Salesforce ‘Apex got lot of enhancement in Winter 20 release. Some of security features are moved from Pilot to Beta version. Methods are added in classes for security and test frameworks. Let us see those enahncement.

Enforce Field-Level Security in Apex (Beta)

stripInaccessible method is used to strip the fields that the current user can’t access from query and subquery results. We can use it to remove inaccessible fields from sObjects before a DML operation to avoid exceptions. We can also use the method to sanitize sObjects that have been deserialized from an untrusted source.

This method was in Pilot stage and now it is moved in Beta version. In Winter ’20, we can use new enum with the stripInaccessible method to enforce field- and object-level checks for both insert and update.

How to use this method:

The stripInaccesible method checks the source records for subquery fields that don’t meet the field-level security check for the current user. The method returns a list of sObjects that contain only the fields that are accessible to the current user. If the user doesn’t have access to the relationship field from child to parent, the return list of sObjects doesn’t include the child relationship.

List<Account> accountsWithContacts =
	[SELECT Id, Name, Phone,
	    (SELECT Id, LastName, Phone FROM Account.Contacts)
	FROM Account];
  
// Strip fields that are not readable
   SObjectAccessDecision decision = Security.stripInaccessible(
	                                   AccessType.READABLE,
	                                   accountsWithContacts);
 
// Print stripped records
   for (Integer i = 0; i < accountsWithContacts.size(); i++) 
  {
      System.debug('Insecure record access: '+accountsWithContacts[i]);
      System.debug('Secure record access: '+decision.getRecords()[i]);
   }
 
// Print modified indexes
   System.debug('Records modified by stripInaccessible: '+decision.getModifiedIndexes());
 
// Print removed fields
   System.debug('Fields removed by stripInaccessible: '+decision.getRemovedFields());

If the user doesn’t have permission to read the Phone field of a Contacts object, above example code removes the subquery field before reading the records. The DML operation completes without throwing an exception.

Excluded Callouts from Long-Running Request Limit

Every org has a limit on the number of concurrent long-running Apex requests. This limit counts all requests that run for more than 5 seconds (total execution time). However, HTTP callout processing time is no longer included when calculating the 5-second limit. We pause the timer for the callout and resume it when the callout completes.

This change applies to callouts made directly from Apex, including SOAP callouts generated by WSDL2Apex. It also applies to callouts from other platform features, such as External Services and External Objects.

ApexSettings Metadata Type

ApexSettings metadata type is added to augment Apex testing with aggregate total tracking, serial execution, and prevention of auto-number gaps. We can also use ApexSettings to suppress debug log details in unhandled exception emails.

We can use the ApexSettings metadata type in many ways.

To enable tracking of aggregate, instead of detailed, totals for Apex test coverage data, use the new enableAggregateCodeCoverageOnly field.
To enable serial execution of Apex tests, use the new enableDisableParallelApexTesting field.
To suppress Apex debug log details in unhandled exception emails, use the new enableDoNotEmailDebugLog field.
To prevent Apex test executions from incrementing auto-number fields for non-test records and creating gaps, use the newenableGaplessTestAutoNum field.

Reference :

https://releasenotes.docs.salesforce.com/en-us/winter20/release-notes/rn_apex.htm

Salesforce Winter 20 Release – Feature Enhancements For Apex

Top 10 Salesforce Flow Features of Salesforce Summer ’25

Unlock the Power of Vibe Coding in Salesforce

How to Implement Dynamic Queueable Chaining in Salesforce Apex