Advanced Custom Fields v6.3.4

Release Date 18th July 2024

• Security Fix - The ACF shortcode now prevents access to fields from different private posts by default. View the release notes for more information
• Fix - Users without the edit_posts capability but with custom capabilities for a editing a custom post type, can now correctly load field groups loaded via conditional location rules
• Fix - Block validation no longer validates a field’s sub fields on page load, only on edit. This resolves inconsistent validation errors on page load or when first adding a block
• Fix - Deactivating an ACF PRO license will now remove the license key even if the server call fails
• Fix - Field types returning objects no longer cause PHP warnings and errors when output via the_field, the_sub_field or the ACF shortcode, or when retrieved by a get_ function with the escape html parameter set
• Fix - Server side errors during block rendering now gracefully displays an error to the editor

Advanced Custom Fields v6.3.3

Release Date 27th June 2024

• Enhancement - All dashicons are now available to the icon picker field type
• Fix - The True/False field now correctly shows it’s description message beside the switch when using the Stylized UI setting
• Fix - Conditional logic values now correctly load options when loaded over AJAX
• Fix - ACF PRO will no longer trigger license validation calls when loading a front-end page
• i18n - Fixed an untranslatable string on Option Page previews

Advanced Custom Fields v6.3.2

Release Date 24th June 2024

• Security Fix - ACF now generates different nonces for each AJAX-enabled field, preventing subscribers or front-end form users from querying other field results
• Security Fix - ACF now correctly verifies permissions for certain editor only actions, preventing subscribers performing those actions
• Security Fix - Deprecated a legacy private internal field type (output) to prevent it being able to output unsafe HTML
• Security Fix - Improved handling of some SQL filters and other internal functions to ensure output is always correctly escaped
• Security Fix - ACF now includes blank index.php files in all folders to prevent directory listing of ACF plugin folders for incorrectly configured web servers

Advanced Custom Fields v6.3.1

Release Date 4th June 2024

• Enhancement - Options Pages registered in the UI can now be duplicated
• Fix - ACF Block validation now correctly validates Repeater, Group, and Flexible Content fields
• Fix - ACF Block validation now correctly validates when a field is using a non-default return type
• Fix - Fields moved between field groups now correctly updates both JSON files
• Fix - Icon Picker fields now render correctly when using left-aligned labels
• Fix - Icon Picker fields no longer renders tabs if only one tab is selected for display
• Fix - Icon Picker fields no longer crash the post editor if no icon picker tabs are selected for displayed
• Fix - True/False field now better handles longer On/Off labels
• Fix - Select2 results loaded by AJAX for multi-select Taxonomy fields no longer double encode HTML entities

Advanced Custom Fields v6.3.0

Release Date 22nd May 2024

• New - ACF now requires WordPress version 6.0 or newer, and PHP 7.4 or newer.
• New - ACF Blocks now support validation rules for fields. View the release notes for more information
• New - ACF Blocks now supports storing field data in the postmeta table rather than in the post content
• New - Conditional logic rules for fields now support selecting specific values for post objects, page links, taxonomies, relationships and users rather than having to enter the ID
• New - New Icon Picker field type for ACF and ACF PRO
• New - Icon selection for a custom post type menu icon
• New - Icon selection for an options page menu icon
• New - ACF now surfaces debug and status information in the WordPress Site Health area
• New - The escaped html notice can now be permanently dismissed
• Enhancement - Tab field now supports a selected attribute to specify which should be selected by default, and support class attributes
• Fix - Block Preloading now works reliably in WordPress 6.5 or newer
• Fix - Select2 results loaded by AJAX for post object fields no longer double encode HTML entities
• Fix - Custom post types registered with ACF will now have custom field support enabled by default to better support revisions
• Fix - The first preview after publishing a post in the classic editor now displays ACF fields correctly
• Fix - ACF fields and Flexible Content layouts are now correctly positioned while dragging
• Fix - Copying the title of a field inside a Flexible Content layout no longer adds whitespace to the copied value
• Fix - Flexible Content layout names are no longer converted to lowercase when edited
• Fix - ACF Blocks with attributes without a default now correctly register
• Fix - User fields no longer trigger a 404 when loading results if the nonce generated only contains numbers
• Fix - Description fields for ACF items now support being solely numeric characters
• Fix - The field group header no longer appears above the WordPress admin menu on small screens
• Fix - The acf/json/save_file_name filter now correctly applies when deleting JSON files
• i18n - All errors raised during ACF PRO license or update checks are now translatable
• Other - The ACF Shortcode is now disabled by default for new installations of ACF as discussed in the ACF 6.2.7 release notes

Advanced Custom Fields v6.2.9

Release Date 8th April 2024

• Enhancement - The Select2 escapeMarkup function can now be overridden when initializing a custom Select2
• Fix - “Hide on Screen” settings are now correctly applied when using conditionally loaded field groups
• Fix - Field names are no longer converted to lowercase when editing the name
• Fix - Field group titles will no longer convert HTML entities into their encoded form

Advanced Custom Fields v6.2.8

Release Date 2nd April 2024

• New - Support for the Block Bindings API in WordPress 6.5 with a new acf/field source. For more information on how to use this, please read the release blog post
• New - Support for performance improvements for translations in WordPress 6.5
• Enhancement - A new JS filter, select2_escape_markup now allows fields to customize select2's HTML escaping behavior
• Fix - Options pages can no longer set to have a parent of themselves
• Fix - ACF PRO license activations on multisite subsite installs will now use the correct site URL
• Fix - ACF PRO installed on multisite installs will no longer try to check for updates resulting in 404 errors when the updates page is not visible
• Fix - ACF JSON no longer produces warnings on Windows servers when no ACF JSON folder is found
• Fix - Field and layout names can now contain valid non-ASCII characters
• Other - ACF PRO now requires a valid license to be activated in order to use PRO features. Learn more

Advanced Custom Fields v6.2.7

Release Date 27th February 2024

• Security Fix - the_field now escapes potentially unsafe HTML as notified since ACF 6.2.5. For full information, please read the release blog post
• Security Fix - Field and Layout names are now enforced to alphanumeric characters, resolving a potential XSS issue
• Security Fix - The default render template for select2 fields no longer allows HTML to be rendered resolving a potential XSS issue
• Security Enhancement - A acf/shortcode/prevent_access filter is now available to limit what data the ACF shortcode is allowed to access
• Security Enhancement - i18n translated strings are now escaped on output
• Enhancement - ACF now universally uses WordPress file system functions rather than native PHP functions

Advanced Custom Fields v6.2.6.1

Release Date 7th February 2024

• Fix - Fatal JS error no longer occurs when editing fields in the classic editor when Yoast or other plugins which load block editor components are installed
• Fix - Using $escape_html on get functions for array returning field types no longer produces an Array to string conversion error

Advanced Custom Fields v6.2.6

Release Date 6th February 2024

• Enhancement - The get_field() and other get_ functions now support an escape_html parameter which return an HTML safe field value
• Enhancement - The URL field will be now escaped with esc_url rather than wp_kses_post when returning an HTML safe value
• Fix - ACF fields will now correctly save into the WordPress created revision resolving issues with previews of drafts on WordPress 6.4 or newer.
• Fix - Multisite subsites will now correctly be activated by the main site where the ACF PRO license allows, hiding the updates page on those subsites
• Fix - Field types in which the required property would have no effect (such as the tab, or accordion) will no longer show the option
• Fix - Duplicating a field group now maintains the current page of field groups being displayed
• Fix - Fields in ACF Blocks in edit mode in hybrid themes will now use ACF’s styling, rather than some attributes being overridden by the theme
• Fix - Text in some admin notices will no longer overlap the dismiss button
• Fix - The word link is now prohibited from being used as a CPT name to avoid a WordPress core conflict
• Fix - Flexible content layouts can no longer be duplicated over their maximum count limit
• Fix - All ACF notifications shown outside of ACF’s admin screens are now prefixed with the plugin name
• Fix - ACF no longer checks if a polyfill is needed for <PHP7 and the polyfill has been removed.