Critical Updates

This release includes new critical updates for Lightning Experience, External Profiles, Aura Components, and HTTPS Connections. Also check out the previously released and enforced critical updates sections.

To ensure a smooth transition, each critical update has an opt-in period, which ends on the auto-activation date that’s displayed on the Critical Updates page in Setup. During this period, you can manually activate and deactivate the update as often as you need to evaluate the impact on your org and modify affected customizations. After the opt-in period has passed, the update is activated. For more details, see Respond to Critical Updates.

New Critical Updates

These critical updates are new in Summer ’19.

Disable the API Enabled User Permission Defaults for External Profiles (Critical Update)
Salesforce is disabling the API enabled permission on all standard and cloned external profiles. The API enabled permission allows external applications or connectors, such as Workbench, Dataloader.io, Jitterbit, Excel Connector, Salesforce Mobile App, Mobile SDK Apps, Salesforce IoT, or Connected Apps to use the API to authenticate or access Salesforce data.
Prevent Creation of Function Expressions in Dynamically Created Aura Components (Critical Update)
To improve security and stability, this update prevents attribute values passed to $A.createComponent() or $A.createComponents() from being interpreted as Aura function expressions.
Require TLS 1.2 for HTTPS Connections (Critical Update)
To maintain the highest security standards and promote the safety of your data, Salesforce is disabling the older Transport Layer Security (TLS) 1.1 encryption protocol. Starting in October 2019, all inbound connections to or outbound connections from your Salesforce org must use TLS 1.2. Verify that your browser access, API integrations, and other Salesforce features are compliant with TLS 1.2.
Require TLS 1.2 for HTTPS Connections in Communities and Sites (Critical Update)
To maintain the highest security standards and promote the safety of your data, Salesforce is disabling the older Transport Layer Security (TLS) 1.1 encryption protocol. Starting in October 2019, all inbound connections to or outbound connections from your Salesforce communities, sites, and portals must use TLS 1.2. Verify that your browser access, API integrations, and other Salesforce features are compliant with TLS 1.2.
Use the BR() Function in Flows and Processes Correctly (Critical Update)
This critical update ensures that BR() functions in flows and processes result in a line break. Previously, a BR() in a formula resource resolved to _BR_ENCODED_ and not to a line break.
Evaluate Criteria Based on Original Record Values in Process Builder (Critical Update)
This critical update ensures that a process with multiple criteria and a record update evaluates the original value of the field that began the process with a value of null.
Improve Security by Requiring User Access to Apex Classes Invoked by Flow (Critical Update)
This critical update requires a user running a flow to have access to all Apex classes invoked by that flow. If a flow invokes Apex, the running user must have the corresponding Apex class assignment in their profile or permission set.
Require Customize Application Permission for Direct Read Access to Custom Settings (Critical Update)
Currently users without Customize Application permission can read custom settings using different APIs that are provided by Salesforce. Following the “secure by default” approach, read access for users without Customize Application permission will be revoked with this update. This change affects Visualforce pages and Lightning components that directly reference custom settings.

Previously Released Critical Updates

These critical updates were announced in a previous release and are still available.

Turn On Lightning Experience (Previously Released Critical Update)
As mentioned in the Spring ’19 release, Salesforce turns on Lightning Experience on a rolling basis in Winter '20 to empower users to move faster, do more, and be more productive. Users still have access to Salesforce Classic after Lightning Experience is turned on. Switching to Lightning Experience directly benefits everyone, from business leaders and users to IT teams. The new user interface improves user efficiency and productivity. And you get the power of the Lightning Platform at your fingertips, making it easy and flexible to align the UI with your processes, to keep up with changes in your business, and to improve your company’s bottom line.
Enable Manual Account Sharing in Enterprise Territory Management (Previously Released Critical Update)
This update changes the TerritoryManual reason code in AccountShare records to Territory2AssociationManual and is required to let users share accounts manually with territory groups. After you activate the update in production, it can take up to two weeks before you see the changes.
Disable Access to Non-global Apex Controller Methods in Managed Packages (Previously Released Critical Update)
As mentioned in the Spring ’19 release notes, this critical update corrects access controls on Apex controller methods in managed packages. When this update is enabled, only methods marked with the global access modifier are accessible by Aura components from outside the package namespace. These access controls prevent you from using unsupported API methods that the package author didn’t intend for global access.
Block Certain Fields in the User Record for Orgs with Communities and Portals (Critical Update)
Salesforce is giving customers the option to enable a user setting that allows the hiding of certain personal information fields on the user records in orgs with communities or portals. The fields are hidden from view when external users are accessing user records. External users can still see their own user records.
API Only Users Can Access Only Salesforce APIs (Previously Released Critical Update)
If a user has the API Only User permission, they can access Salesforce only via APIs, regardless of their other permissions. This critical update was created in the Spring ’19 release, but we neglected to mention it in the Spring ’19 release notes.
Improve Email Security with Redesigned DKIM Keys (Previously Released Critical Update)
As announced in Winter ’19, to address potential security vulnerabilities with DomainKeys Identified Mail (DKIM) keys, we improved the way they’re created. You no longer have to work with public and private keys. Instead, Salesforce publishes the TXT record containing your public key to DNS. We also added automatic key rotation to reduce the risk of your keys becoming compromised by a third party. After you enable this critical update, keys generated via the old method continue to work, but in Winter ’20, you must generate any new keys using the more secure method. And, because sharing keys can introduce security vulnerabilities, we removed the ability to import DKIM keys.
Restrict Use of Salesforce Classic HTML-Based Email Templates to Secure Browsers (Previously Released Critical Update)
As announced in Summer ’18, this critical update prevents using HTML-based email templates, such as custom, Visualforce, or standard HTML templates, from Microsoft Internet Explorer. Internet Explorer doesn’t support the Salesforce Content Security Policy (CSP), so it can’t provide the required browser protection. We recommend that you use a browser with CSP support, such as Microsoft Edge, Google Chrome, or Mozilla Firefox.

Enforced Critical Updates

These critical updates were announced in a previous release and are now enforced.

Enable External Org-Wide Defaults in Orgs with Communities or Portals (Critical Update, Enforced)
Enabling external org-wide defaults in orgs with communities or portals was a critical update in Spring ’19 and is enforced for the Summer ’19 release. This update enables the External Sharing Model and helps you secure your data. You can set more restrictive levels of access for external users instead of giving internal and external users the same default access.
Add a Namespace Prefix to pageReference.state Properties and Query Parameters (Critical Update, Enforced)
Add a Namespace Prefix to Query Parameters and pageReference.state Properties was a critical update in Winter ’19 and is enforced for the Summer ’19 release. This critical update resolves naming conflicts for query parameters between package components. Starting on May 17, 2019, this update begins to auto-activate on a rolling basis. The actual date it auto-activates for your org depends on when you update to the Summer '19 release. All orgs will be updated by June 17, 2019. As with all critical updates, you can activate the update manually before Salesforce auto-activates it.

Postponed Critical Updates

These critical updates were announced in a previous release and the auto-activation date was postponed.

Use without sharing for @AuraEnabled Apex Controllers with Implicit Sharing (Critical Update, Postponed)
This critical update, released in Spring ’18, was scheduled for auto-activation in Summer ’19, but has been postponed to Winter ’20.
Remove Instance Names from URLs for Visualforce, Community Builder, Site.com Studio, and Content Files (Critical Update, Postponed)
This critical update, released in Spring ’18, was scheduled for auto-activation in Winter ’20, but has been postponed to Summer ’20.
Stabilize the Hostname for My Domain URLs in Sandboxes (Critical Update, Postponed)
This critical update, released in Summer ’18, was scheduled for auto-activation in Winter ’20, but has been postponed to Summer ’20.
Open Hyperlinks in Formula Fields Correctly (Critical Update, Postponed)
This critical update, released in Winter ’19, was scheduled for auto-activation in Summer ’19, but has been postponed to Spring ’20.
“Check for Null Record Variables or Null Values of Lookup Relationship Fields in Process and Flow Formulas” (Critical Update, Postponed)
This critical update, released in Spring ‘19, was scheduled for auto-activation in Summer ‘19, but has been postponed to Spring ’20. The critical update was previously called "Return Null Values in Process and Flow Formulas.”