--- title: WAF changelog overview description: Overview of WAF changelog, scheduled changes, and historical updates. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/waf/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # WAF changelog overview The [WAF changelog](https://developers.cloudflare.com/waf/change-log/changelog/) provides information about changes to [managed rulesets](https://developers.cloudflare.com/waf/managed-rules/) and general updates to WAF protection. [ View changelog ](https://developers.cloudflare.com/waf/change-log/changelog/) [ View scheduled changes ](https://developers.cloudflare.com/waf/change-log/scheduled-changes/) [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/waf.xml) ## Changelog for managed rulesets Cloudflare regularly releases updates and adds new rules to WAF [managed rulesets](https://developers.cloudflare.com/waf/managed-rules/). Updates improve rule accuracy, reduce false positives, or increase protection in response to changes in the threat landscape. ### Release cycle New and updated rules follow a seven-day release cycle, typically on Monday or Tuesday (adjusted for public holidays). **Week 1 — Logging only:** Cloudflare deploys new or updated rules in logging-only mode with the _Log_ action. Rules in this mode record matching requests but do not block traffic. Most newly created rules carry both the `beta` and `new` tags. Use this period to review your security events for unexpected matches that could be false positives. **Week 2 — Default action:** On the following release day, the rules change from the _Log_ action to their intended default action (shown in the **New Action** column of the changelog table). The `beta` and `new` tags are removed. For updates to existing rules, Cloudflare first deploys the updated version as a separate `BETA` rule (noted in the rule description) with a `beta` tag, before updating the original rule on the next release cycle. ### Disabled rules Cloudflare may also add rules in disabled mode on the same release cycle. These rules make remediation logic available without affecting traffic, and allow Cloudflare to perform impact testing and performance checks. You can activate a disabled rule at any time if you need its protection. Disabled rules do not carry the `beta` or `new` tags. ### Emergency releases For new vulnerabilities, Cloudflare may release rules outside the regular seven-day cycle. These are emergency releases. Warning [Ruleset overrides and tag overrides](https://developers.cloudflare.com/ruleset-engine/managed-rulesets/override-managed-ruleset/) apply to existing and **future** rules in a managed ruleset. This means overrides you configure today will automatically apply to rules added in regular and emergency releases. If you notice a new or updated rule generating an increased volume of security events, you can disable it or change its action from the default. Once you change a rule to use an action other than the default one, Cloudflare will not be able to override the rule action. ## General updates The [changelog](https://developers.cloudflare.com/waf/change-log/changelog/) also includes general updates to WAF protection that are not specific to managed rulesets. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/waf/","name":"WAF"}},{"@type":"ListItem","position":3,"item":{"@id":"/waf/change-log/","name":"WAF changelog overview"}}]} ```