We just published another update to the Roundcube version 1.2 and 1.1. The latest update is a fix for a recently reported security issue when using PHPs mail() function. It has been discovered by Robin Peraglie using RIPS and more details along with a CVE number will be pulished shortly. Both versions are considered stable and we recommend to update all productive installations of Roundcube with either of these versions. Download them from GitHub via roundcube.net/download.”]
Source: https://roundcube.net/news/2016/11/28/updates-1.2.3-and-1.1.7-released