Skip to content

Release-Jun-2-2026 - Scheduled Changes for WAF#31191

Open
vs-mg wants to merge 2 commits into
productionfrom
Release-Jun-2-2026
Open

Release-Jun-2-2026 - Scheduled Changes for WAF#31191
vs-mg wants to merge 2 commits into
productionfrom
Release-Jun-2-2026

Conversation

@vs-mg

@vs-mg vs-mg commented Jun 2, 2026

Copy link
Copy Markdown
Collaborator

Release-Jun-2-2026 - Scheduled Changes for WAF

@vs-mg vs-mg requested review from a team, elithrar and hsaxenaCF as code owners June 2, 2026 17:11
@cloudflare-docs-bot

cloudflare-docs-bot Bot commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review

❌ Review failed for commit 35a111c. This is usually a transient error — it will retry on the next push.

@vs-mg vs-mg requested review from ay-cf and rag-cf and removed request for rag-cf June 2, 2026 17:12
@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/changelog/waf/ @cloudflare/firewall, @vs-mg, @fb1337, @cloudflare/pm-changelogs, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners, @hsaxenaCF

@ask-bonk ask-bonk Bot added the product:waf label Jun 2, 2026
ask-bonk[bot]
ask-bonk Bot reviewed Jun 2, 2026
View reviewed changes

@ask-bonk ask-bonk Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

This PR updates the scheduled WAF release file () to reflect three new rules scheduled for 2026-06-08:

  1. Axios - Prototype Pollution (CVE-2026-40175) - Log
  2. Drupal - PostgreSQL SQLi - URI (CVE-2026-9082) - Log
  3. Drupal - PostgreSQL SQLi - Body (CVE-2026-9082) - Log

All three are marked as new detections.

Assessment

No blocking issues found. The content follows the existing scheduled release format, dates are consistent, and the component usage is correct.

Suggestions

  • PR description: Consider expanding the PR description to briefly list the new rules being added and their scheduled release date. This helps reviewers quickly understand the scope without reading the diff.

@ask-bonk

ask-bonk Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

I've reviewed PR #31191 and completed the following:

Labels applied:

  • Added product:waf (already had product:changelog and size/s)

Review summary:

This PR updates src/content/changelog/waf/scheduled-waf-release.mdx to replace the May 18 scheduled release with three new WAF rules scheduled for June 8, 2026:

  1. Axios - Prototype Pollution (CVE-2026-40175) — Log
  2. Drupal - PostgreSQL SQLi - URI (CVE-2026-9082) — Log
  3. Drupal - PostgreSQL SQLi - Body (CVE-2026-9082) — Log

Assessment:

  • No blocking issues found. The content follows the existing scheduled release format.
  • Dates are consistent (announcement: 2026-06-02, release: 2026-06-08).
  • RuleID component usage is correct and properly imported.
  • Frontmatter is valid per the changelog schema.
  • No MDX syntax issues (unescaped braces/angles) detected.

Minor feedback posted:

  • Suggested expanding the bare PR description to briefly list the new rules and scheduled date for faster reviewer context.

This is a routine, well-formed changelog update. No code changes or fixes are needed.

github run

@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Preview URL: https://3fb9a45f.preview.developers.cloudflare.com
Preview Branch URL: https://release-jun-2-2026.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/changelog/post/scheduled-waf-release/ https://release-jun-2-2026.preview.developers.cloudflare.com/changelog/post/scheduled-waf-release/

@vs-mg vs-mg enabled auto-merge (squash) June 2, 2026 17:51
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify PRs that might need updates (or to be closed out by our team if no longer relevant).

@github-actions github-actions Bot added the stale label Jun 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ask-bonk ask-bonk[bot] ask-bonk[bot] left review comments
@ay-cf ay-cf ay-cf approved these changes
@elithrar elithrar Awaiting requested review from elithrar elithrar is a code owner
@hsaxenaCF hsaxenaCF Awaiting requested review from hsaxenaCF hsaxenaCF is a code owner
@rag-cf rag-cf Awaiting requested review from rag-cf

Assignees

@elithrar elithrar

@hsaxenaCF hsaxenaCF

Labels

product:changelog product:waf size/s stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vs-mg @ay-cf @elithrar @hsaxenaCF