Merge remote-tracking branch 'origin/beta' into release

        uses: gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244 # v4.3.1

      - name: Quality - Spotless Markdown Check

        run: ./gradlew spotlessMarkdownCheck

        run: ./gradlew spotlessFlexmarkCheck

      - name: Test mdbook docs

        run: mdbook test docs

      <option name="INSERT_INNER_CLASS_IMPORTS" value="true" />

      <option name="IMPORT_LAYOUT_TABLE">

        <value>

          <package name="" withSubpackages="true" static="false" module="true" />

          <package name="java" withSubpackages="true" static="false" />

          <emptyLine />

          <package name="android" withSubpackages="true" static="false" />

17.0

21

Check out the [Release Notes](https://github.com/thunderbird/thunderbird-android/releases) to find out what changed in each version of Thunderbird for Android.

The SHA-256 fingerprints for our signing certificates are available in [SECURITY.md](./SECURITY.md#verifying-fingerprints).

## Need Help? Found a bug? Have an idea? Want to chat?

If the app is not behaving like it should, or you are not sure if you've encountered a bug:

We encourage team members and contributors to read through our ADRs to understand the architectural decisions that

have shaped this project so far. Feel free to propose new ADRs or suggest modifications to existing ones as needed.

## Security

The code in this repository was undergoing an extensive security audit in collaboration with the Open Source Technology

Improvement Fund ([OSTIF](https://ostif.org/)) and [7ASecurity](https://7asecurity.com/) in the first half of 2023. For

more details, see

our [blog post](https://blog.thunderbird.net/2023/07/k-9-mail-collaborates-with-ostif-and-7asecurity-security-audit/).

You can report a security vulnerability [through the respective issues form](https://github.com/thunderbird/thunderbird-android/security/advisories/new).

These are the SHA-256 fingerprints for our signing certificates:

- Thunderbird: `B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`

- Thunderbird Beta: `05:6B:FA:FB:45:02:49:50:2F:D9:22:62:28:70:4C:25:29:E1:B8:22:DA:06:76:0D:47:A8:5C:95:57:74:1F:BD`

- K-9 Mail: `55:C8:A5:23:B9:73:35:F5:BF:60:DF:E8:A9:F3:E1:DD:E7:44:51:6D:93:57:E8:0A:92:5B:7B:22:E4:F5:55:24`

You can use the following command to retrieve and [verify](https://developer.android.com/tools/apksigner#usage-verify)

the certificate before installation:

```bash

apksigner verify -v --print-certs <path-to-apk>

```

## K-9 Mail

In June 2022, [K-9 Mail joined the Thunderbird family](https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html)

## License

    Licensed under the Apache License, Version 2.0 (the "License");

    you may not use this file except in compliance with the License.

    You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software

    distributed under the License is distributed on an "AS IS" BASIS,

    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

    See the License for the specific language governing permissions and

    limitations under the License.

Thunderbird for Android is licensed under the [Apache License, Version 2.0](LICENSE).

# Thunderbird for Android Security

## Security Audit

The code in this repository underwent an extensive security audit in collaboration with the Open Source Technology

Improvement Fund ([OSTIF](https://ostif.org/)) and [7ASecurity](https://7asecurity.com/) in the first half of 2023. For

more details, see

our [blog post](https://blog.thunderbird.net/2023/07/k-9-mail-collaborates-with-ostif-and-7asecurity-security-audit/).

## Verifying Fingerprints

These are the SHA-256 fingerprints for our signing certificates:

- Thunderbird: `B6:52:47:79:B3:DB:BC:5A:C1:7A:5A:C2:71:DD:B2:9D:CF:BF:72:35:78:C2:38:E0:3C:3C:21:78:11:35:6D:D1`

- Thunderbird Beta: `05:6B:FA:FB:45:02:49:50:2F:D9:22:62:28:70:4C:25:29:E1:B8:22:DA:06:76:0D:47:A8:5C:95:57:74:1F:BD`

- K-9 Mail: `55:C8:A5:23:B9:73:35:F5:BF:60:DF:E8:A9:F3:E1:DD:E7:44:51:6D:93:57:E8:0A:92:5B:7B:22:E4:F5:55:24`

You can use the following command to retrieve and [verify](https://developer.android.com/tools/apksigner#usage-verify)

the certificate before installation:

```bash

apksigner verify -v --print-certs <path-to-apk>

```

## Reporting Vulnerabilities

You can report a security vulnerability through the [vulnerability reporting form](https://github.com/thunderbird/thunderbird-android/security/advisories/new).

We appreciate your support in making Thunderbird for Android as safe as possible!