Releases: AdvancedCustomFields/acf
Releases Β· AdvancedCustomFields/acf
Advanced Custom Fields v6.4.0.1
Advanced Custom Fields v6.4.0
Release Date 7th April 2025
- New - In ACF PRO, fields can now be added to WooCommerce orders when using HPOS
- Enhancement - The "Escaped HTML" warning notice is now disabled by default
- Enhancement - ACF now uses Composer to autoload some classes
- Fix - Repeater pagination now works when the Repeater is inside a Group field
- Fix - Various translations are no longer called before the WordPress
initaction hook - Security - Link field no longer has a minor local XSS vulnerability
- i18n - Various British English translation strings no longer have a quoting issue breaking links
- i18n - Added Dutch (formal) translations (props @toineenzo)
Contributors
toineenzo
Assets 3
Advanced Custom Fields v6.3.12
Release Date 21st January 2025
- Enhancement - Error messages that occur when field validation fails due an insufficient security nonce now have additional context
- Fix - Duplicated ACF blocks no longer lose their field values after the initial save when block preloading is enabled
- Fix - ACF Blocks containing complex field types now behave correctly when React StrictMode is enabled
Advanced Custom Fields v6.3.11
Release Date 12th November 2024
- Enhancement - Field Group keys are now copyable on click
- Fix - Repeater tables with fields hidden by conditional logic now render correctly
- Fix - ACF Blocks now behave correctly in React StrictMode
- Fix - Edit mode is no longer available to ACF Blocks with an WordPress Block API version of 3 as field editing is not supported in the iframe
Advanced Custom Fields v6.3.10
Release Date 29th October 2024
- Security - Setting a metabox callback for custom post types and taxonomies now requires being an admin, or super admin for multisite installs
- Security - Field specific ACF nonces are now prefixed, resolving an issue where third party nonces could be treated as valid for AJAX calls
- Enhancement - A new βClose and Add Fieldβ option is now available when editing a field group, inserting a new field inline after the field being edited
- Enhancement - ACF and ACF PRO now share the same plugin updater for improved reliability and performance
- Fix - Exporting post types and taxonomies containing metabox callbacks now correctly exports the user defined callback
- Fix - ACF Free no longer causes a fatal error when WPML is active
- Fix - ACF Free no longer causes a fatal error when any unsupported legacy ACF addons are active
Advanced Custom Fields v6.3.9
Release Date 15th October 2024
- Security - Editing an ACF Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
- Security - Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.8 further
- Fix - ACF fields now correctly validate when used in the block editor and attached to the sidebar
Advanced Custom Fields v6.3.8
Release Date 7th October 2024
- Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)
Advanced Custom Fields v6.3.7
Release Date 2nd October 2024
- Security - ACF Free now uses its own update mechanism from WP Engine servers
Advanced Custom Fields v6.3.6
Release Date 28th August 2024
- Security - Newly added fields now have to be explicitly set to allow access in the content editor (when using the ACF shortcode or Block Bindings) to increase the security around field permissions. See the release notes for more details
- Security Fix - Field labels are now correctly escaped when rendered in the Field Group editor, to prevent a potential XSS issue. Thanks to Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. for the responsible disclosure
- Fix - Validation and Block AJAX requests nonces will no longer be overridden by third party plugins
- Fix - Detection of third party select2 libraries will now default to v4 rather than v3
- Fix - Block previews will now display an error if the render template PHP file is not found
Advanced Custom Fields v6.3.5
Release Date 1st August 2024
- Fix - The ACF Shortcode now correctly outputs a comma separated list of values for arrays
- Fix - ACF Blocks rendered in auto mode now correctly re-render their previews after editing fields
- Fix - ACF Block validation no longer raises required validation messages if HTML will automatically select the first value when rendered
- Fix - ACF Block validation no longer raises required validation messages if a default value will be rendered as the field value
- Fix - ACF Block validation no longer raises required validation messages for fields hidden by conditional logic when adding a new block