Release Date 1st August 2024

• Fix - The ACF Shortcode now correctly outputs a comma separated list of values for arrays
• Fix - ACF Blocks rendered in auto mode now correctly re-render their previews after editing fields
• Fix - ACF Block validation no longer raises required validation messages if HTML will automatically select the first value when rendered
• Fix - ACF Block validation no longer raises required validation messages if a default value will be rendered as the field value
• Fix - ACF Block validation no longer raises required validation messages for fields hidden by conditional logic when adding a new block

Release Date 18th July 2024

• Security Fix - The ACF shortcode now prevents access to fields from different private posts by default. View the release notes for more information
• Fix - Users without the edit_posts capability but with custom capabilities for a editing a custom post type, can now correctly load field groups loaded via conditional location rules
• Fix - Block validation no longer validates a field’s sub fields on page load, only on edit. This resolves inconsistent validation errors on page load or when first adding a block
• Fix - Deactivating an ACF PRO license will now remove the license key even if the server call fails
• Fix - Field types returning objects no longer cause PHP warnings and errors when output via the_field, the_sub_field or the ACF shortcode, or when retrieved by a get_ function with the escape html parameter set
• Fix - Server side errors during block rendering now gracefully displays an error to the editor

Release Date 27th June 2024

• Enhancement - All dashicons are now available to the icon picker field type
• Fix - The True/False field now correctly shows it’s description message beside the switch when using the Stylized UI setting
• Fix - Conditional logic values now correctly load options when loaded over AJAX
• Fix - ACF PRO will no longer trigger license validation calls when loading a front-end page
• i18n - Fixed an untranslatable string on Option Page previews

Release Date 24th June 2024

• Security Fix - ACF now generates different nonces for each AJAX-enabled field, preventing subscribers or front-end form users from querying other field results
• Security Fix - ACF now correctly verifies permissions for certain editor only actions, preventing subscribers performing those actions
• Security Fix - Deprecated a legacy private internal field type (output) to prevent it being able to output unsafe HTML
• Security Fix - Improved handling of some SQL filters and other internal functions to ensure output is always correctly escaped
• Security Fix - ACF now includes blank index.php files in all folders to prevent directory listing of ACF plugin folders for incorrectly configured web servers

Release Date 4th June 2024

• Enhancement - Options Pages registered in the UI can now be duplicated
• Fix - ACF Block validation now correctly validates Repeater, Group, and Flexible Content fields
• Fix - ACF Block validation now correctly validates when a field is using a non-default return type
• Fix - Fields moved between field groups now correctly updates both JSON files
• Fix - Icon Picker fields now render correctly when using left-aligned labels
• Fix - Icon Picker fields no longer renders tabs if only one tab is selected for display
• Fix - Icon Picker fields no longer crash the post editor if no icon picker tabs are selected for displayed
• Fix - True/False field now better handles longer On/Off labels
• Fix - Select2 results loaded by AJAX for multi-select Taxonomy fields no longer double encode HTML entities

Release Date 22nd May 2024

• New - ACF now requires WordPress version 6.0 or newer, and PHP 7.4 or newer.
• New - ACF Blocks now support validation rules for fields. View the release notes for more information
• New - ACF Blocks now supports storing field data in the postmeta table rather than in the post content
• New - Conditional logic rules for fields now support selecting specific values for post objects, page links, taxonomies, relationships and users rather than having to enter the ID
• New - New Icon Picker field type for ACF and ACF PRO
• New - Icon selection for a custom post type menu icon
• New - Icon selection for an options page menu icon
• New - ACF now surfaces debug and status information in the WordPress Site Health area
• New - The escaped html notice can now be permanently dismissed
• Enhancement - Tab field now supports a selected attribute to specify which should be selected by default, and support class attributes
• Fix - Block Preloading now works reliably in WordPress 6.5 or newer
• Fix - Select2 results loaded by AJAX for post object fields no longer double encode HTML entities
• Fix - Custom post types registered with ACF will now have custom field support enabled by default to better support revisions
• Fix - The first preview after publishing a post in the classic editor now displays ACF fields correctly
• Fix - ACF fields and Flexible Content layouts are now correctly positioned while dragging
• Fix - Copying the title of a field inside a Flexible Content layout no longer adds whitespace to the copied value
• Fix - Flexible Content layout names are no longer converted to lowercase when edited
• Fix - ACF Blocks with attributes without a default now correctly register
• Fix - User fields no longer trigger a 404 when loading results if the nonce generated only contains numbers
• Fix - Description fields for ACF items now support being solely numeric characters
• Fix - The field group header no longer appears above the WordPress admin menu on small screens
• Fix - The acf/json/save_file_name filter now correctly applies when deleting JSON files
• i18n - All errors raised during ACF PRO license or update checks are now translatable
• Other - The ACF Shortcode is now disabled by default for new installations of ACF as discussed in the ACF 6.2.7 release notes

Release Date 8th April 2024

• Enhancement - The Select2 escapeMarkup function can now be overridden when initializing a custom Select2
• Fix - “Hide on Screen” settings are now correctly applied when using conditionally loaded field groups
• Fix - Field names are no longer converted to lowercase when editing the name
• Fix - Field group titles will no longer convert HTML entities into their encoded form

Release Date 2nd April 2024

• New - Support for the Block Bindings API in WordPress 6.5 with a new acf/field source. For more information on how to use this, please read the release blog post
• New - Support for performance improvements for translations in WordPress 6.5
• Enhancement - A new JS filter, select2_escape_markup now allows fields to customize select2's HTML escaping behavior
• Fix - Options pages can no longer set to have a parent of themselves
• Fix - ACF PRO license activations on multisite subsite installs will now use the correct site URL
• Fix - ACF PRO installed on multisite installs will no longer try to check for updates resulting in 404 errors when the updates page is not visible
• Fix - ACF JSON no longer produces warnings on Windows servers when no ACF JSON folder is found
• Fix - Field and layout names can now contain valid non-ASCII characters
• Other - ACF PRO now requires a valid license to be activated in order to use PRO features. Learn more

Release Date 27th February 2024

• Security Fix - the_field now escapes potentially unsafe HTML as notified since ACF 6.2.5. For full information, please read the release blog post
• Security Fix - Field and Layout names are now enforced to alphanumeric characters, resolving a potential XSS issue
• Security Fix - The default render template for select2 fields no longer allows HTML to be rendered resolving a potential XSS issue
• Security Enhancement - A acf/shortcode/prevent_access filter is now available to limit what data the ACF shortcode is allowed to access
• Security Enhancement - i18n translated strings are now escaped on output
• Enhancement - ACF now universally uses WordPress file system functions rather than native PHP functions

Release Date 7th February 2024

• Fix - Fatal JS error no longer occurs when editing fields in the classic editor when Yoast or other plugins which load block editor components are installed
• Fix - Using $escape_html on get functions for array returning field types no longer produces an Array to string conversion error