Yesterday the Roundcube developers released a new version of their software (1.3.3,) which contains an important security upgrade. A recently discovered file disclosure vulnerability makes it possible to read Roundcube's configuration files from an active session. This is very dangerous because it exposes your database to hackers. Roundcube 1.3.3 fixes this problem.
Considering the severity of this issue, we have also released an upgrade to our skins and plugins, which is fully compatible with Roundcube 1.3.3. We strongly recommend that you upgrade your production Roundcube installations and the Roundcube Plus skins and plugins as soon as possible.