Release Updates

Salesforce periodically releases updates that improve the performance, logic, security, and usability of Salesforce, but which can affect your existing customizations. Find these important updates in the Release Updates node in Setup.

The Release Updates page provides a list of updates that affect your org. Each update includes step-by-step actions for you to take. To ensure a smooth transition, many release updates have test runs available. Use the test run option to enable and disable an update as often as needed before the "Complete Steps By" date so that you can evaluate its impact on your org.

Enforced Updates

These updates were announced in a previous release and are now enforced.

Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile (Update, Enforced)
This update gives you more control over which guest, portal, or community users can access Apex classes containing @AuraEnabled methods. Add guest user profile access to any @AuraEnabled Apex class used by a community or portal. When this update is activated, a guest, portal, or community user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This update is enforced in Winter ’21.
Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile (Update, Enforced)
This update gives you more control over which authenticated users can access Apex classes containing @AuraEnabled methods. When this update is enforced, an authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. This update is enforced in Winter ’21.
Legacy Transaction Security: End of Life
With the enhanced transaction security policy framework, you can create transaction security policies that execute actions on any standard or custom object. Now that the new framework is generally available, all policies written with the legacy framework are disabled. Make sure to migrate your legacy transaction security policies to the new framework. This update was first made available in Winter ’20.

Previously Released Updates

These updates were announced in a previous release and are still available.

Enable ICU Locale Formats (Previously Released Update)
To help you do business wherever you are, we’re adopting the International Components for Unicode (ICU) formats for dates and times. ICU sets the international standard for these formats for all locales. The new formats provide a consistent experience across the Salesforce platform and improve integration with ICU-compliant applications across the globe. The ICU formats replace Oracle’s Java 8 Development Kit (JDK8) formats. This update was first made available in Winter ’20.
Require Permission to View Record Names in Lookup Fields (Previously Released Update)
To better protect your Salesforce org’s data, we restricted who can view record names in lookup fields. Users must have Read access to these records or the View All Lookup Record Names permission to view this data. This update also applies to system fields, such as Created By and Last Modified By. This update was first made available in Spring ’20.
Allow Users to Use Standard External Profiles to Self-Register and Log Into Communities and Portals (Previously Released Update)
Activating this update enables the Allow using standard external profiles for self-registration and user creation setting in your org. This setting allows admins to use standard external profiles for self-registration, user creation, and login.
Stop Automated Field Updates from Suppressing Email Notifications (Previously Released Update)
This update, released in Summer ’17, was scheduled for enforcement in Spring ’20, but is now available only by contacting Salesforce Customer Support. For various operations, such as assigning a task to someone, you can choose to notify the affected user by email. This update stops processes, workflow rules, and Apex triggers from suppressing these email notifications.

Newly Announced Updates

These release updates are newly announced in Winter ’21.

Disable Standard Object Edits on Standard Profile (Update)
Salesforce reserves standard object permissions in standard profiles, so modifications are not allowed. This update enforces a validation to block modifications to standard profile object permissions to ensure org integrity.
Require Verification When Community Users, Partners, and Customers Change Their Email Address (Update)
This security update requires external users to confirm their community email address changes.
Deploy a My Domain (Update)
To use the latest features and comply with browser requirements, all Salesforce orgs must have a My Domain. Deploy one, or we assign one for you based on your company name. Because your My Domain affects all application URLs, we recommend that you test and deploy a My Domain before this update is enforced in Winter ’22.
Review the Org-Level Email Tracking Setting for Salesforce Inbox (Update)
This update corrects an inconsistency when Salesforce Inbox email tracking is disabled, but tracking features are still available to users and tracking information is still collected.
Require User Permission for the Send Custom Notification Action (Update)
This update gives you more control over which of your users can trigger the Send Custom Notification action. When this update is activated, a user must have the Send Custom Notifications user permission to trigger the Send Custom Notification action in flows that run in user context, REST API calls, or Apex callouts. Use the Send Custom Notifications user permission to improve the security of your Salesforce org and limit custom notifications to desired users and use cases.
Disable Rendering of HTML in Custom Field Labels (Update)
To better protect your Salesforce org, this update removes legacy behavior that allows HTML formatting in custom field labels. When enabled, HTML tags in custom field labels are rendered as plain text.
Make Paused Flow Interviews Resume in the Same Context with the Same User Access (Update)
With this update enabled, paused autolaunched flows always resume in the same context and with the same user access they had before they were paused.
Orders: New Behavior for Saving Orders (Update)
Now it’s easier to run custom application logic on orders. Salesforce evaluates custom application logic when a new order product or edited order product causes a change to the parent order.

Postponed Updates

These updates are postponed.

Use with sharing for @AuraEnabled Apex Controllers with Implicit Sharing (Update, Postponed)
This update is postponed to Spring ’21. It was scheduled for auto-activation (enforcement) in Spring ’20. This update changes the behavior of @AuraEnabled Apex controllers that don’t specify with sharing or without sharing to default to with sharing.
Disable Access to Non-global Apex Controller Methods in Managed Packages (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Winter ’20. This update corrects access controls on Apex controller methods in managed packages. When this update is enabled, only methods marked with the global access modifier are accessible by Aura components from outside the package namespace. These access controls prevent you from using unsupported API methods that the package author didn’t intend for global access.
Enforce Access Modifiers on Apex Properties in Lightning Component Markup (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Summer ’20. This update makes Lightning components consistent with the use of Apex properties in other contexts. For example, a markup expression can no longer access an Apex property with a private Apex getter.
Prevent Creation of Function Expressions in Dynamically Created Aura Components (Update, Postponed)
This update is postponed to Spring ’21. It was scheduled for auto-activation (enforcement) in Winter ’21. To improve security and stability, this update prevents attribute values passed to $A.createComponent() or $A.createComponents() from being interpreted as Aura function expressions.
Enable Secure Static Resources for Lightning Components (Update, Postponed)
This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Spring ’21. To improve security, this update serves all static resources from the visualforce domain instead of the lightning domain. This change prevents a script included in a static resource from accessing the document in the lightning domain due to the same-origin security policy.
Evaluate Criteria Based on Original Record Values in Process Builder (Update, Postponed)
This update, released in Summer ’19, was scheduled for auto-activation (enforcement) in Summer ’20 and then postponed to Winter ’21, but has been postponed again to Winter ’22. This release update ensures that a process with multiple criteria and a record update evaluates the original value of the field that began the process with a value of null.
Enable Partial Save for Invocable Actions (Update, Postponed)
This update, released in Winter ’20, was scheduled for auto-activation (enforcement) in Summer ’20 and then postponed to Winter ’21, but has been postponed again to Spring ’21. This release update improves the behaviors and effects of failed invocable actions. It only affects external REST API calls to invocable actions done in bulk. With this update, when invoking a set of actions in a single request, a single failed invocable action no longer causes the entire transaction to fail. Without this update, if a single invocable action fails, other invocable actions within the transaction are rolled back and the entire transaction fails.
Enforce Data Access in Flow Merge Fields (Update, Postponed)
This update, released in Spring ’20, was scheduled for auto-activation (enforcement) in Summer ’20, but has been postponed to Spring ’21. This update enforces the running user’s data access when Flow Builder uses a merge field to access a field on a related record.
Make Flows Respect Access Modifiers for Legacy Apex Actions (Update, Postponed)
This update, released in Spring ’20, was scheduled for auto-activation (enforcement) in Summer ’20, but has been postponed to Spring ’21. With this release update enabled, developers can trust that their legacy Apex actions are properly protected and available only to other components in their managed packages. This update makes a flow fail if it contains a public legacy Apex action.
Disable Rules for Enforcing Explicit Access to Apex Classes (Update, Postponed)
The Disable Rules for Enforcing Explicit Access to Apex Classes update, released in Summer ’20, was scheduled for auto-activation (enforcement) in Spring ’21, but has been postponed to Summer ’21. This release update replaces the Require User Access to Apex Classes Invoked by Flow update. The Disable Rules for Enforcing Explicit Access to Apex Classes update returns orgs to their original state – where users only need access to the flow to be able to run a flow that includes Apex actions.
Check for Null Record Variables or Null Values of Lookup Relationship Fields in Process and Flow Formulas (Update, Postponed)
This update, released in Spring ’19, was scheduled for auto-activation (enforcement) in Spring ’20, but has been postponed to Spring ’21. Note: This update has already been enabled in Salesforce orgs that received Summer '20 prior to July 10, 2020. If this is the case for your org, you may disable the update if you wish until Spring ’21. This update enables process and flow formulas to return null values when the calculations involve a null record variable or null lookup relationship field.
Stabilize URLs for Visualforce, Experience Builder, Site.com Studio, and Content Files (Update, Postponed)
We’re removing the instance names from Visualforce, Experience Builder, Site.com Studio, and content file URLs. An instance name identifies where your Salesforce org is hosted. Removing the instance name makes domains shorter and easier for users to remember. This update applies to orgs that have a deployed My Domain. After this update is activated, a URL that includes the instance name, such as a bookmark, automatically redirects to the new hostname. Released in Spring ’18, this update is postponed to Summer ’22.
Prevent Consecutive API Navigation Calls in Visualforce Pages (Update, Postponed)
This update, released in Summer ’20, was scheduled for auto-activation in Spring ’21, but has been postponed to Winter ’22. In Visualforce pages, API navigation calls can be fired consecutively, which can lead to unwanted behavior. This release update prevents this API navigation call pattern, firing only the first navigation call.
Keep Working with Tab-Focused Dialogs (Update, Postponed)
This update, released in Winter ’20, was scheduled for auto-activation in Winter ’21, but has been postponed to Winter ’22. In Lightning console apps, dialogs no longer stop you from interacting with the rest of the UI. This release update limits the focus of dialogs triggered by a workspace tab or subtab to only the tab that triggered it.

Retired Updates

This update was announced in a previous release but is retired. It was removed from the Release Updates node and won’t be enforced.

Enable Dependency Access Checks In Lightning Components (Update, Retired)
This update has been retired and no longer requires any action.