Composer for Advantage Platform 202605.2.0 Release Notes
In these release notes, you can find enhancements and fixed and known issues for the Composer 202605.2.0 release. For documentation updates, see What's New in Composer Documentation.
This documentation may describe optional enhancements for which you have not purchased a license; therefore your solution or implementation may differ from what is described here. Contact your customer success manager (CSM) or account executive (AE) to discuss your specific enhancements and licensing.
Enhancements
The following enhancements are new to Composer in this release.
Salesforce PKCE Compliance for Batch OAuth Path
Batch supports Salesforce Proof Key for Code Exchange (PKCE) compliance for OAuth authorization code flow in Conductor-hosted flows. The hosted OAuth proxy path includes the required code_challenge and code_verifier parameters, enabling secure authentication with Connected Apps that require PKCE. Failure handling is enhanced for invalid verifiers, expired authentication states, or callback mismatches.
PKCE Enforcement for Trigger Connected Apps OAuth Flow
Trigger Connected Apps now require Proof Key for Code Exchange (PKCE) for the authorization code flow, with isPkceRequired=true enforced across all five apps. The hosted OAuth proxy and authorization flow support PKCE end-to-end, maintaining compatibility with Trigger setup, dashboard, and formula experiences.
Salesforce Proof Key for Code Exchange (PKCE) and Refresh Token Rotation (RTR) supported for Composer, Batch, and Trigger.
As part of ongoing security enhancements, Salesforce is enforcing Proof Key for Code Exchange (PKCE) and Refresh Token Rotation (RTR) for all OAuth-enabled applications. These are mandatory Salesforce security standards that apply to all connected integrations. To comply with these requirements, the Conga Composer, Batch, and Trigger OAuth architecture has been updated.
- Note: Composer SF1 mobile solutions will fail in the new 8.298 Composer package until a backend fix is implemented on June 13th. On June 13th, all Composer SF1 mobile solutions will continue to function normally.
Fixed Issues
The following issues are fixed in this release. If any actions are required, they will be listed in this table.
| Case Number | Conga Internal ID | Description |
|---|---|---|
| 00968926 | COREAPPS-19023 | Composer API EU Preview merge requests fail in newly created Salesforce orgs. |
Known Issues
The following unresolved issues are known to Conga at the time of this release.
| Conga Internal ID | Description |
|---|---|
| COREAPPS-19440 | Using the PlatformComposer=1 parameter produces an Oauth error: Failed the authorization response. |
| COREAPPS-19373 | Composer using Box integration encounter a failure during merges with the following error: Missing Box Token. The Box Token is rendered invalidated and must be reset at the Composer Setup menu. |
| COREAPPS-19138 | Scheduled Batch sessions for Conga Invoice fail to execute. |
| COREAPPS-18324 | When using PlatformComposer=1 in Conga Composer with Salesforce data, merge fields referencing inner fields on the Owner lookup (eg FullName field on User) do not populate in the generated document - despite the fields being available in Template Builder & View Data Workbook |
| COREAPPS-17938 | When using the DS7=17 or DocuSignTag=1 parameters, DocuSign status values fail to update in the Salesforce environment. This issue is not encountered when using DS7=7. |
| COREAPPS-5755 | Users are not receiving the Trigger Alert Notification email when they have exceeded their daily limits of Trigger events. |
DOC ID: CMPRLP202605.2.0RN20260612