Information about Critical Updates from Salesforce Follow
From time to time, Salesforce sends out auto-generated alerts (e.g. expiring certificates) or critical update notifications to the ORG's admin(s) or asks the admin(s) to review these critical updates on login. These notifications inform you about a core update that Salesforce is providing, usually security relevant.
These updates can be activated and deactivated again for a while, so you can test the behavior of an update related to your custom code. And unless we list an update to avoid on this page below, you can activate all updates or wait until activation is forced (auto-activation date).
Should you have developed custom code or are using another third-party addon and are unsure about an update, please ask your developer/third-party provider to check as well. You can test an update also in a Sandbox environment (recommended: partial/full data sandbox).
CRITICAL UPDATES
>>> Critical Update with Salesforce Summer '23 Release <<<
Restrict Emails Sent from Unverified Email Addresses by the Guest User (Release Update)
To improve security standards, Salesforce is blocking any emails sent from an unverified email address in the guest user record. This update is enforced with the Summer ’23 release. When this update is enforced, emails sent from the org using a guest user’s unverified email address are blocked.
Where: This change applies to orgs that have a guest user in Lightning Experience or Salesforce Classic.
When: Salesforce enforces this update in Summer ’23. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.
How: If you have any custom implementations with Apex or flows that use emails sent from guest user records, you may need to change the guest user record to continue sending emails.
To continue sending emails from the guest user record, follow these steps:
- Create an organization-wide email address and verify it.
- Add the organization-wide email address in the Email field of the guest user record:
- Go to Setup.
- In Quick Find, enter sites and click Sites under Sites and Domains.
- Click the site that you are using (i.e. Webservices).
- Click Public Access Settings and click Assigned Users.
- Click Edit corresponding to the Guest User account.
- Update the email address of the Guest User and Save.
To review this update, from Setup, in the Quick Find box, enter Release Updates, and then select Release Updates. Follow the steps for Restrict Emails Sent from the Guest User.
One example of an area that can be affected by this update is flows. When a flow has a Send Email action, the Sender Type and Sender Email Address must be populated with the verified org-wide email address. Another example is Email Alerts. Make sure the From address of email alerts is set to the verified org-wide email address when the default workflow user is the guest user.
>>> Critical Update with Salesforce Spring '23 Release <<<
You may have received a Salesforce email about the enablement of the security feature called Enhanced Domains. Enhanced Domains are the current version of My Domain that meets the latest browser requirements.
Please note in the Spring '23 release, Salesforce will automatically deploy this feature in all Orgs unless you untick the "Automatically deploy enhanced domains with Spring '23" checkbox in your My Domain settings.
For more information on this topic please see the Salesforce documentation on Enhanced Domains and please reach out to Propertybase Support if you have any further queries.
>>> Salesforce Platform API Versions Retirement <<<
|
||
|
||
|
The Propertybase team is aware of this change and will take measures if and where needed for our product. You would see an announcement and if needed instructions in an update-release available on update.propertybase.com.
What should you do? Normally you will not have to do anything unless you had integrations and other API related features built a long time ago. In that case or any uncertainty, please read the instructions and advice Salesforce provides (linked above for each retirement, but instructions will be the same).
>>> Critical Update with Salesforce Spring '22 Release <<<
You may have been notified or asked to activate Salesforce Multi-Factor Authentication (MFA). This will become mandatory as of February 1st 2022. See also the FAQ from Salesforce:
https://help.salesforce.com/s/articleView?id=000352937&type=1
Please DO look into activating MFA now: Gradually start testing MFA with a few users to understand impact and potential challenges. We have prepared this information here to guide you on getting started: Setup Basic Multi-Factor Authentication with a Permission Set
Please read the information to the end as there are more resources in that article and some Best-Practice notes.
>>> Critical Update with Salesforce Summer '20 Release <<<
If you are using Webservices Guest User to create contacts and inquiries through Front Desk, you will want to opt-out of "Guest User Security Policies Before Summer ’20" by activating corresponding opt-out option:
Should your ORG already have received Summer Release '20, and you are receiving errors for Front Desk Leads not being created due to a "field integrity exception (Guest users cannot be record owners.)" error, please follow the steps:
Go to Setup > Sites and untick "Assign new records created by Salesforce Sites guest users to a default owner in the org" on the site setting:
Then look for "Sharing Settings" in Setup's Quickfind Box and there, click on "Edit"
Then scroll to the bottom of the page and untick "Secure guest user access":
If you are unsure if an update will affect your custom code or other third-party addons:
- test it by activating it in a partial/full data sandbox first
- test it by activating it in production early before auto-activation, so you can deactivate again and take measures, should it not work for you.
- talk to your IT/Propertybase admin or consultant to find out about third-party addons
EXPIRING CERTIFICATE
"ACTION REQUIRED: Default Certificate will Retire on Month day, 201x"
OR
"SFDC Expiring Certificate Notification"
If you have received an email notifying about an expiring certificate, you'll only have to take care of this, if you are using e.g. a Single-Sign-On (what is SSO?) or have setup an app that uses a custom certificate. If you are not sure, please hand it over to the person who set up your Propertybase ORG/test the following in a Sandbox first:
To stop alerts/notifications for expiring certificates, you can remove the certificates:
1. Go to Setup -> search for "Single Sign-On Settings" and if you can only see this one line "pbase SAML SSO Setting", feel free to delete it as explained here:
- If you are unsure or see more than one certificate:
- test it in a Sandbox first
- talk to your IT admin to find out if you are using Single-Sign-On
- grant Propertybase Support access and let us know which certificate you are unsure of, so we can double-check
2. Go to "Setup" > search for "Certificate and Key Management" and feel free to delete the certificate(s):
- If you are unsure or see more than one certificate:
- test it in a Sandbox first
- use "Export to Keystore" to create a backup file with all certificates (password-protected) which you could import again
- grant Propertybase Support access and let us know which certificate you are unsure of, so we can double-check
Comments
0 comments
Please sign in to leave a comment.