Best practices with RoundCube

I read today about a RoundCube vulnerability and see a list of patches this year for vulnerabilities in RoundCube. This is making me nervous about keeping it running.

For a barely used MIAB RoundCube, do we have any best practices?

Ex. a recommended way to shut down the https ports until needed?