Each year, Salesforce has three major releases, and as the number of new and improved features increases, so does our release notes document, which is now at about 600 pages. If you are a Salesforce ISV partner, this blog post is for you. We have gone through the release notes document to bring you the features that are most important to you.
Multi-factor authentication (MFA) is on by default for direct login to production
Feature
MFA is now a default part of the direct login process when a new production org goes live.
Impact for ISVs
Admins will get a warning reminder if the MFA setting is turned off.
If your partner solution has built a community for external users but is using a Platform license rather than Experience Cloud, please submit a support case following these instructions:
- In Salesforce Help, open a case under Salesforce Partner Program Support.
- File the case under Partner Programs & Benefits, and list the topic as ISV Technology Request.
There are some use cases that aren’t required to use MFA. For a few of these situations, a Salesforce admin must manually waive MFA for the affected user types. Check out Exclude Exempt Users from MFA in Salesforce Help for full guidance.
Related resources
- Link to Release Notes
- Learn more in the MFA FAQ: MFA Requirement Guidance for Salesforce Partners/Service Provider
- Partner Community Chatter Group: Official: Security & Privacy
Globalization – ICU Formats
Feature
Salesforce is retiring JDK locale formats and enforcing International Components for Unicode (ICU) locale formats on a rolling basis starting with the Spring ’24 release. Salesforce orgs created in Winter ’20 or later have ICU locale formats enabled by default. You can defer the enforcement until Spring ’25 through the UI. Salesforce emails admins 30 to 60 days before the ICU enablement for their orgs.
Impact for ISVs
This changes the way that dates, times, numbers, and currencies appear, using locale formats from the ICU library.
ISVs can evaluate the impact of these changes by testing your filters, code, and components as needed. You can create a test org from Environment Hub, enable the ICU Locale Format update, install your managed package, and run user acceptance testing.
Related resources
Salesforce Platform API versions 21.0 through 30.0 retirement
Feature
The retirement of versions 21.0 through 30.0 of the Salesforce Platform API was first scheduled for Summer ’23. The retirement is now postponed to Summer ’25.
Impact for ISVs
You can continue to use these API versions but they’re not supported and won’t be available starting in Summer ’25. Please upgrade to the latest version when possible.
You can use Code Analyzer with a PMD rule to check the API version:
Related resources
Use Cursors for Expanded SOQL query result support (Beta)
Feature
With Apex cursors, you can break up the processing of a SOQL query result into pieces that can be processed within the bounds of a single transaction. Cursors provide you with the ability to work with large query result sets, while not actually returning the entire result set. You can traverse a query result in parts, with the flexibility to navigate forward and back in the result set.
Impact for ISVs
Use cursors effectively to work with high-volume and high-resource processing jobs. Cursors are an alternative to batch Apex and address some of its limitations. Cursors are also more powerful because they can be used in a chain of queueable Apex jobs.
Note: This is a Beta release. Please evaluate and wait for GA before including this in your app.
Related resources
Static SOQL for Data Cloud data model objects (DMOs)
Feature
Static SOQL is now supported with Data Cloud data model objects (DMOs) as a more direct alternative to using either dynamic SOQL or ConnectApi. Additionally, SOQL using Apex Database.QueryLocator or in for loops is supported in API version 61.0 and later.
Impact for ISVs
Previously, queries needed to use dynamic SOQL and ConnectApi.
Note that running SOQL queries against DMOs can result in Data Services Credits being consumed from your customer’s Data Cloud subscription.
Related resources
Consider field-level and record-level access when using Apex with Data Cloud Objects
Feature
Data Cloud data model objects (DMOs) in all data spaces are accessible from Apex in system mode, even when a permission set for the data space isn’t explicitly assigned. Read-only object-level access checks are supported if the user has access to the data space. There’s currently no support for field-level security or for record-level access control. Apex features, such as WITH USER_MODE, WITH SECURITY_ENFORCED, describe calls, and Security.stripInaccessible(), can check only object-level access for DMOs.
Impact for ISVs
Starting with API version 61.0, you can get information on a specific DMO using SObjectType.getDescribe(). Currently, there’s no field-level security to be enforced because all fields on DMOs that are accessed by field describes and security model checks are read-only. You also can’t use Schema.getGlobalDescribe() to discover exposed DMOs. Instead, use the Schema.describeSObjects(List<String>) method with the known DMO API names.
Related resources
Support for five-level parent-to-child relationship SOQL queries in Apex
Feature
Apex now supports SOQL relationship queries that traverse up to five levels of parent-child records.
Impact for ISVs
This change enables improved SOQL query logic in certain use cases — for example:
Related resources
Additional information in Apex exception emails
Feature
When your Apex code encounters unhandled exceptions, Apex exception emails now include the org name, user name, and My Domain name where the exception occurred. You can use these additional details to resolve the exception faster and improve the performance of your Apex code. Previously, the email included only the Apex stack trace, exception message, and the customer’s org and user ID.
Impact for ISVs
This change can help ISVs resolve unhandled exceptions faster.
2GP: Specify the –ERROR-NOTIFICATION-USERNAME of an active Dev Hub user (use a shared email; for example: apexerror@myisvapp.com) to receive email notifications about unhandled Apex exceptions, and install, upgrade, or uninstall failures associated with your package.
Related resources
- Link to Release Notes
- Use this in conjunction with AppExchange App Analytics to report on your managed package exceptions
- filter by package usage logs by log_record_type = ApexUnexpectedException
Use second-generation packaging (2GP) to build Data Cloud apps
Feature
It is now possible to use 2GP to build Data Cloud apps.
Impact for ISVs
You now get all the benefits of second-generation managed packaging for Data Cloud features. When you package Data Cloud metadata, add it to a data kit first and then add the data kit to a package. Data Cloud apps must contain only Data Cloud metadata.
Related resources
Async validations for 2GP packages
Feature
When creating a new package version, you have the option to specify async validation. Async validation creates a new package version before completing package validations. By receiving the package version earlier in the process, you can install and test the new version right away.
Impact for ISVs
If your development team is using continuous integration (CI) scripts, async validation can reduce your overall CI run time.
Related resources
Skip FeatureEnforcement for scratch org installs
Feature
To shorten package install time when installing in scratch orgs, you can specify the FeatureEnforcement skip handler when using either the PackageInstallRequest object, or the sf package install command. The feature enforcement handler adds object and feature validations in the subscriber org that prevent an admin from turning off a feature that would cause your app to malfunction. However, this enforcement isn’t critical in scratch orgs.
Impact for ISVs
You can use this feature to improve scratch org setup time.
As a reminder, you can use Scratch Org Snapshots to quickly replicate scratch orgs with the required project dependencies, including installed packages, features, limits, licenses, metadata, and data.
Related resources
Package external client apps in 2GP packages
Feature
External client apps can now be included in second-generation managed packages. The new framework now supports headless login, passwordless login, and guest user flows using the Authorization Code and Credentials flow. You can also configure an external client app to issue JSON Web Token (JWT)-based access tokens, which is required for the guest user flow.
Impact for ISVs
Consider using external client apps instead of connected apps. Advantages of external client apps over connected apps include:
- 2GP support
- Easier to develop and manage
- Distinct developer (ISV) vs admin (customer) roles
Note that if your solution uses 1GP or requires SAML, you should continue to use connected apps. If you are creating a new application or a new integration, then you should consider adopting external client apps from the start.
Related resources
Prepare your LWR and Aura sites for Design System architecture updates
Feature
To support future UI changes, we’re modifying the internal implementation of Salesforce Lightning Design System (SLDS) styles, custom properties, and Salesforce Lightning components, including standard components in site templates.
Impact for ISVs
If your site customizes Salesforce components by overriding their CSS, we recommend that you instead use supported techniques. Otherwise, your site can’t adopt future product innovations of the UI without experiencing visual regressions.
Related resources
Enforce sharing rules when Apex launches a flow
Feature
When this update is enforced, data access is restricted for autolaunched flows that are run in the default context and launched by an Apex class. The Apex class must be declared using the with sharing keyword. Data access is restricted to the sharing rules of the user that executed the Apex class.
Impact for ISVs
Regression test your app with this feature update. For example, a query can return fewer rows than it did in system context without sharing. Also, an operation can fail because the user doesn’t have the correct permission.
Related resources
Further resources
About the author
Jerry Huang is a Director, GTP Technical Evangelist at Salesforce. He is passionate about building apps, starting and scaling great businesses on the AppExchange. Jerry has been in tech for over two decades. He has 30 Salesforce certifications, including the Salesforce Certified Technical Architect, and an approved US patent.
Peter Martin is a Director, GTP Technical Evangelist at Salesforce. He has been involved in the Salesforce ecosystem since 2007 and has been with the ISV enablement team since 2017.