[WAF] Add changelog entry for threat intelligence fields

[hsaxenaCF]

Summary

Changelog entry for the new cf.intel.ip.* threat intelligence fields in WAF custom rules and rate limiting rules (SHIP-11629). Companion to the docs PR #31205.

Documentation checklist

• Is there a changelog entry? This is the changelog entry.
• The change adheres to the documentation style guide.
• If a larger change — an issue has been opened. N/A.
• Files which have changed name or location have redirects. N/A.

[cloudflare-docs-bot]

Review

❌ Review failed for commit 29c6d7c. This is usually a transient error — it will retry on the next push.

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/src/content/changelog/waf/	@cloudflare/firewall, @vs-mg, @fb1337, @cloudflare/pm-changelogs, @cloudflare/appsec-reviewers, @elithrar, @cloudflare/product-owners, @hsaxenaCF

[ask-bonk]

2 issues need attention before merge.

• LOW : Date format includes a time component (), which is inconsistent with all other WAF changelog entries. Use instead.
• MEDIUM : Link targets a page added in companion PR #31205. Ensure #31205 merges first or CI link checks will fail.

[ask-bonk]

Review summary: 2 issues need attention before merge.

• LOW src/content/changelog/waf/2026-06-01-threat-intelligence-fields.mdx:6: Date format includes a time component (T12:00:00Z), which is inconsistent with all other WAF changelog entries. Use 2026-06-01 instead. Suggested inline.
• MEDIUM src/content/changelog/waf/2026-06-01-threat-intelligence-fields.mdx:27: Link /waf/detections/threat-intelligence/ targets a page added in companion PR [WAF] Add threat intelligence detection docs #31205. Ensure [WAF] Add threat intelligence detection docs #31205 merges first or CI link checks will fail. Flagged inline.

[ask-bonk]

Reviewed PR #31206. Here's the summary:

Labels applied: changelog, product:waf, documentation

What the PR changes:
Adds a new WAF changelog entry (2026-06-01-threat-intelligence-fields.mdx) announcing cf.intel.ip.* threat intelligence fields for use in custom rules and rate limiting rules. Includes a rule expression example and links to relevant docs.

Issues flagged:

• LOW — Date frontmatter uses 2026-06-01T12:00:00Z, which is inconsistent with every other WAF changelog entry (they use YYYY-MM-DD). Posted an inline suggestion to change it to 2026-06-01.
• MEDIUM — The link /waf/detections/threat-intelligence/ points to a page that does not exist in the current branch (it's added in companion PR [WAF] Add threat intelligence detection docs #31205). Flagged inline so maintainers ensure [WAF] Add threat intelligence detection docs #31205 merges first; otherwise CI link checks will fail.

No build-breaking MDX syntax issues, missing imports, or invalid frontmatter were found.

github run

[github-actions]

CI run failed: build logs

[github-actions]

Broken Links

Found 1 broken link(s) across 1 file(s).

File	Link	Position	Error
content/changelog/waf/2026-06-03-threat-intelligence-fields.mdx	/waf/detections/threat-intelligence/	27:172	invalid link

[github-actions]

Preview URL: https://29c6d7c3.preview.developers.cloudflare.com
Preview Branch URL: https://hsaxena-threat-intel-waf-changelog.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/changelog/post/2026-06-03-threat-intelligence-fields/	https://hsaxena-threat-intel-waf-changelog.preview.developers.cloudflare.com/changelog/post/2026-06-03-threat-intelligence-fields/