On December 5, 2025, Cloudflare experienced a significant outage that lasted about 25 minutes, affecting 28% of its HTTP traffic. The problem arose when the company attempted to address a newly disclosed vulnerability in React Server Components by increasing the buffer size in its Web Application Firewall (WAF) from 128KB to 1MB. During this rollout, they turned off an internal WAF testing tool. Unfortunately, this change led to a bug in the FL1 version of their proxy, resulting in HTTP 500 error codes for impacted customers. The error stemmed from a coding issue related to how Cloudflare's rulesets handled the "execute" action. When the testing tool was disabled, the system encountered a nil value, triggering the errors. Cloudflare identified the problem quickly and reverted the change, restoring service at 09:12 UTC. Customers using the older FL1 proxy with the Cloudflare Managed Ruleset were primarily affected, while those on the China network and with different configurations experienced no issues. Following a similar incident two weeks prior, Cloudflare acknowledged the need for improved deployment practices. They outlined plans for enhanced rollouts and versioning, streamlined failure recovery processes, and better error handling to prevent such widespread outages in the future. A detailed report on these resiliency efforts is expected to be released soon.