Merge branch 'cloudflare:production' into production

Author: thienlet

src/assets/images/changelog/analytics/graphql-api-explorer.png

@@ -0,0 +1,34 @@
+---
+title: New GraphQL Analytics API Explorer and MCP Server  
+description: Easily explore, build, and run GraphQL queries with two new tools  
+date: 2025-05-23T11:00:00Z  
+---
+
+We’ve launched two powerful new tools to make the GraphQL Analytics API more accessible:
+
+#### GraphQL API Explorer
+
+The new [GraphQL API Explorer](https://graphql.cloudflare.com/explorer) helps you build, test, and run queries directly in your browser. Features include:
+
+- In-browser schema documentation to browse available datasets and fields  
+- Interactive query editor with autocomplete and inline documentation  
+- A "Run in GraphQL API Explorer" button to execute example queries from our docs  
+- Seamless OAuth authentication — no manual setup required  
+
+![GraphQL API Explorer](/src/assets/images/changelog/analytics/graphql-api-explorer.png)
+
+#### GraphQL Model Context Protocol (MCP) Server
+
+MCP Servers let you use natural language tools like Claude to generate structured queries against your data. See our [blog post](https://blog.cloudflare.com/thirteen-new-mcp-servers-from-cloudflare/) for details on how they work and which servers are available. The new [GraphQL MCP server](https://github.com/cloudflare/mcp-server-cloudflare/tree/main/apps/graphql) helps you discover and generate useful queries for the GraphQL Analytics API. With this server, you can:
+
+- Explore what data is available to query  
+- Generate and refine queries using natural language, with one-click links to run them in the API Explorer  
+- Build dashboards and visualizations from structured query outputs  
+
+Example prompts include:
+
+- “Show me HTTP traffic for the last 7 days for example.com”  
+- “What GraphQL node returns firewall events?”  
+- “Can you generate a link to the Cloudflare GraphQL API Explorer with a pre-populated query and variables?” 
+
+We’re continuing to expand these tools, and your feedback helps shape what’s next. [Explore the documentation](/analytics/graphql-api/) to learn more and get started.

src/content/changelog/analytics/2025-05-23-graphql-api-explorer.mdx

@@ -24,7 +24,7 @@ You can use `curl` to make requests to the GraphQL Analytics API. Alternatively,
 
 ## Clients
 
-We are using [GraphiQL](https://github.com/skevy/graphiql-app) for our example GraphQL queries. There are many other popular open-source clients that you can find online, such as [Altair](https://altair.sirmuel.design) and [Insomnia](https://insomnia.rest).
+We are using [GraphiQL](https://github.com/skevy/graphiql-app) for our example GraphQL queries. There are many other popular open-source clients that you can find online, such as [Altair](https://altairgraphql.dev) and [Insomnia](https://insomnia.rest).
 
 ## Limitations
 

src/content/docs/analytics/graphql-api/index.mdx

@@ -25,16 +25,15 @@ The list below is for reference only. Responsibility for third-party software li
 - [BoringSSL](https://boringssl.googlesource.com/boringssl/)
 - [GnuTLS](https://www.gnutls.org)
     - 3.8.9+ compiled with leancrypto 1.2.0+
-    - 3.8.8+ compiled with liboqs 0.11.0+
+    - 3.8.8-3.8.9 compiled with liboqs 0.11.0+
 - [rustls 0.23.22+](https://crates.io/crates/rustls)
 - Default for [rpxy 0.9.4+](https://github.com/junkurihara/rust-rpxy)
 - [NGINX](https://github.com/nginx/nginx) compiled with OpenSSL 3.5+ ([instructions](https://github.com/nginx/nginx/issues/288))
 - [Open Quantum Safe](https://openquantumsafe.org/)
     - C library: liboqs 0.10.0+
     - OpenSSL provider: oqs-provider 0.7.0+
 - [Zig 0.14.0+](https://ziglang.org/)
-- [Caddy HTTP server](https://caddyserver.com/)
-    - [2.10-beta.4+](https://github.com/caddyserver/caddy/releases/tag/v2.10.0-beta.4)
+- [Caddy HTTP server 2.10.0+](https://caddyserver.com/)
 - [Botan C++ library 3.7.0+](https://botan.randombit.net/)
 
 ## X25519Kyber768Draft00
@@ -48,12 +47,12 @@ The list below is for reference only. Responsibility for third-party software li
 - Default for [Go 1.23](https://github.com/golang/go/issues/67061)
 - [BoringSSL](https://boringssl.googlesource.com/boringssl/)
 - [GnuTLS](https://www.gnutls.org)
-    - 3.8.8+ compiled with liboqs 0.11.0-0.12.0
-    - 3.8.7 compiled with liboqs 0.10.1-0.12.0
+    - 3.8.8-3.8.9 compiled with liboqs 0.11.0+
+    - 3.8.7 compiled with liboqs 0.10.1+
 - Cloudflare's [fork of QUIC-go](https://github.com/cloudflare/qtls-pq)
 - Goutam Tamvada's [fork of Firefox](https://github.com/xvzcf/firefox-pq-demos)
 - [Open Quantum Safe](https://openquantumsafe.org/)
-    - C library: liboqs 0.5.0-0.12.0
+    - C library: liboqs 0.5.0+
     - OpenSSL provider: oqs-provider 0.5.0-0.8.0
 - [Zig 0.11.0-0.13.0](https://ziglang.org/)
 - [nginx](https://www.nginx.org/) when [compiled with BoringSSL](https://mailman.nginx.org/pipermail/nginx/2023-August/NOISOYU3QTB2DGIYUBGF7CAMQHDI2QLT.html) ([guide](https://blog.centminmod.com/2023/10/03/2860/how-to-enable-cloudflare-post-quantum-x25519kyber768-key-exchange-support-in-centmin-mod-nginx/))

src/content/docs/ssl/post-quantum-cryptography/pqc-support.mdx

@@ -57,8 +57,15 @@ All content objects in an incoming request will be checked, namely for requests
 
 The content scanner will fully check content objects with a size up to 15 MB. For larger content objects, the scanner will analyze the first 15 MB and provide scan results based on that portion of the object.
 
-:::caution
-The AV scanner will not scan some particular types of files, namely encrypted or password-protected files. Refer to [Non-scannable files](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/#non-scannable-files) for a list of AV scanning limitations. For WAF content scanning, the size limit of 15 MB applies to all plans.
+:::note
+
+The AV scanner will not scan some particular types of files, namely the following:
+
+- Password-protected archives
+- Archives with more than three recursion levels
+- Archives with more than 300 files
+- PGP-encrypted files
+
 :::
 
 ## Custom scan expressions