Winter ’21 Salesforce Lightning Experience and Classic Highlights

The list of Winter ’21 features below apply to both Salesforce Lightning Experience and Classic.

There are additional Winter ’21 features available to Salesforce Classic only, Lightning Experience only, Community Enhancements, Mobile Enhancements, Other Enhancements in the Winter ’21 Release Highlights post.

Note: These features are not listed in any specific order.

1. Lightning Flow Enhancements

2. Custom Metadata Enhancements:

CMDT Support Geolocation Field Type Relationships.
You Can Now See Which Entities Are Supported From the Metadata Relationship Field Type Menu

3. Profile and Permissions Enhancements:

You can prevent the ability for users to see profile names other than their own. To enable profile filtering, go to Setup | User | User Management Settings, check Enable Profile Filtering. Once enabled, if a user needs to be able to view all profile names, they will need the View All Profiles. View the Release Notes for list of functions where the user will be able to see all profiles.
Use the Restricted Profile Cloning Option to Limit a Cloned Profile to Only Permissions Accessible in Your Org. If you don’t enable this setting, all permissions currently enabled in the original profile are also enabled for the cloned profile, even if your org can’t currently access them. In Setup | User | User Management Settings, check Select Restricted Profile Cloning.
Permission Set Groups Are Now Available in Professional Edition

4. Sharing Enhancements:

Deploy OWD and Criteria Based Sharing Rules Together. Previously, these changes had to be deployed as separate packages.
You Cannot Disable the Secure Guest User OWD and Record Sharing Model
(Updated) Disable HTML Rendering in Custom Field Labels. This update will be enforced in Spring ’21 and is only available in orgs where there us HTML formatting in custom field labels.

5. (Previously Released Update) Require Permission to View Record Names in Lookup. This update will be enforced in Spring ’21. Users must have Read access to these records or the View All Lookup Record Names permission to view this data. Note: This applies to system fields, such as Created By and Last Modified By.

6. (Update) Disable Standard Object Edits on Standard Profile via UI and Metadata API. This is enforced in Spring ’21. Currently, updates are allowed to the Standard Profile via the metadata API.

7. Use Mobile Device Tracking to View and Revoke Devices. To view devices that access Salesforce, you need the View Devices permission. To revoke device access, you need the Manage Devices permission. To enable mobile device tracking in your org, contact Salesforce Customer Support.

8. Send SHA1 or SHA256 Encrypted SAML Responses When Salesforce Is the Identity Provider

9. Sandbox Names Must Be in Lowercase in Recipient URLS for Identity Provider SAML Requests

10. (Update) Deploy a My Domain. To adhere to latest features and comply with browser requirements, all Salesforce orgs must have a My Domain. This will be enforced in Winter ’22. Deploy a My Domain or Salesforce will assign one based on your company name.

11. (Previously Released Update) Stabilize URLs for Visualforce, Experience Builder, Site.com Studio, and Content Files. This applies to all orgs with a My Domain. This will be enforced in all orgs in Summer ’21.

12. New ignoreEditPermissionForRendering Attribute on <apex:inputField> Overrides Entity Edit Permissions.

13. Apex Enhancements:

Use the Safe Navigation Operator to Avoid Null Pointer Exceptions. Developers should use the safe navigation operator (?.) to replace explicit, sequential checks for null references.
Update Resources with the PATCH HTTP Method in Apex Callouts. You can make partial or full updates to a resource in an HTTP web service. Prior to Winter ‘21, only the PUT method was supported for full updates.
Send Custom Notifications from Apex. Rather than make API callouts from Apex, use CustomNotification to send custom notifications from Apex.
Detect Apex Runtime Context with RequestId and Quiddity. You can detect Apex context at runtime and correlate multiple logs triggered by the request, using Request ID and Quiddity values. Use the methods in the System.Request class to obtain the Request ID and Quiddity of the current Salesforce request.
Improve Apex Testing with New SObject Error Methods. Track errors with the new SObject.hasErrors() and SObject.getErrors() methods without performing a DML operation to check the result for errors.
Database.deleteImmediate() method Can Now Delete Up to 50,000 Big Object Records in a Batch

14. Platform Event Enhancements:

Manage Your Platform Event Trigger Subscriptions from the User Interface. You can now pause and resume Apex trigger subscriptions to a custom platform event through the Setup UI.
You Can Make Apex Callouts After Publishing Platform Event Messages for events configured with the Publish Immediately behavior.

15. Lightning Component Enhancements:

(Beta) Add Custom Buttons to the lightning-input-rich-text Base Component. Developers can use the lightning-rich-text-toolbar-button to add custom buttons to perform actions you specify or open a popup modal.
(Beta) Scan a Barcode in a Lightning Web Component. Use the BarcodeScanner API to add barcode scanning to your Lightning web components.
Increased Timeout for Client-Side Caching from 15 Mins to 8 hours, with a refresh interval of 15 minutes
Aura Components in the ui Namespace Are Being Deprecated Starting May 1, 2021. Replace this with the related component in the lightning namespace.

16. Lightning Component Related Release Updates:

(Update, Enforced) Restrict Access to @AuraEnabled Apex Methods for Guest and Portal Users Based on User Profile. Enforced in Winter ’21. Add guest user profile access to any @AuraEnabled Apex class used by a community or portal. This change applies to Aura components, Lightning web components, and flows in Lightning communities, portals, and Salesforce Sites.
(Update, Enforced) Restrict Access to @AuraEnabled Apex Methods for Authenticated Users Based on User Profile. Authenticated user can access an @AuraEnabled Apex method only when the user’s profile allows access to the Apex class. An authenticated user is any authenticated community users on any Community portals as well as any portals built on site.com or force.com.
(Update) Enable Secure Static Resources for Lightning Components. With this security update, all static resources will be served from the visualforce domain instead of the lightning domain.
(Update, Postponed) Enable Dependency Access Checks In Lightning Components. This is postponed to Spring ’21. This update enforces that a Salesforce-provided Lightning component can require an org or user permission to access component dependencies. An access error will be shown if the user doesn’t have permission required for a component dependency.
(Update, Postponed) Disable Access to Non-Global Apex Controller Methods in Managed Packages. Postponed to Summer ’21. Currently, Aura components outside of the package namespace could access non-global methods. With this update, if your code incorrectly depends on non-global Apex methods in a managed package, server actions that call those methods will fail.
(Update, Postponed) Enforce Access Modifiers on Apex Properties in Lightning Component Markup. Postponed to Summer ’21. This change will make Lightning components consistent with the use of Apex properties in other contexts, such as a markup expression can no longer access an Apex property with a private Apex getter.
(Update, Postponed) Prevent Creation of Function Expressions in Dynamically Created Aura Components. Postponed to Spring ’21. This update prevents attribute values passed to $A.createComponent() or $A.createComponents() from being interpreted as Aura function expressions.

17. (Requires Salesforce Shield or Event Monitoring Add-On Subscriptions) Event Monitoring Enhancements:

Legacy Transaction Security End of Life. All policies written with the legacy framework are disabled and should be migrated to the new enhanced transaction security policy framework.
New Real-Time Event that Helps Monitor Bulk API Activity – BulkApiResultEventStore.
Track Anomalies with User API Calls to Your Org’s Data with a new Real-Time Event Monitoring Event, ApiAnomalyEvent.
New EventLogFile Event Allows You to Analyze Unexpected Exceptions. With the Apex UnexpectedException Event Dataset, you can analyze exceptions in the Analytics app without uploading the dataset manually or via the External Data API.
View Einstein Analytics Data Downloads in Your Event Log Files

18. (Requires Salesforce Shield) Shield Platform Encryption Enhancements:

Encrypt Data Related to Health Intake Documents
Encrypt Fields on Documents Used to Identify Financial Services Cloud clients. You can apply deterministic encryption to the Document Number field.

19. Use the Privacy Center to Manage Customer Data. Note: Privacy Center is a managed package you install in your Production org. It allows you to manage customer requests and satisfies data privacy laws, like GDPR.

19. Scratch Org Enhancements:

(Beta) Create Scratch Orgs More Easily Using an Org’s Shape. You define the features, settings, limits and licenses and Salesforce will build the scratch org definition using Org Shape for Scratch Orgs.
Add FieldServiceDispatcherUser, FieldServiceMobileUser and FieldServiceSchedulingUser features to Your Scratch Org

20. Lightning Design System Enhancements:

(Beta) Customize Components with LDS Styling Hooks. In Winter ’21, you can customize a set of CSS custom properties for component-level customizations: Accordion, Alert, Avatar, Badges, Breadcrumbs, Buttons, Icons, Modals, Pills, Scoped Tabs, Tabs, Toast and Tooltips.
BEM Notation with Double Dashes Is Being Deprecated. This will be deprecated in Spring ’21 and will be replaced by a single underscore notation (_).

21. New Change Set Components

22. Lightning Components: New and Changed Items

23. Apex: New and Changed Items

24. API: New and Changed Items

25. Packaging Enhancements