- Security - Editing an ACF Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
- Security - Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.8 further
- Fix - ACF fields now correctly validate when used in the block editor and attached to the sidebar
- Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)
- Security - Newly added fields now have to be explicitly set to allow access in the content editor (when using the ACF shortcode or Block Bindings) to increase the security around field permissions. See the release notes for more details
- Security Fix - Field labels are now correctly escaped when rendered in the Field Group editor, to prevent a potential XSS issue. Thanks to Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. for the responsible disclosure
- Fix - Validation and Block AJAX requests nonces will no longer be overridden by third party plugins
- Fix - Detection of third party select2 libraries will now default to v4 rather than v3
- Fix - Block previews will now display an error if the render template PHP file is not found
* Security Fix - This release resolves an XSS vulnerability in ACF’s admin pages (Thanks to Rafie Muhammad for the responsible disclosure)
* Fix - Duplicating fields in a new field group with field setting tabs disabled now behaves correctly
* Security Fix - ACF shortcode security fixes detailed [here](https://www.advancedcustomfields.com/blog/acf-6-0-3-release-security-changes-to-the-acf-shortcode-and-ui-improvements/#acf-shortcode)
* Improvement - Field names and keys now copy to clipboard on click, and do not open a field
* Fix - The field type input now has default focus when adding a new field
* Fix - ACF no longer publishes `h1`, `h2` or `h3` CSS classes outside of the ACF admin screens
* Fix - Conditional field settings now work correctly across different tabs
* Fix - The field list for sub fields are now full width
* Fix - ACF admin notices now display with correct margin
* Fix - Admin CSS improvements when using ACF in an RTL language
* Fix - Clone fields now have the presentation tab for setting wrapper properties when in group display mode
* Fix - Appended labels on field settings will now be displayed in the correct place
* Accessibility - The move field modal is now keyboard and screen reader accessible
* Enhancement - Added PHP validation for the Email field (previously relied solely on browser validation).
* Fix - Added support for PHP 8.0 (fixed logged warnings).
* Fix - Added support for jQuery 3.5 (fixed logged warnings).
* Fix - Fixed bug causing WYSIWYG field to appear unresponsive within the Gutenberg editor.
* Fix - Fixed regression preventing "blog_%d" and "site_%d" as valid `$post_id` values for custom Taxonomy terms.
* Fix - Fixed bug causing Radio field label to select first choice.
* Fix - Fixed bug preventing preloading blocks that contain multiple parent DOM elements.
* i18n - Updated Japanese translation thanks to Ryo Takahashi.
* i18n - Updated Portuguese translation thanks to Pedro Mendonça.
Release Date - 15 February 2019*
- Fix - Added missing function
register_field_group()
.- Fix - Fixed PHP 5.4 error "Can't use function return value in write context".
- Fix - Fixed bug causing wp_options values to be slashed incorrectly.
- Fix - Fixed bug where "sync" feature imported field groups without fields.
- Fix - Fixed bug preventing
get_field_object()
working with a field key.- Fix - Fixed bug causing incorrect results in
get_sub_field()
.- Fix - Fixed bug causing draft and preview issues with serialized values.
- Fix - Fixed bug causing reversed field group metabox order.
- Fix - Fixed bug causing incorrect character count when validating values.
- Fix - Fixed bug showing incorrect choices for post_template location rule.
- Fix - Fixed bug causing incorrect value retrieval after
switch_to_blog()
.- i18n - Updated Persian translation thanks to Majix.
* Fix - Fixed bug preventing metaboxes from saving if validation fails within Gutenberg.
* Fix - Fixed bug causing unload prompt to show incorrectly within Gutenberg.
* Fix - Fixed JS error when selecting taxonomy terms within Gutenberg.
* Fix - Fixed bug causing jQuery sortable issues within other plugins.
* Tweak - Improved loading translations by adding fallback from region to country when .mo file does not exit.
* Tweak - Improved punctuation throughout admin notices.
* Tweak - Improved performance and accuracy when loading a user field value.
* Dev - Added filter 'acf/get_locale' to customize the locale used to load translations.
* Dev - Added filter 'acf/allow_unfiltered_html' to customize if current user can save unfiltered HTML.
* Dev - Added new data storage functions `acf_register_store()` and `acf_get_store()`.
* Dev - Moved from .less to .scss and minified all css.
* i18n - Updated French translation thanks to Maxime Bernard-Jacquet.
* i18n - Updated Czech translation thanks to David Rychly.
*Release Date - 12 September 2018*
* Fix - Fixed unload prompt not working.
* Dev - Reduced number of queries needed to populate the relationship field taxonomy filter.
* Dev - Added 'nav_menu_item_id' and 'nav_menu_item_depth' to get_field_groups() query.
* Dev - Reordered various actions and filters for more usefulness.
* i18n - Updated Polish language thanks to Dariusz Zielonka