You give the developer time to develop a patch. Once the patch is out, attackers can already deduce the vulnerability by looking at what changed and at that point you either want to immediately install the patch or you want to know what the vulnerability actually is so you can do something to mitigate it if there is some reason you can't immediately install the patch.
8organicbits|21 days ago
https://github.com/roundcube/roundcubemail/commit/26d7677
AnthonyMouse|21 days ago