongly recommend upgrading to nginx 1.30.1 (or later) immediately to address the underlying vulnerability. If you cannot upgrade immediately, avoid rewrite directives with ? in the replacement string followed by set or if referencing capture groups.

This emergency release introduces two new rules to detect nginx heap buffer overflow and heap spray exploitation attempts targeting the rewrite module’s is_args stale-state bug (CVE-2026-42945).

Key Findings

CVE-2026-42945: nginx Heap Buffer Overflow via Stale is_args in Rewrite Module

Successful exploitation allows remote attackers to trigger a heap buffer overflow in nginx’s rewrite module by sending crafted URIs containing escapable characters. A length/copy pass mismatch in ngx_http_script_copy_capture_code() causes the copy pass to write escaped data into an undersized buffer, leading to heap corruption. This enables denial of service (worker process crash) and, with heap feng shui techniques, potential remote code execution.

We strongly recommend upgrading to nginx 1.30.1 (or later) immediately to address the underlying vulnerability. If you cannot upgrade immediately, avoid rewrite directives with ? in the replacement string followed by set or if referencing capture groups.

R2 SQL is Cloudflare’s serverless, distributed SQL engine for querying Apache Iceberg tables stored in R2 Data Catalog. R2 SQL runs directly on Cloudflare’s global network with no infrastructure to manage, so you can analyze data in R2 without exporting it to an external warehouse.

R2 SQL now supports joining multiple Iceberg tables in a single query. You can combine tables with JOINs, filter with subqueries, and define multi-table CTEs to build complex analytical queries.

New capabilities

• JOINs — INNER JOIN, LEFT JOIN, RIGHT JOIN, FULL OUTER JOIN, CROSS JOIN, and implicit joins (comma-separated FROM with conditions in WHERE)
• Subqueries — IN / NOT IN, EXISTS / NOT EXISTS, scalar subqueries in SELECT / WHERE / HAVING, and derived tables (subqueries in FROM)
• Multi-table CTEs — WITH clauses can reference different tables and include JOINs
• Self-joins — join a table with itself using different aliases
• Multi-way joins — join three or more tables in a single query

Examples

Two-table JOIN with aggregation

SELECT z.domain, z.plan, COUNT(*) AS request_count
FROM my_namespace.zones z
INNER JOIN my_namespace.http_requests h ON z.zone_id = h.zone_id
WHERE z.plan = 'enterprise'
GROUP BY z.domain, z.plan
ORDER BY request_count DESC
LIMIT 20

EXISTS subquery

SELECT z.domain, z.plan
FROM my_namespace.zones z
WHERE EXISTS (
    SELECT 1 FROM my_namespace.firewall_events f
    WHERE f.zone_id = z.zone_id AND f.action = 'block'
)
ORDER BY z.domain
LIMIT 20

Multi-table CTE with JOIN

WITH top_zones AS (
    SELECT zone_id, COUNT(*) AS req_count
    FROM my_namespace.http_requests
    GROUP BY zone_id
    ORDER BY req_count DESC
    LIMIT 50
),
zone_threats AS (
    SELECT zone_id, COUNT(*) AS threat_count
    FROM my_namespace.firewall_events
    WHERE risk_score > 0.5
    GROUP BY zone_id
)
SELECT tz.zone_id, tz.req_count, COALESCE(zt.threat_count, 0) AS threat_count
FROM top_zones tz
LEFT JOIN zone_threats zt ON tz.zone_id = zt.zone_id
ORDER BY tz.req_count DESC
LIMIT 20

For the full syntax reference, refer to the SQL reference. For performance guidance with joins, refer to Limitations and best practices.

R2 SQL is Cloudflare’s serverless, distributed SQL engine for querying Apache Iceberg tables stored in R2 Data Catalog. R2 SQL runs directly on Cloudflare’s global network with no infrastructure to manage, so you can analyze data in R2 without exporting it to an external warehouse.

R2 SQL now supports joining multiple Iceberg tables in a single query. You can combine tables with JOINs, filter with subqueries, and define multi-table CTEs to build complex analytical queries.

New capabilities

• JOINs — INNER JOIN, LEFT JOIN, RIGHT JOIN, FULL OUTER JOIN, CROSS JOIN, and implicit joins (comma-separated FROM with conditions in WHERE)
• Subqueries — IN / NOT IN, EXISTS / NOT EXISTS, scalar subqueries in SELECT / WHERE / HAVING, and derived tables (subqueries in FROM)
• Multi-table CTEs — WITH clauses can reference different tables and include JOINs
• Self-joins — join a table with itself using different aliases
• Multi-way joins — join three or more tables in a single query

Examples

Two-table JOIN with aggregation

SELECT z.domain, z.plan, COUNT(*) AS request_count
FROM my_namespace.zones z
INNER JOIN my_namespace.http_requests h ON z.zone_id = h.zone_id
WHERE z.plan = 'enterprise'
GROUP BY z.domain, z.plan
ORDER BY request_count DESC
LIMIT 20

EXISTS subquery

SELECT z.domain, z.plan
FROM my_namespace.zones z
WHERE EXISTS (
    SELECT 1 FROM my_namespace.firewall_events f
    WHERE f.zone_id = z.zone_id AND f.action = 'block'
)
ORDER BY z.domain
LIMIT 20

Multi-table CTE with JOIN

WITH top_zones AS (
    SELECT zone_id, COUNT(*) AS req_count
    FROM my_namespace.http_requests
    GROUP BY zone_id
    ORDER BY req_count DESC
    LIMIT 50
),
zone_threats AS (
    SELECT zone_id, COUNT(*) AS threat_count
    FROM my_namespace.firewall_events
    WHERE risk_score > 0.5
    GROUP BY zone_id
)
SELECT tz.zone_id, tz.req_count, COALESCE(zt.threat_count, 0) AS threat_count
FROM top_zones tz
LEFT JOIN zone_threats zt ON tz.zone_id = zt.zone_id
ORDER BY tz.req_count DESC
LIMIT 20

For the full syntax reference, refer to the SQL reference. For performance guidance with joins, refer to Limitations and best practices.

In your Worker’s dashboard, there is now a dedicated Domains tab where you can purchase a new domain through Cloudflare Registrar and have it automatically connected, add an existing domain, and manage all of your Worker’s routing in one place.

You can also enable or disable your workers.dev subdomain and Preview URLs, put them behind Cloudflare Access to require sign-in, and jump directly to analytics or domain overview for any connected domain.

To get started, go to Workers & Pages, select a Worker, and open the Domains tab.

Go to Workers & Pages

In your Worker’s dashboard, there is now a dedicated Domains tab where you can purchase a new domain through Cloudflare Registrar and have it automatically connected, add an existing domain, and manage all of your Worker’s routing in one place.

You can also enable or disable your workers.dev subdomain and Preview URLs, put them behind Cloudflare Access to require sign-in, and jump directly to analytics or domain overview for any connected domain.

To get started, go to Workers & Pages, select a Worker, and open the Domains tab.

Go to Workers & Pages