Merge branch 'production' into patricia/pcx19021-ddos-global-nav

Author: patriciasantaana

package-lock.json

@@ -118,7 +118,7 @@
 		"sharp": "0.34.3",
 		"solarflare-theme": "0.0.5",
 		"starlight-image-zoom": "0.13.0",
-		"starlight-links-validator": "0.17.1",
+		"starlight-links-validator": "0.17.2",
 		"starlight-package-managers": "0.11.0",
 		"starlight-showcases": "0.3.0",
 		"strip-markdown": "6.0.0",
@@ -127,7 +127,7 @@
 		"tailwindcss": "4.1.4",
 		"tippy.js": "6.3.7",
 		"ts-blank-space": "0.6.2",
-		"tsx": "4.20.4",
+		"tsx": "4.20.5",
 		"typescript": "5.8.3",
 		"typescript-eslint": "8.41.0",
 		"unified": "11.0.5",

package.json

@@ -36,13 +36,13 @@ These vulnerabilities pose severe risks to enterprise environments and open-sour
     <tr>
       <td>Cloudflare Managed Ruleset</td>
       <td>
-        <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />
+        <RuleID id="c550282a0f7343ca887bdab528050359" />
       </td>
-      <td>100822</td>
+      <td>100822_BETA</td>
       <td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td>
       <td>N/A</td>
       <td>Disabled</td>
-      <td>This was released as 100822_BETA in old WAF and ...28050359 in new WAF</td>
+      <td>This was merged in to the original rule "WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058" (ID: <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />)</td>
     </tr>
     <tr>
       <td>Cloudflare Managed Ruleset</td>

src/content/changelog/waf/2025-08-25-waf-release.mdx

@@ -4,4 +4,4 @@ description: Cloudflare One WARP Diagnostic AI Analyzer
 date: 2025-08-29
 ---
 
-We're excited to share a new AI feature, the [WARP diagnostic analyzer](https://blog.cloudflare.com/AI-troubleshoot-warp-and-network-connectivity-issues/), to help you troubleshoot and resolve WARP connectivity issues faster. This beta feature is now available in the [Zero Trust dashboard](https://one.dash.cloudflare.com/) to all users. The AI analyzer makes it easier for you to identify the root cause of client connectivity issues by parsing [remote captures](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture) of [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs). The WARP diagnostic analyzer provides a summary of impact that may be experienced on the device, lists notable events that may contribute to performance issues, and recommended troubleshooting steps and articles to help you resolve these issues. Refer to [View WARP diagnostics summary (beta)](/cloudflare-one/insights/dex/remote-captures/#view-warp-diagnostics-summary-beta) to learn more about how to maximize using the WARP diagnostic analyzer to troubleshoot the WARP client.
+We're excited to share a new AI feature, the [WARP diagnostic analyzer](https://blog.cloudflare.com/AI-troubleshoot-warp-and-network-connectivity-issues/), to help you troubleshoot and resolve WARP connectivity issues faster. This beta feature is now available in the [Zero Trust dashboard](https://one.dash.cloudflare.com/) to all users. The AI analyzer makes it easier for you to identify the root cause of client connectivity issues by parsing [remote captures](/cloudflare-one/insights/dex/remote-captures/#start-a-remote-capture) of [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs). The WARP diagnostic analyzer provides a summary of impact that may be experienced on the device, lists notable events that may contribute to performance issues, and recommended troubleshooting steps and articles to help you resolve these issues. Refer to [WARP diagnostics analyzer (beta)](/cloudflare-one/insights/dex/remote-captures/#warp-diagnostics-analyzer-beta) to learn more about how to maximize using the WARP diagnostic analyzer to troubleshoot the WARP client.

src/content/changelog/zero-trust-warp/2025-08-29-warp-AI-diag-analyzer

@@ -12,7 +12,7 @@ import { CardGrid, LinkTitleCard } from "~/components";
 
 Bring your own keys (BYOK) is a feature in Cloudflare AI Gateway that allows you to securely store your AI provider API keys directly in the Cloudflare dashboard. Instead of including API keys in every request to your AI models, you can configure them once in the dashboard, and reference them in your gateway configuration.
 
-The keys are stored securely with [Secret Store](/secrets-store/) and allows for:
+The keys are stored securely with [Secrets Store](/secrets-store/) and allows for:
 
 - Secure storage and limit exposure
 - Easier key rotation
@@ -23,7 +23,7 @@ The keys are stored securely with [Secret Store](/secrets-store/) and allows for
 ### Prerequisites
 
 - Ensure your gateway is [authenticated](/ai-gateway/configuration/authentication/).
-- Ensure you have appropriate permissions to create and deploy secrets on Secret Store.
+- Ensure you have appropriate [permissions](/secrets-store/access-control/) to create and deploy secrets on Secrets Store.
 
 ### Configure API keys
 

src/content/docs/ai-gateway/configuration/bring-your-own-keys.mdx

@@ -19,7 +19,7 @@ The following products and features are available on the Cloudflare China Networ
 | [WAF custom rules](/waf/custom-rules/)                                     | Custom WAF rules. Supports uploaded content scanning and managed challenges.                                                                             |
 | [Rate limiting rules](/waf/rate-limiting-rules/)                           | Define rate limits for incoming requests matching an expression, and the action to take when those rate limits are reached.                              |
 | [Page Shield](/page-shield/)                                               | Simplifies external script management by tracking loaded resources like scripts and providing alerts when it detects new resources or malicious scripts. |
-| [Bot Management](/bots/)                                                   | Provides bot identification and protection for a domain. Only supports certain Machine Learning (ML) models.                                             |
+| [Bot Management](/bots/)[^1]                                               | Provides bot identification and protection for a domain. Only supports certain Machine Learning (ML) models.                                             |
 | [Argo Smart Routing](/argo-smart-routing/)                                 | Layer 7 (application layer) traffic smart-routed more efficiently to origin.                                                                             |
 | [Rules](/rules/)                                                           | Make adjustments to requests and responses, configure Cloudflare settings, and trigger specific actions for matching requests.                           |
 | [Load Balancing](/load-balancing/additional-options/load-balancing-china/) | Maximize application performance and availability.                                                                                                       |
@@ -30,7 +30,6 @@ The following products and features are available on the Cloudflare China Networ
 | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
 | [Workers](/workers/)                                                      | A serverless execution environment running on the Cloudflare global network.                                                                                                   |
 | [Workers KV](/kv/)                                                        | Configuration data, service routing metadata, personalization (A/B testing).                                                                                                   |
-| [Durable Objects](/durable-objects/)[^1]                                  | Create AI agents, collaborative applications, real-time interactions like chat, and more without needing to coordinate state, have separate storage, or manage infrastructure. |
 | [R2](/r2/)[^2]                                                            | Object storage for all your data.                                                                                                                                              |
 | [KV](/kv/)                                                                | Configuration data, service routing metadata, personalization (A/B testing).                                                                                                   |
 | [Assets](/workers/static-assets/)                                         | Upload static assets (HTML, CSS, images and other files) as part of your Worker — Cloudflare will handle caching and serving them to web browsers.                             |
@@ -45,11 +44,11 @@ The following products and features are available on the Cloudflare China Networ
 | [Workers for Platforms](/cloudflare-for-platforms/workers-for-platforms/) | Deploy custom code on behalf of your users or let your users directly deploy their own code to your platform, managing infrastructure.                                         |
 | [Pages](/pages/)                                                          | Deploy dynamic front-end applications in record time.                                                                                                                          |
 
-[^1]: Durable Objects cannot be created within Mainland China, all new instances will be created outside. Invoking a Durable Object still works as normal.
+[^1]: Turnstile is not available within Mainland China.
 
 [^2]: R2 buckets cannot be created within Mainland China and [custom domains](/r2/buckets/public-buckets/#add-your-domain-to-cloudflare) are not supported within Mainland China. However, R2 can be extended into Mainland China through [Global Acceleration](/china-network/concepts/global-acceleration/).
 
-[^3]: Image Resizing works [within Workers](/images/transform-images/transform-via-workers/) but not [through URL format](/images/transform-images/transform-via-url/).
+[^3]: Image Resizing works [within Workers](/images/transform-images/transform-via-workers/), but may not be available [through URL format](/images/transform-images/transform-via-url/).
 
 ## Network Services
 

src/content/docs/china-network/reference/available-products.mdx

@@ -113,7 +113,7 @@ warp-cli settings
 
 The device profile UUID is shown in the `Profile ID` field.
 
-Alternatively, if you do not have access to the CLI, you can use [DEX remote captures](/cloudflare-one/insights/dex/remote-captures/) to collect WARP diagnostic logs from the Zero Trust dashboard. The device profile UUID is shown in your [WARP diagnostics summary](/cloudflare-one/insights/dex/remote-captures/#view-warp-diagnostics-summary-beta) under `Profile ID`.
+Alternatively, if you do not have access to the CLI, you can use [DEX remote captures](/cloudflare-one/insights/dex/remote-captures/) to collect WARP diagnostic logs from the Zero Trust dashboard. The device profile UUID is shown in your [detection report](/cloudflare-one/insights/dex/remote-captures/#warp-diagnostics-analyzer-beta) under `Profile ID`.
 
 ## Selectors
 

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx

@@ -285,6 +285,12 @@ Configures the WARP client to exclude or include traffic to specific IP addresse
 
 Creates [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) Exclude entries for all [Microsoft 365 IP addresses specified by Microsoft](https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service). To use this setting, **Split Tunnels** must be set to **Exclude IPs and domains**. Once enabled, all Microsoft 365 network traffic will bypass WARP and Gateway.
 
+:::note
+Microsoft has recently made changes to the IPs used by their applications (such as Microsoft Teams). Until Microsoft updates their [IP address and URL web service](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide), you will need to manually add the following IPs to your [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route):
+- `24.24.24.24/32`
+- `52.120.0.0/14`
+:::
+
 ### Allow users to enable local network exclusion
 
 <Details header="Feature availability">

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx

@@ -18,6 +18,12 @@ The WARP client does not run on Windows Server. Refer to the [downloads page](/c
 
 [Managed network detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) will not work when the TLS certificate is served from IIS 8.5 on Windows Server 2012 R2. To work around the limitation, move the certificate to a different host.
 
+## Split Tunnels for Microsoft 365 traffic
+
+Microsoft has recently made changes to the IP addresses used by Microsoft 365 applications (such as Microsoft Teams). Customers using the [Directly route Microsoft 365 traffic](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) feature will need to manually add the following IPs to their [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route):
+- `24.24.24.24/32`
+- `52.120.0.0/14`
+
 ## nslookup on Windows in DoH mode
 
 On Windows devices in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh), `nslookup` by default sends DNS requests to the [WARP local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic) over IPv6. However, because WARP uses an IPv4-mapped IPv6 address (instead of a real IPv6 address), `nslookup` will not recognize this address type and the query will fail:

src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx

@@ -45,7 +45,7 @@ You can collect WARP diagnostic logs remotely from the Zero Trust dashboard by u
 
 <Render file="dex/pcaps-download" product="cloudflare-one" />
 
-#### View WARP diagnostics summary (beta)
+#### WARP diagnostics analyzer (beta)
 
 <Render file="dex/pcaps-view-warp-diag" product="cloudflare-one" />