No matches found
Try choosing different filters or resetting your filter selections.
Release Updates: Enforcement for Profile-Based Access for@AuraEnabled Apex Classes, and More
We’re enforcing the two release updates for Apex classes containing @AuraEnabled methods. There’s also a new Enable Secure Static
Resources for Lightning Components release update.
-
Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Update, Enforced)
This update gives you more control over which guest, portal, or community users can access Apex classes containing @AuraEnabled methods. Add guest user profile access to any @AuraEnabled Apex class used by a community or portal. When this update is activated, a guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This update is enforced in Winter ’21. -
Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Update, Enforced)
This update gives you more control over which authenticated users can access Apex classes containing @AuraEnabled methods. When this update is enforced, an authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This update is enforced in Winter ’21. -
Enable Dependency Access Checks In Lightning Components (Update, Retired)
This update has been retired and no longer requires any action. -
Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing (Update, Postponed)
This update is postponed to Spring ’21. It was scheduled for auto-activation (enforcement) in Spring ’20. This update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing. This update applies only to orgs created after Spring ’18 or orgs that activated the retired Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing update that had the opposite effect and set the default to without sharing. Orgs created before Spring ’18 already default to with sharing. Those orgs don't see the update unless they enabled the now retired without sharing update. -
Disable Access to Non-global Apex Controller Methods in Managed Packages (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Winter ’20. This update corrects access controls on Apex controller methods in managed packages. When this update is enabled, only methods marked with the global access modifier are accessible by Aura components from outside the package namespace. These access controls prevent you from using unsupported API methods that the package author didn’t intend for global access. -
Enforce Access Modifiers on Apex Properties in Lightning Component Markup (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Summer ’20. This update makes Lightning components consistent with the use of Apex properties in other contexts. For example, a markup expression can no longer access an Apex property with a private Apex getter. -
Prevent Creation of Function Expressions in Dynamically Created Aura Components (Update, Postponed)
This update is postponed to Spring ’21. It was scheduled for auto-activation (enforcement) in Winter ’21. To improve security and stability, this update prevents attribute values passed to $A.createComponent() or $A.createComponents() from being interpreted as Aura function expressions. -
Enable Secure Static Resources for Lightning Components (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Spring ’21. To improve security, this update serves all static resources from the visualforce domain instead of the lightning domain. This change prevents a script included in a static resource from accessing the document in the lightning domain due to the same-origin security policy.