Advanced Custom Fields version 5.9.6 is now available. This release contains a number of important bug fixes for both the ACF and ACF PRO plugins, which we hope you enjoy.
👨💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
Cross-site scripting or XSS is one of the most popular vulnerabilities among WordPress Core, Plugins and Themes. This vulnerability is best though of as a missing “filter” in the PHP pipeline when displaying user-generated content, which can allow unauthorized JavaScript code to be executed on a website.
We’re constantly making improvements to combat XSS and are excited to announce a new opt-in feature is available for testing. This feature will supercharge our plugins defense against XSS, and you can enable it early by adding the following code to your wp-config.php
:
define( 'ACF_EXPERIMENTAL_ESC_HTML', true );
For more information, please read our full GitHub thread here: Issue #500
ACF_EXPERIMENTAL_ESC_HTML
constant.
🙌 Thanks to everyone who helped make this release possible.