thanks to dear member @anne51 updated Advanced Custom Fields Pro - WordPress advanced custom fields with a new update entry:
27th June 2024
Read the rest of this update entry...
27th June 2024
Read the rest of this update entry...
* Enhancement - All dashicons are now available to the icon picker field type
* Fix - The True/False field now correctly shows it’s description message beside the switch when using the Stylized UI setting
* Fix - Conditional logic values now correctly load options when loaded over AJAX
* Fix - ACF PRO will no longer trigger license validation calls when loading a front-end page
* i18n - Fixed an untranslatable string on Option Page previews
* Security Fix - The ACF shortcode now prevents access to fields from different private posts by default. View the [release notes](https://www.advancedcustomfields.com/blog/acf-6-3-4) for more information
* Fix - Users without the `edit_posts` capability but with custom capabilities for a editing a custom post type, can now correctly load field groups loaded via conditional location rules
* Fix - Block validation no longer validates a field’s sub fields on page load, only on edit. This...
* Fix - The ACF Shortcode now correctly outputs a comma separated list of values for arrays
* Fix - ACF Blocks rendered in auto mode now correctly re-render their previews after editing fields
* Fix - ACF Block validation no longer raises required validation messages if HTML will automatically select the first value when rendered
* Fix - ACF Block validation no longer raises required validation messages if a default value will be rendered as the field value
* Fix - ACF Block validation no...
* Security - Newly added fields now have to be explicitly set to allow access in the content editor (when using the ACF shortcode or Block Bindings) to increase the security around field permissions. [See the release notes for more details](https://www.advancedcustomfields.com/blog/acf-6-3-6/#field-value-access-editor)
* Security Fix - Field labels are now correctly escaped when rendered in the Field Group editor, to prevent a potential XSS issue. Thanks to Ryo Sotoyama of Mitsui Bussan...
* Security - ACF Free now uses its own update mechanism from WP Engine servers
* Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)
* Security - Editing an ACF Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
* Security - Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.8 further
* Fix - ACF fields now correctly validate when used in the block editor and attached to the sidebar
* Security - Setting a metabox callback for custom post types and taxonomies now requires being an admin, or super admin for multisite installs
* Security - Field specific ACF nonces are now prefixed, resolving an issue where third party nonces could be treated as valid for AJAX calls
* Enhancement - A new “Close and Add Field” option is now available when editing a field group, inserting a new field inline after the field being edited
* Enhancement - ACF and ACF PRO now share the same...
* Enhancement - Field Group keys are now copyable on click
* Fix - Repeater tables with fields hidden by conditional logic now render correctly
* Fix - ACF Blocks now behave correctly in React StrictMode
* Fix - Edit mode is no longer available to ACF Blocks with an WordPress Block API version of 3 as field editing is not supported in the iframe
* Enhancement - Error messages that occur when field validation fails due an insufficient security nonce now have additional context
* Fix - Duplicated ACF blocks no longer lose their field values after the initial save when block preloading is enabled
* Fix - ACF Blocks containing complex field types now behave correctly when React StrictMode is enabled