This is a security update to the LTS version 1.3.
It fixes a recently reported cross-site scripting (XSS) vulnerability via HTML messages with malicious svg/namespace.
Credits for this finding go to SSD Secure Disclosure.
This version in considered stable and we strongly recommend to update all productive
installations of Roundcube 1.3.x with it. Please do backup your data before updating!