We just published a security update to the stable version 1.3. It
primarily fixes a recently reported IMAP command injection
vulnerability caused by insufficient input validation within the
archive plugin. Details about the vulnerability are published under
Additionally, we back-ported some minor fixes from the master branch
which improve PHP 7.2 compatibility as well as PGP signing and key
handling for those who use the Enigma plugin.