Rust Daily: Review of the Cloudflare Network Outage Incident

Actix-Web v4.12.0: Optimized Streaming Response API

The popular web framework actix-web has released version v4.12.0, focusing on enhancing developer experience by introducing smarter default behaviors for streaming responses and more explicit handling of WebSocket functionality.

Specific improvements are as follows:

  • streaming()

    method is now more intuitive: if no

    Content-Type

    is specified, it will automatically be set to

    application/octet-stream

    ; when a

    Content-Length

    header is detected, it will automatically switch to

    SizedStream

    , thus avoiding the use of chunked transfer.

  • A new
    ws

    crate feature has been introduced and is enabled by default. If you set

    default-features = false

    in your dependencies, you must now explicitly enable the

    ws

    feature to use WebSocket.

  • EitherExtractError

    type has now been publicly exported from the

    error

    module for easier use in your custom error handling logic.

Official website: https://actix.rs/

bytes v1.11.0: Stability Improvements

As a foundational component in the asynchronous ecosystem, the

bytes

crate has been updated to v1.11.0. This release focuses on stability improvements, including several important fixes for buffer handling and correctness, enhancing the reliability of production systems.

Specific improvements are as follows:

  • This update includes several critical stability fixes, the most important of which ensures that
    BytesMut

    only reuses the source when there are remaining bytes in the buffer source, avoiding potential data processing errors.

  • A subtle but important behavioral change:
    BytesMut::remaining_mut

    now uses

    isize::MAX

    instead of

    usize::MAX

    as its upper limit.

  • The minimum supported Rust version (MSRV) has been raised to 1.57, so a newer compiler is required for upgrades.
  • Additionally, this release has revised the capacity guarantee mechanism in
    BytesMut::put

    , further enhancing the crate’s predictability and robustness.

Summary: Although this release does not introduce new features, its focus on correctness is crucial for the health of the entire ecosystem. These fixes strengthen the core components relied upon by countless asynchronous projects, helping to build more reliable applications.

crates.io: https://crates.io/crates/bytes

Github: https://github.com/tokio-rs/bytes

Review of the Cloudflare Network Outage Incident on November 18

On November 18, 2025, at 11:20 UTC (all times in this article are UTC), Cloudflare’s network began experiencing severe core traffic transmission failures. For users, this manifested as an error page indicating an internal failure within the Cloudflare network.

Rust Daily: Review of the Cloudflare Network Outage Incident

Incident Summary

  • Occurrence Time: November 18, 2025, 11:20 UTC
  • Root Cause: A database permission configuration change caused the “feature file” used by the Bot Management system to double in size, exceeding the memory limit set by the core proxy software, leading to system crashes.
  • Impact Scope: Several key services including Cloudflare’s core CDN, Turnstile, Workers KV, Access, and Dashboard were affected to varying degrees, with users generally encountering HTTP 5xx errors or being unable to log in.
  • Recovery Time: Core traffic was restored at 14:30, and all systems were fully restored by 17:06.

Technical Details Highlights

  1. Trigger Path:
  • Database permission change (11:05 UTC) → ClickHouse query returns duplicate column metadata → Feature file row count doubles → Exceeds the hard limit of 200 features for the Bot module → Proxy service panic → HTTP 5xx errors.
  • Volatile Failures:
    • Due to the gradual update of permission configurations in the ClickHouse cluster, the feature file generated every 5 minutes was intermittently good and bad, leading to an “intermittent recovery → crash again” phenomenon, initially misjudged as a DDoS attack.
  • Differences Between New and Old Proxies:
    • FL2 (new proxy): Directly returns 5xx errors.
    • FL (old proxy): Does not report errors, but the bot score is all 0, leading to the misblocking of legitimate traffic (if the customer enabled bot rules).
  • Secondary Impacts:
    • Workers KV and Access failed in a chain reaction due to reliance on the core proxy;
    • Dashboard login was obstructed (Turnstile unavailable);
    • Status page coincidentally went down, exacerbating misjudgment;
    • Error log enhancement mechanisms consumed a large amount of CPU, increasing CDN latency.

    Error code screenshot:

    Rust Daily: Review of the Cloudflare Network Outage Incident

    For the complete review, see: https://blog.cloudflare.com/18-november-2025-outage

    From the Daily Report Team Yuan YQ

    Community Learning and Exchange Platform Subscription:

    • Rustcc Forum: Supports RSS
    • WeChat Official Account: Rust Language Chinese Community

    Leave a Comment