Issue with Spring '24 affecting Skuid users

In the Salesforce Spring '24 release a security update around Visualforce JavaScript remoting will be enforced that may affect some Skuid customers deploying Skuid pages within Visualforce pages.

What is changing?
Salesforce will force enablement of JsonAccess annotation validation within Visualforce JavaScript remoting. This update was made available in Winter '23 and will be enforced in Spring '24.

The Visualforce Remoting API uses JavaScript to call methods in Apex controllers from Visualforce pages and this update is increasing security across packaging namespaces. Skuid pages are in the Skuid namespace and Visualforce pages are in the org namespace, resulting in an error that might trigger a message similar to the following:

Cannot create property 'totalsuccess' on string 'The concrete implementation 'skuid.Utils.SkuidResult' in namespace 'skuid' has a JsonAccess annotation serializable attribute defined that prevents serialization. The Apex object cannot be serialized.

Who is affected?

  • Any org with any version of Skuid Edinburgh prior to 16.4.3 installed, and
  • Skuid pages are being deployed within Visualforce pages.

Customers with versions of Skuid older than Edinburgh (16.x.x) will not be impacted. Salesforce is only enforcing this more modern versions of the Salesforce API that Skuid changed to with the initial Edinburgh release. If you are on any version of Skuid older than Edinburgh, you should not be affected.

What should I do?

  1. Spring '24 has already been released in your Production org instance:

  2. Spring '24 is available in a preview Sandbox org:

  3. If you do not have access to a Spring '24 org for validation, Salesforce does provide a way to enable and test critical release updates. We recommend asking your admin to enable this release update in a Sandbox or other non-production org and verify that your Skuid pages are working and if they are not, upgrade to Edinburgh Update 3 (16.4.3).

The Salesforce Spring '24 release schedule is available by instance on the Salesforce Trust page.