The Spring 24 release is coming up in early Feb for most production organizations. Here are some important updates that you should be prepared for.
Release Updates
To view the important updates, go to Setup -> Release Updates. You should see these in the 'Overdue' tab if you haven't taken any action until now. Click on 'Get Started' to review the details and take action. Let's cover these updates briefly
1. Enable EmailSimple Invocable Action to Respect Organization-Wide Profile Settings
EmailSimple is used in a FLOW. Create a action in a flow and when you search for the email you will find this action. This update is applicable if your instance uses this action. In most cases, you would use a email alert action so this update doesn't affect.
However, if you use this EmailSimple action and you are using a org wide email address make sure that the user that is executing this flow has access to the org wide email address
Go to setup -> Organization-wide Addresses. Make sure the org wide address has the relevant profiles selected in 'Allowed Profiles'
2. Enable JsonAccess Annotation Validation for the Visualforce JavaScript Remoting API
Search your visualforce pages for the remove invocation (Visualforce.remoting.Manager.invokeAction). If you use source control tools like github, performing a search on your code base is quite easy. else, you might have to search using a IDE like Visual Studio Code.
After you find the list of Visualforce pages using the Javascript remoting API, find the relevant apex class methods being called. If any of these methods use a JSON.serialize() or JSON.deserialize() functions then that apex class needs to be annotated with JsonAccess
More details on the annotation here
@JsonAccess(deserializable='always',serializable='always')
public class AlwaysDeserializable { }
3.Enforce RFC 7230 Validation for Apex RestResponse Headers (Release Update)
Search your code base for the string '
RestResource.addHeader'. If you do use this method, make sure the 'value' parameter passed to this method is valid and does not contain restricted characters like '/'