Major security error

To the developers;
I’ve just discovered a MAJOR security error!
I wanted to try the chat feature out, so i created and sent myself a standard website login link.

I then entered the chatroom, then closed it off.

I then went back to the original link i created and clicked on it again, and was redirected back to my original chatroom with the camera and mic functioning as well! Without a password you can still see the camera. When i was performing this test, i was using the same machine.

So, basically to make this simple, when you have created a link and close the chat, the room closes off, but, in the future if you re-enter the same room, anybody who had the original link can watch or listen to you without you knowing it!

Also, i tried installing this on wordpress. That also didn’t work.
I’ll explain it in another post.

Perhaps the developers can insert some sort of timeout function on a room, so that it is automatically deleted (on the server jitsi is using) if not used for an X number of minutes. I use linux and i’ve used bleachbit but it doesn’t remove the data (the connection) between jitsi and the machine. Also clearing cache and cookies in the browser doesn’t work.

In one sentence: If you re-enter the room you initially created anybody with that link can ‘creep’ you without you knowing it.

Is this on your own installation?
Normally a room is deleted when the last person leaves the meeting.
Probably in your case this last person leaving is not registered and the room is not destroyed.