v6.4.3

• Security - Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor
• Security - HTML is now escaped from field group labels when output in the ACF admin
• Security - Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles
• Security - The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour
• Security - Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure
• Security - An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4

v6.4.2

• New - In ACF PRO, fields can now be added to WooCommerce Subscriptions when using HPOS
• Security - Changing a field type no longer enables the "Allow Access to Value in Editor UI" setting
• Fix - Paginated Repeater fields no longer save duplicate values when saving to a WooCommerce Order with HPOS disabled
• Fix - Blocks registered via acf_register_block_type() with a parent value of null no longer fail to register

Full Changelog: v6.4.0.1...v6.4.2

v.6.4.0.1-patched

v.6.4.0.1-patched

• Fixed: PHP TypeError /includes/class-acf-data.php (thanks to @nikola-wd)

Full Changelog: v6.4.0.1...v6.4.0.1-patched

v6.4.0.1

6.4.0.1

Release Date: April 8th, 2025

• Fix: Calling acf_get_reference() with an invalid field name no longer causes a fatal error

Full Changelog: v6.3.11...v6.4.0.1

v6.3.10

• Fixed bug found by @nikola-wd

Full Changelog: v3.6.10...v6.3.10

v6.3.4

v6.3.4

v6.3.0.1

v6.3.0.1

v6.2.9

Full Changelog: v6.2.7...v6.2.9

v6.2.7

Full Changelog: v6.2.4...v6.2.7

v6.0.6

v6.0.6