v6.4.3

mavrokordato · mavrokordato · commit 1500a767ad77 · 2025-07-29T11:44:24.000+07:00
* Security - Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor
* Security - HTML is now escaped from field group labels when output in the ACF admin
* Security - Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles
* Security - The `acf.escHtml` function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new `esc_html_dompurify_config` JS filter can be used to modify the default behaviour
* Security - Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure
* Security - An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4

Signed-off-by: mavrokordato &lt;info@wordpress-premium.net&gt;
diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
   "name": "wordpress-premium/advanced-custom-fields-pro",
   "description": "Advanced Custom Fields",
   "type": "wordpress-plugin",
-  "license": "GPLv2 or later",
+  "license": "GPL-2.0-or-later",
   "autoload": {
     "psr-4": {
       "ACF\\": "src/"
