Yesterday the Roundcube developers released a new version of their software (1.3.3,) which contains an important security upgrade. A recently discovered file disclosure vulnerability makes it possible to read Roundcube's configuration files from an active session. This is very dangerous because it exposes your database to hackers. Roundcube 1.3.3 fixes this problem.
Considering the severity of this issue, we have also released an upgrade to our skins and plugins, which is fully compatible with Roundcube 1.3.3. We strongly recommend that you upgrade your production Roundcube installations and the Roundcube Plus skins and plugins as soon as possible.
Besides being compatible with Roundcube 1.3.3, our newly released skins and plugins got some new fixes and upgrades. The Calendar is now fully integrated with Google Drive and Dropbox, so you can easily attach files to calendar events directly from those cloud services. The geoloction and mobile detection libraries got upgraded and the plugins got some new config options.
The latest version of our skins and plugins can be downloaded from the customer area of our website.
Roundcube 1.3.3 can be downloaded from roundcube.net.
You can read more about the vulnerability fixed in Roundcube 1.3.3 on this page.