Secure Custom Fields

変更履歴

6.7.1

Release Date 10 Dec 2025

特長

• JSON Schemas: Added Options Pages schema.

Fixes

• Fixed too-early validation of schemas causing a fatal error.
• Fix block validation on WordPress 6.2.

6.7.0

Release Date 3 Dec 2025

特長

• Tested compatibility up to WordPress 6.9.
• Abilities support. Taxonomy abilities.
• JSON schemas. Taxonomy schema.

6.6.0

Release Date 19 Nov 2025

特長

• Backported features up to 6.6.0.
• Abilities API integration. Post Type abilities.
• JSON schemas validation infrastructure.

Fixes

• Fixed Function in network.php
• SCF label in “More” menu.
• Get the formatted_value from the original field value.
• Blocks V3: Fix flexible content not working in sidebar – modal.
• Use specific entity prefixes for key generation when duplicating entities.

6.5.7

Release Date 28 Aug 2025

特長

• Flexible Content layouts can now be renamed in the post editor, giving content editors better clarity when managing layouts.
• Flexible Content layouts can now be disabled, preventing them from rendering on the frontend without needing to delete their data.
• Flexible Content layouts can now be collapsed and expanded in bulk for faster content editing.
• Editing a Flexible Content layout now highlights the layout being edited, making it easier to identify.
• The Date and Date Time Picker fields can now be configured to default to the current date.
• Custom Icon Picker tabs now work correctly when used inside an ACF Block.
• Duplicating a Field Group no longer causes a fatal error when using Russian translations.
• ACF classes no longer use dynamic class properties, improving compatibility with PHP 8.2+.
• Field group metabox collapse and expand buttons are no longer misaligned in the post editor.
• HTML is now escaped from field validation errors and tooltips.
• Added a new source parameter to the /wp/v2/types REST API endpoint that allows filtering post types by their origin: core (WordPress built-in), scf (for SCF managed types), or other for the rest of CPTs.

Security

– Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor.
– HTML is now escaped from field group labels when output in the ACF admin.
– Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles.
– The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour.
– Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure.
– An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4.

6.5.6

Release discarded due to SVN errors.

6.5.5

Release Date 31 Jul 2025

特長

• Connect block attributes with custom fields via UI.
• Remove the word ‘New’ from default add-new* label values.

Bug Fixes

• Bug fix: Prevent fatal if class does not exist on Beta Features.

6.5.4

Release Date 30 Jul 2025

Revert from 6.5.2.

6.5.2

Release Date 30 Jul 2025

特長

• Connect block attributes with custom fields via UI.
• Remove the word ‘New’ from default add-new* label values.

6.5.1

Release Date 2 Jul 2025

Bug Fixes

• Command Palette: Use @wordpress\icons instead of Dashicons.

6.5.0

Release Date 23 Jun 2025

Enhancements & Features

• Added Command Palette support.
• Added editor preview to acf-field source.
• Added an endpoint to retrieve the custom fields of a post type.
• Added nav menu as field type.
• Added compatibility with Woo HPOS for order fields and subscriptions. ( Ported from ACF )
• Create new options when editing a fields value on Selector. ( Ported from ACF )
• The “Escaped HTML” warning notice is now disabled by default. ( Ported from ACF )
• Added new acf/fields/icon_picker/{tab_name}/icons filter ( Ported from ACF )

Bug Fixes

• Update initialization of the acfL10n object to ensure it’s available globally.
• SCF Blocks are now forced into preview mode when editing a synced pattern. ( Ported from ACF )
• SCF no longer causes an infinite loop in bbPress when editing replies. ( Ported from ACF )
• Changing a field type no longer enables the “Allow Access to Value in Editor UI” setting. ( Ported from ACF )
• Blocks registered via acf_register_block_type() with a parent value of null no longer fail to register. ( Ported from ACF )
• Fix AJAX repeater pagination. ( Ported from ACF )
• Paginated Repeater fields no longer save duplicate values when saving to a WooCommerce Order with HPOS disabled ( Ported from ACF )

Testing

• Added an initial batch of e2e tests.

6.4.2

リリース日 – 2025年4月14日

• Resolved issue with shortcode translation not parsing correctly.
• Improve validation for an URL on field admin.

6.4.1

リリース日 – 2025年3月7日

• Forked from Advanced Custom Fields®
• Various updates to coding standards.
• Updated to rely on the WordPress.org translation packs for all strings.

6.3.9

リリース日 – 2024年10月22日

• Version update release

6.3.6.3

リリース日 – 2024年10月15日

• Security – Editing a Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
• Security – Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.6.2 even further
• Fix – SCF Fields now correctly validate when used in the block editor and attached to the sidebar

6.3.6.2

リリース日 – 2024年10月12日

• Security – Harden fix in 6.3.6.1 to cover $_REQUEST as well.
• Fork – Change name of plugin to Secure Custom Fields.

6.3.6.1

リリース日 – 2024年10月7日

• Security – SCF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)