It’s almost time for the seasonal Salesforce release!
Just a few months ago, during the Salesforce Winter release, we were introduced to new features and enhancements for Lightning Experience, Salesforce Flow, and Lightning Web Component. It would be fascinating to learn what new features and enhancements are about to bloom with the Spring release! So, here’s a quick look at the changes that you can expect to see in Salesforce Spring ‘23 Release.
1. Apply User Access Permissions to Navigation Menus
Members of Salesforce Experience Cloud sites may not be able to access navigation menus post this update.
The purpose of this change is to improve site security by enforcing existing user access permissions when a custom component uses an Apex controller to query NavigationLinkSet or NavigationMenuItem objects.
Where: The change applies to Lightning Experience, Salesforce Classic, Performance, Unlimited, and Developer editions of Aura, LWR, and Visualforce sites.
How: Go to Setup, enter Release Updates in the Quick Find box, and then select Release Updates. Follow the steps for applying user access permissions to navigation menus in Experience Cloud Sites.
2. Enable Content Sniffing Protection
By protecting your network against content sniffing, the update helps defend your organization against malicious attacks.
Your users can now access external websites and content from Salesforce without their browsers loading scripts disguised as other file types. Initially available in Winter ’23, this update goes into effect in Spring ’23.
Where: All editions of Lightning Experience and Salesforce Classic will be affected by this change.
How: To review this update, go to Setup, select Quick Find, and then Type Release Updates. Test and activate the Enable Content Sniffing Protection feature.
3. Stronger Protection for Users’ Personal Information
In addition to hiding personal information from user records, this feature secures more personally identifiable information (PII). In addition, you can choose which standard and custom user fields should be considered personal information. It was originally scheduled to be enforced in Winter ’23 Release but postponed to the Spring ’23 Release.
Where: The above mentioned changes apply to Salesforce Classic (not available in all Orgs) and Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions.
Originally scheduled for enforcement in Winter ’22, this update has been postponed to Spring ’23.
How: To enable this update, go to Trust Status, search for your instance, and click the Maintenance tab to find the major release upgrade date.
Enter User Management Settings in the Quick Find box in Setup, and then select User Management Settings. Deselect Hide Personal Information if it is enabled. Activate Enhanced Personal Information Management.
4. Prevent Cross-Site Scripting in Visualforce Pages
This update enhances the security of your Visualforce pages by automatically removing all apex:inputField>element labels. You can also create apex:inputField>elements after enabling the update by escaping the label attribute.
Where: Professional, Enterprise, Performance, Unlimited, and Developer editions of Salesforce Classic and Lightning Experience will be affected by this change. For certain products, Lightning console apps are available at an additional cost for Salesforce Platform users.
How: You can find the major release upgrade date for your instance by going to Trust Status, searching for your instance, and clicking on the Maintenance tab. To activate this release update, select Release Updates from Setup’s Quick Find box, and then select Release Updates.
5. Granular Flow Permissions for Guest Users
Salesforce is removing Run Flows from Guest Users’ profiles in Spring ’23. To run Flows, guests must have explicit permissions. By using Flows’ more granular permission structure, you can give your users detailed access. It is recommended that you update your sites to the new permission structure before the enforcement date in order to avoid access issues in the future. Originally released in Summer ’22, this update becomes effective in Spring ’23.
Where: For Enterprise, Performance, Unlimited, and Developer editions of Lightning Experience and Salesforce Classic, this change applies to Aura, LWR, and Visualforce sites.
How: Click on the Maintenance tab on Trust Status to find your instance’s major release upgrade date.
6. Run Flows via REST API in the User Context
Previously, flow executions via REST API ran in the system context, which included access to and modification of all data.
Flows now run within the context of the user who authenticates via REST API and object permissions and field-level access are determined by the user’s profile and permission sets.
Salesforce’s latest update prevents users from unintentionally creating or editing records without permission.
Where: Salesforce Classic and Lightning Experience in Essentials, Professional, Enterprise, Performance, Unlimited, and Developer editions are affected by this change.
How: The REST API update prevents flows from editing records whose owner does not have permission to edit.
7. Single Sign-On Framework Upgrade
You can improve your security posture and increase your platform’s performance with this maintenance update. Several single sign-on URLs have been encoded.
Where: All editions of Lightning Experience and Salesforce Classic are affected by this change.
How: Click the Maintenance tab on Trust Status to find your instance’s major release upgrade date.
The Bottom Line
With the Spring ‘23 release, Salesforce is putting a lot of emphasis on security and privacy. Considering the proliferation of cyber attacks and data breach cases in the last few years, this release looks like a remedy to create a safe ecosystem.
Want to Know More About Salesforce Spring Release? Talk to Us!
If you’d like to talk about other cool things that you can do with the new features from the Salesforce Spring ‘23 release, we would be happy to pitch in. Simply drop us a line at [email protected] and we’ll take it from there.
Popular Blog Posts