Release Date 24th March 2026

Fixes

• AJAX Handlers: Prefix field-specific nonces to resolve an issue where third-party nonces could be treated as valid for AJAX calls.
• Block Preview: Verify that user has access to post specified via block context.
• Repeater Field: Verify that user has access to specified post.
• REST API: Apply KSES sanitization to field content saved by users without unfiltered_html capabilities.
• REST API: Respect show_in_rest setting for field groups in /types endpoint.

Release Date 11th March 2026

Backports from 6.7.1

• Security - User field AJAX queries now enforce field-configured role restrictions and validate search permissions.
• Security - Post Object, Relationship, and Page Link field AJAX queries now enforce field-configured restrictions for post status, post type, and taxonomy.
• Site Health - Track blocks using auto inline editing.

Release Date 30 Dec 2025

Features

• Abilities integration: added field abilities for Field Groups and individual Fields.
• Abilities integration: added trash/untrash abilities for internal post types.
• All backports up to 6.7.0.2.
• JSON Schemas: Added all field schemas.
• WooCommerce HPOS: Added support for custom fields on any WooCommerce Order Types.
• Added PHPUnit tests.

Fixes

• Hide duplicated Command Palette Commands on WP 6.9+.
• Fix field schema validation for WP Rest API.
• Fix checkbox toggle functionality.

Release Date 10 Dec 2025

Features

• JSON Schemas: Added Options Pages schema.

Fixes

• Fixed too-early validation of schemas causing a fatal error.
• Fix block validation on WordPress 6.2.

Release Date 3 Dec 2025

Features

• Tested compatibility up to WordPress 6.9.
• Abilities support. Taxonomy abilities.
• JSON schemas. Taxonomy schema.

Release Date 19 Nov 2025

Features

• Backported features up to 6.6.0.
• Abilities API integration. Post Type abilities.
• JSON schemas validation infrastructure.

Fixes

• Fixed Function in network.php
• SCF label in "More" menu.
• Get the formatted_value from the original field value.
• Blocks V3: Fix flexible content not working in sidebar - modal.
• Use specific entity prefixes for key generation when duplicating entities.

Release Date 28 Aug 2025

Features

• Flexible Content layouts can now be renamed in the post editor, giving content editors better clarity when managing layouts.
• Flexible Content layouts can now be disabled, preventing them from rendering on the frontend without needing to delete their data.
• Flexible Content layouts can now be collapsed and expanded in bulk for faster content editing.
• Editing a Flexible Content layout now highlights the layout being edited, making it easier to identify.
• The Date and Date Time Picker fields can now be configured to default to the current date.
• Custom Icon Picker tabs now work correctly when used inside an ACF Block.
• Duplicating a Field Group no longer causes a fatal error when using Russian translations.
• ACF classes no longer use dynamic class properties, improving compatibility with PHP 8.2+.
• Field group metabox collapse and expand buttons are no longer misaligned in the post editor.
• HTML is now escaped from field validation errors and tooltips.
• Added a new source parameter to the /wp/v2/types REST API endpoint that allows filtering post types by their origin: core (WordPress built-in), scf (for SCF managed types), or other for the rest of CPTs.

Security

– Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor.
– HTML is now escaped from field group labels when output in the ACF admin.
– Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles.
– The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour.
– Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure.
– An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4.

Warning

Release discarded due to SVN errors.

Features

• Connect block attributes with custom fields via UI.
• Remove the word 'New' from default add-new* label values.

Bug Fixes

• Bug fix: Prevent fatal if class does not exist on Beta Features.

6.5.4

Release Date 30 Jul 2025

Revert from 6.5.2.

6.5.2

Release Date 30 Jul 2025

Features

• Connect block attributes with custom fields via UI.
• Remove the word 'New' from default add-new* label values.