github AdvancedCustomFields/acf 6.4.3
Advanced Custom Fields v6.4.3
on GitHub

latest release: 6.5.0
one month ago

Release Date 22nd July 2025

  • Security - Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor
  • Security - HTML is now escaped from field group labels when output in the ACF admin
  • Security - Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles
  • Security - The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour
  • Security - Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure
  • Security - An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4
Check out latest releases or
releases around AdvancedCustomFields/acf 6.4.3

Don't miss a new acf release

NewReleases is sending notifications on new releases.

Get notifications