Skip to content

6.5.7

Choose a tag to compare

View all tags
@cbravobernal cbravobernal released this 19 Sep 16:39
6.5.7
1506335

Release Date 28 Aug 2025

Features

  • Flexible Content layouts can now be renamed in the post editor, giving content editors better clarity when managing layouts.
  • Flexible Content layouts can now be disabled, preventing them from rendering on the frontend without needing to delete their data.
  • Flexible Content layouts can now be collapsed and expanded in bulk for faster content editing.
  • Editing a Flexible Content layout now highlights the layout being edited, making it easier to identify.
  • The Date and Date Time Picker fields can now be configured to default to the current date.
  • Custom Icon Picker tabs now work correctly when used inside an ACF Block.
  • Duplicating a Field Group no longer causes a fatal error when using Russian translations.
  • ACF classes no longer use dynamic class properties, improving compatibility with PHP 8.2+.
  • Field group metabox collapse and expand buttons are no longer misaligned in the post editor.
  • HTML is now escaped from field validation errors and tooltips.
  • Added a new source parameter to the /wp/v2/types REST API endpoint that allows filtering post types by their origin: core (WordPress built-in), scf (for SCF managed types), or other for the rest of CPTs.

Security

– Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor.
– HTML is now escaped from field group labels when output in the ACF admin.
– Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles.
– The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour.
– Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure.
– An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4.

Assets 2
Loading