RoundCube development team reports:
After getting reports about a possible vulnerability
of Roundcube which allows an attacker to modify its
users preferences in a way that he/she can then read
files from the server, we now published updated packages
as well as patches that fix this security issue.