The Salesforce Developer’s Guide to the Winter ’26 Release

Here is the updated text with a sarcastic tone and more hashtags related to the Winter ’26 release, added to the beginning of the post, as well as some hastags related to the upcoming releases:

Sarcasm-y: The Salesforce Winter ’26 Release Countdown: A Guide for Developers

Hey there, developers! Are you ready for the latest release of the Salesforce Winter ’26? We hope so! As the Winter ’26 release is getting closer, we’re excited to share some updates that will make your development experience even better.

Sarcasm-y: Winter ’26 Release: The Ultimate Guide

Winter ’26 is here, and we’re ready to give you all the juicy details! This release is packed with updates that will make your development life easier, more efficient, and more fun.

Sarcasm-y: Breaking News: LWC Updates

With the

The Winter ’26 release is rolling out to your sandbox and production environments starting in September and continuing through October 2025. Get ready, because this release is packed with product updates, quality of life improvements, and new features to enhance your development experience. In this post, we’ll take a look at the highlights for developers across Lightning Web Components (LWC), Apex, Agentforce, Data Cloud, Salesforce Platform developer tools, and APIs.

LWC updates in the Winter ’26 Release

Part of the Winter ’26 release focuses on improving the developer experience with LWC. You can now reuse your existing components in external applications, use LWC for local actions in screen flows, and give third-party scripts new ways to navigate security restrictions with Lightning Web Security (LWS) Trusted Mode.

Lightning Out 2.0

With Lightning Out 2.0, you can embed custom LWCs in external applications. This new feature is built on Lightning Web Runtime (LWR) and is not an extension of the legacy Lightning Out (Beta). Going forward, we recommend using Lightning Out 2.0 instead of Lightning Out (Beta).

You can prepare your components for external apps from the Setup screen as shown in the below screenshot. Under “Apps,” there’s now a new menu option for creating and managing Lightning Out 2.0 apps.

Once the Lightning 2.0 apps are saved, the user interface displays a script that you can copy and use in your external app. You will need to implement OAuth 2.0 authentication and use the UI Bridge API for secure authentication with Salesforce. Look for more information on this in the coming weeks.

You can also override the styles, properties of the embedded LWC component, and communicate between the LWC component and the external app using app events.

LWS Trusted mode

The new Lightning Web Security (LWS) Trusted mode allows you to run business-critical third-party scripts in LWC, bypassing compatibility issues caused by LWS and Lightning Locker. Make sure to read and understand the security implications before you enable this feature.

A Salesforce admin must first enable the feature in “Session Settings” under Setup. Once enabled, they must then whitelist the static resource containing the script that needs to run in Trusted mode.

Once Trusted mode is enabled, developers can specify which properties and functions a component is permitted to access at the JavaScript level when calling the loadScript (see docs) platform resource loader function.
The code example below demonstrates how to use Trusted mode to add the Google tag to a custom LWC for analytics collection. This example assumes two prerequisites:

1. A Salesforce admin has already completed the necessary configuration to activate Trusted mode.
2. The Google gtag.js library and its configuration script (shown below) are uploaded to the same static resource in Salesforce.

Below is the script uploaded to the “gtag” static resource:

  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', '<CONFIG ID>');
</script>

The component’s JavaScript code is below. Notice the object with the trustedMode and trustedGlobals properties is passed as the third parameter of the loadScript function call.

import { LightningElement } from "lwc";
import { loadScript } from "lightning/platformResourceLoader";
import gtag from "@salesforce/resourceUrl/gtag";

export default class TestGoogleTagManager extends LightningElement {
  async renderedCallback() {
    await Promise.all([
      loadScript(this, `${gtag}/gtag.js`, {
        trustedMode: true,
      }),
      loadScript(this, `${gtag}/script.js`, {
        trustedMode: true,
        trustedGlobals: ["gtag"],
      }),
    ]);
    window.gtag("event", "component_loaded", {
      message: "Loaded the component!",
      screen_name: "Home",
    });
  }

  onPushButtonClicked() {
    window.gtag("event", "push", {
      message: "Pushed the button!",
      screen_name: "Home",
    });
  }
}

The component’s HTML is as follows.

<template>
  <button onclick={onPushButtonClicked}>Push me!</button>
</template>

The final result of this example is that we have an LWC with a button labeled “Push me!” Once the button is clicked, we can see the analytics for clicks in Google Analytics.

LWC components for local actions in screen flows

You can now use LWC as local actions in screen flows, a capability that was previously exclusive to Aura components.

Local actions run directly in the browser (client-side), which allows them to access browser features and functionality using JavaScript. Because they perform an action without rendering a visible UI in the flow, components used for local actions should have a blank HTML template.

To make your LWC available as a local action, add the lightning_FlowAction target to its .js-meta.xml configuration file, as shown in the example below.

<?xml version="1.0" encoding="UTF-8"?>
<LightningComponentBundle xmlns="http://soap.sforce.com/2006/04/metadata">
   <apiVersion>65.0</apiVersion>
   <isExposed>true</isExposed>
   <targets>
       <target>lightning__FlowAction</target>
   </targets>
   <targetConfigs>
       <targetConfig targets="lightning__FlowAction">
           <property name="toastTitle" type="String" label="Toast title" />
           <property name="toastMessage" type="String" label="Toast message" />
       </targetConfig>
   </targetConfigs>
</LightningComponentBundle>

Notice that the above code uses two properties declared in the targetConfigs tag to pass data from the flow to the component. The invoke API-decorated method is used to trigger the action.

import { api, LightningElement } from "lwc";
import { ShowToastEvent } from "lightning/platformShowToastEvent";

export default class ShowToastExampleComponent extends LightningElement {
  @api toastTitle;
  @api toastMessage;

  @api invoke() {
    this.dispatchEvent(
      new ShowToastEvent({
        title: this.toastTitle,
        message: this.toastMessage,
      })
    );
  }
}

In the above code, the local action is used in a Screen flow to display a toast message with a dynamic title and message.

Preview a single LWC by using Local Dev (Beta)

You can now preview a single component using Local Dev (Beta). The single component preview now supports access to platform modules, such as Lightning Data Service wire adapters, @salesforce scoped modules, and Apex controllers.

Salesforce Lightning Design Systems (SLDS) 2.0

SLDS 2.0 is now generally available. With SLDS 2.0, we are introducing dark mode for custom themes. This feature is in Beta and is limited to the Starter edition for now. We have updated component designs, styling hooks, and utilities.

To ease the transition to SLDS 2.0, we have improved the SLDS linter with additional validation rules and quick fixes.

If you are still using Visualforce, when you update your org to SLDS 2.0, your Visualforce can also adapt to the new styles. To learn more about this, check out the documentation.

GraphQL LWC module

A new LWC module, lightning/graphql, is now available for working with the GraphQL API. It replaces the deprecated lightning/uiGraphQLApi module and introduces powerful new features. We recommend using this new module for all GraphQL operations in LWC.

One of the key new features is the support for optional fields. This makes your queries more resilient by preventing them from failing due to field-level access restrictions. When you mark a field as optional, the query will succeed even if the user doesn’t have permission to see it. Instead of throwing an error, the API response simply omits the inaccessible field and any of its sub-fields.

For example, imagine a query for a user’s Id and EmployeeNumber. If EmployeeNumber is marked as optional and the current user can’t access it, the query will still successfully return the Id.

 

query optional {
  uiapi {
    query {
      User {
        edges {
          node {
            Id
            EmployeeNumber @optional {
              value
            }
          }
        }
      }
    }
  }
}

The new lightning/graphql module also supports dynamic queries, which let you construct parts of your query at run time. You can build a dynamic query using JavaScript string interpolation (e.g., ${variableName}) inside the gql tagged template literal. The value of the variable is then resolved and inserted into the query at runtime.

The example code below shows a dynamic query using ${this.objectName}.

import { LightningElement,wire } from 'lwc';
import { gql, graphql } from 'lightning/graphql';

export default class DynamicGraphQLQuery extends LightningElement {
  objectName = 'Account';

  get resolvedQuery() {
    return gql`
      query {
        uiapi {
          query {
            ${this.objectName} {
              edges {
                node {
                  Id
                  Name
                }
              }
            }
          }
        }
      }
    `;
  }

  @wire(graphql, { query: '$resolvedQuery', variables: {} })
  result;

  get data() {
    return this.result?.data ? JSON.stringify(this.result.data, null, 2) : '';
  }
}

Miscellaneous Lightning components updates

In addition to these important LWC updates, there are several other changes to Lightning components:

• Additional TypeScript type definitions are now available for various base components.
• Omniscripts and Flexcards can now be reused within LWC components. This includes event support for communication between Omniscripts and LWC.
• Aura performance has been improved thanks to component dynamic boxcar optimization.

Apex updates in the Winter ’26 release

Apex is also getting several quality of life improvements for the Winter ’26 release. 

Test Discovery and Test Runner APIs

Salesforce is unifying the testing experience for Apex and flows with the new Test Discovery and Test Runner APIs. This update streamlines your development process by allowing you to retrieve and execute both Apex and flow tests from a single, centralized location, helping you build more reliable applications.

You can access this unified framework from the Setup menu by navigating to the Application Test Execution page.

Upload and download binary files with External Services

External Services can now handle binary file uploads and downloads for files up to 16 MB. This enhancement allows both Apex and flows to integrate directly with third-party services that use OpenAPI 3.0 for file transfers.

For example, the following OpenAPI 3.0 specification defines an action for uploading a document to Amazon S3 using a PUT operation.

openapi: 3.0.3
info:
  title: S3 file Upload
  version: 1.0.0
servers:
  - url: https://s3.amazonaws.com
paths:
  /{bucket}/{key}:
    parameters:
      - name: bucket
        in: path
        required: true
        schema: { type: string }
        description: S3 bucket name
      - name: key
        in: path
        required: true
        schema: { type: string }
        description: Object key (URL-encode if it contains '/')
    put:
      summary: Upload a binary object
      requestBody:
        required: true
        content:
          application/octet-stream:
            schema:
              type: string
              format: binary
      responses:
        '200':
          description: Uploaded
components:
  securitySchemes:
    awsSigV4:
      type: apiKey
      in: header
      name: Authorization
security:
  - awsSigV4: []

You can use contentDocumentId as the input to the body parameter instead of the entire binary blob, saving heap.

Miscellaneous Apex updates

In addition to these important updates, there are a couple of interesting changes to Apex:

• ApexDoc is the new, standardized way to add comments to your code. This format makes it easy for humans, documentation generators, and AI agents to understand your Apex codebase.
• In API version 65.0 and later, abstract and override methods require a protected, public, or global access modifier. If you try to declare an abstract or override method without one of the allowed access modifiers, you get a compilation error.

Agentforce monthly updates

Agentforce enables you to customize pre-built agents, or create and deploy new agents, that work seamlessly across Salesforce apps, Slack, third-party platforms, and other apps. We’re adding some important developer features in the upcoming monthly releases.

As a reminder, Salesforce releases Agentforce updates frequently, so keep an eye on the monthly release section of the Winter ’26 release notes for the latest information. You can also find features that went out before September in the monthly release section of the Summer ’25 release notes.

Agentforce DX

Create and test agents directly in a Salesforce DX project with Agentforce DX’s pro-code tools, such as the Salesforce CLI and the Salesforce VS Code extensions.

To work with Agentforce DX in VS Code or Code Builder, you’ll need to install the Agentforce DX VS Code extension manually as this extension is not included in the Salesforce Extension Pack at the time of writing.

Here are some Agentforce DX enhancements that were recently shipped:

• You can now enable Apex debug logging when you use the agent preview CLI command. When conversing with an agent, specify the new --apex-debug flag. With this new flag, when any conversation message executes Apex code, a new Apex debug log file is written to the specified output directory along with the transcript and response JSON files.
• When testing an agent where an utterance invokes an action, the test results can now include generated data details about the invoked action in JSON format. These details include any Apex classes or flows that were invoked, any Salesforce objects that were touched, and so on. Use the JSON structure of this information to build the test case JSONPath expression when using custom evaluations.
• You can activate and deactivate agents from the CLI using the new agent activate and agent deactivate commands.

Check out the release notes to learn more.

Dedicated setup UI for managing Lightning types in Agentforce

In the last release, we provided the ability to bring structured user interfaces to Employee Agents using standard and custom Lightning types. The October release will bring a new user interface to easily manage custom Lightning types. Check out the release notes to learn more.

Agent actions for AuraEnabled Apex (Beta)

Apex AuraEnabled controller methods can now be made available as agent actions by following these steps:

1. Install the Agentforce for Developers VS Code extension (this is part of the Salesforce Extension Pack, so you may already have it installed).
2. Generate OpenAPI documents for the Apex classes that have @AuraEnabled annotated methods.
3. Deploy these Apex classes. When you do so, the OpenAPI documents and their metadata are added to the API catalog and the methods become available as agent actions.

Structured outputs from custom agent actions in flows

With structured output, custom agent actions can now return specific fields that use data types, including objects and Apex types in flows. To learn more about this, check out the documentation.

Data Cloud monthly updates

Like Agentforce, Data Cloud gets updates on a monthly basis, so please keep an eye on the monthly release notes section for Data Cloud to learn more. If you missed features released in previous months, check out the monthly release notes section for the Summer ’25 release.

Document AI

Use Document AI in Data Cloud to create schemas and extract data from unstructured documents like invoices, resumes, and lab reports. You can use AI to automatically extract a schema from a source object. Alternatively, use the document schema builder to manually create a schema from a source object or build one from scratch. To learn more about Document AI, check this developer blog post.

Miscellaneous updates

• Data Cloud now supports federated authentication for zero copy connectors with Google BigQuery, Databricks, and Snowflake.
• You can ingest content from your website for Retrieval Augment Generation (RAG) directly from Data Cloud through the Web Content (Crawler) connector. Check out this developer blog post to learn how to implement it.

Salesforce Platform development tool updates

Salesforce CLI

Run Flow tests: You can run Flow tests directly from the Salesforce CLI. Below is an example command that runs tests for the Flow1 and Flow2 flows.

sf flow run test --target-org my-scratch --class-names Flow1 --class-names Flow2

This feature, along with the Test Discovery and Test Runner APIs that we covered earlier, opens the door to easily integrating flow tests in CI workflows.

Manage package upgrades from the CLI

Packaging push upgrades can now be managed with these new Salesforce CLI commands:

• package push-upgrade schedule: Schedule a push upgrade for an unlocked or second-generation managed package
• package push-upgrade abort: Cancel a push upgrade request
• package push-upgrade list: Display the status of all push upgrade requests for a specific package
• package push-upgrade report: Display detailed information for a specific push upgrade request

Safely move source code
Source mobility allows you to move source files inside your local Salesforce DX project without source-tracking and thinking that you’ve deleted and then recreated a metadata component. To opt out of this behavior, set the SF_DISABLE_SOURCE_MOBILITY environment variable to true (the value is false by default).

Display package dependency
You can now display the dependency graph for an unlocked or 2GP managed package version with the new package version displaydependencies CLI command.

Code Builder

Code Builder now supports sandboxes, and we have also improved Code Builder startup time.

Agentforce for Developers

The default Dev Assistant model is GPT-4o mini. We are also supporting multiple models across selected features.

Scale Test

The Winter ’26 release adds new powerful tools to Scale Test for performance validation. The new Scale Test for LDV Partners service delivers a cost-effective, production-grade environment with 500GB of storage for formal certifications. A new Agentforce Metrics dashboard provides insights into agent usage, latency, and errors to help teams plan more realistic tests. Pilot features include Live Test Monitoring & Debugging, which lets you track runs in real time, view detailed error traces, and stop individual scripts without halting the full test. We’re also piloting Load Generation from GitHub scripts, Client-Side Monitoring dashboards, and Playwright as a Load Type for end-to-end UI testing. Read more in the release notes.

Scale Center

Scale Center expands its insights with two major additions: Search Insights and Database Insights. Search Insights highlight entities that are never queried, queried but never clicked, or underused, helping teams to tune search for better performance. Database Insights surface inefficient SOQL queries with recommendations to improve database efficiency. All insights, including Report Insights, can now be generated on demand — up to three times per week per org — so customers get visibility when they need it. Scale Center is also now integrated into the Customer Success Score Portal, allowing customers to jump directly into the Investigations Analysis Portal with prepopulated context for faster root-cause analysis. Explore more in the release notes.

ApexGuru

ApexGuru strengthens its role as the Apex go-to Apex performance monitoring tool with several key enhancements in Winter ’26. Teams can now generate On-Demand Insights — up to three reports per week — that are aligned with sprint cycles for faster triage before deployment. A new Test Case Quality Insights feature scans test classes for antipatterns, filler logic, and outdated syntax to improve reliability and prevent inflated coverage in CI/CD pipelines. We’ve also introduced Platform Cache Detection for SOQL, which flags repeat queries that should be cached to reduce database load. Antipattern coverage has expanded with four new rules: sorting in Apex, inefficient Map creation, manual list copying, and loop-based aggregation. Together, these updates deliver smarter guardrails for building scalable, performant Salesforce applications. Read more in the release notes.

API updates

Metadata API updates

The metadata deployment status includes two new states for metadata deployments: Finalizing Deploy and Finalizing Deploy Failed. Along with these new states, an updated cancellation behavior ensures that deployments that are in their final stages of processing can’t be cancelled. This change safeguards metadata from potential corruption.

Also on the Deployment Settings detail page in Setup, view the number of files and total unzipped file size in bytes. Use this information to monitor the size of your deployments.

Track event publishing and consumption

The Event Studio dashboard is a new user interface where you can now track event publishing and consumption. Within this dashboard, you can understand how different events, such as platform events, event relays, and LWC, impact the publish and delivery entitlements in your Salesforce org, so that you can optimize your eventing strategy.

SOAP API login() call is being retired

As of Winter ’26 (API version 65.0), SOAP login() is no longer available. It will return an HTTP status code of 500 and the exception code UNSUPPORTED_API_VERSION.

You can continue to use login() in SOAP API versions 31.0 through 64.0 until Summer ’27 is released. At that time, login() in these SOAP API versions will be retired and unavailable, and applications using this setup will experience disruption. The requests will fail with an error message indicating that the login() endpoint has been deactivated.

Before Summer ’27 is released, customers and partners must modify or upgrade their applications to use external client apps for authentication. Learn more with this knowledge article.

More Winter ’26 learning resources

• Read the official release notes
• Join the Salesforce Developers Trailblazer Community group to connect with the global developer community
• Join the Release Readiness Trailblazers Community group to stay informed about the latest product enhancements and innovations across the Salesforce ecosystem

About the authors

Mohith Shrivastava is a Principal Developer Advocate at Salesforce with 14 years of experience building enterprise-scale products on the Salesforce Platform. Mohith is currently among the lead contributors on Salesforce Stack Exchange, a developer forum where Salesforce Developers can ask questions and share knowledge. You can follow him on LinkedIn.​​

Philippe Ozil is a Principal Developer Advocate at Salesforce, where he focuses on the Salesforce Platform. He writes technical content and speaks frequently at conferences. He is a full-stack developer and enjoys working with APIs, DevOps, robotics, and VR projects. Follow him on X, LinkedIn, and Bluesky, and check out his GitHub projects.

The post The Salesforce Developer’s Guide to the Winter ’26 Release appeared first on Salesforce Developers Blog.