This is a security update to the LTS version 1.3.
It fixes two recently reported cross-site scripting (XSS) vulnerabilities via HTML messages with malicious svg and math contents.
Credits for these findings go to Łukasz Pilorz from Pentesters.
This version in considered stable and we strongly recommend to update all productive installations of Roundcube 1.3.x with it.
Please do backup your data before updating!