Release Notes - The Resume Link

Authentication Hardening and Account Recovery Protection

April 2, 2026

Security controls were expanded across login, logout, and password recovery workflows to reduce abuse risk and improve account protection.

Converted sign-out to a CSRF-protected POST flow and blocked GET-based logout requests across shared navigation.
Added login throttling with IP and email windows plus lockout behavior and operator alerting on limit trips.
Added reset-password submit throttling with IP and token windows plus lockout behavior and operator alerting.
Raised password policy enforcement to a configurable minimum length (`PASSWORD_MIN_LENGTH`, default 10; bounded 8-128) for signup and password reset.
Normalized forgot-password account lookup responses to reduce account enumeration while preserving recaptcha and rate-limit safeguards.

Dashboard Phone Privacy Toggle Visibility Refinement

April 2, 2026

The Contact Details privacy toggle behavior was refined so phone visibility controls only appear when they are actionable.

Updated dashboard logic so the Show phone number on public resume toggle is displayed only when a verified 10-digit phone number exists.
Added inline helper messaging when phone is not verified to explain why the visibility toggle is temporarily unavailable.
Added real-time UI sync so the toggle appears immediately after verification and hides immediately if phone is removed/unverified.
Preserved each account’s saved phone-visibility preference while controls are hidden, so prior privacy choices are retained.

Public Phone Privacy Controls and Template Rollout

April 2, 2026

Phone visibility on public resumes is now controlled by user preference and verification status for stronger privacy-by-default behavior.

Added a new Contact Details toggle to explicitly show or hide the phone number on the public resume.
Persisted the new phone visibility preference in profile content storage through the dashboard save flow.
Updated active resume themes so phone details render only when a verified phone exists and visibility is enabled.
Removed phone label/icon blocks automatically from public templates when phone visibility is disabled or phone is unverified.
Completed a targeted production theme refresh rollout for existing account pages to apply the phone privacy logic immediately.

Scheduling Guardrails with Verified Phone Requirement

April 2, 2026

Scheduling controls were hardened to require verified SMS contact data and to keep dashboard behavior aligned with live resume behavior.

Enforced server-side scheduling toggle protection so availability can only be enabled when a verified 10-digit phone number is on file.
Added inline scheduling-side phone verification flow so users can verify immediately at toggle time without leaving the module.
Persisted dashboard phone verification directly to profile storage at confirmation time for immediate eligibility updates.
Automatically disables scheduling when phone contact is removed, including immediate dashboard toggle/UI state sync.
Added contextual messaging that explains scheduling is turned off because meeting requests are delivered by SMS to the verified phone number.

Admin Visibility and Account Operations Panel

April 2, 2026

Administrative operations were expanded to support safer support workflows and account lifecycle management.

Added a restricted admin panel to review user account records and operational account metadata from the application layer.
Added admin-aware shared-header navigation so authorized operator accounts can reach admin controls quickly.
Implemented account deletion controls for administrative maintenance while preserving published resume folders on disk when required.
Extended `.env`-based admin authorization handling for clearer deployment-time admin access management.

Payments, Webhooks, and Receipt Pipeline Reliability

April 1, 2026

Payment-event handling and post-purchase communication were upgraded for stronger validation, clearer observability, and more reliable receipt delivery.

Implemented PayPal webhook signature verification flow using configured webhook identity validation.
Expanded webhook processing controls for production capture/approval event handling with cleaner operational logging.
Migrated Node receipt delivery away from legacy AWS SDK dependency warnings and standardized SMTP transport via environment configuration.
Validated receipt dispatch behavior with live and test event paths after service restart and webhook replay testing.
Refined receipt payload formatting to include more account-relevant purchase context for end users.

Security Hardening Expansion: Endpoint Protection and Abuse Controls

April 1, 2026

Security hardening moved beyond the initial session baseline into endpoint ownership checks, CSRF enforcement, rate controls, and alerting.

Hardened high-risk write endpoints (including job-save and template-update paths) with stricter authenticated ownership and request validation rules.
Applied additional CSRF validation coverage to key upload, autofill parse/apply, and content mutation endpoints.
Improved production-safe error handling and response consistency in critical user-content update workflows.
Added request throttling for abuse-sensitive actions with tuned retry windows and defensive request handling.
Added automated abuse-control notifications via SMS and email so rate-limit events generate immediate operator alerts.

Security Hardening Baseline (P0-6)

April 1, 2026

Initial Play Store security hardening work was completed for session management and authentication flow safety.

Added centralized secure session bootstrap utilities to standardize cookie and session behavior across auth endpoints.
Implemented post-auth session ID regeneration across login, Google OAuth web flow, Android auth flow, and mobile session exchange.
Removed session identifier exposure from Android Google sign-in response payloads.
Hardened logout flow to clear session state, invalidate session cookies, and fully destroy server session context before redirect.
Maintained current Basic free-flow behavior while preparing remaining security priorities in a tracked completion matrix.

Security Tracking and Signup Experience Refinement

April 1, 2026

Operational tracking and onboarding presentation were improved to support faster iteration and safer change control.

Added a dedicated Play Store security matrix in both Markdown and CSV formats for checkpoint-based progress tracking.
Documented and enforced a build-note standard requiring pre-change backup copies with descriptive file naming for rollback clarity.
Refined signup-page visual presentation to a cleaner blue-themed layout while preserving existing onboarding and verification behavior.
Improved signup label/field spacing and alignment behavior for cleaner desktop/mobile readability.

Homepage Visual Refresh and Header Experience Improvements

March 29, 2026

The homepage presentation and shared header behavior were refined for a cleaner visual hierarchy and better small-screen usability.

Upgraded the resume showcase carousel animation with a guided zoom-and-pan sequence that highlights key resume sections during each slide.
Removed the former jumbotron card shell to present hero content directly on the page without a heavy boxed background treatment.
Added shared header local time/date display under the brand image using each visitor device's local clock formatting.
Improved dashboard account-label readability by updating the in-header logged-in email styling for stronger contrast and sizing consistency.
Added mobile navigation spacing improvements so the first collapsed menu link clears the date/time area more cleanly.
Applied a white glow treatment to the hamburger toggle for clearer visibility on compact layouts.

Android App Google Login Integration and App-Mode Auth Flow

March 28, 2026

Google authentication was extended for the Android app flow so users can authenticate through an app-safe browser handoff and return to the app session cleanly.

Added mobile-specific Google auth initialization and callback endpoints for app-mode login orchestration.
Implemented deep-link return support and secure token exchange handling for app callback completion.
Refined app-mode Google button presentation on login and signup pages to align with current Google branding style.
Aligned web and app auth behavior to reduce token mismatch errors and improve first-attempt sign-in reliability.

Theme Preview and Purchase Flow Updates

March 26, 2026

Theme selection and purchase-path behavior were refined to improve clarity during resume setup and checkout.

Aligned and restyled the dashboard theme list for cleaner scanning and selection.
Added live theme preview on the dashboard with real snapshots from the Example Resumes gallery when available.
Added fallback messaging for themes that do not yet have a published example snapshot.
Updated theme action copy to Apply selected theme for clearer intent.
Renamed the free path action to Create Resume and Skip Payment and limited visibility to the Basic package only after URL path availability is confirmed.

Authentication, Recovery, and Page Modernization

March 24, 2026

Core account and conversion pages were modernized for a cleaner look while recovery controls were tightened for better reliability.

Modernized login and create-account page layouts with improved button styling and responsive behavior.
Updated Google sign-in/sign-up button sizing and spacing for consistent rendering across devices.
Refreshed the Example Resumes page visual presentation and cleaned card actions for a simpler gallery experience.
Added reCAPTCHA validation and account-type checks to forgot-password flow, including guidance for Google-auth accounts.
Improved reset-password flow validation and added confirm-password entry checks for stronger completion handling.

Phone Verification and Signup Quality Improvements

March 23, 2026

Signup reliability and phone-input quality were upgraded to improve account setup while preserving email-only onboarding flexibility.

Improved manual signup phone UX to accept clean 10-digit input with clearer on-screen formatting.
Added SMS verification during signup using a 4-digit confirmation flow powered by Twilio.
Kept onboarding flexible with support for email-only account creation when phone verification is skipped.
Extended phone verification handling in dashboard flows so unverified numbers are blocked from being saved as verified contact data.
Added in-flow controls to clear phone values when users choose not to publish a number.

AI Resume Autofill Intake Flow

March 21, 2026

A new onboarding autofill workflow was added to help users start from an existing resume without replacing the separate downloadable static resume upload feature.

Added a dedicated AI Autofill upload path separate from the static resume download upload path.
Enabled parser support for common resume formats using available server extractors for PDF and Word documents.
Added structured AI preview output so extracted profile details can be reviewed before applying.
Added selective apply controls so users can choose which extracted sections to write to their profile.
Added job application modes to either replace existing dashboard jobs or append newly extracted jobs.

Dashboard Modules and Live Resume Workspace

March 18, 2026

This release reorganized the dashboard into a clearer module-based workspace so members can manage resume settings with less friction.

Added a dashboard Modules slide-out navigation to jump directly to focused module sections.
Consolidated editing flow by moving Employment History and Skills/Proficiencies into the Resume Content module.
Reordered Resume Content cards so Education and Certifications appear below Employment History to better match resume build order.
Expanded and tuned the live resume preview area for better in-dashboard readability and less in-frame scrolling.
Resolved nested-scroll and overflow behavior in module views to improve desktop and mobile usability.

Onboarding and Signup Reliability Updates

March 15, 2026

This update improved first-time account onboarding communication and strengthened signup reliability.

Added automated welcome email delivery for newly created manual signups and newly created Google signups.
Included package pricing and package guidance in the welcome email, including clear Basic versus Premium expectations.
Documented Premium package fulfillment flow in the email so users know domain purchase and virtual host setup are completed by the team after checkout.
Set sender display to TheResume.Link Admin using the existing configured sender email.
Masked phone output in welcome emails to last four digits for privacy.
Restored manual signup reCAPTCHA token generation flow and tightened client/server validation messaging for more reliable account creation.

Header Standardization and Mobile Layout Consistency

March 12, 2026

This update focused on unifying header behavior across pages and tightening mobile layout responsiveness for a cleaner cross-device experience.

Standardized the shared header behavior so navigation layout and alignment render consistently across core pages.
Updated primary navigation styling to light-blue text-only links with refined spacing and slightly smaller typography.
Set the responsive navbar collapse breakpoint to 1060px for more consistent desktop-to-mobile transitions.
Resolved horizontal overflow and right-scroll issues on mobile for the Dashboard, Home, and Resume Examples pages.
Improved Resume Examples responsiveness by tightening container and row behavior and enabling safe wrapping for long footer links.
Adjusted dashboard account indicator placement so on desktop the logged-in email appears under the site URL near the logo.
Preserved dashboard mobile usability by keeping account text inside the collapsed menu and maintaining small-screen URL truncation safeguards.

Profile Photo Controls and Dashboard Feedback

March 9, 2026

This update completed the resume photo lifecycle on the dashboard so members can upload, keep, or remove a photo as needed.

Added a dedicated Remove photo action in the Resume Photo card for accounts with an existing photo on file.
Removing a photo now clears the saved profile photo reference so public resume templates correctly render with no photo when one is not set.
Added a clear photo status indicator in the dashboard that shows whether a custom resume photo is currently on file.
Replaced photo workflow popup alerts with inline feedback messages directly in the photo card for selection, upload, remove, and error states.
Improved photo action handling with clearer in-context progress and failure feedback for a smoother user experience.

Dashboard Experience and Resume Upload Improvements

March 6, 2026

This update focused on improving dashboard usability and making resume upload behavior clearer and more user-friendly.

Upgraded the availability schedule control to a modern slider toggle with clear on/off visual states.
Adjusted dashboard spacing to improve layout clarity between timezone settings and availability scheduling controls.
Added a resume upload status indicator so users can quickly see whether a resume file is currently on file.
Moved the resume status message below the upload button and refined spacing for better readability.
Improved upload validation flow so file type and upload errors now display inside the dashboard upload area instead of redirecting to a standalone error page.
Refined release notes presentation styling for consistent visual formatting and improved readability.

Application Migration and Platform Refresh

March 3, 2026

The Resume Link was migrated to a new server environment to consolidate operating costs, streamline platform management, and improve day-to-day maintainability.

Completed a full application move to a new hosting environment with service continuity checks.
Reconnected and validated core application services and database-driven functionality after migration.
Retested major user workflows end-to-end, including sign-up, login, dashboard access, package purchase, and post-purchase routing.
Revalidated third-party integration paths for transactional email delivery and SMS notifications.
Standardized shared header/footer components across key pages to keep navigation and layout behavior consistent.
Added this Release Notes section to provide transparent, ongoing platform update visibility.