Release Updates

Salesforce periodically releases updates that improve the performance, logic, security, and usability of Salesforce, but that can affect your existing customizations. Find the Spring ’21 updates in the Release Updates node in Setup.

The Release Updates page provides a list of updates that affect your org. Each update includes step-by-step actions for you to take. To ensure a smooth transition, many release updates have test runs available. Use the test run option to enable and disable an update as often as needed before the "Complete Steps By" date to evaluate its impact on your org.

Enforced Updates

These updates were announced in a previous release and are now enforced.

Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing (Update, Enforced)
This update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing. This update applies only to orgs created after Spring ’18 or orgs that activated the retired Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing update that had the opposite effect and set the default to without sharing. Orgs created before Spring ’18 already default to with sharing. Those orgs don't see the update unless they enabled the now retired without sharing update.
Prevent Creation of Function Expressions in Dynamically Created Aura Components (Update, Enforced)
To improve security and stability, this update prevents attribute values passed to $A.createComponent() or $A.createComponents() from being interpreted as Aura function expressions. This update is enforced in Spring ’21.
Disable Rendering of HTML in Custom Fields Labels (Update, Enforced)
To better protect your Salesforce org, this update removes legacy behavior that allows HTML formatting in custom field labels. When this update is enabled, HTML tags in custom field labels are rendered as plain text.
Enable Partial Save for Invocable Actions (Update, Enforced)
This release update improves the behaviors and effects of failed invocable actions. It only affects external REST API calls to invocable actions done in bulk. With this update, when invoking a set of actions in a single request, a single failed invocable action no longer causes the entire transaction to fail. Without this update, if a single invocable action fails, other invocable actions within the transaction are rolled back and the entire transaction fails. This update, released in Winter ’20, was scheduled for enforcement in Summer ’20 and first postponed to Winter ’21. This update was again postponed to and is enforced in Spring ’21.
Make Flows Respect Access Modifiers for Legacy Apex Actions (Update, Enforced)
With this release update enabled, developers can trust that their legacy Apex actions are properly protected and available only to other components in their managed packages. This update makes a flow fail if it contains a public legacy Apex action. This update, released in Spring ’20, was scheduled for enforcement in Summer ’20, but was postponed to and is enforced in Spring ’21.

Previously Released Updates

These updates were announced in a previous release and are still available.

Enable ICU Locale Formats (Previously Released Update)
To do business wherever you are, adopt the International Components for Unicode (ICU) formats for dates and times. ICU sets the international standard for these formats for all locales. The new formats provide a consistent experience across the Salesforce platform and improve integration with ICU-compliant applications across the globe. The ICU formats replace Oracle’s Java 8 Development Kit (JDK8) formats. This update was first made available in Winter ’20.
Deploy a My Domain (Previously Released Update)
To use the latest features and comply with browser requirements, all Salesforce orgs must have a My Domain. Deploy one, or we assign one for you based on your company name. Because your My Domain affects all application URLs, we recommend that you test and deploy a My Domain before this update is enforced in Winter ’22. This update was first made available in Winter ’21.
Keep Working with Tab-Focused Dialogs (Previously Released Update)
In Lightning console apps, dialogs no longer stop you from interacting with the rest of the UI. This release update limits the focus of dialogs triggered by a workspace tab or subtab to only the tab that triggered it. This update was first made available in Winter ’20.
Prevent Consecutive API Navigation Calls in Visualforce Pages (Previously Released Update)
In Visualforce pages, API navigation calls can be fired consecutively, which can lead to unwanted behavior. This release update prevents this API navigation call pattern, firing only the first navigation call. This update was first made available in Summer ’20.
Make Paused Flow Interviews Resume in the Same Context with the Same User Access (Previously Released Update)
With this update enabled, paused autolaunched flows always resume in the same context and with the same user access they had before they were paused. This update is enforced in Winter ‘22.

Newly Announced Updates

These release updates are newly announced in Spring ’21.

Securely Call the Visualforce Remoting API (Update)
The Visualforce Remoting API uses JavaScript to call methods in Apex controllers directly from Visualforce pages. To ensure that the API is properly secured, calls now have stricter validation. This update is enforced in Winter ’22.
Convert the Read Only Standard Profile to a Custom Profile (Update)
This update converts the Read Only standard profile to a custom profile. After the update is enforced, you can edit permissions in this profile as your business needs require.
Require Multi-Factor Authentication for Logins to Subscriber Orgs (Update)
Secure access to subscriber orgs by requiring multi-factor authentication (MFA) when logging into the License Management Org (LMO).
Accurately Measure the CPU Time Consumption of Flows and Processes (Update)
With this update enabled, Salesforce accurately measures, logs, and limits the CPU time consumed by all flows and processes. Previously, the CPU time consumed was occasionally incorrect or misattributed to other automation occurring later in the transaction, such as Apex triggers. Now you can properly identify performance bottlenecks that cause the maximum per-transaction CPU time consumption limit to be exceeded. Also, because CPU time is now accurately counted, flows and processes fail after executing the element, criteria node, or action that pushes a transaction over the CPU limit. We recommend testing all complex flows and processes, which are more likely to exceed this limit.
Analyze Screen Flow Usage (Update)
With this update, you can use reports to examine run-time details about your screen flows. Discover usage patterns and in turn optimize screen flows for users. This update is available for Salesforce orgs that don’t already capture run-time metrics for screen flows.

Postponed Updates

These updates are postponed.

Disable Access to Non-global Apex Controller Methods in Managed Packages (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Winter ’20. This update corrects access controls on Apex controller methods in managed packages. When this update is enabled, only methods marked with the global access modifier are accessible by Aura components from outside the package namespace. These access controls prevent you from using unsupported API methods that the package author didn’t intend for global access.
Enforce Access Modifiers on Apex Properties in Lightning Component Markup (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Summer ’20. This update makes Lightning components consistent with the use of Apex properties in other contexts. For example, a markup expression can no longer access an Apex property with a private Apex getter. This release update doesn’t affect usage of Apex setters.
Enable Secure Static Resources for Lightning Components (Update, Postponed)
This update is postponed to Winter ’22. It was scheduled for auto-activation (enforcement) in Spring ’21. To improve security, this update serves all static resources from the visualforce domain instead of the lightning domain. This change prevents a script included in a static resource from accessing the document in the lightning domain due to the same-origin security policy.
Require Verification When Experience Cloud Users, Partners, and Customers Change Their Email Address (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Spring ’21. This security update requires external users to confirm their community email address changes.
Evaluate Criteria Based on Original Record Values in Process Builder (Update, Postponed)
This update, released in Summer ’19, was scheduled for enforcement in Summer ’20 and then postponed to Winter ’21, but was postponed again to Winter ’22. This release update ensures that a process with multiple criteria and a record update evaluates the original value of the field that began the process with a value of null.
Disable Rules for Enforcing Explicit Access to Apex Classes (Update, Postponed)
The Disable Rules for Enforcing Explicit Access to Apex Classes update is now scheduled to be enforced in Spring ’22. With this update, the running user of a flow or process no longer requires explicit access to Apex classes that are invoked by the flow or process.
Check for Null Record Variables or Null Values of Lookup Relationship Fields in Process and Flow Formulas (Update, Postponed)
This update enables process and flow formulas to return null values when the calculations involve a null record variable or null lookup relationship field. This update, released in Spring ’19, was scheduled for enforcement in Spring ’21, but was postponed to Spring ’22. This update was enabled in Salesforce orgs that received Summer '20 before July 10, 2020. If this is true for your org and you disabled the update, you must enable it in Spring ’22. In Spring ’21, Salesforce enabled the test run option for this update due to a known issue with the scheduled enforcement. You can still disable the test run until the update is enforced in Spring ’22.
Email-To-Case Update Enforcement Extended to Winter ’22 Release
A new enforcement deadline for the Winter ’21 Email-To-Case updates gives admins until the Winter ’22 release to adopt the changes through the Release Update feature.
Enforce Data Access in Flow Merge Fields (Update, Postponed)
This update enforces the running user’s data access when Flow Builder uses a merge field to access a field on a related record. This update, released in Spring ’20, was scheduled for enforcement in Summer ’20 and then postponed to Spring ’21, but was postponed again to Summer '21. In Spring ’21, Salesforce enabled the test run option for this update due to a known issue with the scheduled enforcement. You can still disable the test run until the update is enforced in Summer '21.
Enable Enhanced Folder Sharing (Update, Postponed)
This update is postponed to Spring ’22. It was originally scheduled for auto-activation (enforcement) in Spring '20. Enhanced folder sharing introduces new user permissions and changes each user’s access to existing reports and dashboards.

Retired Updates

These updates were announced in a previous release but are retired. They were removed from the Release Updates node and won’t be activated.

Stabilize URLs for Visualforce, Experience Builder, Site.com Studio, and Content Files (Update, Retired)
This update has been retired. To remove instance names from your URLs, use enhanced domains.
Require Permission to View Record Names in Lookup Fields (Update, Retired)
This update has been retired. Salesforce won’t enable this update in all Salesforce orgs. Instead, you can choose when to restrict who can view record names in lookup fields with an opt-in setting on the Sharing Settings page.