We introduced a new validation rule, ValidateExternalSignupUrl, on the Volunteer Job object. This rule ensures that the External Signup URL field doesn’t contain malicious code by validating that the field value begins with http, https, or mailto.
If this field has an invalid value, it will impact your ability to update the Volunteer Job record, and affect your volunteers' ability to report hours or update data on your Volunteer site. Therefore, we recommend that you check your External Signup URL field values on the Volunteer Job object and ensure that they comply with the new requirement. To get a list of your External Signup URL field values:
- Create a custom report using the Volunteer Jobs with Shifts & Hours report type.
- Add External Signup URL as a column.
- Add a filter for External Signup URL, with the Operator set to Does not contain, and the value set to http,https,mailto.
If you run into major issues, you can deactivate the new validation rule and create your own. Please keep in mind that if you disable the validation rule, you could be opening up your org to security issues.
- Addressed security issues on the PersonalSiteContactInfo page.
Sandbox & Scratch Orgs:
Production & Developer Edition Orgs: