Advanced Custom Fields version 5.11.1 is now available. This release introduces an admin notification related to the security fixes introduced in ACF 5.11.
In versions of ACF prior to 5.11, functions like get_field()
and the_field()
could also be used to retrieve WordPress options values or post meta values. This was a possible security risk so in ACF 5.11 we updated these functions. Using them to retrieve options or post meta data is no longer possible, and will return null
instead.
Additionally, any fields registered using the acf_add_local_field_group() and acf_add_local_field()PHP functions must be registered before get_field()
is used. We recommend registering these
fields on the acf/init action hook or directly in your theme’s functions.php
file.
This affected more people than we initially thought, and we didn’t communicate the impact of the change well enough. In an effort to help folks get ahead of problems on their sites, this update introduces a WordPress admin notice that will warn you if it detects that get_field
is being used on fields not registered in PHP correctly.
More information about this can be found in the Updates to ACF Field Functions in 5.11 guide.
👨💻 Please find the release notes below. For the latest ACF news, follow us on Twitter @wp_acf.
get_field()
and the_field()
will prevent access to non-ACF options only.
You can read more about this on the acf field functions documentation.
🙌 Thanks to everyone who helped make this release possible.
Speed up your workflow and unlock features to better develop websites using ACF Blocks and Options Pages, with the Flexible Content, Repeater, Clone, Gallery Fields & More.