Merge branch 'cloudflare:production' into production

Author: Thienlta

package-lock.json

@@ -36,7 +36,7 @@
 		"@astrojs/starlight-docsearch": "0.6.0",
 		"@astrojs/starlight-tailwind": "4.0.1",
 		"@cloudflare/vitest-pool-workers": "0.8.71",
-		"@cloudflare/workers-types": "4.20250910.0",
+		"@cloudflare/workers-types": "4.20250913.0",
 		"@codingheads/sticky-header": "1.0.2",
 		"@expressive-code/plugin-collapsible-sections": "0.41.3",
 		"@expressive-code/plugin-line-numbers": "0.41.3",
@@ -55,7 +55,7 @@
 		"@types/node": "24.3.1",
 		"@types/react": "19.0.7",
 		"@types/react-dom": "19.0.4",
-		"@typescript-eslint/parser": "8.43.0",
+		"@typescript-eslint/parser": "8.44.0",
 		"algoliasearch": "5.37.0",
 		"astro": "5.13.7",
 		"astro-breadcrumbs": "3.3.1",
@@ -134,7 +134,7 @@
 		"unist-util-visit": "5.0.0",
 		"vite-tsconfig-paths": "5.1.4",
 		"vitest": "2.1.6",
-		"wrangler": "4.35.0"
+		"wrangler": "4.37.0"
 	},
 	"engines": {
 		"node": ">=22"

package.json

@@ -492,6 +492,15 @@
 /ddos-protection/managed-rulesets/adjust-rules/false-positive/ /ddos-protection/managed-rulesets/http/http-overrides/override-examples/#legitimate-traffic-is-incorrectly-identified-as-an-attack-and-causes-a-false-positive 301
 /ddos-protection/managed-rulesets/adjust-rules/ /ddos-protection/managed-rulesets/http/http-overrides/override-examples/ 301
 
+# developer spotlight
+/developer-spotlight/tutorials/ /developer-spotlight/ 301
+/developer-spotlight/tutorials/create-sitemap-from-sanity-cms/ /developer-spotlight/ 301
+/developer-spotlight/tutorials/creating-a-recommendation-api/ /developer-spotlight/ 301
+/developer-spotlight/tutorials/custom-access-control-for-files/ /developer-spotlight/ 301
+/developer-spotlight/tutorials/fullstack-authentication-with-next-js-and-cloudflare-d1/ /developer-spotlight/ 301
+/developer-spotlight/tutorials/handle-form-submission-with-astro-resend/ /developer-spotlight/ 301
+/developer-spotlight/application-guide/ /developer-spotlight/ 301
+
 # dns
 /dns/additional-options/cname-flattening/ /dns/cname-flattening/ 301
 /dns/additional-options/dnssec/ /dns/dnssec/ 301
@@ -1610,6 +1619,7 @@
 /turnstile/glossary/ /turnstile/ 301
 /turnstile/get-started/supported-browsers/ /cloudflare-challenges/reference/supported-browsers/ 301
 /turnstile/troubleshooting/troubleshooting-faqs/ /turnstile/frequently-asked-questions/#troubleshooting 301
+/turnstile/tutorials/protecting-your-payment-form-from-attackers-bots-using-turnstile/ /developer-spotlight/ 301
 
 # waf
 /waf/about/ /waf/concepts/ 301
@@ -1905,8 +1915,8 @@
 /workers/configuration/bindings/about-service-bindings/ /workers/runtime-apis/bindings/service-bindings/ 301
 /workers/tutorials/localize-a-website/ /pages/tutorials/localize-a-website/ 301
 /workers/tutorials/manage-projects-with-lerna/ /pages/configuration/monorepos/#monorepo-management-tools 301
-/workers/tutorials/create-sitemap-from-sanity-cms/ /developer-spotlight/tutorials/create-sitemap-from-sanity-cms/ 301
-/workers/tutorials/custom-access-control-for-files-in-r2-using-d1-and-workers/ /developer-spotlight/tutorials/custom-access-control-for-files/ 301
+/workers/tutorials/create-sitemap-from-sanity-cms/ /developer-spotlight/ 301
+/workers/tutorials/custom-access-control-for-files-in-r2-using-d1-and-workers/ /developer-spotlight/ 301
 /workers/tutorials/generate-dynamic-og-images-using-workers/ /workers/tutorials/ 302
 /workers/static-assets/migrate-from-pages/ /workers/static-assets/migration-guides/migrate-from-pages/ 301
 /workers/static-assets/compatibility-matrix/ /workers/static-assets/migration-guides/migrate-from-pages/ 301
@@ -1939,6 +1949,8 @@
 /workers/testing/miniflare/get-started/migrating/ /workers/testing/miniflare/migrations/from-v2/ 301
 /workers/databases/native-integrations/fauna/ /workers/databases/native-integrations/ 301
 /workers/tutorials/store-data-with-fauna/ https://fauna.com/blog/the-future-of-fauna 301
+/workers/tutorials/live-cursors-with-nextjs-rpc-do/ /developer-spotlight/ 301
+/workers/tutorials/automated-analytics-reporting/ /developer-spotlight/ 301
 
 # workers ai
 /workers-ai/models/llm/ /workers-ai/models/#text-generation 301
@@ -1955,9 +1967,11 @@
 /workers-ai/configuration/function-calling/ /workers-ai/function-calling/ 301
 /workers-ai/platform/storage-options/ /workers/platform/storage-options/ 301
 /workers-ai/configuration/workers-ai-sdk/ /workers-ai/configuration/bindings/ 301
-/workers-ai/tutorials/creating-a-recommendation-api/ /developer-spotlight/tutorials/creating-a-recommendation-api/ 301
+/workers-ai/tutorials/creating-a-recommendation-api/ /developer-spotlight/ 301
 /workers/observability/baselime-integration/ /workers/observability/integrations/baselime-integration/ 301
 /workers-ai/tutorials/image-generator-flux/ /workers-ai/tutorials/image-generation-playground/ 301
+/workers-ai/guides/tutorials/build-a-voice-notes-app-with-auto-transcription/ /developer-spotlight/ 301
+/workers-ai/tutorials/build-ai-interview-practice-tool/ /developer-spotlight/ 301
 
 # Workers AI reorganization redirects
 # Function calling

public/__redirects

@@ -0,0 +1,23 @@
+---
+title: New AI-Enabled Search for Zero Trust Dashboard
+description: New AI-Enabled Search for Zero Trust Dashboard
+date: 2025-09-16
+products:
+  - cloudflare-one
+---
+
+Zero Trust Dashboard has a brand new, AI-powered search functionality. You can search your account by resources (applications, policies, device profiles, settings, etc.), pages, products, and more.
+
+
+![Example search results in the Zero Trust dashboard](~/assets/images/changelog/cloudflare-one/searchexample.png)
+
+
+  
+**Ask Cloudy** — You can also ask Cloudy, our AI agent, questions about Cloudflare Zero Trust. Cloudy is trained on our developer documentation and implementation guides, so it can tell you how to configure functionality, best practices, and can make recommendations.
+
+
+
+Cloudy can then stay open with you as you move between pages to build configuration or answer more questions.
+
+
+**Find Recents** — Recent searches and Cloudy questions also have a new tab under Zero Trust Overview.

src/assets/images/changelog/cloudflare-one/searchexample.png

@@ -0,0 +1,12 @@
+---
+title: Reminders about two-factor authentication backup codes
+description: Don't get locked out of your account, make sure you've got backup codes
+products:
+  - fundamentals
+date: 2025-09-08
+---
+
+Two-factor authentication is the best way to help protect your account from account takeovers, but if you lose your second factor, you could be locked out of your account. Lock outs are one of the top reasons customers contact Cloudflare support, and our policies often don't allow us to bypass two-factor authentication for customers that are locked out. Today we are releasing an improvement where Cloudflare will periodically remind you to securely save your backup codes so you don't get locked out in the future. 
+
+## For more information
+- [Two-factor authentication](/fundamentals/user-profiles/2fa/)

src/assets/images/cloudflare-one/connections/private-hostname-route-1.png

@@ -8,19 +8,19 @@ import { RuleID } from "~/components";
 
 **This week's update**
 
-This week’s focus highlights newly disclosed vulnerabilities in DevOps tooling, data visualization platforms, and enterprise CMS solutions. These issues include sensitive information disclosure and remote code execution, putting organizations at risk of credential leakage, unauthorized access, and full system compromise.
+This week's focus highlights newly disclosed vulnerabilities in DevOps tooling, data visualization platforms, and enterprise CMS solutions. These issues include sensitive information disclosure and remote code execution, putting organizations at risk of credential leakage, unauthorized access, and full system compromise.
 
 **Key Findings**
 
-* Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.Next.js (CVE-2025-57822): Improper handling of redirects in custom middleware can lead to server-side request forgery (SSRF) when user-supplied headers are forwarded. Attackers could exploit this to access internal services or cloud metadata endpoints. The issue has been resolved in versions 14.2.32 and 15.4.7. Developers using custom middleware should upgrade and verify proper redirect handling in `next()` calls.
+* Argo CD (CVE-2025-55190): Exposure of sensitive information could allow attackers to access credential data stored in configurations, potentially leading to compromise of Kubernetes workloads and secrets.
 
 * DataEase (CVE-2025-57773): Insufficient input validation enables JNDI injection and insecure deserialization, resulting in remote code execution (RCE). Successful exploitation grants attackers control over the application server.
 
 * Sitecore (CVE-2025-53694): A sensitive information disclosure flaw allows unauthorized access to confidential information stored in Sitecore deployments, raising the risk of data breaches and privilege escalation.
 
 **Impact**
 
-These vulnerabilities expose organizations to serious risks, including credential theft, unauthorized access, and full system compromise. Argo CD’s flaw may expose Kubernetes secrets, DataEase exploitation could give attackers remote execution capabilities, and Sitecore’s disclosure issue increases the likelihood of sensitive data leakage and business impact.
+These vulnerabilities expose organizations to serious risks, including credential theft, unauthorized access, and full system compromise. Argo CD's flaw may expose Kubernetes secrets, DataEase exploitation could give attackers remote execution capabilities, and Sitecore's disclosure issue increases the likelihood of sensitive data leakage and business impact.
 
 Administrators are strongly advised to apply vendor patches immediately, rotate exposed credentials, and review access controls to mitigate these risks.