Releases / Admins / Architects / Consultants / Developers

Salesforce Winter ‘25 Release: What to Expect and How to Prepare

By Tom Bassett

It’s Salesforce release season yet again, and if you thought that the Summer ‘24 has only just been and gone – you’d be right.

In this article, we are going to hone in on the upcoming release updates that need to be enabled before the Winter ‘25 release so you can be prepared in plenty of time. But don’t panic, you have until September to make sure you are prepared for these updates.

Preparation

Release updates should be enabled in a sandbox first so you can test any impacts on your systems or ways of working.

If you have a developer-type skillset, you can use SFDX tools to search your Salesforce metadata for references that could be impacted by this update and use tools such as Salesforce Inspector Reloaded or Workbench to query records or permissions.

Salesforce may sometimes delay enforcement of a release update or cancel it altogether. Be sure to check the release notes for the latest changes, as things can change or shift around!

READ MORE: Ultimate Guide to Salesforce Release Updates

Winter ‘25

When the Winter ‘25 release is rolled out to Salesforce orgs, a number of release updates will be auto-enabled. Be sure to review the below list so you can prepare your org accordingly and review due dates against the updates in your org to allow ample time.

While we try to provide general steps you can take to enable and test these updates, the exact steps will depend on the configuration within your Salesforce org.

When planning changes in a production environment, make changes outside of working hours so they can be tested while users and clients are offline. If there are issues, this allows you to revert any changes before they impact users/clients.

Adopt Updated Content Security Policy (CSP) Directives

What does this impact?

If your Salesforce org is trying to fetch fonts, images, or iframe content, these may be blocked if you do not take action.

How can I prepare in a sandbox?

Navigate to Trusted URL and Browser Violations within Salesforce Setup to view the log in each environment, including production. 

Using your complete list, for each item, either add a new trusted URL or edit the existing trusted URL to no longer block the CSP directives showing violations. 

Once you’ve resolved the violations, delete them from the Violations list and enable the test run. When the test run is enabled, re-test your functionality and ensure no further violations appear. 

How can I prepare in production?

Once violations have been resolved in your sandbox environment(s), deploy updated trusted URLS to production and clear the Violations list.

Source: Salesforce
READ MORE: Adopt Updated Content Security Policy (CSP) Directives

Create and Verify Your Default No-Reply Organization-Wide Email Address to Send Email

What does this impact?

If emails are being sent from Salesforce by users or automation, then you’ll need to prepare for this update; otherwise, emails may fail to be sent in the future.

Bear in mind that this email address may be visible to your clients and users, so choose something appropriate (e.g. notifications@companyname.com).

How can I prepare in a sandbox?

Set up an org-wide address, which you then verify by pressing the link from Salesforce. An org-wide address is not deployable, so you’ll need to do this for each environment and production individually.

How can I prepare in production?

Set up a verified org-wide address like you did in your sandboxes.

READ MORE: Create Your Default No-Reply Organization-Wide Email Address to Send Email

Enforce Sharing Rules when Apex Launches a Flow 

What does this impact?

If you have Apex triggering a Flow, then you could be impacted by this update. Once enabled, these types of triggered flows will run in the user context instead of the default context. 

If you have any managed packages installed and you suspect they call Flow from Apex, check with the package provider what may be impacted by this update. 

Search your org for references within Apex that relate to Salesforce Flow.

No CodePro Code
Review Apex for references to Flow.InterviewApex Metadata for references to Flow.Interview

How can I prepare in a sandbox?

Make a list of references in your custom code or managed code (once checking with your package provider). 

Enable the test run of this update. Use references to test Apex as key users to make sure the automated actions still work as expected. 

How can I prepare in production? 

Deploy your changes from a sandbox, and enable the release update and regression test functionality as key users. 

READ MORE: Enforce Sharing Rules when Apex Launches a Flow

Enforce View Roles and Role Hierarchy Permission When Editing Public List View Visibility

What does this impact?

If users share list views with roles without having the View Roles and Role Hierarchy permission, then they will not be able to do so going forward. 

Search for users that have the Manage Public List Views permission via profile or permission sets, but not View Roles and Role Hierarchy.

No CodePro Code
Review profiles and permission sets for Manage Public List Views, where View Roles and Role Hierarchy is FALSE.Instead of reinventing the wheel, run the queries and follow the instructions from Salesforce on the steps against this release update.

How can I prepare in a sandbox?

Ensure that all users have the View Roles and Role Hierarchy permission if they have Manage Public List Views and need to share list views with roles going forward.

Enable the test run and test as key users to make sure they can still share list views as expected. 

How can I prepare in production?

Deploy any permission set or profile changes from a sandbox. Ensure the relevant users have the View Roles and Role Hierarchy permission. Enable the test run of the release update and re-test. 

READ MORE: Enforce View Roles and Role Hierarchy Permission When Editing Public List View Visibility

Migrate from Maintenance Plan Frequency Fields to Maintenance Work Rules

What does this impact?

If you are using Field Service and the Frequency and Frequency Type fields on the maintenance plan, then you need to prepare for this update. You’ll need to migrate these to Maintenance Work Rules as those fields are being retired.

No Code and Pro Code
Expand “How is my org impacted?” on the release update to see impacted maintenance plans.

How can I prepare in a sandbox?

As this is reliant on data, it would be best to use a full copy sandbox to prepare for this change. If you are preparing in a different environment, then you may not see all impacted maintenance plans. 

Using the Impacted Maintenance Plans table, update each to use a Maintenance Work Rule instead. Once this has been done for all impacted maintenance plans, enable the test run and test to make sure work orders were generated correctly. 

How can I prepare in production?

As this is record-driven, you’ll have to complete the same steps in the Production org to switch over. To avoid impact on users, plan these changes out of hours so you can roll back should there be an issue.

READ MORE: Migrate from Maintenance Plan Frequency Fields to Maintenance Work Rules

Pass the Conversation Intelligence Rule Name as Input to a Flow

This update was covered in the Salesforce Summer ‘24 Release: What to Expect and How to Prepare but has since been updated, so that it’ll be enforced in Winter ‘25 instead of Summer ‘25 as originally proposed.

READ MORE: Pass the Conversation Intelligence Rule Name as Input to a Flow

Prevent Guest User from Editing or Deleting Approval Requests

What does this impact?

If your process relies on guest users being able to edit, reassign, or delete approval requests, these actions will fail post-enablement. Guest users are still able to approve or reject an approval request. 

For this update, it’s tricky to ascertain for sure if guest users are editing or deleting approval requests currently.

If you run a query, you can see edits. However, this will count an approval or rejection as an edit too. 

No CodePro Code
Connect with the business owners to understand conditions where guest users may edit, reassign, or delete approval requests as well as approve or reject items.Run a query to find approval requests that were last edited by a guest user and select “Add deleted records?” if using Salesforce Inspector Reloaded.

SELECT Id, Status, CreatedBy.Name, LastModifiedBy.name, TargetObjectId, ProcessDefinition.DeveloperName, IsDeleted FROM ProcessInstance WHERE LastModifiedBy.UserType = 'Guest' and Status != 'Approved' and Status != 'Rejected'

You’ll have to take the results with a pinch of salt as this query would include only records last touched by a guest user, so it’s not a complete picture.
Screenshot from Query using Salesforce Inspector Reloaded

How can I prepare in a sandbox?

Enable a test run and test your digital experience as a guest user who interacts with approvals. You may need to connect with the business owners of this functionality so you can understand the use cases for which you wish to test. 

How can I prepare in production?

Enable the release update and test business processes that involve the guest user having to interact with approval requests.

READ MORE: Prevent Guest User from Editing or Deleting Approval Requests

Restrict User Access to Run Flows

What does this impact? 

Once enabled, users will need the Run Flows or Manage Flows permission to be able to use flows. This retires the Flow User checkbox on the user record that was historically used to grant this ability.

Therefore, you need to assess whether each user with Flow User = TRUE also has the Run/Manage Flows permission. If not, grant them this permission via a permission set, permission set group, or profile.

No CodePro Code
As you can’t include Flow User (UserPermissionsInteractionUser) in a list view, report, or Formula field, perhaps export user records using a tool such as Data Loader. From this, you can filter where Flow User is set to TRUE.

Once you have a targeted list of users, you can use the View Summary button from each user record to ascertain if the Run Flows or Manage Flows permission is assigned.
These query examples make some assumptions based on the setup of your org. You may need to adjust these based on the context of your org to get a complete picture.

1. To pull a list of users with the Flow User set to TRUE, run this query:

SELECT Id, Name, IsActive from User where UserPermissionsInteractionUser = true and IsActive = true

2. To rule out users that already have Run or Manage Flow from their profile, run this query:

SELECT Id, Name, profile.PermissionsManageInteraction, profile.PermissionsRunFlow from User where Profile.PermissionsRunFlow = true or Profile.PermissionsManageInteraction = true

3. To define users that have these permissions via a permission set, run this query:

SELECT Id, Assignee.id, assignee.name from PermissionSetAssignment where PermissionSet.PermissionsRunFlow = true or PermissionSet.PermissionsManageInteraction = true

4. To define users that have these permissions via a permission set group, run this query:

SELECT id, PermissionSetGroupId, AssigneeId, Assignee.Name, PermissionSetGroup.DeveloperName from PermissionSetAssignment where PermissionSetGroupId in (select PermissionSetGroupId from PermissionSetGroupComponent where PermissionSet.PermissionsRunFlow = true or PermissionSet.PermissionsManageInteraction = true)

5. From the result of Item #4, remove permission set groups that mute Manage Flow or Run Flow permissions:

SELECT Id, PermissionSetId, PermissionSetGroup.DeveloperName, PermissionSetGroupId from PermissionSetGroupComponent where PermissionSetId in (select id from MutingPermissionSet where PermissionsManageInteraction = true or PermissionsRunFlow = true)

How can I prepare in a sandbox?

Ensure users that need Manage Flows or Run Flows permissions have this granted via a profile, permission set, or permission set group. 

Enable the test run and test as key users to make sure they can still run flows.

How can I prepare in production?

Deploy any permission changes from a sandbox and assign to users as necessary. 

Enable the release update and test key users can still use flows as before. 

READ MORE: Restrict User Access to Run Flows

Turn On Lightning Article Editor and Article Personalization for Knowledge

What does this impact?

If you are using Salesforce Knowledge, then this update will impact the editor experience and introduce the ability to show or hide fields based on user, permission, or record criteria.

How can I prepare in a sandbox? 

Enable the release update test run and complete the action steps. Once enabled, review knowledge articles to make sure the styling is preserved from before the update was applied. As this relies on knowledge article records, you may want to test this in a partial or full copy sandbox. 

How can I prepare in production?

Enable the test run and review knowledge articles to ensure they still render as expected once this update is active.

READ MORE: Turn On Lightning Article Editor and Article Personalization for Knowledge

Use REST API for Access to External Client App OAuth Consumer Credentials

What does this impact?

If you are currently using the Metadata API to access External Client App OAuth consumer credentials, then you will be impacted by this update. You should make plans to switch to accessing these credentials via the Connect REST API instead to improve security. 

If you want to continue accessing these credentials via the Metadata API, you’ll need to contact Salesforce support to be exempt from this update. 

How can I prepare in a sandbox?

Update your development procedures to access these credentials via the Connect REST API instead of the Metadata API. 

If these are already accessed via the Metadata API and you have source control in place, you may want to take additional steps to remove credentials from your source control and rotate the keys. 

If you update credentials at the same time, refactor any integrations to use the updated details.

How can I prepare in production?

Deploy any changes from a sandbox and rotate the access keys if necessary. Refactor any integrations to use the updated credentials and consider removing historic credentials from your source control system (if you use one!).

READ MORE: Use REST API for Access to External Client App OAuth Consumer Credentials

Reinforced Updates

With the Winter ‘25 release, Salesforce is due to re-enforce some updates that were previously enabled but may have been invertedly reverted. If your org is impacted, then you may additionally see release updates for:

As these updates were previously enforced, your org may be prepared already. Perform the enablement and testing steps in a Sandbox initially to ensure things still work as expected with these updates re-enforced.

Summary

Doesn’t it feel good to be prepared for these updates ahead of time? See you again next time for another batch of updates for the Spring ‘25 Release. 

Other Resources

The Author

Tom Bassett

Tom is a 31x Trailhead certified, 2x Slack certified, and an 11x accredited professional with over six years of experience in the Salesforce ecosystem.

Comments:

    Suchit Nikam
    November 28, 2024 10:13 am
    Awesome, this includes detailed updates and information.

Leave a Reply