Composer for Salesforce February26.26.0509 Release Notes
In these release notes, you can find packages, requirements, enhancements, and fixed and known issues for the Composer February26.26.0509 release. For documentation updates, see What's New in Composer Documentation.
This documentation may describe optional enhancements for which you have not purchased a license; therefore your solution or implementation may differ from what is described here. Contact your customer success manager (CSM) or account executive (AE) to discuss your specific enhancements and licensing.
Packages
The following packages and dependencies are required to upgrade to this release and use its enhancements. These are the minimum required versions; later versions are also supported. Prerequisites for each enhancement can be found in its documentation. Packages marked (New) are new for this release.
You can register your org for the Conga Upgrade Program, an automated tool that keeps all Conga managed packages in your Salesforce org (production or sandbox) updated to the latest versions. For more information, see Registering for Conga Upgrade Program.
| Package | Latest Certified Version | |
|---|---|---|
| Name | Number | |
Conga Composer (New) | Crestone Needle | 8.296 |
Salesforce CPQ: Conga Quotes (New) | Spring 2026 | 5.9 |
System Requirements and Supported Platforms
For requirements and recommendations to consider before installing the Conga product suite, see the System Requirements and Supported Platforms Matrix.
Enhancements
The following enhancements are new to Composer in this release.
PKCE-Based OAuth Flow for Composer Package
As part of ongoing security enhancements, Salesforce is enforcing Proof Key for Code Exchange (PKCE) and Refresh Token Rotation (RTR) for all OAuth-enabled applications. These are mandatory Salesforce security standards that apply to all connected integrations.There will be an auto-push of a new Conga Composer package to your sandbox and production Salesforce orgs on May 9th. Once the packages are auto-pushed, the running user will be prompted with a Salesforce pop-up to allow the new reduced OAuth scopes. Once allowed, all customers will continue to use their existing solutions as currently implemented.
Failure to install will result in your Conga Composer Lightning Component solutions to fail. The Salesforce changes to enforce this will be applied at 8PM UTC on May 11th. If your Salesforce org fails to receive the Composer auto-push on May 9th, you will be informed by Conga on May 10th to manually pull the Composer package by 8PM UTC on May 11th.
If you have technical questions, create a technical support case.
Fixed Issues
The following issues are fixed in this release. If any actions are required, they will be listed in this table.
| Case Number | Conga Internal ID | Description |
|---|---|---|
| 00967976 | COREAPPS-18928 | Task creation in Salesforce fails for users with or without the Conga Quote and Invoice Generation packages due to insufficient permissions errors triggered by the |
Known Issues
The following unresolved issues are known to Conga at the time of this release.
| Conga Internal ID | Description |
|---|---|
| COREAPPS-18940 | Non-admin users encounter an internal server error when attempting to generate documents or send emails via Conga Invoice Generation, despite having the expected permissions and configurations applied. |
| COREAPPS-18728 | The Conga Invoice Trigger Setup tab displays an error message "error=redirect_uri_mismatch&error_description=redirect_uri%20must%20match%20configuration" when attempting to refresh the token. This occurs due to mismatched redirect URI configurations. |
DOC ID: CMPFEB26PRN20260511