Merge branch 'production' into patricia/pcx18133-turnstile-docs-v2

Author: patriciasantaana

package-lock.json

@@ -82,7 +82,7 @@
 		"jsonc-parser": "3.3.1",
 		"ldrs": "1.1.7",
 		"lz-string": "1.5.0",
-		"marked": "16.0.0",
+		"marked": "16.1.1",
 		"mdast-util-from-markdown": "2.0.2",
 		"mdast-util-mdx": "3.0.0",
 		"mdast-util-mdx-expression": "2.0.1",
@@ -100,7 +100,7 @@
 		"react": "19.0.0",
 		"react-dom": "19.0.0",
 		"react-icons": "5.5.0",
-		"react-instantsearch": "7.16.1",
+		"react-instantsearch": "7.16.2",
 		"react-markdown": "10.1.0",
 		"react-select": "5.10.2",
 		"redirects-in-workers": "0.0.7",
@@ -134,7 +134,7 @@
 		"unist-util-visit": "5.0.0",
 		"vite-tsconfig-paths": "5.1.4",
 		"vitest": "2.1.6",
-		"wrangler": "4.1.0"
+		"wrangler": "4.26.0"
 	},
 	"engines": {
 		"node": ">=22"

package.json

@@ -143,6 +143,7 @@
 # ai-audit
 /ai-audit/features/detect-ai-crawlers/ /ai-audit/features/analyze-ai-crawlers/ 301
 /ai-audit/features/enforce-robots-txt/ /ai-audit/features/analyze-ai-crawlers/ 301
+/ai-audit/features/analyze-ai-crawlers/ /ai-audit/features/analyze-ai-traffic/ 301
 
 # AI Gateway
 /ai-gateway/get-started/configuring-settings/ /ai-gateway/get-started/ 301

public/__redirects

@@ -16,4 +16,4 @@ We redesigned the AI Audit dashboard to provide more intuitive and granular cont
 To get started, explore:
 
 - [Manage AI crawlers](/ai-audit/features/manage-ai-crawlers/).
-- [Analyze AI crawlers](/ai-audit/features/analyze-ai-crawlers/).
+- [Analyze AI traffic](/ai-audit/features/analyze-ai-traffic/).

src/assets/images/browser-rendering/dashboard.png

@@ -0,0 +1,31 @@
+---
+title: Introducing pricing for the Browser Rendering API — $0.09 per browser hour
+description: Browser Rendering pricing announcement
+products:
+  - browser-rendering
+date: 2025-07-28T12:00:00Z
+---
+
+We’ve launched pricing for [Browser Rendering](/browser-rendering/), including a free tier and a pay-as-you-go model that scales with your needs. Starting **August 20, 2025**, Cloudflare will begin billing for Browser Rendering.
+
+There are two ways to use Browser Rendering. Depending on the method you use, here’s how billing will work:
+- [**REST API**](/browser-rendering/rest-api/): Charged for **Duration** only ($/browser hour)
+- [**Workers Bindings**](/browser-rendering/workers-bindings/): Charged for both **Duration** and **Concurrency** ($/browser hour and # of concurrent browsers)
+
+Included usage and pricing by plan
+
+| Plan           | Included duration                                                                 | Included concurrency                                                 | Price (beyond included) |
+|----------------|---------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------|----------|
+| **Workers Free** | 10 minutes per day | 3 concurrent browsers | N/A |
+| **Workers Paid** | 10 hours per month | 10 concurrent browsers (averaged monthly) | **1. REST API**: $0.09 per additional browser hour <br />**2. Workers Bindings**: $0.09 per additional browser hour <br /> $2.00 per additional concurrent browser |
+
+
+What you need to know:
+- **Workers Free Plan:** 10 minutes of browser usage per day with 3 concurrent browsers at no charge.
+- **Workers Paid Plan:** 10 hours of browser usage per month with 10 concurrent browsers (averaged monthly) at no charge. Additional usage is charged as shown above.
+
+You can monitor usage via the [Cloudflare dashboard](https://dash.cloudflare.com/?to=/:account/workers/browser-rendering). Go to **Compute (Workers)** > **Browser Rendering**. 
+
+![Browser Rendering dashboard](~/assets/images/browser-rendering/dashboard.png)
+
+If you've been using Browser Rendering and do not wish to incur charges, ensure your usage stays within your plan's [included usage](/browser-rendering/platform/pricing/). To estimate costs, take a look at these [example pricing scenarios](/browser-rendering/platform/pricing/#examples-of-workers-paid-pricing). 

src/assets/images/browser-rendering/pricing.png

@@ -1,12 +1,12 @@
 ---
-title: Audio mode for Media Transforamtions
+title: Audio mode for Media Transformations
 description: >
   Media Transformations now supports `audio` mode, which extracts audio from a video.
 date: 2025-07-22
 ---
 
-The addition of this feature allows a user to extract audio from a source video, outputting
-an M4A file to use in downstream workflows like AI inference, content moderation, or transcription.
+We now support `audio` mode! Use this feature to extract audio from a source video, outputting
+an M4A file to use in downstream workflows like [AI inference](/workers-ai/), content moderation, or transcription.
 
 For example,
 

src/content/changelog/ai-audit/2025-07-01-refresh.mdx

@@ -0,0 +1,93 @@
+---
+title: "WAF Release - 2025-07-28"
+description: Cloudflare WAF managed rulesets 2025-07-28 release
+date: 2025-07-28
+---
+
+import { RuleID } from "~/components";
+
+This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.
+
+
+**Key Findings**
+
+- Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
+
+- Apache Tomcat (CVE-2025-31650): A improper Input Validation vulnerability in Apache Tomcat that could create memory leak when incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request.
+
+- MongoDB (CVE-2024-53900, CVE:CVE-2025-23061): Improper use of `$where` in match and a nested `$where` filter with a `populate()` match in Mongoose can lead to search injection.
+
+**Impact**
+
+These vulnerabilities target user-facing components, web application servers, and back-end databases. A SQL injection flaw in Fortinet FortiWeb can lead to data theft or system compromise. A separate issue in Apache Tomcat involves a memory leak from improper input validation, which could be exploited for a denial-of-service (DoS) attack. Finally, a vulnerability in MongoDB's Mongoose library allows attackers to bypass security filters and access unauthorized data through malicious search queries.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="6ab3bd3b58fb4325ac2d3cc73461ec9e" />
+			</td>
+			<td>100804</td>
+			<td>BerriAI - SSRF - CVE:CVE-2024-6587</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="2e6c4d02f42a4c3ca90649d50cb13e1d" />
+			</td>
+			<td>100812</td>
+			<td>Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="fd360d8fd9994e6bab6fb06067fae7f7" />
+			</td>
+			<td>100813</td>
+			<td>Apache Tomcat - DoS - CVE:CVE-2025-31650</td>
+			<td>Log</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="f9e01e28c5d6499cac66364b4b6a5bb1" />
+			</td>
+			<td>100815</td>
+			<td>MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td>
+				<RuleID id="700d4fcc7b1f481a80cbeee5688f8e79" />
+			</td>
+			<td>100816</td>
+			<td>MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061</td>
+			<td>Log</td>
+			<td>Block</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>

src/content/changelog/browser-rendering/2025-07-28-br-pricing.mdx

@@ -1,7 +1,7 @@
 ---
-title: WAF Release - Scheduled changes for 2025-07-28
-description: WAF managed ruleset changes scheduled for 2025-07-28
-date: 2025-07-21
+title: WAF Release - Scheduled changes for 2025-08-04
+description: WAF managed ruleset changes scheduled for 2025-08-04
+date: 2025-07-28
 scheduled: true
 ---
 
@@ -20,64 +20,93 @@ import { RuleID } from "~/components";
 		</tr>
 	</thead>
 	<tbody>
-		<tr>
-	    <td>2025-07-21</td>
+	  <tr>
 	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
 	    <td>Log</td>
-	    <td>100804</td>
+	    <td>100535A</td>
 	    <td>
-	        <RuleID id="6ab3bd3b58fb4325ac2d3cc73461ec9e" />
+	        <RuleID id="b8ab4644f8044f3485441ee052f30a13" />
 	    </td>
-	    <td>BerriAI - SSRF - CVE:CVE-2024-6587</td>
+	    <td>Sitecore - Dangerous File Upload - CVE:CVE-2025-34510, CVE:CVE-2025-34511</td>
 	    <td>This is a New Detection</td>
-    </tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100812</td>
-			<td>
-				<RuleID id="2e6c4d02f42a4c3ca90649d50cb13e1d" />
-			</td>
-			<td>Fortinet FortiWeb - Remote Code Execution - CVE:CVE-2025-25257</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100813</td>
-			<td>
-				<RuleID id="fd360d8fd9994e6bab6fb06067fae7f7" />
-			</td>
-			<td>Apache Tomcat - DoS - CVE:CVE-2025-31650</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100815</td>
-			<td>
-				<RuleID id="f9e01e28c5d6499cac66364b4b6a5bb1" />
-			</td>
-			<td>
-				MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
-		<tr>
-			<td>2025-07-21</td>
-			<td>2025-07-28</td>
-			<td>Log</td>
-			<td>100816</td>
-			<td>
-				<RuleID id="700d4fcc7b1f481a80cbeee5688f8e79" />
-			</td>
-			<td>
-				MongoDB - Remote Code Execution - CVE:CVE-2024-53900, CVE:CVE-2025-23061
-			</td>
-			<td>This is a New Detection</td>
-		</tr>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100535</td>
+	    <td>
+	        <RuleID id="06d1fe0bd6e44d868e6b910b5045a97f" />
+	    </td>
+	    <td>Sitecore - Information Disclosure - CVE:CVE-2025-34509</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+  	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100543</td>
+	    <td>
+	        <RuleID id="f71ce87ea6e54eab999223df579cd3e0" />
+	    </td>
+	    <td>Grafana - Directory Traversal - CVE:CVE-2025-4123</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+  	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100545</td>
+	    <td>
+	        <RuleID id="bba3d37891a440fb8bc95b970cbd9abc" />
+	    </td>
+	    <td>WordPress - Information Disclosure - CVE:CVE-2023-5561</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100820</td>
+	    <td>
+	        <RuleID id="28108d25f1cf470c8e7648938f634977" />
+	    </td>
+	    <td>CentOS WebPanel - Remote Code Execution - CVE:CVE-2025-48703</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100821</td>
+	    <td>
+	        <RuleID id="9d69c796a61444a3aca33dc282ae64c1" />
+	    </td>
+	    <td>LaRecipe - SSTI - CVE:CVE-2025-53833</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100822</td>
+	    <td>
+	        <RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />
+	    </td>
+	    <td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td>
+	    <td>This is a New Detection</td>
+	  </tr>
+	  <tr>
+	    <td>2025-07-28</td>
+	    <td>2025-08-04</td>
+	    <td>Log</td>
+	    <td>100823</td>
+	    <td>
+	        <RuleID id="69d43d704b0641898141a4300bf1b661" />
+	    </td>
+	    <td>WordPress:Theme:Motors - Privilege Escalation - CVE:CVE-2025-4322</td>
+	    <td>This is a New Detection</td>
+	  </tr>
 	</tbody>
 </table>