Salesforce Winter’25 Release Notes | Security, Identity and Privacy Part 1 – Page 2 – Salesforce Training Articles & Latest News

Domains

Update References to Your Previous Salesforce Domains

Starting from this release, Salesforce will gradually stop redirecting legacy My Domain URLs in most non-production orgs. Identify requests to the impacted URLs by using My Domain redirection logging and then update references to those legacy URLs in Salesforce, such as references in email templates or knowledge articles, and outside Salesforce, such as references in third-party integrations and links on a website

When: Redirections for the legacy URLs stop in Winter ’25 in sandboxes, Developer Edition orgs, patch orgs, scratch orgs, and Trailhead Playgrounds. In production orgs and demo orgs, redirections for the legacy URLs stop in Spring ’25

How: To enable event logging for the previous My Domain hostnames redirections

From Setup , in the Quick Find box, enter My Domain, and then select My Domain

In the Redirections section, click Edit

Select Log redirections and save

After you save your changes, Salesforce will produce and upload the generated event log files for the Hostname Redirects event type in the next daily run. The log file includes a summary of blocked and successful redirections for your previous My Domain hostnames. It contains that information for the last 24 hours at the time that the background process generates the file. After you enable this feature, the next log file includes only the redirections that occurred after you enabled redirection logging. When redirections stop for those legacy (non-enhanced) hostnames, the Hostname Redirects event type still captures blocked attempts to access the hostnames. For these events, the REDIRECT_REASON is Redirection was blocked because redirections for the legacy SOURCE_HOSTNAME are no longer supported.

Log Redirections option and the Redirections section are available only after you deploy a My Domain change

Disable Redirections for Legacy Hostnames

After references to your legacy Salesforce domains are updated in production, redirections can be disabled for the related hostnames by disabling the new My Domain setting, Redirect legacy (non-enhanced) My Domain hostnames. This setting isn’t available in non-production orgs except demo orgs

Previously: To disable redirections for legacy hostnames, redirections for all previous My Domain hostnames should be disabled

How: To disable the redirections for legacy hostnames

From Setup , in the Quick Find box, enter My Domain, and then select My Domain

In the Redirections section, click Edit

Disable Redirect legacy (non-enhanced) My Domain hostnames and save. This setting is enabled by default

When redirections are disabled to legacy My Domain hostnames, the settings for force.com site URL redirections are unavailable. Also, the Instanced URL redirection option is set to Don’t redirect and cannot be changed

Get Help with Custom Domains Directly in Setup

You can now find solution to common custom domain issues on the Domain Detail page of a custom domain so you can search for information on custom domain setup, maintenance tasks, and common configuration issues without leaving Setup. Every result provides high-level guidance with links to Salesforce Help for additional details and instructions

How: to find the solutions to common issues

From Setup , in the Quick Find box, enter Domains, and then select Domains

Click the domain name of a custom domain. Then, on the Domain Detail page, click Get Help with Custom Domain Issues . In the resulting window, you can search by keyword (1) or browse by category (2)

Here are examples of an answer to a common issue (3) and instructions on how to set up a feature (4). Create a Case (5) can also be used to contact Salesforce Customer Support

Named Credentials

Control Easily Who Can Perform Authenticated Callouts

Configuring permissions for named credentials so that your users can make authenticated callouts to external systems has gotten much easier. Previously, after you enabled external credential principal access, you also assigned object permissions for User External Credentials manually on each permission set or profile. Now, most standard permission sets and profiles have access to the User External Credentials object by default. For the guest user profile, and for existing custom permission sets and profiles, you must still grant access to the User External Credentials object manually

Other Security Changes

Improved Data Transmission Speed and Security with TLS 1.3

Always adopting the latest standards, Salesforce now supports Transport Layer Security (TLS) 1.3 for outbound HTTPS callouts from the Salesforce Platform. TLS 1.3 improves security with stronger encryption methods. This version also reduces the time it takes to establish secure connections with a simplified handshake process. This change has no impact on existing callouts that require TLS 1.2

How: It is recommended that this change is first tested in a sandbox before updated in production. To use TLS 1.3 for an HTTPS callout, work with the receiving endpoint owner to enable TLS 1.3 on the endpoint. Optionally, after the callout successfully uses TLS 1.3, work with the owner to disable TLS 1.2 on the receiving endpoint

New Hyperforce Orgs Use Salesforce Edge Network

Starting October 4, 2024, new Hyperforce orgs use Salesforce Edge Network by default for a better network experience including improved download times for users around the globe. To opt and org out of Salesforce Edge Network, contact Salesforce Customer Support

Security Was Tightened for the retUrl Parameter for My Domain Redirects

Security has been improved when retUrl parameter is added to a My Domain URL so Salesforce redirect the browser only to the retUrl and block any further redirects. Previously, if the retUrl parameter itself redirected to other URLs, the browser was redirected again

Violation Type Label Was Changed for Blocked Redirections

The violation type for blocked redirections in the Trusted URL and Browser Policy Violations List was updated to Blocked Redirection. The previous label was External Redirection

Salesforce Winter’25 Release Notes | Security, Identity and Privacy Part 1

Salesforce Winter’25 Release Notes | Flow Extensions

Salesforce Spring’25 Release Notes | Screen Flow Updates

Antonis Melakis

Salesforce Spring'25 Release Notes | Screen Flow Updates

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Welcome Back!

Retrieve your password