Advanced Custom Fields version 5.11.1 is now available. This release introduces an admin notification related to the security fixes introduced in ACF 5.11.
In versions of ACF prior to 5.11, functions like
the_field() could also be used to retrieve WordPress options values or post meta values. This was a possible security risk so in ACF 5.11 we updated these functions. Using them to retrieve options or post meta data is no longer possible, and will return
Additionally, any fields registered using the acf_add_local_field_group() and acf_add_local_field()PHP functions must be registered before
get_field() is used. We recommend registering these
fields on the acf/init action hook or directly in your theme’s
This affected more people than we initially thought, and we didn’t communicate the impact of the change well enough. In an effort to help folks get ahead of problems on their sites, this update introduces a WordPress admin notice that will warn you if it detects that
get_field is being used on fields not registered in PHP correctly.
More information about this can be found in the Updates to ACF Field Functions in 5.11 guide.
👨💻 Please find the release notes below. For the latest ACF news, follow us on Twitter @wp_acf.
the_field()will prevent access to non-ACF options only. You can read more about this on the acf field functions documentation.
🙌 Thanks to everyone who helped make this release possible.