Hi everyone. There will be a more formal announcement under the Epicor Ideas portal. But since this subject continues to be a very hot topic (and I continue to be tagged 
), I can share that with 2024.2 we have a new Sandbox class available in custom code. This class will continue evolving to provide safe solutions to some of the common but problematic code patterns we’ve identified. In this release, the theme is IO. You will find under Sandbox, equivalents of your favourite methods under System.IO. They will look almost identical with the difference that instead of passing an arbitrary path, you will be passing a path class that allows you access to relevant parts of server. This provides both safety as well as abstracting the filesystem so you don’t have to hardcode paths or try to figure out where things are. The same class will be available in the different flavours of custom code such as Functions, Data Directives and Method Directives.
And now, to dispel some FUD, I want to clarify that there’s no conspiracy to stop supporting customization and instead drive revenue to CSG. We continue to invest in our customization subsystem as it is one of the key features of Kinetic.
Code that we’ve marked as problematic is based on data from a combination of upgrading thousands of customers every year, performing regular security scans and many many support tickets. For example, the Dispose warning above is the cause of many customer down incidents as custom code consumes all SQL connections after running enough times without disposing of them.
So reigning in problematic patterns in custom code is here to stay. Whenever possible, we will be providing safe alternatives in the new Sandbox class. But certain things we don’t plan to support. Reflection for example is used to access things that are not part of the public API. As such, it makes for brittle code that will break on upgrade. If there’s something not public that you need access to, please create a support ticket or an Epicor Idea. Also, the CustomCodeAnalysis setting mentioned above was just a temporary setting while we introduced code analysis. Don’t rely on that as the solution as it is not long for this world.