Merge branch 'production' into patricia/pcx15511-security-reports

Author: patriciasantaana

astro.config.ts

@@ -4,6 +4,7 @@ import starlightDocSearch from "@astrojs/starlight-docsearch";
 import starlightImageZoom from "starlight-image-zoom";
 import liveCode from "astro-live-code";
 import starlightLinksValidator from "starlight-links-validator";
+import starlightScrollToTop from "starlight-scroll-to-top";
 import icon from "astro-icon";
 import sitemap from "@astrojs/sitemap";
 import react from "@astrojs/react";
@@ -162,6 +163,14 @@ export default defineConfig({
 					clientOptionsModule: "./src/plugins/docsearch/index.ts",
 				}),
 				starlightImageZoom(),
+				starlightScrollToTop({
+					tooltipText: "Back to top",
+					showTooltip: true,
+					svgPath: "M12 6L6 12M12 6L18 12M12 12L6 18M12 12L18 18",
+					showProgressRing: true,
+					progressRingColor: "white",
+					showOnHomepage: false, // Hide on homepage (default)
+				}),
 			],
 			lastUpdated: true,
 			markdown: {

package-lock.json

@@ -121,6 +121,7 @@
 		"starlight-image-zoom": "0.13.0",
 		"starlight-links-validator": "0.17.2",
 		"starlight-package-managers": "0.11.0",
+		"starlight-scroll-to-top": "0.4.0",
 		"starlight-showcases": "0.3.0",
 		"strip-markdown": "6.0.0",
 		"suf-log": "2.5.3",

package.json

@@ -33,6 +33,8 @@ Once this is complete, Cloudflare will place two TXT DCV records - one for `exam
 
 If desired, you could also manually fetch the DCV tokens and share them with your customers.
 
+<Render file="dcv-conflicting-records" product="ssl" />
+
 ## Moved domains
 
 If you [move your SaaS zone to another account](/fundamentals/manage-domains/move-domain/), you will need to update the `CNAME` record with a new hostname value.

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv.mdx

@@ -8,7 +8,7 @@ head:
     content: Delegated DCV — Domain Control Validation — SSL/TLS
 ---
 
-import { Example, FeatureTable } from "~/components";
+import { Example, FeatureTable, Render } from "~/components";
 
 Delegated DCV allows zones with [partial DNS setups](/dns/zone-setups/partial-setup/) - meaning authoritative DNS is not provided by Cloudflare - to delegate the DCV process to Cloudflare.
 
@@ -72,15 +72,7 @@ _acme-challenge.sub.example.com CNAME sub.example.com.<COPIED_VALIDATION_URL>.
 
 </Example>
 
-:::caution[Remove previous TXT records]
-
-Existing TXT records for `_acme-challenge` will conflict with the delegated DCV CNAME record. Make sure to check and remove records such as the following:
-
-```txt
-_acme-challenge.example.com TXT <CERTIFICATE_VALIDATION_VALUE>
-```
-
-:::
+<Render file="dcv-conflicting-records" product="ssl" />
 
 Once the `CNAME` records are in place, Cloudflare will add TXT DCV tokens for every hostname on the Advanced certificate that has a DCV delegation record in place, as long as the zone is [active](/dns/zone-setups/reference/domain-status/) on Cloudflare.
 

src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv.mdx

@@ -179,9 +179,9 @@ To update a certificate in the dashboard:
 
 <DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
 
-2. In **Edge Certificates**, locate a custom certificate and click on it to expand.
+2. In **Edge Certificates**, locate a custom certificate and select it to expand.
 
-3. Select the wrench icon and select **Replace SSL certificate and key**.
+3. Select the wrench button and choose **Replace SSL certificate and key**.
 
 4. Follow the same steps as [upload a new certificate](#upload-a-custom-certificate).
 
@@ -196,3 +196,15 @@ To update a certificate using the API, send a [`PATCH`](/api/resources/custom_ce
 To update the **Private Key Restriction** setting of a certificate, delete and re-add the certificate.
 
 :::
+
+---
+
+## Delete a custom certificate
+
+1. In the Cloudflare dashboard, go to the SSL/TLS **Edge Certificates** page.
+
+<DashButton url="/?to=/:account/:zone/ssl-tls/edge-certificates" />
+
+2. In **Edge Certificates**, locate a custom certificate and select it to expand.
+3. Select the cross button.
+4. Select **Confirm** to delete the certificate.

src/content/docs/ssl/edge-certificates/custom-certificates/uploading.mdx

@@ -45,7 +45,7 @@ New versions of a Worker are created when you run:
 - [`wrangler versions upload`](/workers/wrangler/commands/#upload)
 - Or when you make edits via the Cloudflare dashboard
 
-If Preview URLs have been enabled, they are **public by default** and available immediately after version creation.
+If Preview URLs have been enabled, they are public and available immediately after version creation.
 
 :::note
 Minimum required Wrangler version: 3.74.0. Check your version by running `wrangler --version`. To update Wrangler, refer to [Install/Update Wrangler](/workers/wrangler/install-and-update/).
@@ -112,7 +112,8 @@ To limit your preview URLs to authorized emails only:
 
 Note:
 
-- Preview URLs are disabled by default.
+- Preview URLs are enabled by default when `workers_dev` is enabled.
+- Preview URLs are disabled by default when `workers_dev` is disabled.
 - Disabling Preview URLs will disable routing to both versioned and aliased preview URLs.
 
 ### From the Dashboard
@@ -156,7 +157,7 @@ preview_urls = false
 
 </WranglerConfig>
 
-If not given, `preview_urls = false` is the default.
+If not given, `preview_urls = workers_dev` is the default.
 
 :::caution
 If you enable or disable Preview URLs in the Cloudflare dashboard, but do not update your Worker's Wrangler file accordingly, the Preview URLs status will change the next time you deploy your Worker with Wrangler.

src/content/docs/workers/configuration/previews.mdx

@@ -118,7 +118,7 @@ The `main` key is optional for assets-only Workers.
   - Enables use of `*.workers.dev` subdomain to deploy your Worker. If you have a Worker that is only for `scheduled` events, you can set this to `false`. Defaults to `true`. Refer to [types of routes](#types-of-routes).
 
 - `preview_urls` <Type text="boolean" /> <MetaInfo text="optional" />
-  - Enables use of Preview URLs to test your Worker. Defaults to `false`. Refer to [Preview URLs](/workers/configuration/previews).
+  - Enables use of Preview URLs to test your Worker. Defaults to value of `workers_dev`. Refer to [Preview URLs](/workers/configuration/previews).
 
 - `route` <Type text="Route" /> <MetaInfo text="optional" />
   - A route that your Worker should be deployed to. Only one of `routes` or `route` is required. Refer to [types of routes](#types-of-routes).
@@ -992,7 +992,7 @@ The following options are available:
   - To specify a custom instance type, see [here](#custom-instance-types).
 
 - `max_instances` <Type text="string" /> <MetaInfo text="optional" />
-  - The maximum number of concurrent container instances you want to run at any given moment. Stopped containers do not count towards this - you may have more container instances than this number overall, but only this many actively running containers at once. If a request to start a container will exceed this limit, that request will error. 
+  - The maximum number of concurrent container instances you want to run at any given moment. Stopped containers do not count towards this - you may have more container instances than this number overall, but only this many actively running containers at once. If a request to start a container will exceed this limit, that request will error.
 
   - Defaults to 20.
 

src/content/docs/workers/wrangler/configuration.mdx

@@ -0,0 +1,14 @@
+---
+{}
+
+---
+
+:::caution[Remove previous TXT records]
+
+Existing TXT records for `_acme-challenge` will conflict with the delegated DCV CNAME record. Make sure to check and remove records such as the following:
+
+```txt
+_acme-challenge.example.com TXT <CERTIFICATE_VALIDATION_VALUE>
+```
+
+:::

src/content/partials/ssl/dcv-conflicting-records.mdx

@@ -0,0 +1,36 @@
+releaseNotes: |-
+  This release contains minor fixes, improvements, and new features including Path Maximum Transmission Unit Discovery (PMTUD). With PMTUD enabled, the client will dynamically adjust packet sizing to optimize connection performance. There is also a new connection status message in the GUI to inform users that the local network connection may be unstable. This will make it easier to debug connectivity issues.
+
+  WARP client version 2025.8.779.0 introduced an updated public key for Linux packages. The public key must be updated if it was installed before September 12, 2025 to ensure the repository remains functional after December 4, 2025. Instructions to make this update are available at [pkg.cloudflareclient.com](https://pkg.cloudflareclient.com/).
+
+  **Changes and improvements**
+  - The GUI now displays the health of the tunnel and DNS connections by showing a connection status message when the network may be unstable. This will make it easier to debug connectivity issues.
+  - Deleting registrations no longer returns an error when succeeding.
+  - Path Maximum Transmission Unit Discovery (PMTUD) is now used to discover the effective MTU of the connection. This allows the client to improve connection performance optimized for the current network.
+
+  **Known issues**
+  - Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/#route-traffic-to-fallback-server).
+version: 2025.9.173.1
+releaseDate: 2025-10-15T23:18:22.366Z
+packageURL: https://downloads.cloudflareclient.com/v1/download/jammy-arm/version/2025.9.173.1
+packageSize: 51555532
+platformName: Linux
+linuxPlatforms:
+  jammy-arm: 51555532
+  bullseye-arm: 51807344
+  noble-arm: 51962118
+  fedora35-intel: 55082058
+  centos8-intel: 54971956
+  focal-arm: 51880200
+  fedora35-arm: 54139702
+  focal-intel: 52699034
+  bookworm-intel: 52375426
+  fedora34-intel: 55429867
+  centos8-arm: 54353378
+  fedora34-arm: 54574223
+  noble-intel: 52172584
+  trixie-arm: 51781020
+  trixie-intel: 52175108
+  jammy-intel: 52382106
+  bookworm-arm: 51540838
+  bullseye-intel: 52601928