Salesforce – Spring ’23 release updates


Timeline :

Salesforce has provided a detailed timeline for the latest release which is Spring ’23. The timeline mentioned below is a high level start date. Project admins/leads have to check the Salesforce trust portal for the exact upgrade dates for their specific instances.

©Salesforce.com

Enforced Updates :

These updates are scheduled to be Enforced In Spring ‘23:

  • Apply User Access Permissions to Navigation Menus Retrieved by Apex in Experience Cloud Sites
    • First Available : Winter ’23
    • Notes /Actions :
      • Look out for any query on NavigationLinkSet or NavigationMenuItem objects.  Make the necessary changes if needed. This change ensures only the records from Experience Cloud sites that a user is a member of, are returned.
      • No change required if queried using Connect api as it already enforces the check.
  • Require Granular Flow Permissions for Experience Cloud Guest Users
    • Notes /Actions :
      • Salesforce is going to remove the “run flow” permission for Guest User and Experience Cloud External User profiles.  If your experience site/s are using flows and there are access related issues, update your sites to the new permission structure.
  • MFA Auto-Enablement
  • Enable Stronger Protection for Your Users’ Personal Information
  • Enable Content Sniffing Protection
    • Notes /Actions :
      • Once enabled, this adds header “X-Content-Type-Options: nosniff” to all the pages served from Salesforce. Once enabled, verify the pages for the header in network tab under the browser console.
  • Upgrade SAML Single Sign-On Framework
    • Notes /Actions :
      • Once this update is enabled, SAML based SSOs could be impacted. Check logins and logouts. Some major impacts are:
        • Salesforce now uses saml2p and saml2 as namespace prefixes in XML-based SAML artifacts generated such as a request or a response. Make necessary changes to accommodate these, if needed.
        • The Identity Provider URL and Assertion Consumer Service (ACS) URL are now encoded. The single logout Endpoint and relay state parameters are also encoded. Make necessary adjustments for it.
  • Run Flows in User Context via REST API.
    • Notes /Actions:
      • This impacts the auto-launched flows if invoked using Rest api. If invoked using rest, flows used to run in System context. Once enabled, flows will run in user context.
        • Check for any such instance where flows are executed via REST API.
        •  Adjust permissions if needed.


Leave a Reply

Your email address will not be published. Required fields are marked *