Log Message:
mail/roundcube: update to 1.6.3

From release announce:

We just published a security update to the version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerability:

Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
plain text messages, reported by Niraj Shivtarkar.  See the full changelog
in the release notes in the release notes on the Github download page.

We strongly recommend to update all productive installations of Roundcube
1.6.x with this new version.

1.6.3 (2023-09-15)

* Fix bug where installto.sh/update.sh scripts were removing some essential
  options from the config file (#9051)

* Update jQuery-UI to version 1.13.2 (#9041)

* Fix regression that broke use_secure_urls feature (#9052)

* Fix potential PHP fatal error when opening a message with message/rfc822
  part (#8953)

* Fix bug where a duplicate `<title>` tag in HTML email could cause some
  parts being cut off (#9029)

* Fix bug where a list of folders could have been sorted incorrectly (#9057)

* Fix regression where LDAP addressbook 'filter' option was ignored (#9061)

* Fix wrong order of a multi-folder search result when sorting by size
  (#9065)

* Fix so install/update scripts do not require PEAR (#9037)

* Fix regression where some mail parts could have been decoded incorrectly,
  or not at all (#9096)

* Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to
  non-binary FETCH (#9097)

* Fix PHP8 deprecation warning in the reconnect plugin (#9083)

* Fix "Show source" on mobile with x_frame_options = deny (#9084)

* Fix various PHP warnings (#9098)

* Fix deprecated use of ldap_connect() in password's ldap_simple driver
  (#9060)

* Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in
  plain text messages