I was just randomly testing a link and noticed that I could download the file when I wasn’t logged in.
I test in 4 browsers and used private mode.
This is a huge security flaw as the reason I use this plugin is to prevent unauthorized downloads.
i tested this by putting the following URL in any browser, with my domain name
groups version 1.9.0