This is security update to fix a just reported vulnerabilty that allows
an attacker to modify its users preferences in a way that can result in
random file access, manipulated SQL queries and even code execution.
We strongly recommend to update all installations of Roundcube with this
- Fix vulnerability in handling _session argument of utils/save-prefs