SallyMelek Fixed in this update, I think.
If you read no further BACK UP YOUR DATABASE PLEASE!
0.3.0 - Important security update
tl;dr Backup your database, update, then run
php flarum migrate
It was brought to my attention by 2 of my security analysis friends that I overlooked something small. Luckily this is a very small issue that only allows tiny amounts of data to get out (such as message created time), there is absolutely no sensitive user data, encrypted messages, or anything, just metadata.
In order to protect those who cannot update to 0.3.0 right away, I will not be discussing the specifics. Message and conversation IDs now use UUIDs instead of numbers and your old messages and conversations will be converted upon updating. Rest assured, the 3 of us all confirmed that this fixes the issue and per their analysis, there are no other security issues.
Simply update to 0.3.0 and run
php flarum migrate. It will probably take a long time depending on how many conversations and messages you have, let it run and be patient. Clear your cache after you are done.