Add initial entries for several CF1 products + pointer to previous changelog entries

kodster28 · kodster28 · commit dc0a3fad7f27 · 2025-03-18T16:18:25.000-05:00
diff --git a/src/content/changelog/casb/2024-09-01-cloudflare-one.mdx b/src/content/changelog/casb/2024-09-01-cloudflare-one.mdx
@@ -0,0 +1,21 @@
+---
+title: Explore product updates for Cloudflare Zero Trust
+description: New changelog format for Cloudflare Zero Trust
+products:
+  - access
+  - browser-isolation
+  - cloudflare-tunnel
+  - dex
+  - dlp
+  - email-security
+  - gateway
+  - risk-score
+  - zero-trust-warp
+date: 2024-09-01T11:00:00Z
+---
+
+Welcome to your new home for product updates on [Cloudflare Zero Trust](/cloudflare-one/).
+
+Our [new changelog](/changelog/) lets you read about changes in much more depth, offering in-depth examples, images, code samples, and even gifs.
+
+If you are looking for older product updates, refer to the [Cloudflare Zero Trust changelog](/cloudflare-one/changelog/).
diff --git a/src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx b/src/content/changelog/casb/2024-11-22-cloud-data-extraction-aws.mdx
@@ -0,0 +1,15 @@
+---
+title: Find security misconfigurations in your AWS cloud environment
+description: CASB and DLP with Cloud Data Extraction for AWS cloud environments
+date: 2024-11-22T11:00:00Z
+products:
+  - dlp
+---
+
+import { Render } from "~/components";
+
+You can now use CASB to find security misconfigurations in your AWS cloud environment using [Data Loss Prevention](/cloudflare-one/policies/data-loss-prevention/).
+
+You can also [connect your AWS compute account](/cloudflare-one/applications/casb/casb-integrations/aws-s3/#compute-account) to extract and scan your S3 buckets for sensitive data while avoiding egress fees. CASB will scan any objects that exist in the bucket at the time of configuration.
+
+<Render file="casb/aws-compute-account" product="cloudflare-one" />
diff --git a/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx b/src/content/changelog/cloudflare-tunnel/2024-12-19-diagnostic-logs.mdx
@@ -0,0 +1,15 @@
+---
+title: Troubleshoot tunnels with diagnostic logs
+description: View tunnel diagnostic logs
+date: 2024-12-19T11:00:00Z
+---
+
+import { Render } from "~/components";
+
+The latest `cloudflared` build [2024.12.2](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance.
+
+A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file.
+
+<Render file="tunnel/tunnel-diag-file" product="cloudflare-one" />
+
+For more information, refer to [Diagnostic logs](/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs/).
diff --git a/src/content/changelog/dlp/2025-01-03-source-code-confidence-level.mdx b/src/content/changelog/dlp/2025-01-03-source-code-confidence-level.mdx
@@ -0,0 +1,16 @@
+---
+title: Detect source code leaks with Data Loss Prevention
+description: Added source code confidence levels to Data Loss Prevention
+date: 2025-01-03T11:00:00Z
+---
+
+import { Render } from "~/components";
+
+You can now detect source code leaks with Data Loss Prevention (DLP) with predefined checks against common programming languages.
+
+<Render
+	file="data-loss-prevention/programming-language-list"
+	product="cloudflare-one"
+/>
+
+For more details, refer to [DLP profiles](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/).
diff --git a/src/content/changelog/email-security/2024-12-19-reclassification-tab.mdx b/src/content/changelog/email-security/2024-12-19-reclassification-tab.mdx
@@ -0,0 +1,15 @@
+---
+title: Increased transparency for phishing email submissions
+description: New Email reclassifications tab
+date: 2024-12-19T11:00:00Z
+---
+
+import { Render } from "~/components";
+
+Customers now have more transparency about team and user submissions for phishing emails through a **Reclassification** tab in the Zero Trust dashboard.
+
+Reclassifications happen when users or admins [submit a phish](/cloudflare-one/email-security/phish-submissions/) to Email Security. Cloudflare reviews and - in some cases - reclassifies these emails based on improvements to our machine learning models.
+
+This new tab increases your visibility into this process, allowing you to view what submissions you have made and what the outcomes of those submissions are.
+
+{/* Need screenshot here + more details potentially */}
diff --git a/src/content/changelog/gateway/2025-02-13-improvements-unscannable-files.mdx b/src/content/changelog/gateway/2025-02-13-improvements-unscannable-files.mdx
@@ -0,0 +1,17 @@
+---
+title: Block files that are password-protected, compressed, or otherwise unscannable.
+description: Unscannable files for Download and Upload File Types selectors
+date: 2025-02-03T11:00:00Z
+products:
+  - dlp
+---
+
+import { Render } from "~/components";
+
+Gateway HTTP policies can now block files that are password-protected, compressed, or otherwise unscannable.
+
+These unscannable files are now matched with the [Download and Upload File Types traffic selectors](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-file-types) for HTTP policies:
+
+<Render file="gateway/policies/unscannable-files" product="cloudflare-one" />
+
+To get started inspecting and modifying behavior based on these and other rules, refer to [HTTP filtering](/cloudflare-one/policies/gateway/initial-setup/http/).
diff --git a/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx b/src/content/docs/cloudflare-one/applications/casb/casb-integrations/aws-s3.mdx
@@ -8,7 +8,10 @@ import { Render } from "~/components";
 
 <Render
 	file="casb/integration-description"
-	params={{ integrationName: "Amazon Web Services (AWS) S3", integrationAccountType: "AWS account" }}
+	params={{
+		integrationName: "Amazon Web Services (AWS) S3",
+		integrationAccountType: "AWS account",
+	}}
 />
 
 ## Integration prerequisites
@@ -32,13 +35,7 @@ You can connect an AWS compute account to your CASB integration to perform [Data
 
 ### Add a compute account
 
-To connect a compute account to your AWS integration:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**.
-2. Find and select your AWS integration.
-3. Select **Open connection instructions**.
-4. Follow the instructions provided to connect a new compute account.
-5. Select **Refresh**.
+<Render file="casb/aws-compute-account" />
 
 You can only connect one computer account to an integration. To remove a compute account, select **Manage compute accounts**.
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/diag-logs.mdx
@@ -6,7 +6,7 @@ sidebar:
   label: Diagnostic logs
 ---
 
-import {Details} from "~/components";
+import { Details, Render } from "~/components";
 
 Cloudflare Tunnel generates a set of diagnostic logs that can be used to troubleshoot issues with `cloudflared`. A diagnostic report collects data from a single instance of `cloudflared` running on the local machine.
 
@@ -22,129 +22,113 @@ The steps for getting diagnostic logs depend on your `cloudflared` deployment en
 
 These instructions apply to remotely-managed and locally-managed tunnels running directly on the host machine.
 
-1. (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions:
+1.  (Linux only) To include network diagnostics in the logs, allow the `cloudflared` user to create RAW and PACKET sockets without root permissions:
 
-		```sh
-		sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute
-		```
+        ```sh
+        sudo setcap cap_net_raw+ep /usr/bin/traceroute && sudo setcap cap_net_raw+ep /usr/bin/traceroute
+        ```
 
-		If you do not set `cap_net_raw`, then traceroute data will be unavailable.
+        If you do not set `cap_net_raw`, then traceroute data will be unavailable.
 
-2. Get diagnostic logs:
+2.  Get diagnostic logs:
 
-		```sh
-		cloudflared tunnel diag
-		```
+        ```sh
+        cloudflared tunnel diag
+        ```
 
-		If multiple instances of `cloudflared` are running on the same host, specify the [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#configure-the-metrics-server-address) for the instance you want to diagnose. For example:
+        If multiple instances of `cloudflared` are running on the same host, specify the [metrics server IP and port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#configure-the-metrics-server-address) for the instance you want to diagnose. For example:
 
-		```sh
-		cloudflared tunnel diag --metrics 127.0.0.1:20241
-		```
+        ```sh
+        cloudflared tunnel diag --metrics 127.0.0.1:20241
+        ```
 
 This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory.
 
 ### Docker
 
 `cloudflared` reads diagnostic data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/). To get diagnostic logs, the metrics server must be exposed from the Docker container and reachable from the host machine.
 
-1. Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker.
+1.  Determine the [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address) for the `cloudflared` instance running in Docker.
 
-2. Ensure the container is deployed with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1:
+2.  Ensure the container is deployed with port forwarding enabled. The diagnostic feature will request information from the Docker instance using local port `20241`, therefore you should forward port `20241` to the container port obtained in Step 1:
 
-		```sh
-		docker run -d -p 20241:<metrics_port> docker.io/cloudflare/cloudflared tunnel ...
-		```
+        ```sh
+        docker run -d -p 20241:<metrics_port> docker.io/cloudflare/cloudflared tunnel ...
+        ```
 
-3. Verify that you can reach the metrics server address from the Docker host environment:
+3.  Verify that you can reach the metrics server address from the Docker host environment:
 
-		```sh
-		curl localhost:20241/diag/tunnel
-		```
+        ```sh
+        curl localhost:20241/diag/tunnel
+        ```
 
-		This command should return a JSON:
-		```json
-		{
-			"tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f",
-			"connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523",
-			"connections": [
-				{ "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"},
-				{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1},
-				{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2},
-				{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3}
-			],
-			"icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"]
-		}
-		```
+        This command should return a JSON:
+        ```json
+        {
+        	"tunnelID": "ef96b330-a7f5-4bce-a00e-827ce5be077f",
+        	"connectorID": "d236670a-9f74-422f-adf1-030f5c5f0523",
+        	"connections": [
+        		{ "isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.167"},
+        		{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.113", "index": 1},
+        		{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.192.47", "index": 2},
+        		{"isConnected": true, "protocol": 1, "edgeAddress": "198.41.200.73", "index": 3}
+        	],
+        	"icmp_sources": ["192.168.1.243", "fe80::c59:bd4a:e815:ed6"]
+        }
+        ```
 
-4. Run the diagnostic using the Docker container ID:
+4.  Run the diagnostic using the Docker container ID:
 
-		```sh
-		cloudflared tunnel diag --diag-container-id=<containerID>
-		```
+        ```sh
+        cloudflared tunnel diag --diag-container-id=<containerID>
+        ```
 
-		Alternatively, you can specify the container's name instead of its ID:
-		```sh
-		cloudflared tunnel diag --diag-container-id=<containerName>
-		```
+        Alternatively, you can specify the container's name instead of its ID:
+        ```sh
+        cloudflared tunnel diag --diag-container-id=<containerName>
+        ```
 
-		Running the diagnostic command with the container ID allows `cloudflared` to collect information from the Docker environment such as logs and container details.
+        Running the diagnostic command with the container ID allows `cloudflared` to collect information from the Docker environment such as logs and container details.
 
 This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory.
 
 ### Kubernetes
 
 The diagnostic feature will request data from the [tunnel metrics server](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/) using ports `20241` to `20245`. You will need to use port forwarding to allow the local `cloudflared` instance to connect to the metrics server on one of these ports.
 
-1. Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address).
+1.  Determine the tunnel's [metrics server port](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#default-metrics-server-address).
 
-2. Enable port forwarding:
+2.  Enable port forwarding:
 
-		```sh
-		kubectl port-forward <pod> <diagnostic_port>:<metrics_port>
-		```
+        ```sh
+        kubectl port-forward <pod> <diagnostic_port>:<metrics_port>
+        ```
 
-		- `<pod>`: Name of the pod where the tunnel is running
-		- `<diagnostic_port>` is any local port in the range `20241` to `20245`.
-		- `<metrics_port>` is the Kubernetes pod port for the `cloudflared` instance you want to diagnose (obtained in Step 1).
+        - `<pod>`: Name of the pod where the tunnel is running
+        - `<diagnostic_port>` is any local port in the range `20241` to `20245`.
+        - `<metrics_port>` is the Kubernetes pod port for the `cloudflared` instance you want to diagnose (obtained in Step 1).
 
-		For example, if you set the metrics server address to `0.0.0.0:12345`:
+        For example, if you set the metrics server address to `0.0.0.0:12345`:
 
-		```sh
-		kubectl port-forward cloudflared-6d4897585b-r8kfz 20244:12345
-		```
-		Connections made to local port `20244` are forwarded to port `12345` of the pod that is running the tunnel.
+        ```sh
+        kubectl port-forward cloudflared-6d4897585b-r8kfz 20244:12345
+        ```
+        Connections made to local port `20244` are forwarded to port `12345` of the pod that is running the tunnel.
 
-3. Run the diagnostic:
+3.  Run the diagnostic:
 
-		```sh
-		cloudflared tunnel diag --diag-pod-id=<podID>
-		```
+        ```sh
+        cloudflared tunnel diag --diag-pod-id=<podID>
+        ```
 
-		If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name:
+        If the pod has multiple applications/services running and `cloudflared` is not the first in the pod, you must specify either the container ID or name:
 
-		```sh
-		cloudflared tunnel diag --diag-pod-id=<podID> --diag-container-id=<containerName>
-		```
+        ```sh
+        cloudflared tunnel diag --diag-pod-id=<podID> --diag-container-id=<containerName>
+        ```
 
 This command will output the status of each diagnostic task and place a `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` file in your working directory.
 
 ## cloudflared-diag files
 
-The `cloudflared-diag-YYYY-MM-DDThh-mm-ss.zip` archive contains the files listed below. The data in a file either applies to the `cloudflared` instance being diagnosed (`diagnosee`) or the instance that triggered the diagnosis (`diagnoser`). For example, if your tunnel is running in a Docker container, the diagnosee is the Docker instance and the diagnoser is the host instance.
-
-| File name  | Description | Instance |
-| -| - | - |
-| `cli-configuration.json`| [Tunnel run parameters](/cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/run-parameters/) used when starting the tunnel | diagnosee|
-| `cloudflared_logs.txt` | [Tunnel log file](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/)[^1]  | diagnosee|
-| `configuration.json` | Tunnel configuration parameters | diagnosee|
-| `goroutine.pprof` | goroutine profile made available by `pprof` | diagnosee|
-| `heap.pprof` | 	heap profile made available by `pprof`| diagnosee|
-| `metrics.txt` | Snapshot of [Tunnel metrics](/cloudflare-one/connections/connect-networks/monitor-tunnels/metrics/#available-metrics) at the time of diagnosis | diagnosee|
-| `network.txt` | JSON traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser|
-| `raw-network.txt` | Raw traceroutes to Cloudflare's global network using IPv4 and IPv6 | diagnoser|
-| `systeminformation.json` | Operating system information and resource usage | diagnosee|
-| `task-result.json` | Result of each diagnostic task | diagnoser |
-| `tunnelstate.json` | Tunnel connections at the time of diagnosis| diagnosee|
-
-[^1]: If the log file is blank, you may need to [set `--loglevel` to `debug`](/cloudflare-one/connections/connect-networks/monitor-tunnels/logs/#view-logs-on-the-server) when you start the tunnel. The `--loglevel` parameter is only required if you ran the tunnel from the CLI using a `cloudflared tunnel run` command. It is not necessary if the tunnel runs as a Linux/macOS service or runs in Docker/Kubernetes.
+<Render file="tunnel/tunnel-diag-file" />
diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx
@@ -78,17 +78,4 @@ The following national identifier detections are validated algorithmically when
 
 ## Source Code
 
-The following programming languages are validated with natural language processing (NLP).
-
-- C
-- C++
-- C#
-- Go
-- Haskell
-- Java
-- JavaScript
-- Lua
-- Python
-- R
-- Rust
-- Swift
+<Render file="data-loss-prevention/programming-language-list" />
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -527,10 +527,7 @@ These selectors will scan file signatures in the HTTP body. You can select from
 
 **Unscannable**
 
-- Password-protected Microsoft Office document
-- Password-protected PDF
-- Password-protected ZIP archive
-- Unscannable ZIP archive
+<Render file="gateway/policies/unscannable-files" />
 
 </Details>
 
diff --git a/src/content/partials/cloudflare-one/casb/aws-compute-account.mdx b/src/content/partials/cloudflare-one/casb/aws-compute-account.mdx
@@ -0,0 +1,11 @@
+---
+{}
+---
+
+To connect a compute account to your AWS integration:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **CASB** > **Integrations**.
+2. Find and select your AWS integration.
+3. Select **Open connection instructions**.
+4. Follow the instructions provided to connect a new compute account.
+5. Select **Refresh**.
diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/programming-language-list.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/programming-language-list.mdx
diff --git a/src/content/partials/cloudflare-one/gateway/policies/unscannable-files.mdx b/src/content/partials/cloudflare-one/gateway/policies/unscannable-files.mdx
diff --git a/src/content/partials/cloudflare-one/tunnel/tunnel-diag-file.mdx b/src/content/partials/cloudflare-one/tunnel/tunnel-diag-file.mdx
diff --git a/src/content/products/risk-score.yaml b/src/content/products/risk-score.yaml
