-
Fix Job Dashboard actions menu on Safari (#2947)
-
Harden submit-form session cookies (#2945)
-
Fixes a REST API information disclosure where the body, excerpt, and existence of listings restricted by view-capability were exposed to denied viewers. Restricted listings now return 404 indistinguishable from a missing post, including HEAD probes and listings that are also password-protected.
-
Fixes a data-loss bug where editors opening a password-protected listing in the block editor would save empty meta values (location, company name, application target).
-
Fixes a series of information disclosure issues affecting password-protected and capability-restricted job listings.
-
Harden stats AJAX endpoint input validation and rate limiting (#2938)
-
Company logo uploads now accept WebP images by default
-
New filter
job_manager_company_logo_allowed_mime_typesallows customizing allowed file types for the company logo field -
The salary currency field on the job submission form now correctly reflects the configured default currency in its placeholder and helper text.
-
Filled job listings are no longer exposed via the REST API.
-
Job categories are now included in the job RSS feed XML output.
-
Added
featured=truequery parameter support to the job RSS feed to allow filtering by featured listings only. -
Fixed PHP 8+ undefined array key warning in the widget caching methods.
-
Updated Twitter profile links to use the new
x.comdomain and updated related labels to “X / Twitter” to reflect the platform rebrand. -
Added a Settings link to the plugin action links on the Plugins screen for quicker access to plugin settings.