well not giving us any details on what the issue is does no good. You are running all over talking about security but not offering any details, solutions or how to re-create it. Feel free to send me a PM on the issue and I can look at it but these types of threads are useless and scare people without giving us any information.
I see nothing in that thread. Please contact me direct as I oversee the Distro part of FreePBX. You can also email [email protected] if you want and I and Philippe both get that email
The ARI Admin Username and Password was exposed in the /recordings directory without being logged into the ARI. This was not exposed anywhere else and was not disclosing the Admin Username and Password as was stated in other forumns but the ARI admin username and password. This was introduced 3 days ago by a mistake and has been corrected in the latest ARI Framework module.
Please note this only effect 2.10 Beta customers and only people who updated the ARI module in the past 3 days.