Hi,
I'm really concerned by the security of my website and I've detect that json files in /media/com_komento give too much informations (Joomla version, Komento version and other things). These files are not secured because it's possible to get accessed to them; just by accessing to http://thesite/media/com_komento/config/xxx.json.
I agree that the filename is quite complicult but, for my point of view, it's not enough. Versions numbers are sensitive data and should not be publicly available.
Can you give advices ?
Thanks.