Engineering Insights

The ORM Convergence: Convergence through experience

Why Drizzle's relational API v2 mirrors Prisma: production database problems at scale lead to similar patterns. A look at ORM convergence.

Gateway - Schedule DNS policies from the UI

Admins can now create scheduled DNS policies directly from the Zero Trust dashboard, without using the API. You can configure policies to be active during specific, recurring times, such as blocking social media during business hours or gaming sites on school nights. Preset Schedules: Use built-in templates for common scenarios like Business Hours, School Days, Weekends, and more. Custom Schedules: Define your own schedule with specific days and up to three non-overlapping time ranges per day. T

WAF - WAF Release - 2025-10-20

This week’s update introduces an enhanced rule that expands detection coverage for a critical vulnerability in Oracle E-Business Suite. It also improves an existing rule to provide more reliable coverage in request processing. Key Findings New WAF rule deployed for Oracle E-Business Suite (CVE-2025-61882) to block unauthenticated attacker's network access via HTTP to compromise Oracle Concurrent Processing. If successfully exploited, this vulnerability may result in remote code execution. Impac

Email security - On-Demand Security Report

You can now generate on-demand security reports directly from the Cloudflare dashboard. This new feature provides a comprehensive overview of your email security posture, making it easier than ever to demonstrate the value of Cloudflare’s Email security to executives and other decision makers. These reports offer several key benefits: Executive Summary: Quickly view the performance of Email security with a high-level executive summary. Actionable Insights: Dive deep into trend data, breakdowns o

Zero-configuration support for NestJS

Vercel now supports applications, a popular framework for building efficient, scalable server-side applications, with zero-configuration.NestJSNode.js Backends on Vercel use with by default. This means your NestJS app will automatically scale up and down based on traffic, and you only pay for what you use.Fluid computeActive CPU pricing or visit the Deploy NestJS on VercelNestJS on Vercel documentation Read more

Security Center - New Application Security reports (Closed Beta)

Cloudflare's new Application Security report, currently in Closed Beta, is now available in the dashboard. Go to Security reports The reports are generated monthly and provide cyber security insights trends for all of the Enterprise zones in your Cloudflare account. The reports also include an industry benchmark, comparing your cyber security landscape to peers in your industry. Learn more about the reports by referring to the Security Reports documentation. Use the feedback survey link at

WAF - New detections released for WAF managed rulesets

This week we introduced several new detections across Cloudflare Managed Rulesets, expanding coverage for high-impact vulnerability classes such as SSRF, SQLi, SSTI, Reverse Shell attempts, and Prototype Pollution. These rules aim to improve protection against attacker-controlled payloads that exploit misconfigurations or unvalidated input in web applications. Key Findings New detections added for multiple exploit categories: SSRF (Server-Side Request Forgery) — new rules targeting both local an

AI for Food Allergies