Advanced Custom Fields version 5.8.12 is now available. This release contains a number of improvements for both the ACF and ACF PRO plugins, which we hope you enjoy.
👨💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
A vulnerability was discovered allowing unescaped <script>
tags to be rendered within Select2 drop-downs and Relationship fields. This issue has been fixed, ensuring better security against malicious HTML found in post titles.
A bug was discovered causing WYSIWYG fields shown in the block editor sidebar to disappear when being “remounted” to the DOM. There are various scenarios when this is possible, the most common is when editing a block and toggling between Document and Block tabs. With this bug fixed, WYSIWYG fields will now always reappear as expected after being unmounted from the DOM.
A bug causing incorrect max length validation for the Text and Textarea fields has been fixed. This issue is specific to the acf_form()
function which runs all submitted content through the wp_kses() function for sanitization. As part of the sanitization process, some characters are converted into HTML entities (“&” => “&”) which caused our validation to treat ampersands as 5 characters in length.
acf.escHTML()
and acf.escAttr()
.acf_strlen()
.🙌 Thanks to everyone who helped make this release possible.