Resolved Bugs
1091438 – CVE-2012-4230 tinymce: XSS attacks via security policy bypass<br
This update provides Roundcube 1.0.4. This is a stable security update: the security fix is described by upstream as “Fix possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins.” More details on the update are available at http://roundcube.net/news/2014/12/18/update-1.0.4-released/ . The update should apply without any special handling by the system administrator.