Critical Updates

This release includes new critical updates for processes, flows, HTML-based email templates, and sandbox URLs. And we’re postponing a critical update for @AuraEnabled Apex controllers.

To ensure a smooth transition, each critical update has an opt-in period, which ends on the auto-activation date that’s displayed on the Critical Updates page in Setup. During this period, you can manually activate and deactivate the update as often as you need to evaluate the impact on your org and modify affected customizations. After the opt-in period has passed, the update is activated. For more details, see Respond to Critical Updates.

New Critical Updates

These critical updates are new in Summer ’18.

Enable Partial Save for Create and Update Operations in Processes (Critical Update)
This update prevents a failed process from causing all running processes in the transaction to fail. Instead, Salesforce rolls back only the records that fail to save.
Enable Flow and Process Queries to Execute in Batches (Critical Update)
This update changes the way queries in flows and process are executed when they can be bulkified. Salesforce already bulkifies operations that create, update, or delete Salesforce records. Enabling query bulkification helps your org avoid reaching SOQL limits. If this critical update doesn’t appear in your org’s Critical Update console, your org already executes flow and process operations in batches.
Edit Self-Service User Permission Is Manage Customer Users
The “Edit Self Service User” permission is now named “Manage Customer Users”. The functionality remains the same, but the permission is no longer enabled by default for new standard profiles.
Restrict Use of Salesforce Classic HTML-Based Email Templates to Secure Browsers (Critical Update)
This critical update prevents using HTML-based email templates, such as custom, Visualforce, or standard HTML templates, from Microsoft Internet Explorer. Internet Explorer doesn’t support the Salesforce Content Security Policy (CSP), so it can’t provide the required browser protection. We recommend that you use a browser with CSP support, such as Microsoft Edge, Google Chrome, or Mozilla Firefox.
Stabilize the Hostname for My Domain URLs in Sandboxes (Critical Update)
This critical update removes instance names from URLs. Prior to Summer ’18, My Domain URLs in sandboxes included the instance name of the org. After this update, My Domain URLs for sandboxes exclude instance names.
Secure Topics for Salesforce Sites and Portals (Critical Update)
Topic names are exposed to all users in your org, including users in your org’s Salesforce Sites and Portals created before Summer ’13. For enhanced security of topics, we’re turning off topics for guest and authenticated external users in Salesforce Sites and Portals.

Postponed Critical Updates

This critical update was announced in a previous release and the auto-activation date was postponed.

Postponed “Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing” Critical Update
This critical update, released in Spring ’18, was scheduled for auto-activation in Summer ’18, but has been postponed to Spring ’19.