Hi Salvatore, Thanks for the poke! Upstream fixed this earlier today:
https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0 > If you fix the vulnerability please also make sure to include the CVE > (Common Vulnerabilities & Exposures) id in your changelog entry. Can upload in one hour or two. Cheers, -- Guilhem.
signature.asc
Description: PGP signature