- Security improvement: Store the second factor authentication step nonce hashed to prevent leaking it via database read access #453. Props to @calvinalkan for reporting the issue.
- Fix: Add
wp_specialchars_decode()to escape the HTML entity on the Email Subject line (#412), props @nbwpuk. - Fix: Use
hash_equals()when comparing the email token (#425), props @Mati02K. - Tooling: Introduce
@wordpress/envfor development tooling and move to GitHub actions for CI (#436).