PHP 7.4 End of Life & Bullhorn API Endpoint Warning

This month, one or two notices may have come to your attention that may be asking you to take action. We wanted to give you feedback on these two things: the December 18th Bullhorn Default API Redirect URI update and the November 28th PHP 7.4 End of Life.

“Action Required: Bullhorn API Redirect Updates”

Starting sometime around the beginning of December 2022, Bullhorn began sending an email to users with API access asking them to take action ahead of changes the the Bullhorn API Redirect URI.

A screenshot of part of the email notifying users they may be impacted by an upcoming API Redirect URI change.

The emails came first as a general notice and then later as targeted emails to users they “identified as potentially impacted by the change.”

The change is impacting apps that use of the default API Redirect URI, formerly https://www.bullhorn.com/. If you’ve gotten the latter email that suggests you are “identified” as potentially impacted, you should review your Bullhorn implementations, but please note that this change will not impact Matador Jobs or Matador Jobs Pro.

Since our initial release (3.0.0), our Connection Assistant has instructed users to use a custom Redirect URI for their connection and Matador Jobs not successfully connect to Bullhorn if this is not properly set.

That said, many Bullhorn users deploy other custom and Bullhorn Marketplace solutions that may not require custom Redirect URIs, so it is wise to review all your other integrations. That said, your Matador Jobs connection will continue to work just fine once this change is made at Bullhorn.

PHP 7.4 End of Life

On November 28th, 2022, PHP 7.4 reached “end of life.”

For those not aware, PHP is the main programming language on which WordPress and thus Matador Jobs is built. Each version of PHP is actively supported by updates for approximately one year and then enjoy a second year of “security” updates which will patch any newly discovered security issues after the active support period ends. Thereafter, the PHP version enters “end of life” which means you can still use it, but new security issues will not be fixed even if discovered.

As a best practice, you should run your website on the highest supported version of PHP and at least a version subject to regular security updates. Therefore, as of November 28th, 2022, you should no longer use PHP 7.4.

If your site is running a now out-of-date version of WordPress, you may see this warning on all your WordPress admin screens, asking you to update your PHP version.

Screenshot of the WordPress PHP 7.4 out-of-date PHP Warning

WordPress and Matador Jobs are both tested to run at PHP 8.0 and 8.1. So you are safe to update, and to ensure your site stays secure, you will want to. That said, since PHP is installed on your site by your web host, doing so may be complicated. Reach out to your web hosting provider or check their support website for advice on how to complete this process.

WordPress 6.1 & Matador: What to Expect

WordPress version 6.1 is imminent. The 6.1 Release Candidate 4 was dropped on Thursday October 27 and promises a release of WordPress 6.1 on Tuesday November 1 (see announcement on WordPress.org). While we typically do not warn our users about changes to Core WordPress, this release is notable and we’d like to share a few heads-up.

What You Might See Change When Installing WordPress 6.1

WordPress 6.1 contains numerous improvements to WordPress in many more ways than is typical with a WordPress release. This release is a very developer and performance focused release, but a lot of accessibility driver user interface changes were also included. Here are some things you might see change:

  • WordPress will be way, way, way faster. The changes to WordPress around performance are the result of years of effort by community members contributing from the largest web hosts and web infrastructure companies. Members of the performance team include representatives from Google and Microsoft, as well as our own Paul Bearne, co-owner of Matador. Expect WordPress to be way faster especially in time-to-first-byte and especially in the WordPress admin. This can and will improve your rankings on search engines and reduce bounce rate due to loading times.
  • Some colors in the WordPress Admin were updated to improve contrast for persons with colorblindness and poor eyesight. These changes will impact the overall WordPress admin experience as well as the Matador Jobs admin experience, as our designs are based on and reliant on core WordPress styles.
  • Additionally, some layout and spacing is also updated in the Admin experience for similar purposes.
  • Using keyboards to navigate the WordPress Admin is now much easier and consistent thanks to a focus on accessibility, so next time you’re in the WordPress Admin, try tab‘ing away.

What WordPress 6.1 Means for the Future of Matador Jobs

We previously announced several weeks ago that the next major version of Matador Jobs will require WordPress 5.8. Upon reviewing the updates offered in 6.1, we will now require WordPress 6.1 beginning with Matador Jobs 3.9 and later. While this may force our users to perform updates they may be putting off, the benefits will outshine the required effort. Further, we feel with more than 4 months at the minimum to make this update, you all will be able to get it done in time.

  • The updates to the Block Editor and custom Block tools in WordPress 6.1 came just in time for us at Matador as we are actively building custom Blocks for our 3.9 release. Being able to build them with the recently update tools means they will be feature rich and efficient.
  • From the WordPress 6.1 Field Guide, which primes users and developers on the updates, we identified at least 6 changes we will make to Matador Jobs in version 3.9 that will leverage new features of WordPress to solve known and unknown issues. For example, a change in WordPress 6.1 will allow us to once-and-for-all fix a common issue with our Application Form when deployed in certain caching setups, and that would not have been possible before WordPress 6.1

So, Update Away

While we officially always recommend you run the most recent versions of WordPress, we cannot further emphasize the benefits of this update to you and your company and to the future of our software. As soon as you are ready following the release of WordPress 6.1, we strongly encourage you to update while keeping in mind the minors changes that you will encounter after the update.

Matador Jobs 3.8.3

Today Matador Jobs 3.8.2 & 3.8.3 is released to all our users. It primarily addresses minor bugs identified by users of our 3.8.0 release while restoring the improperly functioning feature that was temporarily disabled in 3.8.1. Users can update at their convenience to enjoy the benefits of this hotfix release.

3.8.2 & 3.8.3 Changelog

  • Fixed and restored the “nice to have” feature of 3.8.0, disabled temporarily in 3.8.1, that added expected/desired careerPortalDomainRoot values to certain settings screens. This feature will no longer cause irrecoverable errors when installing Matador Jobs on a fresh install of WordPress prior to “pretty permalinks” options being set in WordPress.
  • Fixed issue where, when a certain combination of Matador Settings were set, the expected/desired careerPortalDomainRoot value was not correct. We are sincerely sorry to any of our users that may be impacted by this issue, as some of you will need to re-do the process of updating your careerPortalDomainRoot value with Bullhorn Support.
  • Fixed three minor issues around Analytics Reporting features added in 3.8.0. First, manifest data that are integers will now be explicitly cast as integers. Second, the process that prevents a site from sending an Analytics Report except on the desired schedule was found to be too reliant on local site caching, and some sites were sending reports hourly instead of daily. A more explicit check was put in place to prevent such occurrences. Third, some debugging code was added the Analytics Reporting system to help us more aggressively test the system.
  • Fixed a bug caused by the intersection of the Matador Application Form’s handling of checkbox data and the submission of HAS_ONE or HAS_MANY relational data during sync. To ensure a value, even if none, is passed to the form processor, a checkbox field sends a “hidden” empty value. While all default form fields that feature a checkbox ignore the hidden value, custom checkbox form fields did not have handling to reject the empty value when non-empty values were also passed, which resulted in IMPROPERLY_STRUCTURED_ASSOCIATION errors from the Bullhorn API. This is fixed, but we wish to emphasize that only users with highly customized Application Forms were ever likely to see this, and in fact, this bug has existed since at least Matador Jobs 3.2.0 without one known user affected by it prior to last week.

Update Now!

Matador Jobs 3.8.3 is released for automatic update to all subscribers as of today, Friday, October 28, 2022. If your subscription has expired, renew it on your account page. If you find any issues, please send a support request.

Matador & Salary Transparency Laws

On September 27, 2022, Gavin Newsom, the Governor of California, signed one of the United State’s newest Salary Transparency Laws into law. It joins several adopted or pending laws in the United State’s and Europe to require employers and recruiters publish salary ranges for advertised roles. We know you, our Matador Jobs users, will be interested in how you can upgrade your sites to adhere to these new laws and regulations, and this is our first communication on the subject, with more to come.

Jurisdictions Requiring Pay Transparency Now or Soon

California is not the only state that will require pay transparency in job postings by the start of the new year. We are also aware of:

  • The US State of Colorado began requiring Pay Transparency beginning January 1, 2021.
  • City of New York City, New York, US, required Pay Transparency as of April 1, 2022
  • The US State of Washington requires Pay Transparency on or after January 1, 2023

Further, these two major jurisdictions have laws or regulations pending:

  • US State of New York has pending legislation, awaiting the Governor’s signature, that would have Pay Transparency required statewide after the implementation period ends.
  • The European Union published initial directives regarding Pay Transparency in 2021, updated these in April 2022, and may see them made into regulation or law in 2023.

For these reasons, we at Matador Jobs will be proactive in offering simple solutions for promoting pay transparency in jobs.

Status of Pay Transparency Improvements to Matador Jobs

As we are not even a month from the California Governor’s signature, we are in early stages of implementation but will commit to having a solution to our users by December 10, 2022.

We reached out to our partners at Bullhorn and are awaiting updates from the internal Product Team to understand what changes may be planned on the Bullhorn platform regarding Pay Transparency and what the timeline for those changes will be.

If changes at Bullhorn will be made in time, our approach at Matador Jobs will be to immediately implement the official Bullhorn changes and provide an update to our users with implementation documentation within two weeks.

If changes at Bullhorn appear to not be made in time for our December 10, 2022 goal and/or for the January 1, 2023 deadlines from Washington and California, our approach at Matador Jobs will be to implement a short-term stop-gap solution leveraging custom fields. We publish an update to our users with implementation documentation.

What You Can Do Now

As we determine our most efficient path forward, you can get your firm ready for these updates, especially if you offer positions in New York, California, Colorado, or Washington.

First all, we strongly recommend you evaluate any customer agreements you have in place that might prohibit your publishing of salary values. A common, popular feature of Matador’s is the ability for a firm to hide salary values. This may no longer be legal in your jurisdictions and if your customer agreements stipulate it you should immediately begin work on modifying those.

Then, for each of new role you post, it will be best practice to determine at that time a salary high and salary low amount is for the position. This will minimize the back-tracking you may need to do later this year. You may choose to input one of these values into the current salary field on the Bullhorn ATS while saving the other value in a spreadsheet or in a custom field in Bullhorn you’ve set up.

As we approach December and as work loads allow it, you or your team should revisit older open postings and collect and save salary low and salary high values.

Come December, our solution should be ready. It is likely whatever our solution ends up being there will be some time required to implement it. Set aside time in middle December 2022 to do that work, which may include minor updates to your website to display salary values and a step-by-step walk through open job orders to add min and max salary values.

We’ll Talk Soon

We will keep you all posted of changes to our software to get you ready for adherence to Salary Transparency Laws and Regulations come the new year. Whenever we post an update, we’ll update this post with a link to that update. Thank you for your patience while we work hard to get this done for you all!

Job Object Customizer Extension

We at Matador Jobs are excited to announce the release of our newest extension, available today to our All-Access subscribers: Job Object Customizer. With its release, we were able to phase out several older extensions that separately did parts of what the new Job Object Customizer does. Let’s dig in!

Job Object Customizer

When Matador Jobs imports a job from Bullhorn, we bring with it data from 28 fields. These 28 fields, including any sub fields (like address, which is one field but has several parts), is what makes a standard Matador Jobs listing. How did we get to those 28 fields? Well, easy, it is the minimum amount of fields to fill out the Job Posting Structured Data object, read by Google and others to promote job listings.

But Bullhorn offers you many, many more fields to customize your job. In fact, the Bullhorn JobOrder object has over 200 possible fields, each representing a potential piece of data that you might use to sort and classify and promote your roles.

The Matador Jobs Pro Job Object Customizer Extension gives you access to nearly every field on the Bullhorn JobOrder object. This includes most standard fields and all custom fields. What piece of data do you have in Bullhorn you’d like imported to your Matador site? What piece of data could you add to your Bullhorn job data to import to your Matador site? Now, regardless of the answer, you can do it.

Examples of How You Can Use the Job Object Customizer

  • You are medical hiring company and advertising roles based on certain certifications is key to finding the qualified candidates. Import the certifications data point as a taxonomy, and enable search by Certification.
  • Your firm specializes in hiring for former members of the armed forces. Add a custom field in Bullhorn called “Ideal for Veterans” and import it. Now you can sort by jobs ideal for veterans or create separate pages just for Veteran applicants.
  • Your firm hires for all shifts, including day, night, and swing. Download the shift data point and then add it to your job info bar to highlight the shift the applicant is applying for.

The possibilities are endless.

Learn More & Install Today

Logged in users can download the new extension from the Job Object Customizer Extension page. While there, you can also learn more about what it can do. After you download and install, check out the Help Docs page for Job Object Customizer to learn how to set it up.

Some Extensions Retired

The Job Object Customizer Extension, given its robust features, made several extensions obsolete. The following Extensions were removed from our site and are no longer available for download:

  • Job Certifications
  • Job Skills
  • Job Business Sectors
  • Job Specialties

If you are currently using these extensions, file a support ticket so we can assist you in setting up the Job Object Customizer as a replacement.

Matador Jobs 3.8.1

Today Matador Jobs 3.8.1 is released to all users to address a bug identified by users of our 3.8.0 release that affects new installations of Matador Jobs only. No users who updated to 3.8.0 saw any interruption to the function of their site, and while they can update again to 3.8.1 at their convenience, the bug fix addressed by this release does not impact their installation.

3.8.1 Changelog

  • Temporarily removed the “nice to have” feature of 3.8.0 which displays the expected/desired value for the careerPortalDomainRoot in certain settings screens which, due to how this is added to the settings screens, could cause the initial installation of Matador Jobs on fresh WordPress websites to crash. Per our investigation, this only impacted users installing Matador Jobs on a fresh installation of WordPress where the “pretty permalinks” options were not yet set. No active jobs sites were impacted, as the nature of this bug would never have impacted them.

Update Now!

Matador Jobs 3.8.1 is released for automatic update to all subscribers as of today, Tuesday, October 18, 2022. If your subscription is expired, renew it on your account page. If you find any issues, please send a support request.

Matador Jobs 3.8.0

We are excited (and a little relieved) to finally announce the release of Matador Jobs Pro 3.8.0 on Monday, October 17, 2022. This large release contains 318 total changes, 104 files added, updated, or removed, changes to over 14,000 lines of Matador’s code!

The 11-Month-Old Elephant in the Room

When we released Matador Jobs in January 2018, we would go on to average a release every three weeks on average until mid-year 2021. Since November 2021, however, there has not been a release of Matador Jobs.

This long-awaited and long-promised release has been “almost done” since early May. For months we’ve felt “almost” there and every time we felt we could confidently feature-lock the release and finalize it, something important came up, up to and including earlier this month!

This was made easier to accept by a lack of any pressing need for an update. Our software has been largely stable due to minimal changes this year in the WordPress, Bullhorn, or Google Indexing APIs, which meant we weren’t “forced” to issue an update.

Despite that fact, we know how a lack of releases gives the appearance of us not working, which of course is not the case! We’ve been busier than ever, but thankfully on helping you all get to use Matador instead of needing to update it with short-notice when things break! But so moving forward we have set up better workflows that will make it easier for us to put out minor releases on a regular basis again.

Just to reiterate, just because it has been 11 months between releases doesn’t mean we haven’t been working for you, and we want to shout out to the nearly 30 Matador users who have been running pre-release builds to test 3.8.0 features and ensure they are ready for prime-time. Thank you so much!

Whats In 3.8.0?

There are too many changes to list everything in this announcement. We are going to focus on what we deem are the highlights, but you can view the entire list in the Changelog section of the Readme.txt file or view a total history of all the changes in Matador Jobs in the CHANGELOG.md file.

And to help you experience them better, we’ve organized the updates into categories!

Last Version to Support PHP 5.6, WordPress 4.9

This will be the last major version of Matador Jobs to support PHP 5.6 and WordPress versions prior to 5.8 6.1. When released early to mid next year, our next version will require PHP 7.4 or higher and WordPress 5.8 6.1 or higher.

This section was updated on October 28, 2022 to reflect a change in approach made since our review of the WordPress 6.1 Pre-Release Field Guide. See our post on how WordPress 6.1 will impact you, our users, and our development priorities in the near future.

Connectivity & Stability

  • New Sync (Beta): This release includes a beta release of our updated sync routine. The sync routine (which primarily runs communication with Bullhorn, but also Google Indexing API and others if you use extensions) was fully rebuilt with a pause and continue behavior to avoid interruption by “long processor killer” triggers set up by many web hosts. This pause-and-continue sync routine will keep track of its allowed processing time and end its process while spawning a continuation process over-and-over until it fully completes.

    Some users, especially those with more than 2000 active openings, could see syncs fail due Matador literally running out of time to complete everything it needs to do. This was more likely when communications with external APIs are slow due to traffic.

    While this new sync routine is very reliable, we have decided to make it opt-in until 3.9.0. Users can opt-in to the new sync by adding this developer flag to your site add_filter( 'matador_experimental_sync', '__return_true' ); A later minor release may make it even easier to opt-in (like via a settings toggle).
  • CareerPortalDomainRoot Detection: Several Bullhorn systems, including Bullhorn Automation (formerly Herefish) and Bullhorn Publish to Indeed provide generated web addresses (URLs) for the jobs based on a settings value in Bullhorn called careerPortalDomainRoot. Matador users who use Matador as their primary job board (or portal) should notify Bullhorn to update this setting when they complete Matador setup and deployment. We found many users didn’t know this, so now, Matador will try to determine and subsequently warn you when it thinks you need to have the value of careerPortalDomainRoot changed at Bullhorn. For more on this feature, check out our associated help document.
  • Added “Cookie Bug” Warning: Long time Matador users will know about the “Cookie Bug.” This is a bug in the Bullhorn authentication system that allows a logged-in user’s cookie to hijack the Matador Jobs authentication with Bullhorn and authorize as that user, not as the API user. This has serious potential consequences including job syncs bringing in the wrong jobs and the site being unable to auto reconnect in the event of a downtime. Matador will now detect when a “Cookie Bug” has occurred and will warn the user.
  • Added Matador Unsafe Password Warning: Matador Job’s auto reconnect routine cannot reconnect when the API User Password has certain “unsafe” characters. While valid Bullhorn passwords, these passwords with unsafe characters will cause automatic reconnection to fail, so Matador will now detect these and provide a warning with advice on how to fix it.

Marketing/SEO

  • Experience and Education Updates: Google for Jobs Search and other systems that consume Job Structured Data/LD+JSON can now read new values in the Experience and Education requirements for the schema. Matador will now serve the updated schema if your job object contains the required values. Take advantage of this feature by fully filling out education and experience related standard fields in your Bullhorn ATS for each role.
  • Employment Types Detection: Job Structured Data/LD+JSON expect some standard values to be used in for employment type. To help ensure minor differences do not cause an issue, we will now map many variations of common employment type terms to the field. For example, in 3.7.0, “Full Time” would map to “FULL_TIME”, and in 3.8.0, “Full Time”, “Full-time”, “Full_Time”, and “FullTime” will map to “FULL_TIME.” This will prevent occurences of users offering terms they expect should work but do not.

Privacy & Consents

  • Terms of Service Consent Field: A Terms of Service consent field was added as an optional Application form field. It behaves similarly to the existing Privacy Policy consent field, which saves user responses into the Bullhorn Candidate Consent tab/object.
  • Discontinued Recognition of “Do Not Track”: Matador Jobs Pro will no longer consider your site users’ web browser “Do Not Track” setting when determining whether to load Matador’s Source Tracking features. This browser-level setting is largely ignored by the big trackers and was further never intended to apply to 1st-party tracking like Matador’s trackers, only 3rd-party tracking.

Appearance Templating/Themeing

  • New Shortcode [matador_portal]: A new shortcode [matador_portal] is introduced. This shortcode will help users of “Classic Editor” and visual page builder tools (excluding the WordPress block editor) to streamline access to a standard “job portal” with a single shortcode. Learn more about this new shortcode in our documentation.
  • New Shortcode [matador_general_application_link]: A new setting paired with a shortcode [matador_general_application_link] and associated template functions, when used instead of other methods in WordPress to make a link, will provide a simple button link to the “General Application” while giving site operators the freedom to change this page after their developer has exited stage right.
  • New option for Taxonomy “method”, “search”: The matador_taxonomy() function (and associated shortcode) now accepts a new value for the ‘method’ argument: search. When passed ‘search’ the link will go to the jobs listing page (as set in settings) or jobs archive with the value of the link as a search term. This makes it easy to include the list of taxonomy terms in your design without requiring you to have a taxonomy archive page prepared.

Applications/Submissions

  • New Company and Occupation Form Fields: Added “Your Current Company” and “Your Current Occupation” form fields to the core form fields. Include them by passing them to the fields and required arguments of the [matador_application] shortcode or via the matador_default_application_fields filters.
  • New Cover Letter and Additional Files Form Fields: Added “Cover Letter” and “Additional Files (Multiple)” form fields to the core form fields. Include them by passing them to the fields argument of the [matador_application] shortcode or via the matador_default_application_fields filters. Cover Letter will save into Bullhorn as a “cover letter” while “Files”, which we imagine can be repurposed to allow for submission of other files like portfolios, examples of work, answers to assessments, or disclosures documents, will be saved into Bullhorn as “other” type files.
  • Select Candidate “Owner” Setting: Prior to this release, the “owner” in Bullhorn of a new candidate would be the API User. Certain agencies would prefer to set the “owner” based on the applied to job’s “ownership” and a new setting will allow for this. Select from ‘API User’, ‘Job’s “Owner”‘, or ‘Job’s “Published Contact Recruiter”‘.
  • An Existing Candidate’s Name Will Not Updated: Matador will no longer update an existing Candidate’s name when a submission finds a matche. The assumption shall be that a Candidate’s name was correct on initial application moving forward.
  • Removed Email Validation: All email address validation is removed from the plugin. Our email address validation was too strong; it was based on an outdated international standard which didn’t allow for certain international characters in the email address or name as well as certain internationalized URLs after the @ symbol. New email address standards are now so relaxed that it is consensus among developers that there is no reliable way to validate an email address without triggering false negatives. Further, assuming that risk of a false negative is deemed worthwhile, even a properly structured email address that passes validation does not a guarantee that an email box exists at that address. For those reasons we will no longer validate email address entries.

Notifications/Emails

  • Recruiter Notifications Bullhorn Deeplink: Recruiter Notification emails will now include a deeplink into the Bullhorn Candidate and Web Response/Submission records if the emails are set to “send email after the candidate sync”.

General

  • WP-CLI command wp matador sync: Our first WP-CLI commands are live! This first command, wp matador sync runs the full sync process from WP-CLI. This can be used on webhosts with system cron options and WP-CLI to disable Matador’s sync and rely on a custom sync scheudle. This also opens the door to ongoing expansion of Matador’s use of WP-CLI, a favorite tool for power users to manage websites efficiently.
  • Analytics: Matador will now report annonymized analytics when certain triggers occur and otherwise on a regular schedule. Actions include plugin activation, installation, upgrade, and connection to Bullhorn. The purpose for these analytics is to help us understand our users’ needs and provide more reliable support both in our channels and at Bullhorn. As per our terms of service, we are obligated to notify Bullhorn of our Pro users to ensure, in part, that Bullhorn Support knows right away when providing you support that you are a Matador user.
  • Overhaul to Software Licensing and Automatic Updates: We completely overhauled Matador’s handling of Licensing and software updates, fixing many bugs and adding features and utility, including:
    • Automatically deactivating a site when a URL change is detected.
    • Button to manually deactivate a site, making it easier to manage sites that consume activations.
    • Automatic detection of common staging and development URLs so that sites can activate against a license without consuming an activation from their allowed limit.
    • Regularly check your activation to detect if an external deactivation was made, which helps keep sites working as expected.
    • Matador plugins will play nice with WordPress Automatic Plugin Updates (WordPress feature since WordPress 5.5). Sorry it took us so long!
    • When attempting a site activation that fails, Matador will provide more detailed descriptions of issues, including where helpful, a link to MatadorJobs.com to resolve the issue.

And That Isn’t All

Again, these were only the highlights. The full changelog has over 75 individual change notes, including deeper explainations of items explained here.

With the release of Matador Jobs Pro 3.8.0, our All-Access subscribers can also now enjoy unlimited access to the all-new Job Object Customizer Extension and a freshly updated Advanced Applications Extension. A post announcing these releases more formally and completely will be available later this week.

Update Now!

Matador Jobs 3.8.0 is released for the automatic update to all subscribers as of Monday, October 17, 2022. Go to your WordPress site admin area, Plugins, and find Matador Jobs Pro to update. We highly recommend you do your update in a staging environment first. If your support and updates subscription is expired, renew it on your account page. If you find any issues, please send a support request.

Do You Really Need a Candidate Portal?

A common request of our users or potential users is whether we support a candidate portal. They see features like on Indeed or Monster and they want that too. They think it will make them look more professional and established, but what they don’t realize is with that infrastructure comes a lot of responsibility.

Generally, a candidate portal is envisioned as a place a candidate or applicant can create a profile with a login and password and “express apply” to roles in your organization as well as review statuses of past applications and/or modify information on their profile.

We hear you loud and clear: this is a common and popular request. It is one we don’t support at this time, both in our core offering and/or via an All Access Extension, and while we aim to offer a basic portal at some time in the near future, we’d like to explain why we don’t think you should have a Portal on your site.

Matador Jobs Was Built With Privacy Law Adherence In Mind

Matador Jobs was build in mid-to-late 2017 and launched in 2018. The European Union’s General Data Protection Regulation, or GDPR, the first of what would be many laws or regulations that govern obligations of a digital company to store, use, and discard user data, would take effect in mid-2018 and thus was on our minds as we made Matador.

Since GDPR and subsequent laws or regulations hold responsible the firm to protect data, we developed a solution where user Personal Identifiable Information (PII) was stored in one place: Bullhorn.

Matador Jobs Pro, and thus each website that uses it, only holds a temporary copy of personal identifiable information of candidates for only as long as is necessary to submit that data to Bullhorn, thereafter destroying it. This means that there is no space for on-demand access to that data from the website.

This massively assists firms in compliance with various consumer data privacy laws including the EU’s GDPR and the USA’s CCPA (California Law, but basically the US standard), as well as massively limits their risk should their website be compromised in a hack or other security situation.

PII Stored On WordPress Are Security Risks & Compliance Obligations

A portal, to be performant and useful, would need to hold copies of user PII in the website. This means that firms would add a second risk vector and second data storage point for user info. This drastically increases:

  • the information security obligations of the firm, and thus the cost to run the site in a compliant way,
  • the number of risk vectors for a security hole, and thus the potential of and costs of a hack or security breach,
  • and the effort required to adhere to data access and deletion obligations under the law, since data now exists in more places.

Our users, sometimes despite our advice to the contrary, will run Matador on WordPress sites with less than optimal security settings, out of date and insecure Server, PHP, and WordPress versions, and with plugins and themes that aren’t vetted for security. Any one of those issues can be a place an attacker compromises the website.

WordPress, while when fully updated is extremely secure, exists in an ecosystem designed to be easy-going and easy-to-use. That is fine for a blog post website but risky when you’re holding copies of secure user information and must adhere to laws and regulations related to that data.

Our average user does not have the IT infrastructure to properly mitigate those risks, so even when we release software that creates a user portal, we will not make it available for simple download so we can coach users on how to use it safely.

In the meanwhile, trust us, let Bullhorn be the handler of your applicants’ sensitive PII data.

Bonus! Qualify for QuickApply

An assumption people have with a portal feature is that candidates must create a profile before they can apply for a role. This would disqualify you from listing your roles as “quick apply” roles on Google for Jobs Search engine. Since “quick apply” roles are listed prominently, you would hurt your traffic by having a portal.

“Quick Apply” are job listings where the user, with no login required, can fill out a simple one-step form located no more than one click away from the job listing (ie: after an “Apply Now” click).

You Don’t Need a Portal, or the Headache It Can Bring

So to recap, while a candidate portal can work for large aggregators like Indeed and Monster, they introduce several complex expectations on a simple recruiting firm’s website, and the features are overkill aren’t worth the trouble.

When discussing a portal with our users, once we break down the above, they see the benefits of having a portal far outweighed the potential drawbacks and added complexity. While it is something we remain interested in creating for our select users with the infrastructure to use it safely, it is something we truly believe more than 4/5ths of our users should avoid.

Deep Dive: The “Candidate Description API Bug”

In Matador Jobs Pro hot fix 3.7.7, we explained a bug we now call the “Candidate Description API Bug”. This blog post will explain the bug in more detail, as we understand it, and share what we learned during the process of researching and resolving the issue in partnership with the engineers at Bullhorn.

Hints of Trouble in Late September

In late September, we began receiving reports from users that their sites were not working well. The issues ranged from:

  • sites operating slowly
  • sites disconnecting from Bullhorn regularly
  • sites creating abnormally large log files, including ones that caused sites to exceed disk space limits by web hosts
  • and, most critically, several applications were failing to process into Bullhorn.

We began, as we tend to do when things aren’t going well, with asking some of our users to grant us access to their web sites to look at the issues ourselves and begin our research. What we found was troubling, but confusing.

HTMLTagBalancer.java:1000 x 1000

Our Matador Jobs error logs were showing us that on some–but not all–applications, the API call where we save Candidate data returned a massive error output. We’d get an HTTP 500 “Internal Server Error” and 1100 lines of error output from Bullhorn. After the first few lines of error output, one line would be repeated over and over:

HTMLTagBalancer.java:1000

We tried to narrow things down, and in doing so we were able to identify the following triggers:

  • The application included either an invalid/non-processable resume (highly formatted resumes are sometimes not able to be processed) or had no resume attached, and,
  • When processing the application, Matador found an existing candidate during its duplicate prevention routine, and,
  • The candidate had a non-empty description field with html formatted description.

The thing is, even at this point, these conditions would sometimes trigger the error, and sometimes not. We were very confused, but we had enough example data to start a ticket with Bullhorn Marketplace Partner support.

The Bug Took Advantage of Matador’s Design

Let’s pause to partially explain how Matador Jobs Pro handles errors.

First, whenever an API call to Bullhorn occurs, if an error occurs, we read the HTTP error code that is returned. Generally, “400” type errors tell us that Bullhorn thinks we gave them bad data, and Matador is trained to stop processing the call and either tell us, tell you, or ignore the call. These errors are rare. We have learned how to format data, so it is always properly ready for submission via the API.

Sometimes we see “500” type errors. These are “Internal Server Errors” for the API. In our six years of writing code for the Bullhorn API, a “500” type error was always due to a planned or an unplanned Bullhorn downtime. So, for these types of errors, Matador is trained to retry syncs later. Up to this point, we’ve never had “500” type errors that weren’t resolved with a retry that took place later.

Further, whenever error data is provided to us, we log it. Usually, error data is presented as one sentence, not 1100 lines of output. Generally, logging error data helps us make Matador better. We can read logged error (and success) messages on your site’s logs and use it to help us know what is happening.

This API bug took advantage of both of those design features and turned them into flaws. The consequences were sometimes extreme. For some users, over a hundred applications had become “stuck” in a loop of failing and retrying, with each failure logging 1100 lines of error data. This resulted with sites experiencing a constant loop of attempting to retry sync for these, over and over, with the side effect(s) of:

  • Generating massive Matador log files. One user hit their allowed disk space limit due to a Matador log that was 100,000+ lines of data!
  • Causing disconnections and stale job data.
  • Causing Matador to fail to dynamically fetch new jobs accessed via a /{ID} link (Indeed integration users rely on this).
  • Causing generally slower sites.
  • Most importantly, data about applicants that could lead to placements were not getting to the user’s recruitment teams because they were failing.

I want to pause here to make an important point: The indirect impacts of this bug are the ones that took advantage of Matador Jobs Pro error handling weaknesses and created the domino effect of issues throughout the site, but these indirect impacts were in fact a key reason we were alerted to the issue in the first place. That said, the most impactful aspect of this bug to our user’s business was the direct impact of blocking the application syncing, in other words causing applicant data to not funnel to the recruiting teams. No degree of improved error handling by Matador could have changed this outcome.

Temporary Work-Around

Even before Bullhorn engineers were able to confirm the bug, we at Matador Software developed temporary workarounds to help our most impacted users recover. Workarounds were installed as each user reached out to us while we continued to work with Bullhorn to identify the true cause of the problem and develop a fix.

Bug Confirmed

After several back-and-forth emails over 10 days, Bullhorn engineers were able to confirm the bug and recreate it in their systems. They also gave us an answer as to the cause (and explained why our three conditions were inconsistent in recreating the bug):

  • When the existing candidate’s html-formatted description had a <style> tag with inline CSS, a built-in HTML validator that ran before an API call save would be confirmed was failing. Text and HTML descriptions without a <style> tag did not trigger the bug!

That explained a lot. We finally understood how some but not all the candidates who had met the conditions we had identified replicated the problem. We were missing the final condition!

The Temporary Work-Around Becomes Part of Matador Jobs

Though the bug was now confirmed at Bullhorn, we were informed a fix would be weeks away. Due to the size of Bullhorn’s operation, it would be a while for the bug fix to get out to everyone. A timeline was offered in weeks or even a few months. The engineering team suggested we offer a work-around. While we protested because we preferred to have the bug fixed at Bullhorn, we agreed that we could offer a wide-spread resolution for our users in the short-term.

The work-around prevents the candidate description from being updated when a resume was not processed (as HTML from the resume processor appeared to not ever cause an issue). If a resume is processed in the application, the description will be updated from the resume, otherwise, the description would be unset from the found candidate data prior to data save.

This does mean that any routines where a Matador Jobs Pro install modifies the description with custom developer filters (like to add data from custom questions at the end) will temporarily not work. That said, the default install of Matador Jobs Pro does not use this feature anyway, and therefore few users will be impacted by this temporary change. We are aware of fewer than five users who run custom code to modify candidate descriptions, and we have notified them of this impact to their sites. Moving forward until the “work-around” can be removed from the code, we will discourage new installs from using this custom code point.

What We Learned

We learned some things from this experience, namely that we need to assume the worst when a “500” error is encountered, even if we think we understand the cause. We will be implementing the following protections into a future version of Matador Jobs, slated for 3.8.0:

  • Limiting error output to the logs in the rare case we find another 1100+ line bug in the future. This will prevent Matador from making giant log files that eat up disk space. The errors will be limited to a sufficient but reasonable output (let’s say instead 1110 lines of error output, we limit it to 25 lines).
  • Limiting “retries” for syncs. If a sync fails more than a few times due to the same reason, even if Matador thinks it is a recoverable failure, Matador should stop retrying.
  • In the event of continued failures due to hitting a retry limit, we need to add adequate notifications to the administrator so they’re aware of Matador’s decision to stop retrying and advise them to explore the reason why.

While those adjustments will help minimize the impact of future occurrences of bugs like this, it is important to repeat that while Matador may have room for improvement in handing a bug/error like this in the future, the fact that it mishandled this error is part of how we were able to discover and debug it as quickly as we did.

Therefore, any adjustments we make to suppress future errors should not be so strong that the suppression could in fact hide a big problem from us and our users and elongate response time!

Update ASAP!

In conclusion, this has been a frustrating and long process for us but situations like this are also why you keep your subscription active! Your initial subscription and annual renewals keep Paul and I “on the job” with four eyes watching over 500 Matador Jobs Pro user’s sites, emails, and phone calls. For no extra charge, you all received a necessary update to your sites within a few weeks of the discovery of a business-impacting emergent issue.

That said, please go update! The one thing we can’t do is force your sites to run the updates, so unless your web host provides automatic WordPress plugin updates, please go into your WordPress admin and update to Matador Jobs Pro 3.7.7.

Matador Jobs 3.7.7

On, Monday, November 1, 2021, Matador Jobs 3.7.7 was released to all subscribers. You are strongly encouraged to update your websites as soon as possible, as it contains a critical work-around for a recently discovered bug in the Bullhorn API.

Along with a few other enhancements and bugfixes, this update contains a temporary work-around solution for a bug the team at Matador Software identified in the Bullhorn API. This bug, which appears to have emerged or was introduced in late September, was confirmed by Bullhorn engineers, but, at this time, may take several weeks or more to be fixed. As we are more agile and able to quickly distribute updates, Bullhorn asked us to provide a work-around, and this update includes that work-around. Any site on 3.7.6 or earlier is subject to failure due to this bug until it is fixed by Bullhorn, so to ensure your jobs website works as intended, you need to update as soon as possible.

About the emergent Bullhorn API Bug & Matador Job’s work-around

In late September, we began receiving reports from users that their sites were not working well. The issues ranged from:

  • operating slowly
  • disconnecting from Bullhorn regularly
  • abnormally large log files, including ones that caused sites to exceed disk space limits
  • and, most critically, several applications that failed to process into Bullhorn, meaning recruiting staff did not receive data about applicants causing possible loss of revenue from placements

Following the initial discovery, Paul and Jeremy dedicated nearly 100 total hours over three weeks dissecting, exploring, and figuring out what was going on. We identified what we believed was a new bug in the Bullhorn API. After working with Bullhorn support and engineers to report it, recreate it, and finally understand it, the bug was confirmed by Bullhorn.

This bug occurs when a very specific set of circumstances are in place. We will explain those circumstances in our deep dive explanation into the topic coming later this week. At this point, please be aware the circumstances are more likely to occur with users who allow optional resume submission or are in fields where highly formatted, and therefore, not processable, resumes are submitted (like creative fields).

While Bullhorn has confirmed the bug, they provided the timeline for resolution to be at least several weeks, and recommended we provide our users a work-around in the interim.

The work-around allows Matador to completely avoid the bug, alleviating all its direct and indirect impacts, but it prevents candidate descriptions from being updated on existing candidates when a resume was either not provided or not processable. Users who modify descriptions with custom modifications will see some interruption of that feature in the short term. When Bullhorn notifies us that the bug is fixed, we will remove the work-around.

We developed this work-around 10/20 and tested it widely between 10/25 and 10/29 with users who notified us that they were seeing “the bug.” Depending on how many applications were impacted, it has helped their sites recover within a few minutes to a few hours.

It is critically important to update to version 3.7.7 as soon as possible to ensure your business is not impacted by interruptions caused by this Bullhorn API bug.

All Submissions Will Now Process “In the Background”

Up to and including version 3.7.6, users could change a setting in Matador Jobs Pro to “Submit Applications to Bullhorn” either “immediately” or “in the background.”

This setting was offered initially when Matador used to communicate with Bullhorn hourly, but since 3.7.0 the frequency of communication was increased to every 10 minutes. Back in the day, in-between the hourly communications with Bullhorn, it was safe for Matador Jobs to create these on-demand separate application syncs, but as we added more and more regular syncing, the on-demand syncs started to clash with the scheduled ones.

The combination of the greater frequency since 3.7.0 and the impact of the “clashing” behavior described above, we planned to remove this setting with 3.8.0, causing Matador Jobs Pro to sync all applications “in the background.” We are implementing this change earlier than planned. Doing so will help users impacted by “the bug” to recover more quickly once the update is applied.

Some notes on this:

  • With 3.7.7, the setting will remain an option in settings, but users who modify it will not see a change in behavior. All applications will be synced “in the background” in batches every 10 minutes.
  • In 3.8.0, the setting will be removed from settings, removing confusion about its now obsolete purpose.
  • In 4.0.0, due mid next year, a planned update will upgrade application processing into a single, uniform process that is both “in the background” and “immediate.”

While We Are at It… Here Are a Few More Improvements in 3.7.7 that Makes Matador Jobs Better

While we typically focus hot fixes around bug fixes, from time to time, we sneak in some backward-compatible enhancements. Given that the development cycle for release 3.8.0 and 4.0.0 is still ongoing, we wanted to give you some of these new improvements now, instead of making you wait for them.

  • Better error handling for errors associated with application processing where Consent Management permissions errors are encountered has been added. Primarily, to not block the processing of application data into Bullhorn, when encountering a permissions error for Consent Management, a 24-hour “time out” will begin that will allow applications to resume processing but without consents data. When a time out begins, an email will be sent to the administrators explaining that Consent Management permissions are missing and explaining how to fix it.
  • Matador Source Tracking can now successfully load when given deferred loading instructions by various WordPress optimization plugins.
  • Related to the prior note, when developers want to completely override the Matador Source Tracking instantiation, they can use the new filter matador_campaign_tracking_inline_script. There are several use cases for this, including custom instantiation following asynchronous loading and/or JavaScript compression/optimization.
  • Added filters matador_bullhorn_candidate_find_candidate_request_params and matador_bullhorn_candidate_find_candidate_request_query to allow for modifications to the candidate duplicate prevention find routine. A use case would be to add or remove a search condition to the duplicate candidate prevention check.
  • Added developer filter matador_application_validator_errors to streamline the process of changing multiple form validation error strings at a time. (Previously, you could only change error strings one at a time via matador_application_validator_error_{$key}.)
  • When parts of candidate source data are unavailable or not provided, most commonly ‘campaign’, Matador will now print “NA” places where this value is added to the source string saved on the Candidate or Submission record. Prior behavior was to leave that blank, and could result in confusing source strings like (Direct//). That string will now display (Direct/NA/NA).

Bug Fixes to Make Matador Jobs Work as Intended

In this hotfix, we fixed 10 bugs that have been discovered since the last release. Most of these bugs are extremely isolated to specific use cases, including another bug fix for a 3.0.0 launch feature approaching four years old that somehow had never been discovered! I won’t list all the bug fixes, but here are the highlights:

  • True/False values for the JSON+LD directApply value are now strings, fixing issues caused by them being boolean and generating warnings during validation by Google Search Console.
  • Added error handling for when a description or publicDescription is returned as an array. A best practice is to keep the “allow multiple values” unchecked on your field mappings for description fields in Bullhorn; Matador will not accept “multiple values” for description/publicDescription.
  • Added an alternate method to encode email subject lines into UTF-8, no longer requiring the ext_mbstring core PHP library. Installation of ext_mbstring is still highly recommended.
  • Fixed a bug causing the “Recount Terms” button on the Matador Categories admin page to trigger a visual/UI error. The feature still worked, but now it is clear that it did!
  • Fixed a bug where one of the job sorting/filter options was being applied improperly in some rare, specific circumstances. This bug, which dates back to version 3.0.0 (almost 4 years ago), clearly hasn’t bothered many people, but it is now fixed.
  • Added error handling for occurrences of a job with stale ClientCorporation data values, ie: ClientCorporation is deleted in Bullhorn but a job is still assigned to the deleted ClientCorporation, resulting in an error when the job is synced into Matador Jobs.

Internationalization Updates

Matador continues to work towards being a valid solution for our international users. The following updates/fixes for internationalization are included in 3.7.7:

  • Added first drafts of German (Germany) and French (France) translations, joining Dutch (Netherlands), French (Canada), and English (US).
  • Fixed a bug causing three translatable strings in the client-side form validation feature to not show the translated strings even though valid translations were provided.

Update Now!

Matador Jobs 3.7.7 is released for the automatic update to all subscribers as of Monday, November 1, 2021. Go to your WordPress site admin area, Plugins, and find Matador Jobs Pro to update. We highly recommend you do your update in a staging environment first. If your support and updates subscription is expired, renew it on your account page. If you find any issues, please send a support request.