Attention: Confluence is not suitable for the storage of highly confidential data. Please ensure that any data classified as Highly Protected is stored using a more secure platform.
If you have any questions, please refer to the University's data classification guide or contact ict.askcyber@sydney.edu.au
Summer 23 Release
- bob.alicante
- sidney.garcia
Production Release Date: June 11, 2023
POST RELEASE VALIDATION
ENFORCEMENTS
Feature | Short Description | Remarks / Action Items | Recommendation |
|---|---|---|---|
Salesforce is updating the routing options available on the My Domain setup page to include Salesforce Edge Network. By default, all orgs are automatically enrolled in the upcoming Salesforce Edge enablement, which occurs according to this timeline: Salesforce notifies admins via email 60 to 90 days before the Edge enablement for their orgs. After Edge is enabled, Salesforce also notifies admins of that event. We’ve also provided the ability to defer this change by unchecking Enable Salesforce Edge Network during the scheduled feature rollout on the My Domain setup page. For additional flexibility, even if you decide to defer now, you can enable Salesforce Edge manually later, ideally during your org's off-peak hours. NOTE: After Salesforce Edge Network is enabled, you can roll back this change within 7 calendar days. If this window has passed, log a case with Salesforce Support to discuss the options available to your org. In Spring ’23, Salesforce Edge Network can be enabled but requires Salesforce Support to roll back. | What is Salesforce Edge Network? Considerations for Salesforce Edge Network
Action Item: Raise support case 15/5: Case #44609558 raised 17/5: Had a meeting with SF Support Engineer. He advised us to enable the Edge Network as it will not impact USyd org but rather provide faster responses when accessing data. NOTE: We just need to monitor if we need to whitelist the new IP once it’s turned ON and provide it to IT team if needed. Link to IP list from SF: https://help.salesforce.com/s/articleView?id=000384438&type=1 Webex meeting recording: Case Number: 37355506-20230517 0032-1 | Part of Summer 23 release | |
Disable Rules for Enforcing Explicit Access to Apex Classes (Release Update) | This update disables the requirement for a user running a flow to have explicit access to Apex classes invoked by that flow. This update was first made available in Summer ’20 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | This update is available only for Salesforce orgs that enabled the Require User Access to Apex Classes Invoked by Flow update. No impact to Univ of Sydney | Part of Summer 23 release |
Help shield your org and network from malicious attacks with content sniffing protection. This change helps prevent the browser from loading scripts disguised as other file types when your users access external content and websites from Salesforce. This update was first made available in Winter ’23 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | If a link or content embedded within a custom page fails to load, investigate whether the external content is valid. If a standard Salesforce page or embedded content on a standard page fails to load during testing, file a case with Salesforce Customer Support.
Action Item: Raise support case 15/5: Case #44609558 raised 17/5: No impact as per conversation with SF Support as this is just additional security feature.
| Part of Summer 23 release | |
Enable Sharing for Flow Orchestration Objects (Release Update) | In Summer ’23, Salesforce enables sharing for Flow Orchestration objects. With this change the Manage Flow user permission no longer grants user access to Flow Orchestration objects. To cancel or debug an orchestration or to reassign an orchestration work item, a user needs the Manage Orchestration Runs and Work Items user permission, along with sharing access to Flow Orchestration objects. Users who run orchestrations and execute work items must still have the Run Flows user permission. | No impact. No existing Flow Orchestration. The flow Basic Approval Request is a Flow Orchestration for CMS, and is from a managed package. | Part of Summer 23 release |
This update upgrades the JavaScript library for all of your Aura sites from analytics.js to gtag.js in preparation for Google Analytics 4 (GA4). After you upgrade your JavaScript libraries, to complete the migration to GA4, you must manually update the Google Analytics Tracking ID for each of your Aura sites from a UA-ID to a G-ID. To continue collecting analytics data for Aura sites after Google stops processing data through Universal Analytics properties on July 1, 2023, Experience Cloud requires that each Aura site uses the gtag.js library and a G-ID. Previously, Aura sites were permitted to use either the analytics.js library or the gtag.js library, and connected to Google Analytics with a UA-ID. This update was first available in Spring ’23 and is enforced in Summer ’23. | No additional testing required. No impact. No pending updates for Aura Sites:
| Part of Summer 23 release | |
Migrate Security Policies to the Mobile Security Setup UI (Release Update) | This update improves the admin experience by moving all Enhanced Mobile App Security policies that were configured as Connected App custom attributes to the Mobile Security Setup UI. Now you can easily enable or edit security policies with clicks and avoid configuration errors. | No impact. Only applies to Connected App custom attributes beginning with mobile.security for the Salesforce mobile app. | Part of Summer 23 release |
With this update, event log files are generated and delivered only to instances that opt in to receive event log files. Previously, all instances received event log files automatically. This update automatically disables event log file generation for Developer and Trial editions and for instances that don’t have the Event Monitoring add-on subscription by default. If you have Salesforce Shield or Salesforce Event Monitoring add-on subscriptions, you’re opted in to receiving event log files by default. This update was first available it Spring ’23 and is enforced in Summer ’23. | Recommendation: Turn ON in PROD, Fullcopy (UAT) and SIT. OFF in lower dev sandboxes This can be helpful to filter out which instances receive event log files. We can turn this feature on to PROD and other important sandboxes such as SIT and UAT. No impact to Univ of Sydney | Part of Summer 23 release | |
This update restricts organizations from sending emails from an unverified email address in the guest user record. Orgs with a verified organization-wide email address aren’t affected by this release update, because the “sent from” email address defaults to the org’s verified email address. This update is enforced with the Summer ’23 release. When this update is enforced, emails sent from the org using a guest user’s unverified email address are blocked. | There is already a verified Organization-Wide Email Address: Advancement Services Support. NOTE: This is the Sumo Guest User Record, need to check if this is a valid/verified email: sumo_cep@sydneyuni-adv.force.com @Sunil (Unlicensed) - kindly verify Thanks cc @Syed Shah @Aldrin Rasdas (UofSyd) This has been confirmed with @Sunil (Unlicensed) 15/05 No impact to Univ of Sydney | Part of Summer 23 release | |
Security Enhancements for CSRF Tokens for Lightning Apps (Release Update) | This update enforces the generation of a different cross-site request forgery (CSRF) token for each Lightning app, which ensures that a token is used only in its intended context. The update also improves the handling for invalid and expired tokens. This update was first available in Spring ’23 and is enforced in Summer ’23. | No impact to Univ of Sydney Enhanced security for each Lightning App. Tested most used Lightning Apps (Affinaquest, Sumo) and still works fine | Part of Summer 23 release |
Use a Default No-Reply Address as System Address for Case Email Notifications (Release Update) | Configure a default No-Reply address from the Organization-Wide Addresses page in Setup. Add an email address in Special Purpose Organization-Wide Email Addresses, then follow the steps outlined in the verification email sent to the new default No-Reply address. After you verify your default No-Reply address, set up and start the Test Run in the Release Update. This update was first made available in Spring ’21 and was scheduled to be enforced in Spring ’23, but we postponed the enforcement date to Summer ’23. | A Default No-Reply Address is already set: Advancement Services Support Support Settings > "Send Case Notifications from System Address" is enabled Previously: email notifications were sent from the Automated Case User
| Part of Summer 23 release (already existing in PROD, no actions required) |
To take the next step toward retiring Process Builder processes, you can no longer create new processes. You can still activate, deactivate, and edit your existing Process Builder processes and continue to create automations in Flow Builder. To test and create processes for use in managed packages, developer orgs still allow you to create processes. Most Process Builder use cases are now supported in and work better in Flow. | To facilitate migrating your processes, use the Migrate to Flow tool.
| Need to plan ahead for the migration of existing Process Builders and Workflow Rules |
UI FRONTEND CHANGES
Feature | Short Description | Remarks / Action Items | Recommendation |
|---|---|---|---|
Make your content easier to see and use for people with low vision. Non-text UI elements, such as buttons and checkboxes, and some text UI elements, such as links, now appear with improved color contrast to align with accessibility standards. These color changes affect Salesforce Lightning Design System (SLDS), Lightning base components, and a subset of record home pages. Where: This change applies to Lightning Experience in all editions. The changes to Lightning base components apply in Lightning Experience, but they don’t apply if you use a Lightning base component in a custom component. The color-contrast changes occur for these record home pages only in Lightning Experience.
Why: Web Content Accessibility Guidelines (WCAG) are a series of web accessibility guidelines published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C). The guidelines include criteria for non-text contrast. Good color contrast means that all users can more easily see the content on any device or in any lighting conditions. This image shows the difference between standard object and document type icons in Spring ’23 (old) and Summer ’23 (new). These icon changes occur for all pages in Lightning Experience. The other color-contrast changes occur for a subset of record home pages only. | PROD (Spring 23) When editing Account record - buttons are in right hand portion of the screen with gray button background
Summer 23 (SIT) When editing Account record - buttons are in the center portion of the screen with different button background (Red)
| Part of Summer 23 release, No impact, just cosmetic changes | |
Boost Productivity with Mass Quick Actions on Related Lists (Beta) | Save your users time by decluttering the actions in the highlights panel and adding quick actions directly on related lists. Your users can create related records for items in the list without leaving the page. Or they can select up to 100 records in the related list and perform mass updates instead of single record updates. |
| Optional. We need to contact SF if we want this enabled in our sandboxes and PROD instance |
NEW FEATURES
Feature | Short Description | Remarks / Action Items | Recommendation |
|---|---|---|---|
When you type in an input field on a Lightning Web Components record page, an undo button appears and the background color changes until you save. Clicking the undo button removes your unsaved changes. This functionality doesn’t occur in Dynamic Forms—enabled pages. Previously, to use the undo button, you clicked a field, entered content, and then clicked outside the field. |
| Part of Summer 23 release | |
To protect your org and user data, ensure that your users have a verified email address. You can now manage email verification with simple UI tools instead of code. While viewing a user’s details, you can see whether their email address is verified and initiate verification with a few clicks. Your users can also see their email address status and begin verification for themselves. To finish verifying, they click a link received at their unverified email address.
| How: From the Users Setup page, select a user and find the Email field. To initiate email verification, select Verify. After the user clicks the verification link emailed to them, their email address is marked Verified. The verification link expires after 72 hours. If a user misses this window, click Verify again to send a new link. You can also verify user email addresses using the API method.
| Part of Summer 23 release | |
Deploy Scalable Apps and Analyze System Performance with Scale Center @Syed Shah - this is something we can explore. You need to contact the Account executive to have this feature enabled in USyd org. Thanks cc @Yeng Sembrano @Aldrin Rasdas (UofSyd) | Scale Center provides self-service and near-real-time access to performance metrics. Diagnose root causes and act on scale issues earlier in your development cycle. Improve the scalability of your Salesforce implementation. Identify issues with performance or scale. Launch analyses to troubleshoot errors. Retrieve customized insights and recommendations. Who: This service is available after approval from Salesforce. Users opt to use Scale Center and are subject to the applicable terms provided at Agreements and Terms. | How: Enable Scale Center in sandboxes and in production on first party infrastructure (1P) and Hyperforce. From Setup, in the Quick Find box, enter Scale Center, and then select Scale Center. To get access, contact your program architect or account executive. Start an analysis report.
| Optional - @Syed Shah need to communicate with SF if there’s no fee involved in turning this feature. |
Save time and effort and reduce dashboard redundancy. No more cloning dashboards for different teams and business units. Refine and target your dashboard data with up to five filters on Lightning dashboards. The previous limit was three filters. Where: This change applies to Lightning Experience in Unlimited Edition.
| How: Reuse the same dashboard for all your regional teams while preserving existing filters that are already set up for each team. Previously, if you filtered on Stage, Opportunity Owner, and Type, you couldn’t add a Region filter that would allow you to reuse the dashboard for all your teams. Now you can include the Region filter and even have room for a Created Date filter as well.
| Part of Summer 23 release | |
Enhance Your Visualizations with Images, Rich Text, and Dashboard Widgets | Explain Lightning dashboard charts, describe metrics and KPIs, and clarify tables with rich text right where users need it. Add company logos and branding, flow diagrams, and embedded images. Guide users through their data with section titles, narrative text, and even animated GIFs. Components are now called widgets in Unlimited Edition. Dashboards now support up to 25 widgets, including a maximum of 20 charts and tables, 2 images, and 25 rich text widgets. The previous limit was 20 in total. |
3. Combine charts, text, and images to inform, engage, and guide viewers.
| Part of Summer 23 release |
Set Field-Level Security for a Field on Permission Sets Instead of Profiles (Generally Available) | When you create a field, set its field-level security on permission sets instead of profiles. Or, modify the field-level security for an existing field for all permission sets in Object Manager. This change makes it easier to follow the user access control best practice of using permission sets to manage your users’ permissions rather than profiles. This feature, now generally available, includes an enhancement so that you can see each permission set’s object permissions for the field’s object without leaving the page. | How: From Setup, in the Quick Find box, enter User Management Settings, and then select User Management Settings. Enable Field-Level Security for Permission Sets During Field Creation. Now, when you create a field, set field-level security on an existing field, or change a custom field’s type, you assign field-level security for permission sets instead of profiles.
| Optional. We can turn OFF the settings until decision to use Permission set instead of profile for setting all field level security |
The Quick Create technology enhances the speed at which Full sandboxes are created or refreshed. Teams can focus more time on developing and testing solutions, and less time waiting for sandboxes to be built. | Where: This change applies to new Full sandbox requests for production orgs on eligible Hyperforce instances. When: This feature will be rolled out as a staggered release after June 10, 2023. Who: To create or refresh a Full sandbox, you need the Manage Sandbox user permission. How: Salesforce admins don't have to enable this feature. Quick Create is the default for new Full sandbox requests on eligible Hyperforce instances. | Part of Summer 23 release | |
Flow user permissions are now all consolidated under a new Flow and Flow Orchestration section in App Permissions. Previously, they were dispersed throughout System Permissions. | How: For example, you want to add flow user permissions to a permission set. From Setup, in the Quick Find box, enter Permission Sets, and then select Permission Sets. Next, select the permission set you want to manage, and then click App Permissions. Last, select the permissions that you want to add.
| Part of Summer 23 release |
DEVELOPMENT ITEMS
Feature | Short Description | Remarks / Action Items |
|---|---|---|
Reuse email content with Lightning and Classic email templates in the Send Email action. If your email template has merge fields, you can use the recipient record or a related record to populate the merge fields. Or, you can use both. Previously, you couldn’t use email templates in the Send Email action. | How: For example, to send an email to a contact using an email template with Contact and Account object merge fields, set Email Template ID to the ID of the email template to use (1). Then, set Recipient ID to the contact record’s ID (2) and Related Record ID to the related account record’s ID (3).
| |
Use Lightning Web Security for Lightning Web Components and Aura Components (Generally Available) | Lightning Web Security (LWS) for Aura components is generally available. Salesforce continues the gradual rollout of the LWS architecture, which was announced as generally available for Lightning web components in Spring ’22. Salesforce is not enabling LWS automatically for any orgs in Summer ’23. | LWS affects Lightning Web Components and Aura components in Aura-based Experience Cloud sites. Aura-based Sites found:
This setting: Use Lightning Web Security for Lightning web components and Aura components is not enabled automatically by Salesforce. |
Synchronize Component Data Without a Page Refresh Using RefreshView API (Generally Available) | Whether user-driven or app-invoked, the ability to synchronize data without reloading an entire page is a key user experience requirement. The new lightning/refresh module and RefreshView API provide a standard way to refresh component data in Lightning web components (LWC) and Aura components. Previously, LWC lacked a data refresh API and could only refresh using an Aura wrapper and the legacy force:refreshView, which doesn’t meet the requirements of modern web development. RefreshView API’s detailed control of refresh scope lets developers create refined user experiences while maintaining backward compatibility. This feature, now generally available, includes some changes since the last release. | New feature. Lightning Web Security (LWS) must be enabled in the Salesforce org. There are custom LWCs that may utilize the new RefreshView API: milestoneRelatedList sourceGiftSearch usyd_ContactLegalCreditStats |
Query Five Levels of Parent-to-Child Relationships in SOQL Queries | SOQL now supports relationship queries that traverse up to five levels of parent-child records. Use a single SOQL query to get parent-child records from five different levels. This ability is limited to SOQL queries via the REST and SOAP query calls on standards and custom objects. | New feature. Can be utilized if needed since. |
Now you can see more elements on the Flow Builder canvas with a new compact layout and a smaller Add Element button. Previously, elements were further spread out, requiring you to move the canvas more frequently to see additional elements. | Helpful for easier flow development because previously, we need to move the canvas to see all of the available element when Add Element button is clicked. |