Cloudflare has launched Flagship, a new service designed to manage feature flags for applications. The service allows developers to control the visibility of features without needing to redeploy their code. Flagship is compatible with the OpenFeature open standard, and Cloudflare provides an SDK, @cloudflare/flagship, that can be used in Workers, Node.js, and browsers.
Key features of Flagship include a native Workers binding for evaluating flags within Cloudflare's serverless environment. It also supports targeting rules, enabling different flag values to be served based on user attributes, and percentage rollouts for gradual feature releases. The service supports various data types for flag variations, including booleans, strings, numbers, and JSON objects.
Flag management is handled through the Cloudflare dashboard, where flags can be organized into applications. Flagship integrates with other Cloudflare services, such as Workers for execution and KV for storing flag configurations. Documentation is available for developers to get started with the service and explore its capabilities.
Separately, information has emerged regarding a security vulnerability, CVE-2026-48710, affecting Starlette, related to a host-header authentication bypass. Additionally, new open-source tools like TSDuck for MPEG-TS analysis and Cate, an infinite canvas workspace, have been released.
