github cloudflare/terraform-provider-cloudflare v5.19.0
on GitHub

6 hours ago

5.19.0 (2026-04-24)

Full Changelog: v5.19.0-beta.5...v5.19.0

Note

cmd/migrate: deprecated in favor of tf-migrate; will be removed in a future release (#7062)

New Resources

  • cloudflare_ai_gateway: Manage AI Gateway instances (e8d7f3b)
  • cloudflare_certificate_authorities_hostname_associations: Manage mTLS certificate hostname associations (97df6f2)
  • cloudflare_custom_page_asset: Manage custom page assets (8b71d20)
  • cloudflare_pipeline: Manage Cloudflare Pipelines (de21a25)
  • cloudflare_r2_data_catalog: Manage R2 Data Catalog (e8d7f3b)
  • cloudflare_user_group: Manage user groups (4cf8755)
  • cloudflare_user_group_members: Manage user group memberships (4cf8755)
  • cloudflare_vulnerability_scanner_credential: Manage vulnerability scanner credentials (4cf8755)
  • cloudflare_vulnerability_scanner_credential_set: Manage vulnerability scanner credential sets (4cf8755)
  • cloudflare_vulnerability_scanner_target_environment: Manage vulnerability scanner target environments (4cf8755)
  • cloudflare_workers_observability_destination: Manage Workers Observability destinations (312d3af)
  • cloudflare_zero_trust_device_ip_profile: Manage Zero Trust device IP profiles (7b251d2)
  • cloudflare_zero_trust_device_subnet: Manage Zero Trust device subnets (ebb8216)
  • cloudflare_zero_trust_dlp_settings: Manage Zero Trust DLP settings (4cf8755)

Features

  • account: state upgrader for v4 to v5 migration (82ee06e)
  • account_member: state upgrader for v4 to v5 migration (62d0ea7)
  • account_token: state upgrader for v4 to v5 migration (a0469d7)
  • authenticated_origin_pulls: state upgrader for v4 to v5 migration (c4054b7)
  • authenticated_origin_pulls_hostname_certificate: state upgrader for v4 to v5 migration (c4054b7)
  • byo_ip_prefix: state upgrader for v4 to v5 migration (8d58cab)
  • custom_hostname: state upgrader for v4 to v5 migration (24e4f0e)
  • custom_ssl: state upgrader for v4 to v5 migration (ada4f8f)
  • leaked_credential_check: state upgrader for v4 to v5 migration (9372a7d)
  • leaked_credential_check_rule: state upgrader for v4 to v5 migration (745f1e2)
  • logpush_ownership_challenge: state upgrader for v4 to v5 migration (25785268)
  • mtls_certificate: state upgrader for v4 to v5 migration (70d46e0)
  • observatory_scheduled_test: state upgrader for v4 to v5 migration (a2883c9)
  • pages_domain: state upgrader for v4 to v5 migration (91c6024)
  • regional_tiered_cache: state upgrader for v4 to v5 migration (430edbd)
  • ruleset: add content_converter and redirects_for_ai_training support to configuration rules (726b8e7)
  • turnstile_widget: state upgrader for v4 to v5 migration (94b9515)
  • workers_custom_domain: state upgrader for v4 to v5 migration (6a40c69)
  • zero_trust_device_custom_profile: state upgrader for v4 to v5 migration (77090dc)
  • zero_trust_device_default_profile: state upgrader for v4 to v5 migration (77090dc)
  • zero_trust_device_posture_integration: state upgrader for v4 to v5 migration (32bc328)
  • zero_trust_gateway_certificate: state upgrader for v4 to v5 migration (ceff5a4)
  • zero_trust_gateway_settings: state upgrader for v4 to v5 migration (3dae4a3)
  • zero_trust_gateway_logging: make importable (c5d144b)
  • zero_trust_organization: state upgrader for v4 to v5 migration (9eb3a25)
  • zero_trust_tunnel_cloudflared_virtual_network: state upgrader for v4 to v5 migration (1f0f135)
  • zone_setting: state upgrader for v4 to v5 migration (7ba7600)
  • add browser rendering devtools methods (7f83203)
  • bump go sdk version (070ea0b)
  • enable treeshaking and client options for setting zone and account IDs (43b90cb)
  • promote AI Gateway Terraform config from staging to main (75baa04)

Bug Fixes

  • account_member: add UseStateForUnknown to status field to prevent drift (841d6f9)
  • ai_search_instance: restore original defaults for cache and cache_threshold (d28ee6b)
  • apijson: return empty object from MarshalForPatch when no fields are serialisable (270fe86)
  • authenticated_origin_pulls_settings: fix no prior schema and no-op upgrade (9804de7)
  • certificate_pack: initialize empty lists instead of null in state upgrader to prevent drift (2017a43)
  • client_certificate: fix CSR drift with normalization (a755419)
  • custom_hostname: allow ssl as null (6e17010)
  • custom_hostname_fallback_origin: eventual consistency (d55a74a)
  • custom_origin_trust_store: fix certificate drift with normalization (42de890)
  • custom_ssl: fix patch cert replacement and send bundle_method (bebe53b)
  • dlp_predefined_profile: eliminate perpetual entries and enabled_entries drift (92dcfc0)
  • dns_record: avoid unnecessary drift for ipv4_only and ipv6_only attributes (3df5e03)
  • dns_record: remove private_routing default value (ada77b4)
  • drift: preserve prior state for optional fields not returned by API (access_rule, gateway_policy, gateway_settings, zone_dnssec, dlp_predefined_profile) (b717f4d)
  • leaked_credential_check_rule: handle empty ID from v4 provider state migration (70f0337)
  • list_item: remove context (69f751d)
  • logpush_job: update model for migration (b789273)
  • logpush_job: fix acceptance tests failing due to destination re-validation on PUT (87243a1)
  • managed_transforms: remove unavailable rule and fix nil pointer in state upgrade (d14644e)
  • migrations: handle ambiguous schema_version state for v4/v5 coexistence (2b6246f)
  • page_rule: properly encode automatic_https_rewrites (47ebbf4)
  • provider credential fields marked sensitive and validation regex updated (5f6ff4f)
  • r2: add degraded-response handling to the R2 custom domain resource (c8d0e0f)
  • ruleset: restore phase-entrypoint fallbacks (b92500b)
  • ruleset: add redirects_for_ai_training to v4 action parameters model (16470fa)
  • tokens: change from set to list for token policies (9937847)
  • tokens: handle revoked and expired tokens (63319ed)
  • UpgradeFromV0 handles both v4 and early-v5 state formats (b09f658)
  • use raw JSON deserialization in UpgradeState handlers (0e93ea6)
  • workers_custom_domain: handle HTTP 200 no content header (ea0ca97)
  • workers_script: add missing ratelimit binding type to schema validator (30c49a6)
  • workers_script: model drift (5ae89c4)
  • zero_trust_access_identity_provider: boolean drifts (421bb50)
  • zero_trust_access_policy: nil pointer panic in state upgrader (ebe2b68)
  • zero_trust_access_policy: normalize transforms and use raw JSON deserialization for state upgrade (18c2ae3)
  • zero_trust_device_managed_networks: upgrade resource state (7c14bf5)
  • zero_trust_device_posture_rule: schema default removed intentionally (eef56df)
  • zero_trust_gateway_policy: make filters Computed+Optional to prevent drift (8f52f45)
  • zero_trust_gateway_settings: breaking changes and reset to clean defaults (b5ca509)
  • zero_trust_tunnel_cloudflared_config: dont use init (090ff6a)

Chores

  • api: update composite API spec (db5b37e)
  • cmd/migrate: deprecated in favor of tf-migrate; will be removed in a future release (#7062)
  • docs: caveats and callouts (31c0d88)
  • internal: codegen related update (4cf8755)
  • update tf-migrate version (d023e25)

Documentation

  • remove TBD wording from deprecation timeline (bce670f)
Check out latest releases or
releases around cloudflare/terraform-provider-cloudflare v5.19.0

Don't miss a new terraform-provider-cloudflare release

NewReleases is sending notifications on new releases.

Get notifications