FYI
I just stumbled over this announcement by the roundcube project. There is another XSS vulnerability that can be triggered by just opening modified mails.
Thankfully I and my users don’t use roundcube and I wish I could disable it for good in my installation. I’d rather write sieve scripts by hand and put them in place, than to have this huge target around.
regards
Lars
added: I just found the PR in github. A big thank you to the committer
