Release-Jun-2-2026 - Scheduled Changes for WAF

[vs-mg]

Release-Jun-2-2026 - Scheduled Changes for WAF

[cloudflare-docs-bot]

Review

❌ Review failed for commit 35a111c. This is usually a transient error — it will retry on the next push.

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/src/content/changelog/waf/	@cloudflare/firewall, @vs-mg, @fb1337, @cloudflare/pm-changelogs, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners, @hsaxenaCF

[ask-bonk]

Summary

This PR updates the scheduled WAF release file () to reflect three new rules scheduled for 2026-06-08:

1. Axios - Prototype Pollution (CVE-2026-40175) - Log
2. Drupal - PostgreSQL SQLi - URI (CVE-2026-9082) - Log
3. Drupal - PostgreSQL SQLi - Body (CVE-2026-9082) - Log

All three are marked as new detections.

Assessment

No blocking issues found. The content follows the existing scheduled release format, dates are consistent, and the component usage is correct.

Suggestions

• PR description: Consider expanding the PR description to briefly list the new rules being added and their scheduled release date. This helps reviewers quickly understand the scope without reading the diff.

[ask-bonk]

I've reviewed PR #31191 and completed the following:

Labels applied:

• Added product:waf (already had product:changelog and size/s)

Review summary:

This PR updates src/content/changelog/waf/scheduled-waf-release.mdx to replace the May 18 scheduled release with three new WAF rules scheduled for June 8, 2026:

1. Axios - Prototype Pollution (CVE-2026-40175) — Log
2. Drupal - PostgreSQL SQLi - URI (CVE-2026-9082) — Log
3. Drupal - PostgreSQL SQLi - Body (CVE-2026-9082) — Log

Assessment:

• No blocking issues found. The content follows the existing scheduled release format.
• Dates are consistent (announcement: 2026-06-02, release: 2026-06-08).
• RuleID component usage is correct and properly imported.
• Frontmatter is valid per the changelog schema.
• No MDX syntax issues (unescaped braces/angles) detected.

Minor feedback posted:

• Suggested expanding the bare PR description to briefly list the new rules and scheduled date for faster reviewer context.

This is a routine, well-formed changelog update. No code changes or fixes are needed.

github run

[github-actions]

Preview URL: https://3fb9a45f.preview.developers.cloudflare.com
Preview Branch URL: https://release-jun-2-2026.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/changelog/post/scheduled-waf-release/	https://release-jun-2-2026.preview.developers.cloudflare.com/changelog/post/scheduled-waf-release/