...
Feature | Short Description | Remarks / Action Items |
|---|---|---|
Enable Salesforce Edge Network for Your Domain Syed Shah - for your initial review. Thanks | Salesforce is updating the routing options available on the My Domain setup page to include Salesforce Edge Network. By default, all orgs are automatically enrolled in the upcoming Salesforce Edge enablement, which occurs according to this timeline: Salesforce notifies admins via email 60 to 90 days before the Edge enablement for their orgs. After Edge is enabled, Salesforce also notifies admins of that event. We’ve also provided the ability to defer this change by unchecking Enable Salesforce Edge Network during the scheduled feature rollout on the My Domain setup page. For additional flexibility, even if you decide to defer now, you can enable Salesforce Edge manually later, ideally during your org's off-peak hours. NOTE: After Salesforce Edge Network is enabled, you can roll back this change within 7 calendar days. If this window has passed, log a case with Salesforce Support to discuss the options available to your org. In Spring ’23, Salesforce Edge Network can be enabled but requires Salesforce Support to roll back. | |
Disable Rules for Enforcing Explicit Access to Apex Classes (Release Update) | This update disables the requirement for a user running a flow to have explicit access to Apex classes invoked by that flow. This update was first made available in Summer ’20 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | This update is available only for Salesforce orgs that enabled the Require User Access to Apex Classes Invoked by Flow update. |
Help shield your org and network from malicious attacks with content sniffing protection. This change helps prevent the browser from loading scripts disguised as other file types when your users access external content and websites from Salesforce. This update was first made available in Winter ’23 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | If a link or content embedded within a custom page fails to load, investigate whether the external content is valid. If a standard Salesforce page or embedded content on a standard page fails to load during testing, file a case with Salesforce Customer Support. | |
Enable Sharing for Flow Orchestration Objects (Release Update) | In Summer ’23, Salesforce enables sharing for Flow Orchestration objects. With this change the Manage Flow user permission no longer grants user access to Flow Orchestration objects. To cancel or debug an orchestration or to reassign an orchestration work item, a user needs the Manage Orchestration Runs and Work Items user permission, along with sharing access to Flow Orchestration objects. Users who run orchestrations and execute work items must still have the Run Flows user permission. | Flow Orchestration for CMS: Basic Approval Request Manage Flow permission no longer grants access to Flow Orchestration objects. Users will need the following:
|
This update upgrades the JavaScript library for all of your Aura sites from analytics.js to gtag.js in preparation for Google Analytics 4 (GA4). After you upgrade your JavaScript libraries, to complete the migration to GA4, you must manually update the Google Analytics Tracking ID for each of your Aura sites from a UA-ID to a G-ID. To continue collecting analytics data for Aura sites after Google stops processing data through Universal Analytics properties on July 1, 2023, Experience Cloud requires that each Aura site uses the gtag.js library and a G-ID. Previously, Aura sites were permitted to use either the analytics.js library or the gtag.js library, and connected to Google Analytics with a UA-ID. This update was first available in Spring ’23 and is enforced in Summer ’23. | No additional testing required. No pending updates for Aura Sites:
| |
Migrate Security Policies to the Mobile Security Setup UI (Release Update) | This update improves the admin experience by moving all Enhanced Mobile App Security policies that were configured as Connected App custom attributes to the Mobile Security Setup UI. Now you can easily enable or edit security policies with clicks and avoid configuration errors. | No impact. Only applies to Connected App custom attributes beginning with mobile.security for the Salesforce mobile app. |
With this update, event log files are generated and delivered only to instances that opt in to receive event log files. Previously, all instances received event log files automatically. This update automatically disables event log file generation for Developer and Trial editions and for instances that don’t have the Event Monitoring add-on subscription by default. If you have Salesforce Shield or Salesforce Event Monitoring add-on subscriptions, you’re opted in to receiving event log files by default. This update was first available it Spring ’23 and is enforced in Summer ’23. | This can be utilized to minimize the effort used to generate Event Log Files to be used for investigating API calls in relation to the Release Update API 21-30 Retirement. Currently, in other accounts, we used SFDX and Workbench to manually generate EventLogFiles, save it as a CSV. That CSV file is checked if there are API calls which will be part of the retirementhelpful to filter out which instances receive event log files. We can turn this feature on to PROD and other important sandboxes such as SIT and UAT. | |
This update restricts organizations from sending emails from an unverified email address in the guest user record. Orgs with a verified organization-wide email address aren’t affected by this release update, because the “sent from” email address defaults to the org’s verified email address. This update is enforced with the Summer ’23 release. When this update is enforced, emails sent from the org using a guest user’s unverified email address are blocked. | No impact. There is already a verified Organization-Wide Email Address: Advancement Services Support | |
Security Enhancements for CSRF Tokens for Lightning Apps (Release Update) | This update enforces the generation of a different cross-site request forgery (CSRF) token for each Lightning app, which ensures that a token is used only in its intended context. The update also improves the handling for invalid and expired tokens. This update was first available in Spring ’23 and is enforced in Summer ’23. | No impact. Enhanced security for each Lightning App. Tested most used Lightning Apps (Affinaquest, Sumo) and still works fine |
Use a Default No-Reply Address as System Address for Case Email Notifications (Release Update) | Configure a default No-Reply address from the Organization-Wide Addresses page in Setup. Add an email address in Special Purpose Organization-Wide Email Addresses, then follow the steps outlined in the verification email sent to the new default No-Reply address. After you verify your default No-Reply address, set up and start the Test Run in the Release Update. This update was first made available in Spring ’21 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | A Default No-Reply Address is already set: Advancement Services Support Support Settings > "Send Case Notifications from System Address" is enabled Previously: email notifications were sent from the Automated Case User |
To take the next step toward retiring Process Builder processes, you can no longer create new processes. You can still activate, deactivate, and edit your existing Process Builder processes and continue to create automations in Flow Builder. To test and create processes for use in managed packages, developer orgs still allow you to create processes. Most Process Builder use cases are now supported in and work better in Flow. | To facilitate migrating your processes, use the Migrate to Flow tool. |
...
Feature | Short Description | Remarks / Action Items |
|---|---|---|
Reuse email content with Lightning and Classic email templates in the Send Email action. If your email template has merge fields, you can use the recipient record or a related record to populate the merge fields. Or, you can use both. Previously, you couldn’t use email templates in the Send Email action. | How: For example, to send an email to a contact using an email template with Contact and Account object merge fields, set Email Template ID to the ID of the email template to use (1). Then, set Recipient ID to the contact record’s ID (2) and Related Record ID to the related account record’s ID (3).  | |
Use Lightning Web Security for Lightning Web Components and Aura Components (Generally Available) | Lightning Web Security (LWS) for Aura components is generally available. Salesforce continues the gradual rollout of the LWS architecture, which was announced as generally available for Lightning web components in Spring ’22. Salesforce is not enabling LWS automatically for any orgs in Summer ’23. | LWS affects Lightning Web Components and Aura components in Aura-based Experience Cloud sites. Aura-based Sites found:
This setting: Use Lightning Web Security for Lightning web components and Aura components is not enabled automatically by Salesforce. |
Synchronize Component Data Without a Page Refresh Using RefreshView API (Generally Available) | Whether user-driven or app-invoked, the ability to synchronize data without reloading an entire page is a key user experience requirement. The new lightning/refresh module and RefreshView API provide a standard way to refresh component data in Lightning web components (LWC) and Aura components. Previously, LWC lacked a data refresh API and could only refresh using an Aura wrapper and the legacy force:refreshView, which doesn’t meet the requirements of modern web development. RefreshView API’s detailed control of refresh scope lets developers create refined user experiences while maintaining backward compatibility. This feature, now generally available, includes some changes since the last release. | New feature. Lightning Web Security (LWS) must be enabled in the Salesforce org. There are custom LWCs that may utilize the new RefreshView API: milestoneRelatedList sourceGiftSearch usyd_ContactLegalCreditStats |
Query Five Levels of Parent-to-Child Relationships in SOQL Queries | SOQL now supports relationship queries that traverse up to five levels of parent-child records. Use a single SOQL query to get parent-child records from five different levels. This ability is limited to SOQL queries via the REST and SOAP query calls on standards and custom objects. | New feature. Can be utilized if needed since.  |
Now you can see more elements on the Flow Builder canvas with a new compact layout and a smaller Add Element button. Previously, elements were further spread out, requiring you to move the canvas more frequently to see additional elements. | Helpful for easier flow development because previously, we need to move the canvas to see all of the available element when Add Element button is clicked. |
...