Advanced Custom Fields version 6.3.9 is now available.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

Changelog

  • Security – Editing an ACF Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
  • Security – Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.8 further
  • Fix – ACF fields now correctly validate when used in the block editor and attached to the sidebar

For questions and help about this release, please contact our support team.