Yes, it is a new security measure and has been in place for some time now - but when it pops up with a challenge appears somewhat variable, steered by mysterious algorithms known only to CloudFlare...
The chances of being challenged do appear to increase when a link is included in a post, even if that link addresses WP content, and also when connecting from a dynamic IP - presumably because at some point, a security issue was associated with the particular IP assigned by the ISP to make a connection here.
Unfortunately, this IP-related aspect may mean that some members are challenged more than others.
Some months back the whole system was extremely aggressive, challenging practically every access to WP, but it seems to have been tamed now.
_________________
Giraffe: a ruminant with a view.