Merge branch 'develop' into travis/adminapi-report-room

Apply suggestions from code review
Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
2025-05-02 11:02:47 -06:00 · 2025-05-02 11:02:28 -06:00 · 2025-05-02 11:02:17 -06:00 · 2025-05-02 10:50:04 +01:00 · 2025-03-18 15:42:35 -06:00 · 2025-03-18 21:39:51 +00:00
402 changed files with 6641 additions and 21411 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -9,4 +9,5 @@
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
  - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
-* [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
+* [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct
+  (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,7 +5,7 @@ name: Build docker images
 on:
  push:
    tags: ["v*"]
-    branches: [master, main, develop]
+    branches: [ master, main, develop ]
  workflow_dispatch:

 permissions:
@@ -14,21 +14,23 @@ permissions:
  id-token: write # needed for signing the images with GitHub OIDC Token
 jobs:
  build:
-    name: Build and push image for ${{ matrix.platform }}
-    runs-on: ${{ matrix.runs_on }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runs_on: ubuntu-24.04
-            suffix: linux-amd64
-          - platform: linux/arm64
-            runs_on: ubuntu-24.04-arm
-            suffix: linux-arm64
+    runs-on: ubuntu-22.04
    steps:
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        with:
+          platforms: arm64
+
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Inspect builder
+        run: docker buildx inspect
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2

      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -53,79 +55,13 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          push: true
-          labels: |
-            gitsha1=${{ github.sha }}
-            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
-          tags: |
-            docker.io/matrixdotorg/synapse
-            ghcr.io/element-hq/synapse
-          file: "docker/Dockerfile"
-          platforms: ${{ matrix.platform }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
-
-      - name: Export digest
-        run: |
-          mkdir -p ${{ runner.temp }}/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
-
-      - name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ matrix.suffix }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    name: Push merged images to ${{ matrix.repository }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        repository:
-          - docker.io/matrixdotorg/synapse
-          - ghcr.io/element-hq/synapse
-
-    needs:
-      - build
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: ${{ runner.temp }}/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - name: Log in to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        if: ${{ startsWith(matrix.repository, 'docker.io') }}
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to GHCR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
-
      - name: Calculate docker image tag
+        id: set-tag
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
-          images: ${{ matrix.repository }}
+          images: |
+            docker.io/matrixdotorg/synapse
+            ghcr.io/element-hq/synapse
          flavor: |
            latest=false
          tags: |
@@ -133,23 +69,31 @@ jobs:
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
            type=pep440,pattern={{raw}}
-            type=sha

-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        env:
-          REPOSITORY: ${{ matrix.repository }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "$REPOSITORY@sha256:%s " *)
+      - name: Build and push all platforms
+        id: build-and-push
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        with:
+          push: true
+          labels: |
+            gitsha1=${{ github.sha }}
+            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
+          tags: "${{ steps.set-tag.outputs.tags }}"
+          file: "docker/Dockerfile"
+          platforms: linux/amd64,linux/arm64

-      - name: Sign each manifest
+          # arm64 builds OOM without the git fetch setting. c.f.
+          # https://github.com/rust-lang/cargo/issues/10583
+          build-args: |
+            CARGO_NET_GIT_FETCH_WITH_CLI=true
+
+      - name: Sign the images with GitHub OIDC Token
        env:
-          REPOSITORY: ${{ matrix.repository }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.set-tag.outputs.tags }}
        run: |
-          DIGESTS=""
-          for TAG in $(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[]'); do
-            DIGEST="$(docker buildx imagetools inspect $TAG --format '{{json .Manifest}}' | jq -r '.digest')"
-            DIGESTS="$DIGESTS $REPOSITORY@$DIGEST"
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
          done
-          cosign sign --yes $DIGESTS
+          cosign sign --yes ${images}
--- a/.github/workflows/docs-pr-netlify.yaml
+++ b/.github/workflows/docs-pr-netlify.yaml
@@ -14,7 +14,7 @@ jobs:
      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
      - name: 📥 Download artifact
-        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
+        uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
        with:
          workflow: docs-pr.yaml
          run_id: ${{ github.event.workflow_run.id }}
--- a/.github/workflows/docs-pr.yaml
+++ b/.github/workflows/docs-pr.yaml
@@ -24,7 +24,7 @@ jobs:
          mdbook-version: '0.4.17'

      - name: Setup python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"

--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -64,7 +64,7 @@ jobs:
        run: echo 'window.SYNAPSE_VERSION = "${{ needs.pre.outputs.branch-version }}";' > ./docs/website_files/version.js

      - name: Setup python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"

@@ -78,18 +78,6 @@ jobs:
          mdbook build
          cp book/welcome_and_overview.html book/index.html

-      - name: Prepare and publish schema files
-        run: |
-          sudo apt-get update && sudo apt-get install -y yq
-          mkdir -p book/schema
-          # Remove developer notice before publishing.
-          rm schema/v*/Do\ not\ edit\ files\ in\ this\ folder
-          # Copy schema files that are independent from current Synapse version.
-          cp -r -t book/schema schema/v*/
-          # Convert config schema from YAML source file to JSON.
-          yq < schema/synapse-config.schema.yaml \
-            > book/schema/synapse-config.schema.json
-
      # Deploy to the target directory.
      - name: Deploy to gh pages
        uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
--- a/.github/workflows/fix_lint.yaml
+++ b/.github/workflows/fix_lint.yaml
@@ -6,11 +6,6 @@ name: Attempt to automatically fix linting errors
 on:
  workflow_dispatch:

-env:
-  # We use nightly so that `fmt` correctly groups together imports, and
-  # clippy correctly fixes up the benchmarks.
-  RUST_VERSION: nightly-2025-06-24
-
 jobs:
  fixup:
    name: Fix up
@@ -21,11 +16,13 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
        with:
-          toolchain: ${{ env.RUST_VERSION }}
+          # We use nightly so that `fmt` correctly groups together imports, and
+          # clippy correctly fixes up the benchmarks.
+          toolchain: nightly-2022-12-01
          components: clippy, rustfmt
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -47,6 +44,6 @@ jobs:
      - run: cargo fmt
        continue-on-error: true

-      - uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+      - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
        with:
          commit_message: "Attempt to fix linting"
--- a/.github/workflows/latest_deps.yml
+++ b/.github/workflows/latest_deps.yml
@@ -21,9 +21,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  check_repo:
    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -44,10 +41,8 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      # The dev dependencies aren't exposed in the wheel metadata (at least with current
      # poetry-core versions), so we install with poetry.
@@ -60,7 +55,7 @@ jobs:
      - run: poetry run pip list > before.txt
      # Upgrade all runtime dependencies only. This is intended to mimic a fresh
      # `pip install matrix-synapse[all]` as closely as possible.
-      - run: poetry update --without dev
+      - run: poetry update --no-dev
      - run: poetry run pip list > after.txt && (diff -u before.txt after.txt || true)
      - name: Remove unhelpful options from mypy config
        run: sed -e '/warn_unused_ignores = True/d' -e '/warn_redundant_casts = True/d' -i mypy.ini
@@ -80,10 +75,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: sudo apt-get -qq install xmlsec1
      - name: Set up PostgreSQL ${{ matrix.postgres-version }}
@@ -93,7 +86,7 @@ jobs:
            -e POSTGRES_PASSWORD=postgres \
            -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
            postgres:${{ matrix.postgres-version }}
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - run: pip install .[all,test]
@@ -155,10 +148,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Ensure sytest runs `pip install`
        # Delete the lockfile so sytest will `pip install` rather than `poetry install`
@@ -209,7 +200,7 @@ jobs:
      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
--- a/.github/workflows/poetry_lockfile.yaml
+++ b/.github/workflows/poetry_lockfile.yaml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: '3.x'
      - run: pip install tomli
--- a/.github/workflows/release-artifacts.yml
+++ b/.github/workflows/release-artifacts.yml
@@ -28,9 +28,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
-          python-version: "3.x"
+          python-version: '3.x'
      - id: set-distros
        run: |
          # if we're running from a tag, get the full list of distros; otherwise just use debian:sid
@@ -61,7 +61,7 @@ jobs:

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
        with:
          install: true

@@ -74,9 +74,9 @@ jobs:
            ${{ runner.os }}-buildx-

      - name: Set up python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
-          python-version: "3.x"
+          python-version: '3.x'

      - name: Build the packages
        # see https://github.com/docker/build-push-action/issues/252
@@ -107,15 +107,12 @@ jobs:
          path: debs/*

  build-wheels:
-    name: Build wheels on ${{ matrix.os }}
+    name: Build wheels on ${{ matrix.os }} for ${{ matrix.arch }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        os:
-          - ubuntu-24.04
-          - ubuntu-24.04-arm
-          - macos-13 # This uses x86-64
-          - macos-14 # This uses arm64
+        os: [ubuntu-22.04, macos-13]
+        arch: [x86_64, aarch64]
        # is_pr is a flag used to exclude certain jobs from the matrix on PRs.
        # It is not read by the rest of the workflow.
        is_pr:
@@ -125,27 +122,38 @@ jobs:
          # Don't build macos wheels on PR CI.
          - is_pr: true
            os: "macos-13"
-          - is_pr: true
-            os: "macos-14"
+          # Don't build aarch64 wheels on mac.
+          - os: "macos-13"
+            arch: aarch64
          # Don't build aarch64 wheels on PR CI.
          - is_pr: true
-            os: "ubuntu-24.04-arm"
+            arch: aarch64

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          # setup-python@v4 doesn't impose a default python version. Need to use 3.x
          # here, because `python` on osx points to Python 2.7.
          python-version: "3.x"

      - name: Install cibuildwheel
-        run: python -m pip install cibuildwheel==3.0.0
+        run: python -m pip install cibuildwheel==2.23.0
+
+      - name: Set up QEMU to emulate aarch64
+        if: matrix.arch == 'aarch64'
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        with:
+          platforms: arm64
+
+      - name: Build aarch64 wheels
+        if: matrix.arch == 'aarch64'
+        run: echo 'CIBW_ARCHS_LINUX=aarch64' >> $GITHUB_ENV

      - name: Only build a single wheel on PR
        if: startsWith(github.ref, 'refs/pull/')
-        run: echo "CIBW_BUILD="cp39-manylinux_*"" >> $GITHUB_ENV
+        run: echo "CIBW_BUILD="cp39-manylinux_${{ matrix.arch }}"" >> $GITHUB_ENV

      - name: Build wheels
        run: python -m cibuildwheel --output-dir wheelhouse
@@ -153,10 +161,13 @@ jobs:
          # Skip testing for platforms which various libraries don't have wheels
          # for, and so need extra build deps.
          CIBW_TEST_SKIP: pp3*-* *i686* *musl*
+          # Fix Rust OOM errors on emulated aarch64: https://github.com/rust-lang/cargo/issues/10583
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+          CIBW_ENVIRONMENT_PASS_LINUX: CARGO_NET_GIT_FETCH_WITH_CLI

      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
-          name: Wheel-${{ matrix.os }}
+          name: Wheel-${{ matrix.os }}-${{ matrix.arch }}
          path: ./wheelhouse/*.whl

  build-sdist:
@@ -166,9 +177,9 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
-          python-version: "3.10"
+          python-version: '3.10'

      - run: pip install build

@@ -180,6 +191,7 @@ jobs:
          name: Sdist
          path: dist/*.tar.gz

+
  # if it's a tag, create a release and attach the artifacts to it
  attach-assets:
    name: "Attach assets to release"
--- a/.github/workflows/schema.yaml
+++ b/.github/workflows/schema.yaml
@@ -1,57 +0,0 @@
-name: Schema
-
-on:
-  pull_request:
-    paths:
-      - schema/**
-      - docs/usage/configuration/config_documentation.md
-  push:
-    branches: ["develop", "release-*"]
-  workflow_dispatch:
-
-jobs:
-  validate-schema:
-    name: Ensure Synapse config schema is valid
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-        with:
-          python-version: "3.x"
-      - name: Install check-jsonschema
-        run: pip install check-jsonschema==0.33.0
-
-      - name: Validate meta schema
-        run: check-jsonschema --check-metaschema schema/v*/meta.schema.json
-      - name: Validate schema
-        run: |-
-          # Please bump on introduction of a new meta schema.
-          LATEST_META_SCHEMA_VERSION=v1
-          check-jsonschema \
-            --schemafile="schema/$LATEST_META_SCHEMA_VERSION/meta.schema.json" \
-            schema/synapse-config.schema.yaml
-      - name: Validate default config
-      # Populates the empty instance with default values and checks against the schema.
-        run: |-
-          echo "{}" | check-jsonschema \
-            --fill-defaults --schemafile=schema/synapse-config.schema.yaml -
-
-  check-doc-generation:
-    name: Ensure generated documentation is up-to-date
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-        with:
-          python-version: "3.x"
-      - name: Install PyYAML
-        run: pip install PyYAML==6.0.2
-
-      - name: Regenerate config documentation
-        run: |
-          scripts-dev/gen_config_documentation.py \
-            schema/synapse-config.schema.yaml \
-          > docs/usage/configuration/config_documentation.md
-      - name: Error in case of any differences
-      # Errors if there are now any modified files (untracked files are ignored).
-        run: 'git diff --exit-code'
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,9 +11,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  # Job to detect what has changed so we don't run e.g. Rust checks on PRs that
  # don't modify Rust code.
@@ -88,10 +85,8 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
          python-version: "3.x"
@@ -107,7 +102,7 @@ jobs:

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - run: "pip install 'click==8.1.1' 'GitPython>=3.1.20'"
@@ -117,7 +112,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - run: .ci/scripts/check_lockfile.py
@@ -154,10 +149,8 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -199,7 +192,7 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - run: "pip install 'towncrier>=18.6.0rc1'"
@@ -217,10 +210,8 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
          poetry-version: "2.1.1"
@@ -236,11 +227,10 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
        with:
            components: clippy
-            toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: cargo clippy -- -D warnings

@@ -255,11 +245,11 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
        with:
-            toolchain: nightly-2025-04-23
+            toolchain: nightly-2022-12-01
            components: clippy
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: cargo clippy --all-features -- -D warnings

@@ -272,12 +262,12 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
        with:
          # We use nightly so that it correctly groups together imports
-          toolchain: nightly-2025-04-23
+          toolchain: nightly-2022-12-01
          components: rustfmt
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: cargo fmt --check

@@ -289,7 +279,7 @@ jobs:
    if: ${{ needs.changes.outputs.linting_readme == 'true' }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - run: "pip install rstcheck"
@@ -337,7 +327,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: "3.x"
      - id: get-matrix
@@ -372,10 +362,8 @@ jobs:
            postgres:${{ matrix.job.postgres-version }}

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -416,10 +404,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      # There aren't wheels for some of the older deps, so we need to install
      # their build dependencies
@@ -428,7 +414,7 @@ jobs:
          sudo apt-get -qq install build-essential libffi-dev python3-dev \
            libxml2-dev libxslt-dev xmlsec1 zlib1g-dev libjpeg-dev libwebp-dev

-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
        with:
          python-version: '3.9'

@@ -533,10 +519,8 @@ jobs:
        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Run SyTest
        run: /bootstrap.sh synapse
@@ -679,15 +663,13 @@ jobs:
          path: synapse

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -713,10 +695,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: cargo test

@@ -733,10 +713,10 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
        with:
            toolchain: nightly-2022-12-01
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - run: cargo bench --no-run

--- a/.github/workflows/twisted_trunk.yml
+++ b/.github/workflows/twisted_trunk.yml
@@ -20,9 +20,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  check_repo:
    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -46,10 +43,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -74,10 +69,8 @@ jobs:
      - run: sudo apt-get -qq install xmlsec1

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -120,10 +113,8 @@ jobs:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8

      - name: Patch dependencies
        # Note: The poetry commands want to create a virtualenv in /src/.venv/,
@@ -182,7 +173,7 @@ jobs:
      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,6 @@ __pycache__/
 /.idea/
 /.ropeproject/
 /.vscode/
-/.zed/

 # build products
 !/.coveragerc
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,365 +1,3 @@
-# Synapse 1.134.0 (2025-07-15)
-
-No significant changes since 1.134.0rc1.
-
-
-
-
-# Synapse 1.134.0rc1 (2025-07-09)
-
-### Features
-
- Support for [MSC4235](https://github.com/matrix-org/matrix-spec-proposals/pull/4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven). ([\#18070](https://github.com/element-hq/synapse/issues/18070))
- Add `forget_forced_upon_leave` capability as per [MSC4267](https://github.com/matrix-org/matrix-spec-proposals/pull/4267). ([\#18196](https://github.com/element-hq/synapse/issues/18196))
- Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](https://github.com/element-hq/synapse/issues/18241))
-
-### Bugfixes
-
- Fix `KeyError` on background updates when using split main/state databases. ([\#18509](https://github.com/element-hq/synapse/issues/18509))
- Improve performance of device deletion by adding missing index. ([\#18582](https://github.com/element-hq/synapse/issues/18582))
- Fix `avatar_url` and `displayname` being sent on federation profile queries when they are not set. ([\#18593](https://github.com/element-hq/synapse/issues/18593))
- Respond with 401 & `M_USER_LOCKED` when a locked user calls `POST /login`, as per the spec. ([\#18594](https://github.com/element-hq/synapse/issues/18594))
- Ensure policy servers are not asked to scan policy server change events, allowing rooms to disable the use of a policy server while the policy server is down. ([\#18605](https://github.com/element-hq/synapse/issues/18605))
-
-### Improved Documentation
-
- Fix documentation of the Delete Room Admin API's status field. ([\#18519](https://github.com/element-hq/synapse/issues/18519))
-
-### Deprecations and Removals
-
- Stop adding the "origin" field to newly-created events (PDUs). ([\#18418](https://github.com/element-hq/synapse/issues/18418))
-
-### Internal Changes
-
- Replace `PyICU` crate with equivalent `icu_segmenter` Rust crate. ([\#18553](https://github.com/element-hq/synapse/issues/18553), [\#18646](https://github.com/element-hq/synapse/issues/18646))
- Improve docstring on `simple_upsert_many`. ([\#18573](https://github.com/element-hq/synapse/issues/18573))
- Raise poetry-core version cap to 2.1.3. ([\#18575](https://github.com/element-hq/synapse/issues/18575))
- Raise setuptools_rust version cap to 1.11.1. ([\#18576](https://github.com/element-hq/synapse/issues/18576))
- Better handling of ratelimited requests. ([\#18595](https://github.com/element-hq/synapse/issues/18595), [\#18600](https://github.com/element-hq/synapse/issues/18600))
- Update to Rust 1.87.0 in CI, and bump the pinned commit of the `dtolnay/rust-toolchain` GitHub Action to `b3b07ba8b418998c39fb20f53e8b695cdcc8de1b`. ([\#18596](https://github.com/element-hq/synapse/issues/18596))
- Speed up bulk device deletion. ([\#18602](https://github.com/element-hq/synapse/issues/18602))
- Speed up the building of arm-based wheels in CI. ([\#18618](https://github.com/element-hq/synapse/issues/18618))
- Speed up the building of Docker images in CI. ([\#18620](https://github.com/element-hq/synapse/issues/18620))
- Add `.zed/` directory to `.gitignore`. ([\#18623](https://github.com/element-hq/synapse/issues/18623))
- Log the room ID we're purging state for. ([\#18625](https://github.com/element-hq/synapse/issues/18625))
-
-
-
-### Updates to locked dependencies
-
-* Bump Swatinem/rust-cache from 2.7.8 to 2.8.0. ([\#18612](https://github.com/element-hq/synapse/issues/18612))
-* Bump attrs from 24.2.0 to 25.3.0. ([\#18649](https://github.com/element-hq/synapse/issues/18649))
-* Bump authlib from 1.5.2 to 1.6.0. ([\#18642](https://github.com/element-hq/synapse/issues/18642))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18589](https://github.com/element-hq/synapse/issues/18589))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18629](https://github.com/element-hq/synapse/issues/18629))
-* Bump docker/build-push-action from 6.17.0 to 6.18.0. ([\#18497](https://github.com/element-hq/synapse/issues/18497))
-* Bump docker/setup-buildx-action from 3.10.0 to 3.11.1. ([\#18587](https://github.com/element-hq/synapse/issues/18587))
-* Bump hiredis from 3.1.0 to 3.2.1. ([\#18638](https://github.com/element-hq/synapse/issues/18638))
-* Bump ijson from 3.3.0 to 3.4.0. ([\#18650](https://github.com/element-hq/synapse/issues/18650))
-* Bump jsonschema from 4.23.0 to 4.24.0. ([\#18630](https://github.com/element-hq/synapse/issues/18630))
-* Bump msgpack from 1.1.0 to 1.1.1. ([\#18651](https://github.com/element-hq/synapse/issues/18651))
-* Bump mypy-zope from 1.0.11 to 1.0.12. ([\#18640](https://github.com/element-hq/synapse/issues/18640))
-* Bump phonenumbers from 9.0.2 to 9.0.8. ([\#18652](https://github.com/element-hq/synapse/issues/18652))
-* Bump pillow from 11.2.1 to 11.3.0. ([\#18624](https://github.com/element-hq/synapse/issues/18624))
-* Bump prometheus-client from 0.21.0 to 0.22.1. ([\#18609](https://github.com/element-hq/synapse/issues/18609))
-* Bump pyasn1-modules from 0.4.1 to 0.4.2. ([\#18495](https://github.com/element-hq/synapse/issues/18495))
-* Bump pydantic from 2.11.4 to 2.11.7. ([\#18639](https://github.com/element-hq/synapse/issues/18639))
-* Bump reqwest from 0.12.15 to 0.12.20. ([\#18590](https://github.com/element-hq/synapse/issues/18590))
-* Bump reqwest from 0.12.20 to 0.12.22. ([\#18627](https://github.com/element-hq/synapse/issues/18627))
-* Bump ruff from 0.11.11 to 0.12.1. ([\#18645](https://github.com/element-hq/synapse/issues/18645))
-* Bump ruff from 0.12.1 to 0.12.2. ([\#18657](https://github.com/element-hq/synapse/issues/18657))
-* Bump sentry-sdk from 2.22.0 to 2.32.0. ([\#18633](https://github.com/element-hq/synapse/issues/18633))
-* Bump setuptools-rust from 1.10.2 to 1.11.1. ([\#18655](https://github.com/element-hq/synapse/issues/18655))
-* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0. ([\#18588](https://github.com/element-hq/synapse/issues/18588))
-* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1. ([\#18608](https://github.com/element-hq/synapse/issues/18608))
-* Bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1. ([\#18607](https://github.com/element-hq/synapse/issues/18607))
-* Bump tokio from 1.45.1 to 1.46.0. ([\#18628](https://github.com/element-hq/synapse/issues/18628))
-* Bump tokio from 1.46.0 to 1.46.1. ([\#18667](https://github.com/element-hq/synapse/issues/18667))
-* Bump treq from 24.9.1 to 25.5.0. ([\#18610](https://github.com/element-hq/synapse/issues/18610))
-* Bump types-bleach from 6.2.0.20241123 to 6.2.0.20250514. ([\#18634](https://github.com/element-hq/synapse/issues/18634))
-* Bump types-jsonschema from 4.23.0.20250516 to 4.24.0.20250528. ([\#18611](https://github.com/element-hq/synapse/issues/18611))
-* Bump types-opentracing from 2.4.10.6 to 2.4.10.20250622. ([\#18586](https://github.com/element-hq/synapse/issues/18586))
-* Bump types-psycopg2 from 2.9.21.20250318 to 2.9.21.20250516. ([\#18658](https://github.com/element-hq/synapse/issues/18658))
-* Bump types-pyyaml from 6.0.12.20241230 to 6.0.12.20250516. ([\#18643](https://github.com/element-hq/synapse/issues/18643))
-* Bump types-setuptools from 75.2.0.20241019 to 80.9.0.20250529. ([\#18644](https://github.com/element-hq/synapse/issues/18644))
-* Bump typing-extensions from 4.12.2 to 4.14.0. ([\#18654](https://github.com/element-hq/synapse/issues/18654))
-* Bump typing-extensions from 4.14.0 to 4.14.1. ([\#18668](https://github.com/element-hq/synapse/issues/18668))
-* Bump urllib3 from 2.2.2 to 2.5.0. ([\#18572](https://github.com/element-hq/synapse/issues/18572))
-
-# Synapse 1.133.0 (2025-07-01)
-
-Pre-built wheels are now built using the [manylinux_2_28](https://github.com/pypa/manylinux#manylinux_2_28-almalinux-8-based) base, which is expected to be compatible with distros using glibc 2.28 or later, including:
-
- - Debian 10+
- - Ubuntu 18.10+
- - Fedora 29+
- - CentOS/RHEL 8+
-
-Previously, wheels were built using the [manylinux2014](https://github.com/pypa/manylinux#manylinux2014-centos-7-based-glibc-217) base, which was expected to be compatible with distros using glibc 2.17 or later.
-
-### Bugfixes
-
- Bump `cibuildwheel` to 3.0.0 to fix the `manylinux` wheel builds. ([\#18615](https://github.com/element-hq/synapse/issues/18615))
-
-
-
-
-# Synapse 1.133.0rc1 (2025-06-24)
-
-### Features
-
- Add support for the [MSC4260 user report API](https://github.com/matrix-org/matrix-spec-proposals/pull/4260). ([\#18120](https://github.com/element-hq/synapse/issues/18120))
-
-### Bugfixes
-
- Fix an issue where, during state resolution for v11 rooms, Synapse would incorrectly calculate the power level of the creator when there was no power levels event in the room. ([\#18534](https://github.com/element-hq/synapse/issues/18534), [\#18547](https://github.com/element-hq/synapse/issues/18547))
- Fix long-standing bug where sliding sync did not honour the `room_id_to_include` config option. ([\#18535](https://github.com/element-hq/synapse/issues/18535))
- Fix an issue where "Lock timeout is getting excessive" warnings would be logged even when the lock timeout was <10 minutes. ([\#18543](https://github.com/element-hq/synapse/issues/18543))
- Fix an issue where Synapse could calculate the wrong power level for the creator of the room if there was no power levels event. ([\#18545](https://github.com/element-hq/synapse/issues/18545))
-
-### Improved Documentation
-
- Generate config documentation from JSON Schema file. ([\#18528](https://github.com/element-hq/synapse/issues/18528))
- Fix typo in user type documentation. ([\#18568](https://github.com/element-hq/synapse/issues/18568))
-
-### Internal Changes
-
- Increase performance of introspecting access tokens when using delegated auth. ([\#18357](https://github.com/element-hq/synapse/issues/18357), [\#18561](https://github.com/element-hq/synapse/issues/18561))
- Log user deactivations. ([\#18541](https://github.com/element-hq/synapse/issues/18541))
- Enable [`flake8-logging`](https://docs.astral.sh/ruff/rules/#flake8-logging-log) and [`flake8-logging-format`](https://docs.astral.sh/ruff/rules/#flake8-logging-format-g) rules in Ruff and fix related issues throughout the codebase. ([\#18542](https://github.com/element-hq/synapse/issues/18542))
- Clean up old, unused rows from the `device_federation_inbox` table. ([\#18546](https://github.com/element-hq/synapse/issues/18546))
- Run config schema CI on develop and release branches. ([\#18551](https://github.com/element-hq/synapse/issues/18551))
- Add support for Twisted `25.5.0`+ releases. ([\#18577](https://github.com/element-hq/synapse/issues/18577))
- Update PyO3 to version 0.25. ([\#18578](https://github.com/element-hq/synapse/issues/18578))
-
-
-
-### Updates to locked dependencies
-
-* Bump actions/setup-python from 5.5.0 to 5.6.0. ([\#18555](https://github.com/element-hq/synapse/issues/18555))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18559](https://github.com/element-hq/synapse/issues/18559))
-* Bump dawidd6/action-download-artifact from 9 to 11. ([\#18556](https://github.com/element-hq/synapse/issues/18556))
-* Bump headers from 0.4.0 to 0.4.1. ([\#18529](https://github.com/element-hq/synapse/issues/18529))
-* Bump requests from 2.32.2 to 2.32.4. ([\#18533](https://github.com/element-hq/synapse/issues/18533))
-* Bump types-requests from 2.32.0.20250328 to 2.32.4.20250611. ([\#18558](https://github.com/element-hq/synapse/issues/18558))
-
-# Synapse 1.132.0 (2025-06-17)
-
-### Improved Documentation
-
- Improvements to generate config documentation from JSON Schema file. ([\#18522](https://github.com/element-hq/synapse/issues/18522))
-
-
-
-
-# Synapse 1.132.0rc1 (2025-06-10)
-
-### Features
-
- Add support for [MSC4155](https://github.com/matrix-org/matrix-spec-proposals/pull/4155) Invite Filtering. ([\#18288](https://github.com/element-hq/synapse/issues/18288))
- Add experimental `user_may_send_state_event` module API callback. ([\#18455](https://github.com/element-hq/synapse/issues/18455))
- Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size. ([\#18457](https://github.com/element-hq/synapse/issues/18457))
- Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](https://github.com/element-hq/synapse/issues/18458))
- Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](https://github.com/element-hq/synapse/issues/18486))
- Support configuration of default and extra user types. ([\#18456](https://github.com/element-hq/synapse/issues/18456))
- Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](https://github.com/element-hq/synapse/issues/18521))
- Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`. ([\#18513](https://github.com/element-hq/synapse/issues/18513))
-
-### Bugfixes
-
- Remove destinations from sending if not whitelisted. ([\#18484](https://github.com/element-hq/synapse/issues/18484))
- Fixed room summary API incorrectly returning that a room is private in the room summary response when the join rule is omitted by the remote server. Contributed by @nexy7574. ([\#18493](https://github.com/element-hq/synapse/issues/18493))
- Prevent users from adding themselves to their own user ignore list. ([\#18508](https://github.com/element-hq/synapse/issues/18508))
-
-### Improved Documentation
-
- Generate config documentation from JSON Schema file. ([\#17892](https://github.com/element-hq/synapse/issues/17892))
- Mention `CAP_NET_BIND_SERVICE` as an alternative to running Synapse as root in order to bind to a privileged port. ([\#18408](https://github.com/element-hq/synapse/issues/18408))
- Surface hidden Admin API documentation regarding fetching of scheduled tasks. ([\#18516](https://github.com/element-hq/synapse/issues/18516))
- Mark the new module APIs in this release as experimental. ([\#18536](https://github.com/element-hq/synapse/issues/18536))
-
-### Internal Changes
-
- Mark dehydrated devices in the [List All User Devices Admin API](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#list-all-devices). ([\#18252](https://github.com/element-hq/synapse/issues/18252))
- Reduce disk wastage by cleaning up `received_transactions` older than 1 day, rather than 30 days. ([\#18310](https://github.com/element-hq/synapse/issues/18310))
- Distinguish all vs local events being persisted in the "Event Send Time Quantiles" graph (Grafana). ([\#18510](https://github.com/element-hq/synapse/issues/18510))
-
-
-
-
-# Synapse 1.131.0 (2025-06-03)
-
-No significant changes since 1.131.0rc1.
-
-# Synapse 1.131.0rc1 (2025-05-28)
-
-### Features
-
- Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](https://github.com/matrix-org/matrix-spec-proposals/pull/4263). ([\#18180](https://github.com/element-hq/synapse/issues/18180))
- Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](https://github.com/element-hq/synapse/issues/18262))
- Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms). ([\#18318](https://github.com/element-hq/synapse/issues/18318))
- Add support for calling Policy Servers ([MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284)) to mark events as spam. ([\#18387](https://github.com/element-hq/synapse/issues/18387))
-
-### Bugfixes
-
- Prevent race-condition in `_maybe_retry_device_resync` entrance. ([\#18391](https://github.com/element-hq/synapse/issues/18391))
- Fix the `tests.handlers.test_worker_lock.WorkerLockTestCase.test_lock_contention` test which could spuriously time out on RISC-V architectures due to performance differences. ([\#18430](https://github.com/element-hq/synapse/issues/18430))
- Fix admin redaction endpoint not redacting encrypted messages. ([\#18434](https://github.com/element-hq/synapse/issues/18434))
-
-### Improved Documentation
-
- Update `room_list_publication_rules` docs to consider defaults that changed in v1.126.0. Contributed by @HarHarLinks. ([\#18286](https://github.com/element-hq/synapse/issues/18286))
- Add advice for upgrading between major PostgreSQL versions to the database documentation. ([\#18445](https://github.com/element-hq/synapse/issues/18445))
-
-### Internal Changes
-
- Fix a memory leak in `_NotifierUserStream`. ([\#18380](https://github.com/element-hq/synapse/issues/18380))
- Fix a couple type annotations in the `RootConfig`/`Config`. ([\#18409](https://github.com/element-hq/synapse/issues/18409))
- Explicitly enable PyPy builds in `cibuildwheel`s config to avoid it being disabled on a future upgrade to `cibuildwheel` v3. ([\#18417](https://github.com/element-hq/synapse/issues/18417))
- Update the PR review template to remove an erroneous line break from the final bullet point. ([\#18419](https://github.com/element-hq/synapse/issues/18419))
- Explain why we `flush_buffer()` for Python `print(...)` output. ([\#18420](https://github.com/element-hq/synapse/issues/18420))
- Add lint to ensure we don't add a `CREATE/DROP INDEX` in a schema delta. ([\#18440](https://github.com/element-hq/synapse/issues/18440))
- Allow checking only for the existence of a field in an SSO provider's response, rather than requiring the value(s) to check. ([\#18454](https://github.com/element-hq/synapse/issues/18454))
- Add unit tests for homeserver usage statistics. ([\#18463](https://github.com/element-hq/synapse/issues/18463))
- Don't move invited users to new room when shutting down room. ([\#18471](https://github.com/element-hq/synapse/issues/18471))
-
-
-
-### Updates to locked dependencies
-
-* Bump actions/setup-python from 5.5.0 to 5.6.0. ([\#18398](https://github.com/element-hq/synapse/issues/18398))
-* Bump authlib from 1.5.1 to 1.5.2. ([\#18452](https://github.com/element-hq/synapse/issues/18452))
-* Bump docker/build-push-action from 6.15.0 to 6.17.0. ([\#18397](https://github.com/element-hq/synapse/issues/18397), [\#18449](https://github.com/element-hq/synapse/issues/18449))
-* Bump lxml from 5.3.0 to 5.4.0. ([\#18480](https://github.com/element-hq/synapse/issues/18480))
-* Bump mypy-zope from 1.0.9 to 1.0.11. ([\#18428](https://github.com/element-hq/synapse/issues/18428))
-* Bump pyo3 from 0.23.5 to 0.24.2. ([\#18460](https://github.com/element-hq/synapse/issues/18460))
-* Bump pyo3-log from 0.12.3 to 0.12.4. ([\#18453](https://github.com/element-hq/synapse/issues/18453))
-* Bump pyopenssl from 25.0.0 to 25.1.0. ([\#18450](https://github.com/element-hq/synapse/issues/18450))
-* Bump ruff from 0.7.3 to 0.11.11. ([\#18451](https://github.com/element-hq/synapse/issues/18451), [\#18482](https://github.com/element-hq/synapse/issues/18482))
-* Bump tornado from 6.4.2 to 6.5.0. ([\#18459](https://github.com/element-hq/synapse/issues/18459))
-* Bump setuptools from 72.1.0 to 78.1.1. ([\#18461](https://github.com/element-hq/synapse/issues/18461))
-* Bump types-jsonschema from 4.23.0.20241208 to 4.23.0.20250516. ([\#18481](https://github.com/element-hq/synapse/issues/18481))
-* Bump types-requests from 2.32.0.20241016 to 2.32.0.20250328. ([\#18427](https://github.com/element-hq/synapse/issues/18427))
-
-# Synapse 1.130.0 (2025-05-20)
-
-### Bugfixes
-
- Fix startup being blocked on creating a new index that was introduced in v1.130.0rc1. ([\#18439](https://github.com/element-hq/synapse/issues/18439))
- Fix the ordering of local messages in rooms that were affected by [GHSA-v56r-hwv5-mxg6](https://github.com/advisories/GHSA-v56r-hwv5-mxg6). ([\#18447](https://github.com/element-hq/synapse/issues/18447))
-
-
-
-
-# Synapse 1.130.0rc1 (2025-05-13)
-
-### Features
-
- Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18214](https://github.com/element-hq/synapse/issues/18214))
- Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results. ([\#18300](https://github.com/element-hq/synapse/issues/18300))
- Add support for handling `GET /devices/` on workers. ([\#18355](https://github.com/element-hq/synapse/issues/18355))
-
-### Bugfixes
-
- Fix a longstanding bug where Synapse would immediately retry a failing push endpoint when a new event is received, ignoring any backoff timers. ([\#18363](https://github.com/element-hq/synapse/issues/18363))
- Pass leave from remote invite rejection down Sliding Sync. ([\#18375](https://github.com/element-hq/synapse/issues/18375))
-
-### Updates to the Docker image
-
- In `configure_workers_and_start.py`, use the same absolute path of Python in the interpreter shebang, and invoke child Python processes with `sys.executable`. ([\#18291](https://github.com/element-hq/synapse/issues/18291))
- Optimize the build of the workers image. ([\#18292](https://github.com/element-hq/synapse/issues/18292))
- In `start_for_complement.sh`, replace some external program calls with shell builtins. ([\#18293](https://github.com/element-hq/synapse/issues/18293))
- When generating container scripts from templates, don't add a leading newline so that their shebangs may be handled correctly. ([\#18295](https://github.com/element-hq/synapse/issues/18295))
-
-### Improved Documentation
-
- Improve formatting of the README file. ([\#18218](https://github.com/element-hq/synapse/issues/18218))
- Add documentation for configuring [Pocket ID](https://github.com/pocket-id/pocket-id) as an OIDC provider. ([\#18237](https://github.com/element-hq/synapse/issues/18237))
- Fix typo in docs about the `push` config option. Contributed by @HarHarLinks. ([\#18320](https://github.com/element-hq/synapse/issues/18320))
- Add `/_matrix/federation/v1/version` to list of federation endpoints that can be handled by workers. ([\#18377](https://github.com/element-hq/synapse/issues/18377))
- Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks. ([\#18384](https://github.com/element-hq/synapse/issues/18384))
-
-### Internal Changes
-
- Return specific error code when adding an email address / phone number to account is not supported ([MSC4178](https://github.com/matrix-org/matrix-spec-proposals/pull/4178)). ([\#17578](https://github.com/element-hq/synapse/issues/17578))
- Stop auto-provisionning missing users & devices when delegating auth to Matrix Authentication Service. Requires MAS 0.13.0 or later. ([\#18181](https://github.com/element-hq/synapse/issues/18181))
- Apply file hashing and existing quarantines to media downloaded for URL previews. ([\#18297](https://github.com/element-hq/synapse/issues/18297))
- Allow a few admin APIs used by matrix-authentication-service to run on workers. ([\#18313](https://github.com/element-hq/synapse/issues/18313))
- Apply `should_drop_federated_event` to federation invites. ([\#18330](https://github.com/element-hq/synapse/issues/18330))
- Allow `/rooms/` admin API to be run on workers. ([\#18360](https://github.com/element-hq/synapse/issues/18360))
- Minor performance improvements to the notifier. ([\#18367](https://github.com/element-hq/synapse/issues/18367))
- Slight performance increase when using the ratelimiter. ([\#18369](https://github.com/element-hq/synapse/issues/18369))
- Don't validate the `at_hash` (access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token. ([\#18374](https://github.com/element-hq/synapse/issues/18374), [\#18385](https://github.com/element-hq/synapse/issues/18385))
- Fixed test failures when using authlib 1.5.2. ([\#18390](https://github.com/element-hq/synapse/issues/18390))
- Refactor [MSC4186](https://github.com/matrix-org/matrix-spec-proposals/pull/4186) Simplified Sliding Sync room list tests to cover both new and fallback logic paths. ([\#18399](https://github.com/element-hq/synapse/issues/18399))
-
-
-
-### Updates to locked dependencies
-
-* Bump actions/add-to-project from 280af8ae1f83a494cfad2cb10f02f6d13529caa9 to 5b1a254a3546aef88e0a7724a77a623fa2e47c36. ([\#18365](https://github.com/element-hq/synapse/issues/18365))
-* Bump actions/download-artifact from 4.2.1 to 4.3.0. ([\#18364](https://github.com/element-hq/synapse/issues/18364))
-* Bump actions/setup-go from 5.4.0 to 5.5.0. ([\#18426](https://github.com/element-hq/synapse/issues/18426))
-* Bump anyhow from 1.0.97 to 1.0.98. ([\#18336](https://github.com/element-hq/synapse/issues/18336))
-* Bump packaging from 24.2 to 25.0. ([\#18393](https://github.com/element-hq/synapse/issues/18393))
-* Bump pillow from 11.1.0 to 11.2.1. ([\#18429](https://github.com/element-hq/synapse/issues/18429))
-* Bump pydantic from 2.10.3 to 2.11.4. ([\#18394](https://github.com/element-hq/synapse/issues/18394))
-* Bump pyo3-log from 0.12.2 to 0.12.3. ([\#18317](https://github.com/element-hq/synapse/issues/18317))
-* Bump pyopenssl from 24.3.0 to 25.0.0. ([\#18315](https://github.com/element-hq/synapse/issues/18315))
-* Bump sha2 from 0.10.8 to 0.10.9. ([\#18395](https://github.com/element-hq/synapse/issues/18395))
-* Bump sigstore/cosign-installer from 3.8.1 to 3.8.2. ([\#18366](https://github.com/element-hq/synapse/issues/18366))
-* Bump softprops/action-gh-release from 1 to 2. ([\#18264](https://github.com/element-hq/synapse/issues/18264))
-* Bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0. ([\#18354](https://github.com/element-hq/synapse/issues/18354))
-* Bump txredisapi from 1.4.10 to 1.4.11. ([\#18392](https://github.com/element-hq/synapse/issues/18392))
-* Bump types-jsonschema from 4.23.0.20240813 to 4.23.0.20241208. ([\#18305](https://github.com/element-hq/synapse/issues/18305))
-* Bump types-psycopg2 from 2.9.21.20250121 to 2.9.21.20250318. ([\#18316](https://github.com/element-hq/synapse/issues/18316))
-
-# Synapse 1.129.0 (2025-05-06)
-
-No significant changes since 1.129.0rc2.
-
-
-
-
-# Synapse 1.129.0rc2 (2025-04-30)
-
-Synapse 1.129.0rc1 was never formally released due to regressions discovered during the release process. 1.129.0rc2 fixes those regressions by reverting the affected PRs.
-
-### Internal Changes
-
- Revert the slow background update introduced by [\#18068](https://github.com/element-hq/synapse/issues/18068) in v1.128.0. ([\#18372](https://github.com/element-hq/synapse/issues/18372))
- Revert "Add total event, unencrypted message, and e2ee event counts to stats reporting", added in v1.129.0rc1. ([\#18373](https://github.com/element-hq/synapse/issues/18373))
-
-
-
-
-# Synapse 1.129.0rc1 (2025-04-15)
-
-### Features
-
- Add `passthrough_authorization_parameters` in OIDC configuration to allow passing parameters to the authorization grant URL. ([\#18232](https://github.com/element-hq/synapse/issues/18232))
- Add `total_event_count`, `total_message_count`, and `total_e2ee_event_count` fields to the homeserver usage statistics. ([\#18260](https://github.com/element-hq/synapse/issues/18260))
-
-### Bugfixes
-
- Fix `force_tracing_for_users` config when using delegated auth. ([\#18334](https://github.com/element-hq/synapse/issues/18334))
- Fix the token introspection cache logging access tokens when MAS integration is in use. ([\#18335](https://github.com/element-hq/synapse/issues/18335))
- Stop caching introspection failures when delegating auth to MAS. ([\#18339](https://github.com/element-hq/synapse/issues/18339))
- Fix `ExternalIDReuse` exception after migrating to MAS on workers with a high traffic. ([\#18342](https://github.com/element-hq/synapse/issues/18342))
- Fix minor performance regression caused by tracking of room participation. Regressed in v1.128.0. ([\#18345](https://github.com/element-hq/synapse/issues/18345))
-
-### Updates to the Docker image
-
- Optimize the build of the complement-synapse image. ([\#18294](https://github.com/element-hq/synapse/issues/18294))
-
-### Internal Changes
-
- Disable statement timeout during room purge. ([\#18133](https://github.com/element-hq/synapse/issues/18133))
- Add cache to storage functions used to auth requests when using delegated auth. ([\#18337](https://github.com/element-hq/synapse/issues/18337))
-
-
-
-
 # Synapse 1.128.0 (2025-04-08)

 No significant changes since 1.128.0rc1.
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/changelog.d/17984.feature
+++ b/changelog.d/17984.feature
@@ -1 +0,0 @@
-Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
--- a/changelog.d/18133.misc
+++ b/changelog.d/18133.misc
@@ -0,0 +1 @@
+Disable statement timeout during room purge.
--- a/changelog.d/18181.misc
+++ b/changelog.d/18181.misc
@@ -0,0 +1 @@
+Stop auto-provisionning missing users & devices when delegating auth to Matrix Authentication Service. Requires MAS 0.13.0 or later.
--- a/changelog.d/18195.feature
+++ b/changelog.d/18195.feature
@@ -1 +0,0 @@
-Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
--- a/changelog.d/18214.feature
+++ b/changelog.d/18214.feature
@@ -0,0 +1 @@
+Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks.
--- a/changelog.d/18218.doc
+++ b/changelog.d/18218.doc
@@ -0,0 +1 @@
+Improve formatting of the README file.
--- a/changelog.d/18232.feature
+++ b/changelog.d/18232.feature
@@ -0,0 +1 @@
+Add `passthrough_authorization_parameters` in OIDC configuration to allow to pass parameters to the authorization grant URL.
--- a/changelog.d/18237.doc
+++ b/changelog.d/18237.doc
@@ -0,0 +1 @@
+Add documentation for configuring [Pocket ID](https://github.com/pocket-id/pocket-id) as an OIDC provider.
--- a/changelog.d/18238.feature
+++ b/changelog.d/18238.feature
@@ -1 +0,0 @@
-If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.
--- a/changelog.d/18253.feature
+++ b/changelog.d/18253.feature
@@ -0,0 +1 @@
+Add admin API for fetching (paginated) room reports.
--- a/changelog.d/18263.feature
+++ b/changelog.d/18263.feature
@@ -1 +0,0 @@
-Add experimental support for [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277).
--- a/changelog.d/18291.docker
+++ b/changelog.d/18291.docker
@@ -0,0 +1 @@
+In configure_workers_and_start.py, use the same absolute path of Python in the interpreter shebang, and invoke child Python processes with `sys.executable`.
--- a/changelog.d/18292.docker
+++ b/changelog.d/18292.docker
@@ -0,0 +1 @@
+Optimize the build of the workers image.
--- a/changelog.d/18293.docker
+++ b/changelog.d/18293.docker
@@ -0,0 +1 @@
+In start_for_complement.sh, replace some external program calls with shell builtins.
--- a/changelog.d/18294.docker
+++ b/changelog.d/18294.docker
@@ -0,0 +1 @@
+Optimize the build of the complement-synapse image.
--- a/changelog.d/18295.docker
+++ b/changelog.d/18295.docker
@@ -0,0 +1 @@
+When generating container scripts from templates, don't add a leading newline so that their shebangs may be handled correctly.
--- a/changelog.d/18300.feature
+++ b/changelog.d/18300.feature
@@ -0,0 +1 @@
+Add config option `user_directory.exclude_remote_users` which, when enabled, excludes remote users from user directory search results.
--- a/changelog.d/18313.misc
+++ b/changelog.d/18313.misc
@@ -0,0 +1 @@
+Allow a few admin APIs used by matrix-authentication-service to run on workers.
--- a/changelog.d/18320.doc
+++ b/changelog.d/18320.doc
@@ -0,0 +1 @@
+Fix typo in docs about the `push` config option. Contributed by @HarHarLinks.
--- a/changelog.d/18330.misc
+++ b/changelog.d/18330.misc
@@ -0,0 +1 @@
+Apply `should_drop_federated_event` to federation invites.
--- a/changelog.d/18334.bugfix
+++ b/changelog.d/18334.bugfix
@@ -0,0 +1 @@
+Fix `force_tracing_for_users` config when using delegated auth.
--- a/changelog.d/18335.bugfix
+++ b/changelog.d/18335.bugfix
@@ -0,0 +1 @@
+Fix the token introspection cache logging access tokens when MAS integration is in use.
--- a/changelog.d/18337.misc
+++ b/changelog.d/18337.misc
@@ -0,0 +1 @@
+Add cache to storage functions used to auth requests when using delegated auth.
--- a/changelog.d/18339.bugfix
+++ b/changelog.d/18339.bugfix
@@ -0,0 +1 @@
+Stop caching introspection failures when delegating auth to MAS.
--- a/changelog.d/18342.bugfix
+++ b/changelog.d/18342.bugfix
@@ -0,0 +1 @@
+Fix `ExternalIDReuse` exception after migrating to MAS on workers with a high traffic.
--- a/changelog.d/18345.bugfix
+++ b/changelog.d/18345.bugfix
@@ -0,0 +1 @@
+Fix minor performance regression caused by tracking of room participation. Regressed in v1.128.0.
--- a/changelog.d/18355.feature
+++ b/changelog.d/18355.feature
@@ -0,0 +1 @@
+Add support for handling `GET /devices/` on workers.
--- a/changelog.d/18360.misc
+++ b/changelog.d/18360.misc
@@ -0,0 +1 @@
+Allow `/rooms/` admin API to be run on workers.
--- a/changelog.d/18363.bugfix
+++ b/changelog.d/18363.bugfix
@@ -0,0 +1 @@
+Fix longstanding bug where Synapse would immediately retry a failing push endpoint when a new event is received, ignoring any backoff timers.
--- a/changelog.d/18367.misc
+++ b/changelog.d/18367.misc
@@ -0,0 +1 @@
+Minor performance improvements to the notifier.
--- a/changelog.d/18369.misc
+++ b/changelog.d/18369.misc
@@ -0,0 +1 @@
+Slight performance increase when using the ratelimiter.
--- a/changelog.d/18374.misc
+++ b/changelog.d/18374.misc
@@ -0,0 +1 @@
+Don't validate the `at_hash` (access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token.
--- a/changelog.d/18377.doc
+++ b/changelog.d/18377.doc
@@ -0,0 +1 @@
+Add `/_matrix/federation/v1/version` to list of federation endpoints that can be handled by workers.
--- a/changelog.d/18384.doc
+++ b/changelog.d/18384.doc
@@ -0,0 +1 @@
+Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks`  to fetch scheduled tasks.
--- a/changelog.d/18385.misc
+++ b/changelog.d/18385.misc
@@ -0,0 +1 @@
+Don't validate the `at_hash` (access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token.
--- a/changelog.d/18499.bugfix
+++ b/changelog.d/18499.bugfix
@@ -1 +0,0 @@
-Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events.
--- a/changelog.d/18527.feature
+++ b/changelog.d/18527.feature
@@ -1 +0,0 @@
-Add ability to limit amount uploaded by a user in a given time period.
--- a/changelog.d/18548.doc
+++ b/changelog.d/18548.doc
@@ -1 +0,0 @@
-Document that some config options for the user directory are in violation of the Matrix spec.
--- a/changelog.d/18552.misc
+++ b/changelog.d/18552.misc
@@ -1 +0,0 @@
-Allow user registrations to be done on workers.
--- a/changelog.d/18564.misc
+++ b/changelog.d/18564.misc
@@ -1 +0,0 @@
-Remove unnecessary HTTP replication calls.
--- a/changelog.d/18601.misc
+++ b/changelog.d/18601.misc
@@ -1 +0,0 @@
-Refactor `Measure` block metrics to be homeserver-scoped.
--- a/changelog.d/18617.misc
+++ b/changelog.d/18617.misc
@@ -1 +0,0 @@
-Unbreak "Latest dependencies" workflow by using the `--without dev` poetry option instead of removed `--no-dev`.
--- a/changelog.d/18619.misc
+++ b/changelog.d/18619.misc
@@ -1 +0,0 @@
-Raise minimum Python version to `3.9.12`.
--- a/changelog.d/18622.misc
+++ b/changelog.d/18622.misc
@@ -1 +0,0 @@
-Update URL Preview code to work with `lxml` 6.0.0+.
--- a/changelog.d/18637.misc
+++ b/changelog.d/18637.misc
@@ -1 +0,0 @@
-Use `markdown-it-py` instead of `commonmark` in the release script.
--- a/changelog.d/18647.feature
+++ b/changelog.d/18647.feature
@@ -1 +0,0 @@
-Advertise support for Matrix v1.12.
--- a/changelog.d/18653.misc
+++ b/changelog.d/18653.misc
@@ -1 +0,0 @@
-Fix typing errors with upgraded mypy version.
--- a/changelog.d/18664.misc
+++ b/changelog.d/18664.misc
@@ -1 +0,0 @@
-Add doc comment explaining that config files are shallowly merged.
--- a/changelog.d/18672.misc
+++ b/changelog.d/18672.misc
@@ -1 +0,0 @@
-Minor speed up of insertion into `stream_positions` table.
--- a/changelog.d/18676.misc
+++ b/changelog.d/18676.misc
@@ -1 +0,0 @@
-Remove unused `allow_no_prev_events` option when creating an event.
--- a/changelog.d/18684.feature
+++ b/changelog.d/18684.feature
@@ -1 +0,0 @@
-Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
--- a/contrib/grafana/synapse.json
+++ b/contrib/grafana/synapse.json
@@ -220,24 +220,29 @@
      "yBucketBound": "auto"
    },
    {
-      "datasource": {
-        "uid": "${DS_PROMETHEUS}",
-        "type": "prometheus"
-      },
      "aliasColors": {},
+      "bars": false,
      "dashLength": 10,
+      "dashes": false,
+      "datasource": {
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "links": []
        },
        "overrides": []
      },
+      "fill": 0,
+      "fillGradient": 0,
      "gridPos": {
        "h": 9,
        "w": 12,
        "x": 12,
        "y": 1
      },
+      "hiddenSeries": false,
      "id": 152,
      "legend": {
        "avg": false,
@@ -250,81 +255,71 @@
        "values": false
      },
      "lines": true,
+      "linewidth": 0,
+      "links": [],
      "nullPointMode": "connected",
      "options": {
        "alertThreshold": true
      },
      "paceLength": 10,
-      "pluginVersion": "10.4.3",
+      "percentage": false,
+      "pluginVersion": "9.2.2",
      "pointradius": 5,
+      "points": false,
      "renderer": "flot",
      "seriesOverrides": [
        {
          "alias": "Avg",
          "fill": 0,
-          "linewidth": 3,
-          "$$hashKey": "object:48"
+          "linewidth": 3
        },
        {
          "alias": "99%",
          "color": "#C4162A",
-          "fillBelowTo": "90%",
-          "$$hashKey": "object:49"
+          "fillBelowTo": "90%"
        },
        {
          "alias": "90%",
          "color": "#FF7383",
-          "fillBelowTo": "75%",
-          "$$hashKey": "object:50"
+          "fillBelowTo": "75%"
        },
        {
          "alias": "75%",
          "color": "#FFEE52",
-          "fillBelowTo": "50%",
-          "$$hashKey": "object:51"
+          "fillBelowTo": "50%"
        },
        {
          "alias": "50%",
          "color": "#73BF69",
-          "fillBelowTo": "25%",
-          "$$hashKey": "object:52"
+          "fillBelowTo": "25%"
        },
        {
          "alias": "25%",
          "color": "#1F60C4",
-          "fillBelowTo": "5%",
-          "$$hashKey": "object:53"
+          "fillBelowTo": "5%"
        },
        {
          "alias": "5%",
-          "lines": false,
-          "$$hashKey": "object:54"
+          "lines": false
        },
        {
          "alias": "Average",
          "color": "rgb(255, 255, 255)",
          "lines": true,
-          "linewidth": 3,
-          "$$hashKey": "object:55"
+          "linewidth": 3
        },
        {
-          "alias": "Local events being persisted",
-          "color": "#96d98D",
-          "points": true,
-          "yaxis": 2,
-          "zindex": -3,
-          "$$hashKey": "object:56"
-        },
-        {
-          "$$hashKey": "object:329",
+          "alias": "Events",
          "color": "#B877D9",
-          "alias": "All events being persisted",
+          "hideTooltip": true,
          "points": true,
          "yaxis": 2,
          "zindex": -3
        }
      ],
      "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
      "targets": [
        {
          "datasource": {
@@ -389,20 +384,7 @@
          },
          "expr": "sum(rate(synapse_http_server_response_time_seconds_sum{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) / sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size]))",
          "legendFormat": "Average",
-          "refId": "H",
-          "editorMode": "code",
-          "range": true
-        },
-        {
-          "datasource": {
-            "uid": "${DS_PROMETHEUS}"
-          },
-          "expr": "sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size]))",
-          "hide": false,
-          "instant": false,
-          "legendFormat": "Local events being persisted",
-          "refId": "E",
-          "editorMode": "code"
+          "refId": "H"
        },
        {
          "datasource": {
@@ -411,9 +393,8 @@
          "expr": "sum(rate(synapse_storage_events_persisted_events_total{instance=\"$instance\"}[$bucket_size]))",
          "hide": false,
          "instant": false,
-          "legendFormat": "All events being persisted",
-          "refId": "I",
-          "editorMode": "code"
+          "legendFormat": "Events",
+          "refId": "E"
        }
      ],
      "thresholds": [
@@ -447,9 +428,7 @@
      "xaxis": {
        "mode": "time",
        "show": true,
-        "values": [],
-        "name": null,
-        "buckets": null
+        "values": []
      },
      "yaxes": [
        {
@@ -471,20 +450,7 @@
      ],
      "yaxis": {
        "align": false
-      },
-      "bars": false,
-      "dashes": false,
-      "description": "",
-      "fill": 0,
-      "fillGradient": 0,
-      "hiddenSeries": false,
-      "linewidth": 0,
-      "percentage": false,
-      "points": false,
-      "stack": false,
-      "steppedLine": false,
-      "timeFrom": null,
-      "timeShift": null
+      }
    },
    {
      "aliasColors": {},
--- a/contrib/graph/graph.py
+++ b/contrib/graph/graph.py
@@ -45,10 +45,6 @@ def make_graph(pdus: List[dict], filename_prefix: str) -> None:
    colors = {"red", "green", "blue", "yellow", "purple"}

    for pdu in pdus:
-        # TODO: The "origin" field has since been removed from events generated
-        # by Synapse. We should consider removing it here as well but since this
-        # is part of `contrib/`, it is left for the community to revise and ensure things
-        # still work correctly.
        origins.add(pdu.get("origin"))

    color_map = {color: color for color in colors if color in origins}
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,81 +1,3 @@
-matrix-synapse-py3 (1.134.0) stable; urgency=medium
-
-  * New Synapse release 1.134.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 15 Jul 2025 14:22:50 +0100
-
-matrix-synapse-py3 (1.134.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.134.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 09 Jul 2025 11:27:13 +0100
-
-matrix-synapse-py3 (1.133.0) stable; urgency=medium
-
-  * New synapse release 1.133.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 01 Jul 2025 13:13:24 +0000
-
-matrix-synapse-py3 (1.133.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.133.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 24 Jun 2025 11:57:47 +0100
-
-matrix-synapse-py3 (1.132.0) stable; urgency=medium
-
-  * New Synapse release 1.132.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 17 Jun 2025 13:16:20 +0100
-
-matrix-synapse-py3 (1.132.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.132.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 10 Jun 2025 11:15:18 +0100
-
-matrix-synapse-py3 (1.131.0) stable; urgency=medium
-
-  * New Synapse release 1.131.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Jun 2025 14:36:55 +0100
-
-matrix-synapse-py3 (1.131.0~rc1) stable; urgency=medium
-
-  * New synapse release 1.131.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 28 May 2025 10:25:44 +0000
-
-matrix-synapse-py3 (1.130.0) stable; urgency=medium
-
-  * New Synapse release 1.130.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 20 May 2025 08:34:13 -0600
-
-matrix-synapse-py3 (1.130.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.130.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 13 May 2025 10:44:04 +0100
-
-matrix-synapse-py3 (1.129.0) stable; urgency=medium
-
-  * New Synapse release 1.129.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 06 May 2025 12:22:11 +0100
-
-matrix-synapse-py3 (1.129.0~rc2) stable; urgency=medium
-
-  * New synapse release 1.129.0rc2.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 30 Apr 2025 13:13:16 +0000
-
-matrix-synapse-py3 (1.129.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.129.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 15 Apr 2025 10:47:43 -0600
-
 matrix-synapse-py3 (1.128.0) stable; urgency=medium

  * New Synapse release 1.128.0.
--- a/docker/complement/conf/workers-shared-extra.yaml.j2
+++ b/docker/complement/conf/workers-shared-extra.yaml.j2
@@ -127,8 +127,6 @@ experimental_features:
  msc3983_appservice_otk_claims: true
  # Proxy key queries to exclusive ASes
  msc3984_appservice_key_query: true
-  # Invite filtering
-  msc4155_enabled: true

 server_notices:
  system_mxid_localpart: _server
--- a/docker/configure_workers_and_start.py
+++ b/docker/configure_workers_and_start.py
@@ -352,11 +352,6 @@ def error(txt: str) -> NoReturn:


 def flush_buffers() -> None:
-    """
-    Python's `print()` buffers output by default, typically waiting until ~8KB
-    accumulates. This method can be used to flush the buffers so we can see the output
-    of any print statements so far.
-    """
    sys.stdout.flush()
    sys.stderr.flush()

--- a/docker/start.py
+++ b/docker/start.py
@@ -22,11 +22,6 @@ def error(txt: str) -> NoReturn:


 def flush_buffers() -> None:
-    """
-    Python's `print()` buffers output by default, typically waiting until ~8KB
-    accumulates. This method can be used to flush the buffers so we can see the output
-    of any print statements so far.
-    """
    sys.stdout.flush()
    sys.stderr.flush()

--- a/docs/README.md
+++ b/docs/README.md
@@ -63,18 +63,6 @@ mdbook serve

 The URL at which the docs can be viewed at will be logged.

-## Synapse configuration documentation
-
-The [Configuration
-Manual](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html)
-page is generated from a YAML file,
-[schema/synapse-config.schema.yaml](../schema/synapse-config.schema.yaml). To
-add new options or modify existing ones, first edit that file, then run
-[scripts-dev/gen_config_documentation.py](../scripts-dev/gen_config_documentation.py)
-to generate an updated Configuration Manual markdown file.
-
-Build the book as described above to preview it in a web browser.
-
 ## Configuration and theming

 The look and behaviour of the website is configured by the [book.toml](../book.toml) file
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -49,8 +49,6 @@
        - [Background update controller callbacks](modules/background_update_controller_callbacks.md)
        - [Account data callbacks](modules/account_data_callbacks.md)
        - [Add extra fields to client events unsigned section callbacks](modules/add_extra_fields_to_client_events_unsigned.md)
-        - [Media repository callbacks](modules/media_repository_callbacks.md)
-        - [Ratelimit callbacks](modules/ratelimit_callbacks.md)
        - [Porting a legacy module to the new interface](modules/porting_legacy_module.md)
    - [Workers](workers.md)
      - [Using `synctl` with Workers](synctl_workers.md)
@@ -68,13 +66,11 @@
      - [Registration Tokens](usage/administration/admin_api/registration_tokens.md)
      - [Manipulate Room Membership](admin_api/room_membership.md)
      - [Rooms](admin_api/rooms.md)
-      - [Scheduled tasks](admin_api/scheduled_tasks.md)
      - [Server Notices](admin_api/server_notices.md)
      - [Statistics](admin_api/statistics.md)
      - [Users](admin_api/user_admin_api.md)
      - [Server Version](admin_api/version_api.md)
      - [Federation](usage/administration/admin_api/federation.md)
-      - [Client-Server API Extensions](admin_api/client_server_api_extensions.md)
    - [Manhole](manhole.md)
    - [Monitoring](metrics-howto.md)
      - [Reporting Homeserver Usage Statistics](usage/administration/monitoring/reporting_homeserver_usage_statistics.md)
--- a/docs/admin_api/client_server_api_extensions.md
+++ b/docs/admin_api/client_server_api_extensions.md
@@ -1,25 +0,0 @@
-# Client-Server API Extensions
-
-Server administrators can set special account data to change how the Client-Server API behaves for
-their clients. Setting the account data, or having it already set, as a non-admin has no effect.
-
-All configuration options can be set through the `io.element.synapse.admin_client_config` global 
-account data on the admin's user account. 
-
-Example:
-```
-PUT /_matrix/client/v3/user/{adminUserId}/account_data/io.element.synapse.admin_client_config
-{
-    "return_soft_failed_events": true
-}
-```
-
-## See soft failed events
-
-Learn more about soft failure from [the spec](https://spec.matrix.org/v1.14/server-server-api/#soft-failure).
-
-To receive soft failed events in APIs like `/sync` and `/messages`, set `return_soft_failed_events`
-to `true` in the admin client config. When `false`, the normal behaviour of these endpoints is to
-exclude soft failed events.
-
-Default: `false`
--- a/docs/admin_api/event_reports.md
+++ b/docs/admin_api/event_reports.md
@@ -117,6 +117,7 @@ It returns a JSON body like the following:
        "hashes": {
            "sha256": "xK1//xnmvHJIOvbgXlkI8eEqdvoMmihVDJ9J4SNlsAw"
        },
+        "origin": "matrix.org",
        "origin_server_ts": 1592291711430,
        "prev_events": [
            "$YK4arsKKcc0LRoe700pS8DSjOvUT4NDv0HfInlMFw2M"
--- a/docs/admin_api/room_reports.md
+++ b/docs/admin_api/room_reports.md
@@ -0,0 +1,76 @@
+# Show reported rooms
+
+This API returns information about reported rooms.
+
+To use it, you will need to authenticate by providing an `access_token`
+for a server admin: see [Admin API](../usage/administration/admin_api/).
+
+The api is:
+```
+GET /_synapse/admin/v1/room_reports?from=0&limit=10
+```
+
+It returns a JSON body like the following:
+
+```json
+{
+    "room_reports": [
+        {
+            "id": 2,
+            "reason": "foo",
+            "received_ts": 1570897107409,
+            "canonical_alias": "#alias1:matrix.org",
+            "room_id": "!ERAgBpSOcCCuTJqQPk:matrix.org",
+            "name": "Matrix HQ",
+            "user_id": "@foo:matrix.org"
+        },
+        {
+            "id": 3,
+            "reason": "bar",
+            "received_ts": 1598889612059,
+            "canonical_alias": "#alias2:matrix.org",
+            "room_id": "!eGvUQuTCkHGVwNMOjv:matrix.org",
+            "name": "Your room name here",
+            "user_id": "@bar:matrix.org"
+        }
+    ],
+    "next_token": 2,
+    "total": 4
+}
+```
+
+To paginate, check for `next_token` and if present, call the endpoint again with `from`
+set to the value of `next_token` and the same `limit`. This will return a new page.
+
+If the endpoint does not return a `next_token` then there are no more reports to
+paginate through.
+
+**Query parameters:**
+
+* `limit`: integer - Is optional but is used for pagination, denoting the maximum number
+  of items to return in this call. Defaults to `100`.
+* `from`: integer - Is optional but used for pagination, denoting the offset in the
+  returned results. This should be treated as an opaque value and not explicitly set to
+  anything other than the return value of `next_token` from a previous call. Defaults to `0`.
+* `dir`: string - Direction of event report order. Whether to fetch the most recent
+  first (`b`) or the oldest first (`f`). Defaults to `b`.
+* `user_id`: optional string - Filter by the user ID of the reporter. This is the user who reported the event
+   and wrote the reason.
+* `room_id`: optional string - Filter by (reported) room id.
+
+**Response**
+
+The following fields are returned in the JSON response body:
+
+* `id`: integer - ID of room report.
+* `received_ts`: integer - The timestamp (in milliseconds since the unix epoch) when this
+  report was sent.
+* `room_id`: string - The ID of the room being reported.
+* `name`: string - The name of the room.
+* `user_id`: string - This is the user who reported the room and wrote the reason.
+* `reason`: string - Comment made by the `user_id` in this report. May be blank or `null`.
+* `canonical_alias`: string - The canonical alias of the room. `null` if the room does not
+  have a canonical alias set.
+* `next_token`: integer - Indication for pagination. See above.
+* `total`: integer - Total number of room reports related to the query
+  (`user_id` and `room_id`).
--- a/docs/admin_api/rooms.md
+++ b/docs/admin_api/rooms.md
@@ -794,7 +794,6 @@ A response body like the following is returned:
    "results": [
        {
            "delete_id": "delete_id1",
-            "room_id": "!roomid:example.com",
            "status": "failed",
            "error": "error message",
            "shutdown_room": {
@@ -805,8 +804,7 @@ A response body like the following is returned:
            }
        }, {
            "delete_id": "delete_id2",
-            "room_id": "!roomid:example.com",
-            "status": "active",
+            "status": "purging",
            "shutdown_room": {
                "kicked_users": [
                    "@foobar:example.com"
@@ -843,9 +841,7 @@ A response body like the following is returned:

 ```json
 {
-    "status": "active",
-    "delete_id": "bHkCNQpHqOaFhPtK",
-    "room_id": "!roomid:example.com",
+    "status": "purging",
    "shutdown_room": {
        "kicked_users": [
            "@foobar:example.com"
@@ -873,11 +869,10 @@ The following fields are returned in the JSON response body:
 - `results` - An array of objects, each containing information about one task.
  This field is omitted from the result when you query by `delete_id`.
  Task objects contain the following fields:
-  - `delete_id` - The ID for this purge
-  - `room_id` - The ID of the room being deleted
+  - `delete_id` - The ID for this purge if you query by `room_id`.
  - `status` - The status will be one of:
-    - `scheduled` - The deletion is waiting to be started
-    - `active` - The process is purging the room and event data from database.
+    - `shutting_down` - The process is removing users from the room.
+    - `purging` - The process is purging the room and event data from database.
    - `complete` - The process has completed successfully.
    - `failed` - The process is aborted, an error has occurred.
  - `error` - A string that shows an error message if `status` is `failed`.
--- a/docs/admin_api/user_admin_api.md
+++ b/docs/admin_api/user_admin_api.md
@@ -163,8 +163,7 @@ Body parameters:
 - `locked` - **bool**, optional. If unspecified, locked state will be left unchanged.
 - `user_type` - **string** or null, optional. If not provided, the user type will be
  not be changed. If `null` is given, the user type will be cleared.
-  Other allowed options are: `bot` and `support` and any extra values defined in the homserver
-  [configuration](../usage/configuration/config_documentation.md#user_types).
+  Other allowed options are: `bot` and `support`.

 ## List Accounts
 ### List Accounts (V2)
@@ -955,8 +954,7 @@ A response body like the following is returned:
      "last_seen_ip": "1.2.3.4",
      "last_seen_user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0",
      "last_seen_ts": 1474491775024,
-      "user_id": "<user_id>",
-      "dehydrated": false
+      "user_id": "<user_id>"
    },
    {
      "device_id": "AUIECTSRND",
@@ -964,8 +962,7 @@ A response body like the following is returned:
      "last_seen_ip": "1.2.3.5",
      "last_seen_user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0",
      "last_seen_ts": 1474491775025,
-      "user_id": "<user_id>",
-      "dehydrated": false
+      "user_id": "<user_id>"
    }
  ],
  "total": 2
@@ -995,7 +992,6 @@ The following fields are returned in the JSON response body:
  - `last_seen_ts` - The timestamp (in milliseconds since the unix epoch) when this
    devices was last seen. (May be a few minutes out of date, for efficiency reasons).
  - `user_id` - Owner of  device.
-  - `dehydrated` - Whether the device is a dehydrated device.

 - `total` - Total number of user's devices.

--- a/docs/development/contributing_guide.md
+++ b/docs/development/contributing_guide.md
@@ -29,6 +29,8 @@ easiest way of installing the latest version is to use [rustup](https://rustup.r

 Synapse can connect to PostgreSQL via the [psycopg2](https://pypi.org/project/psycopg2/) Python library. Building this library from source requires access to PostgreSQL's C header files. On Debian or Ubuntu Linux, these can be installed with `sudo apt install libpq-dev`.

+Synapse has an optional, improved user search with better Unicode support. For that you need the development package of `libicu`. On Debian or Ubuntu Linux, this can be installed with `sudo apt install libicu-dev`.
+
 The source code of Synapse is hosted on GitHub. You will also need [a recent version of git](https://github.com/git-guides/install-git).

 For some tests, you will need [a recent version of Docker](https://docs.docker.com/get-docker/).
--- a/docs/development/dependencies.md
+++ b/docs/development/dependencies.md
@@ -164,7 +164,10 @@ $ poetry cache clear --all .
 # including the wheel artifacts which is not covered by the above command
 # (see https://github.com/python-poetry/poetry/issues/10304)
 #
-# This is necessary in order to rebuild or fetch new wheels.
+# This is necessary in order to rebuild or fetch new wheels. For example, if you update
+# the `icu` library in on your system, you will need to rebuild the PyICU Python package
+# in order to incorporate the correct dynamically linked library locations otherwise you
+# will run into errors like: `ImportError: libicui18n.so.75: cannot open shared object file: No such file or directory`
 $ rm -rf $(poetry config cache-dir)
 ```

--- a/docs/modules/media_repository_callbacks.md
+++ b/docs/modules/media_repository_callbacks.md
@@ -1,66 +0,0 @@
-# Media repository callbacks
-
-Media repository callbacks allow module developers to customise the behaviour of the
-media repository on a per user basis. Media repository callbacks can be registered
-using the module API's `register_media_repository_callbacks` method.
-
-The available media repository callbacks are:
-
-### `get_media_config_for_user`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def get_media_config_for_user(user_id: str) -> Optional[JsonDict]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when processing a request from a client for the
-[media config endpoint](https://spec.matrix.org/latest/client-server-api/#get_matrixclientv1mediaconfig).
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
-
-If the callback returns a dictionary then it will be used as the body of the response to the
-client.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `None`, Synapse falls through to the next one. The value of the first
-callback that does not return `None` will be used. If this happens, Synapse will not call
-any of the subsequent implementations of this callback.
-
-If no module returns a non-`None` value then the default media config will be returned.
-
-### `is_user_allowed_to_upload_media_of_size`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def is_user_allowed_to_upload_media_of_size(user_id: str, size: int) -> bool
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called before media is accepted for upload from a user, in case the module needs to
-enforce a different limit for the particular user.
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
-* `size`: The size in bytes of media that is being requested to upload.
-
-If the module returns `False`, the current request will be denied with the error code
-`M_TOO_LARGE` and the HTTP status code 413.
-
-If multiple modules implement this callback, they will be considered in order. If a callback
-returns `True`, Synapse falls through to the next one. The value of the first callback that
-returns `False` will be used. If this happens, Synapse will not call any of the subsequent
-implementations of this callback.
--- a/docs/modules/ratelimit_callbacks.md
+++ b/docs/modules/ratelimit_callbacks.md
@@ -1,43 +0,0 @@
-# Ratelimit callbacks
-
-Ratelimit callbacks allow module developers to override ratelimit settings dynamically whilst
-Synapse is running. Ratelimit callbacks can be registered using the module API's
-`register_ratelimit_callbacks` method.
-
-The available ratelimit callbacks are:
-
-### `get_ratelimit_override_for_user`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def get_ratelimit_override_for_user(user: str, limiter_name: str) -> Optional[synapse.module_api.RatelimitOverride]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when constructing a ratelimiter of a particular type for a user. The module can
-return a `messages_per_second` and `burst_count` to be used, or `None` if
-the default settings are adequate. The user is represented by their Matrix user ID
-(e.g. `@alice:example.com`). The limiter name is usually taken from the `RatelimitSettings` key
-value.
-
-The limiters that are currently supported are:
-
- `rc_invites.per_room`
- `rc_invites.per_user`
- `rc_invites.per_issuer`
-
-The `RatelimitOverride` return type has the following fields:
-
- `per_second: float`. The number of actions that can be performed in a second. `0.0` means that ratelimiting is disabled.
- `burst_count: int`. The number of actions that can be performed before being limited.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `None`, Synapse falls through to the next one. The value of the first
-callback that does not return `None` will be used. If this happens, Synapse will not call
-any of the subsequent implementations of this callback. If no module returns a non-`None` value
-then the default settings will be used.
--- a/docs/modules/spam_checker_callbacks.md
+++ b/docs/modules/spam_checker_callbacks.md
@@ -80,8 +80,6 @@ Called when processing an invitation, both when one is created locally or when
 receiving an invite over federation. Both inviter and invitee are represented by
 their Matrix user ID (e.g. `@alice:example.com`).

-Note that federated invites will call `federated_user_may_invite` before this callback.
-

 The callback must return one of:
  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
@@ -99,34 +97,6 @@ be used. If this happens, Synapse will not call any of the subsequent implementa
 this callback.


-### `federated_user_may_invite`
-
-_First introduced in Synapse v1.133.0_
-
-```python
-async def federated_user_may_invite(event: "synapse.events.EventBase") -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
-```
-
-Called when processing an invitation received over federation. Unlike `user_may_invite`,
-this callback receives the entire event, including any stripped state in the `unsigned`
-section, not just the room and user IDs.
-
-The callback must return one of:
-  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
-    decide to reject it.
-  - `synapse.module_api.errors.Codes` to reject the operation with an error code. In case
-    of doubt, `synapse.module_api.errors.Codes.FORBIDDEN` is a good error code.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `synapse.module_api.NOT_SPAM`, Synapse falls through to the next one.
-The value of the first callback that does not return `synapse.module_api.NOT_SPAM` will
-be used. If this happens, Synapse will not call any of the subsequent implementations of
-this callback.
-
-If all of the callbacks return `synapse.module_api.NOT_SPAM`, Synapse will also fall
-through to the `user_may_invite` callback before approving the invite.
-
-
 ### `user_may_send_3pid_invite`

 _First introduced in Synapse v1.45.0_
@@ -189,19 +159,12 @@ _First introduced in Synapse v1.37.0_

 _Changed in Synapse v1.62.0: `synapse.module_api.NOT_SPAM` and `synapse.module_api.errors.Codes` can be returned by this callback. Returning a boolean is now deprecated._ 

-_Changed in Synapse v1.132.0: Added the `room_config` argument. Callbacks that only expect a single `user_id` argument are still supported._
-
 ```python
-async def user_may_create_room(user_id: str, room_config: synapse.module_api.JsonDict) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
+async def user_may_create_room(user_id: str) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
 ```

 Called when processing a room creation request.

-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`).
-* `room_config`: The contents of the body of a [/createRoom request](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3createroom) as a dictionary.
-
 The callback must return one of:
  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
    decide to reject it.
@@ -276,41 +239,6 @@ be used. If this happens, Synapse will not call any of the subsequent implementa
 this callback.


-### `user_may_send_state_event`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def user_may_send_state_event(user_id: str, room_id: str, event_type: str, state_key: str, content: JsonDict) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes"]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when processing a request to [send state events](https://spec.matrix.org/latest/client-server-api/#put_matrixclientv3roomsroomidstateeventtypestatekey) to a room.
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) sending the state event.
-* `room_id`: The ID of the room that the requested state event is being sent to.
-* `event_type`: The requested type of event.
-* `state_key`: The requested state key.
-* `content`: The requested event contents.
-
-The callback must return one of:
-  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
-    decide to reject it.
-  - `synapse.module_api.errors.Codes` to reject the operation with an error code. In case
-    of doubt, `synapse.module_api.errors.Codes.FORBIDDEN` is a good error code.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `synapse.module_api.NOT_SPAM`, Synapse falls through to the next one.
-The value of the first callback that does not return `synapse.module_api.NOT_SPAM` will
-be used. If this happens, Synapse will not call any of the subsequent implementations of
-this callback.
-

 ### `check_username_for_spam`

--- a/docs/postgres.md
+++ b/docs/postgres.md
@@ -100,14 +100,6 @@ database:
    keepalives_count: 3
 ```

-## Postgresql major version upgrades
-
-Postgres uses separate directories for database locations between major versions (typically `/var/lib/postgresql/<version>/main`).
-
-Therefore, it is recommended to stop Synapse and other services (MAS, etc) before upgrading Postgres major versions.
-
-It is also strongly recommended to [back up](./usage/administration/backups.md#database) your database beforehand to ensure no data loss arising from a failed upgrade.
-
 ## Backups

 Don't forget to [back up](./usage/administration/backups.md#database) your database!
--- a/docs/reverse_proxy.md
+++ b/docs/reverse_proxy.md
@@ -5,10 +5,10 @@ It is recommended to put a reverse proxy such as
 [Apache](https://httpd.apache.org/docs/current/mod/mod_proxy_http.html),
 [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy),
 [HAProxy](https://www.haproxy.org/) or
-[relayd](https://man.openbsd.org/relayd.8) in front of Synapse.
-This has the advantage of being able to expose the default HTTPS port (443) to Matrix
-clients without requiring Synapse to bind to a privileged port (port numbers less than
-1024), avoiding the need for `CAP_NET_BIND_SERVICE` or running as root.
+[relayd](https://man.openbsd.org/relayd.8) in front of Synapse. One advantage
+of doing so is that it means that you can expose the default https port
+(443) to Matrix clients without needing to run Synapse with root
+privileges.

 You should configure your reverse proxy to forward requests to `/_matrix` or
 `/_synapse/client` to Synapse, and have it set the `X-Forwarded-For` and
--- a/docs/setup/installation.md
+++ b/docs/setup/installation.md
@@ -286,7 +286,7 @@ Installing prerequisites on Ubuntu or Debian:
 ```sh
 sudo apt install build-essential python3-dev libffi-dev \
                     python3-pip python3-setuptools sqlite3 \
-                     libssl-dev virtualenv libjpeg-dev libxslt1-dev
+                     libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev
 ```

 ##### ArchLinux
@@ -295,7 +295,7 @@ Installing prerequisites on ArchLinux:

 ```sh
 sudo pacman -S base-devel python python-pip \
-               python-setuptools python-virtualenv sqlite3
+               python-setuptools python-virtualenv sqlite3 icu
 ```

 ##### CentOS/Fedora
@@ -305,7 +305,8 @@ Installing prerequisites on CentOS or Fedora Linux:
 ```sh
 sudo dnf install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
                 libwebp-devel libxml2-devel libxslt-devel libpq-devel \
-                 python3-virtualenv libffi-devel openssl-devel python3-devel
+                 python3-virtualenv libffi-devel openssl-devel python3-devel \
+                 libicu-devel
 sudo dnf group install "Development Tools"
 ```

@@ -332,7 +333,7 @@ dnf install python3.12 python3.12-devel
 ```
 Finally, install common prerequisites
 ```bash
-dnf install libpq5 libpq5-devel lz4 pkgconf
+dnf install libicu libicu-devel libpq5 libpq5-devel lz4 pkgconf
 dnf group install "Development Tools"
 ```
 ###### Using venv module instead of virtualenv command
@@ -364,6 +365,20 @@ xcode-select --install

 Some extra dependencies may be needed. You can use Homebrew (https://brew.sh) for them.

+You may need to install icu, and make the icu binaries and libraries accessible.
+Please follow [the official instructions of PyICU](https://pypi.org/project/PyICU/) to do so.
+
+If you're struggling to get icu discovered, and see:
+```
+  RuntimeError:
+  Please install pkg-config on your system or set the ICU_VERSION environment
+  variable to the version of ICU you have installed.
+```
+despite it being installed and having your `PATH` updated, you can omit this dependency by
+not specifying `--extras all` to `poetry`. If using postgres, you can install Synapse via
+`poetry install --extras saml2 --extras oidc --extras postgres --extras opentracing --extras redis --extras sentry`.
+ICU is not a hard dependency on getting a working installation.
+
 On ARM-based Macs you may also need to install libjpeg and libpq:
 ```sh
 brew install jpeg libpq
@@ -385,7 +400,8 @@ Installing prerequisites on openSUSE:
 ```sh
 sudo zypper in -t pattern devel_basis
 sudo zypper in python-pip python-setuptools sqlite3 python-virtualenv \
-               python-devel libffi-devel libopenssl-devel libjpeg62-devel
+               python-devel libffi-devel libopenssl-devel libjpeg62-devel \
+               libicu-devel
 ```

 ##### OpenBSD
--- a/docs/spam_checker.md
+++ b/docs/spam_checker.md
@@ -63,7 +63,7 @@ class ExampleSpamChecker:
    async def user_may_invite(self, inviter_userid, invitee_userid, room_id):
        return True  # allow all invites

-    async def user_may_create_room(self, userid, room_config):
+    async def user_may_create_room(self, userid):
        return True  # allow all room creations

    async def user_may_create_room_alias(self, userid, room_alias):
--- a/docs/upgrade.md
+++ b/docs/upgrade.md
@@ -117,21 +117,6 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).

-# Upgrading to v1.135.0
-
-## `on_user_registration` module API callback may now run on any worker
-
-Previously, the `on_user_registration` callback would only run on the main
-process. Modules relying on this callback must assume that they may now be
-called from any worker, not just the main process.
-
-# Upgrading to v1.134.0
-
-## ICU bundled with Synapse
-
-Synapse now uses the Rust `icu` library for improved user search. Installing the
-native ICU library on your system is no longer required.
-
 # Upgrading to v1.130.0

 ## Documented endpoint which can be delegated to a federation worker
--- a/docs/usage/administration/admin_faq.md
+++ b/docs/usage/administration/admin_faq.md
@@ -255,7 +255,7 @@ line to `/etc/default/matrix-synapse`:

    LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2

-*Note*: You may need to set `PYTHONMALLOC=malloc` to ensure that `jemalloc` can accurately calculate memory usage. By default, Python uses its internal small-object allocator, which may interfere with jemalloc's ability to track memory consumption correctly. This could prevent the [cache_autotuning](../configuration/config_documentation.md#caches) feature from functioning as expected, as the Python allocator may not reach the memory threshold set by `max_cache_memory_usage`, thus not triggering the cache eviction process.
+*Note*: You may need to set `PYTHONMALLOC=malloc` to ensure that `jemalloc` can accurately calculate memory usage. By default, Python uses its internal small-object allocator, which may interfere with jemalloc's ability to track memory consumption correctly. This could prevent the [cache_autotuning](../configuration/config_documentation.md#caches-and-associated-values) feature from functioning as expected, as the Python allocator may not reach the memory threshold set by `max_cache_memory_usage`, thus not triggering the cache eviction process.

 This made a significant difference on Python 2.7 - it's unclear how
 much of an improvement it provides on Python 3.x.
--- a/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md
+++ b/docs/usage/administration/monitoring/reporting_homeserver_usage_statistics.md
@@ -30,7 +30,7 @@ The following statistics are sent to the configured reporting endpoint:
 | `python_version`           | string | The Python version number in use (e.g "3.7.1"). Taken from `sys.version_info`.                                                                                                                                                                                                                  |
 | `total_users`              | int    | The number of registered users on the homeserver.                                                                                                                                                                                                                                               |
 | `total_nonbridged_users`   | int    | The number of users, excluding those created by an Application Service.                                                                                                                                                                                                                         |
-| `daily_user_type_native`   | int    | The number of native, non-guest users created in the last 24 hours.                                                                                                                                                                                                                                        |
+| `daily_user_type_native`   | int    | The number of native users created in the last 24 hours.                                                                                                                                                                                                                                        |
 | `daily_user_type_guest`    | int    | The number of guest users created in the last 24 hours.                                                                                                                                                                                                                                         |
 | `daily_user_type_bridged`  | int    | The number of users created by Application Services in the last 24 hours.                                                                                                                                                                                                                       |
 | `total_room_count`         | int    | The total number of rooms present on the homeserver.                                                                                                                                                                                                                                            |
@@ -50,8 +50,8 @@ The following statistics are sent to the configured reporting endpoint:
 | `cache_factor`             | int    | The configured [`global factor`](../../configuration/config_documentation.md#caching) value for caching.                                                                                                                                                                                        |
 | `event_cache_size`         | int    | The configured [`event_cache_size`](../../configuration/config_documentation.md#caching) value for caching.                                                                                                                                                                                     |
 | `database_engine`          | string | The database engine that is in use. Either "psycopg2" meaning PostgreSQL is in use, or "sqlite3" for SQLite3.                                                                                                                                                                                   |
-| `database_server_version`  | string | The version of the database server. Examples being "10.10" for PostgreSQL server version 10.0, and "3.38.5" for SQLite 3.38.5 installed on the system.                                                                                                                                          |
-| `log_level`                | string | The log level in use. Examples are "INFO", "WARNING", "ERROR", "DEBUG", etc.                                                                                                                                                                                                                    |
+| `database_server_version` | string | The version of the database server. Examples being "10.10" for PostgreSQL server version 10.0, and "3.38.5" for SQLite 3.38.5 installed on the system.                                                                                                                                          |
+| `log_level` | string | The log level in use. Examples are "INFO", "WARNING", "ERROR", "DEBUG", etc.                                                                                                                                                                                                                    |


 [^1]: Native matrix users and guests are always counted. If the
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
--- a/docs/user_directory.md
+++ b/docs/user_directory.md
@@ -77,11 +77,14 @@ The user provided search term is lowercased and normalized using [NFKC](https://
 this treats the string as case-insensitive, canonicalizes different forms of the
 same text, and maps some "roughly equivalent" characters together.

-The search term is then split into segments using the [`icu_segmenter`
-Rust crate](https://crates.io/crates/icu_segmenter). This crate ships with its
-own dictionary and Long Short Term-Memory (LSTM) machine learning models
-per-language to segment words. Read more [in the crate's
-documentation](https://docs.rs/icu/latest/icu/segmenter/struct.WordSegmenter.html#method.new_auto).
+The search term is then split into words:
+
+* If [ICU](https://en.wikipedia.org/wiki/International_Components_for_Unicode) is
+  available, then the system's [default locale](https://unicode-org.github.io/icu/userguide/locale/#default-locales)
+  will be used to break the search term into words. (See the
+  [installation instructions](setup/installation.md) for how to install ICU.)
+* If unavailable, then runs of ASCII characters, numbers, underscores, and hyphens
+  are considered words.

 The queries for PostgreSQL and SQLite are detailed below, but their overall goal
 is to find matching users, preferring users who are "real" (e.g. not bots,
--- a/flake.nix
+++ b/flake.nix
@@ -96,6 +96,7 @@
                  gnumake

                  # Native dependencies for running Synapse.
+                  icu
                  libffi
                  libjpeg
                  libpqxx
--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -74,10 +74,6 @@ select = [
    "PIE",
    # flake8-executable
    "EXE",
-    # flake8-logging
-    "LOG",
-    # flake8-logging-format
-    "G",
 ]

 [tool.ruff.lint.isort]
@@ -101,7 +97,7 @@ module-name = "synapse.synapse_rust"

 [tool.poetry]
 name = "matrix-synapse"
-version = "1.134.0"
+version = "1.128.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"
@@ -159,13 +155,7 @@ synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
 update_synapse_database = "synapse._scripts.update_synapse_database:main"

 [tool.poetry.dependencies]
-# We aim to support all versions of Python currently supported upstream as per
-# our dependency deprecation policy:
-# https://element-hq.github.io/synapse/latest/deprecation_policy.html#policy
-#
-# 3.9.12 is currently the minimum version due to Twisted requiring it:
-# https://github.com/twisted/twisted/commit/27674f64d8a553ad5e68913bfb1c936e6fdeb46a
-python = "^3.9.12"
+python = "^3.9.0"

 # Mandatory Dependencies
 # ----------------------
@@ -230,7 +220,7 @@ pydantic = ">=1.7.4, <3"
 # https://github.com/python-poetry/poetry/issues/6154). Both `pip install` and
 # `poetry build` do the right thing without this explicit dependency.
 #
-# This isn't really a dev-dependency, as `poetry install --without dev` will fail,
+# This isn't really a dev-dependency, as `poetry install --no-dev` will fail,
 # but the alternative is to add it to the main list of deps where it isn't
 # needed.
 setuptools_rust = ">=1.3"
@@ -260,6 +250,7 @@ hiredis = { version = "*", optional = true }
 Pympler = { version = "*", optional = true }
 parameterized = { version = ">=0.7.4", optional = true }
 idna = { version = ">=2.5", optional = true }
+pyicu = { version = ">=2.10.2", optional = true }

 [tool.poetry.extras]
 # NB: Packages that should be part of `pip install matrix-synapse[all]` need to be specified
@@ -282,6 +273,10 @@ redis = ["txredisapi", "hiredis"]
 # Required to use experimental `caches.track_memory_usage` config option.
 cache-memory = ["pympler"]
 test = ["parameterized", "idna"]
+# Allows for better search for international characters in the user directory. This
+# requires libicu's development headers installed on the system (e.g. libicu-dev on
+# Debian-based distributions).
+user-search = ["pyicu"]

 # The duplication here is awful. I hate hate hate hate hate it. However, for now I want
 # to ensure you can still `pip install matrix-synapse[all]` like today. Two motivations:
@@ -313,6 +308,8 @@ all = [
    "txredisapi", "hiredis",
    # cache-memory
    "pympler",
+    # improved user search
+    "pyicu",
    # omitted:
    #   - test: it's useful to have this separate from dev deps in the olddeps job
    #   - systemd: this is a system-based requirement
@@ -323,7 +320,7 @@ all = [
 # failing on new releases. Keeping lower bounds loose here means that dependabot
 # can bump versions without having to update the content-hash in the lockfile.
 # This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.12.2"
+ruff = "0.7.3"
 # Type checking only works with the pydantic.v1 compat module from pydantic v2
 pydantic = "^2"

@@ -332,6 +329,7 @@ lxml-stubs = ">=0.4.0"
 mypy = "*"
 mypy-zope = "*"
 types-bleach = ">=4.1.0"
+types-commonmark = ">=0.9.2"
 types-jsonschema = ">=3.2.0"
 types-netaddr = ">=0.8.0.6"
 types-opentracing = ">=2.4.2"
@@ -354,7 +352,7 @@ idna = ">=2.5"
 click = ">=8.1.3"
 # GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
 GitPython = ">=3.1.20"
-markdown-it-py = ">=3.0.0"
+commonmark = ">=0.9.1"
 pygithub = ">=1.55"
 # The following are executed as commands by the release script.
 twine = "*"
@@ -372,7 +370,7 @@ tomli = ">=1.2.3"
 # runtime errors caused by build system changes.
 # We are happy to raise these upper bounds upon request,
 # provided we check that it's safe to do so (i.e. that CI passes).
-requires = ["poetry-core>=1.1.0,<=2.1.3", "setuptools_rust>=1.3,<=1.11.1"]
+requires = ["poetry-core>=1.1.0,<=1.9.1", "setuptools_rust>=1.3,<=1.10.2"]
 build-backend = "poetry.core.masonry.api"


@@ -380,13 +378,13 @@ build-backend = "poetry.core.masonry.api"
 # Skip unsupported platforms (by us or by Rust).
 # See https://cibuildwheel.readthedocs.io/en/stable/options/#build-skip for the list of build targets.
 # We skip:
-#  - CPython and PyPy 3.8: EOLed
+#  - CPython 3.6, 3.7 and 3.8: EOLed
+#  - PyPy 3.7 and 3.8: we only support Python 3.9+
 #  - musllinux i686: excluded to reduce number of wheels we build.
 #    c.f. https://github.com/matrix-org/synapse/pull/12595#discussion_r963107677
-skip = "cp38* pp38* *-musllinux_i686"
-# Enable non-default builds.
-# "pypy" used to be included by default up until cibuildwheel 3.
-enable = "pypy"
+#  - PyPy on Aarch64 and musllinux on aarch64: too slow to build.
+#    c.f. https://github.com/matrix-org/synapse/pull/14259
+skip = "cp36* cp37* cp38* pp37* pp38* *-musllinux_i686 pp*aarch64 *-musllinux_aarch64"

 # We need a rust compiler.
 #
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -7,7 +7,7 @@ name = "synapse"
 version = "0.1.0"

 edition = "2021"
-rust-version = "1.81.0"
+rust-version = "1.66.0"

 [lib]
 name = "synapse"
@@ -30,28 +30,19 @@ http = "1.1.0"
 lazy_static = "1.4.0"
 log = "0.4.17"
 mime = "0.3.17"
-pyo3 = { version = "0.25.1", features = [
+pyo3 = { version = "0.23.5", features = [
    "macros",
    "anyhow",
    "abi3",
    "abi3-py39",
 ] }
-pyo3-log = "0.12.4"
-pythonize = "0.25.0"
+pyo3-log = "0.12.0"
+pythonize = "0.23.0"
 regex = "1.6.0"
 sha2 = "0.10.8"
 serde = { version = "1.0.144", features = ["derive"] }
 serde_json = "1.0.85"
 ulid = "1.1.2"
-icu_segmenter = "2.0.0"
-reqwest = { version = "0.12.15", default-features = false, features = [
-    "http2",
-    "stream",
-    "rustls-tls-native-roots",
-] }
-http-body-util = "0.1.3"
-futures = "0.3.31"
-tokio = { version = "1.44.2", features = ["rt", "rt-multi-thread"] }

 [features]
 extension-module = ["pyo3/extension-module"]
--- a/rust/src/errors.rs
+++ b/rust/src/errors.rs
@@ -58,15 +58,3 @@ impl NotFoundError {
        NotFoundError::new_err(())
    }
 }
-
-import_exception!(synapse.api.errors, HttpResponseException);
-
-impl HttpResponseException {
-    pub fn new(status: StatusCode, bytes: Vec<u8>) -> pyo3::PyErr {
-        HttpResponseException::new_err((
-            status.as_u16(),
-            status.canonical_reason().unwrap_or_default(),
-            bytes,
-        ))
-    }
-}
--- a/rust/src/http_client.rs
+++ b/rust/src/http_client.rs
@@ -1,218 +0,0 @@
-/*
- * This file is licensed under the Affero General Public License (AGPL) version 3.
- *
- * Copyright (C) 2025 New Vector, Ltd
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * See the GNU Affero General Public License for more details:
- * <https://www.gnu.org/licenses/agpl-3.0.html>.
- */
-
-use std::{collections::HashMap, future::Future, panic::AssertUnwindSafe, sync::LazyLock};
-
-use anyhow::Context;
-use futures::{FutureExt, TryStreamExt};
-use pyo3::{exceptions::PyException, prelude::*, types::PyString};
-use reqwest::RequestBuilder;
-use tokio::runtime::Runtime;
-
-use crate::errors::HttpResponseException;
-
-/// The tokio runtime that we're using to run async Rust libs.
-static RUNTIME: LazyLock<Runtime> = LazyLock::new(|| {
-    tokio::runtime::Builder::new_multi_thread()
-        .worker_threads(4)
-        .enable_all()
-        .build()
-        .unwrap()
-});
-
-/// A reference to the `Deferred` python class.
-static DEFERRED_CLASS: LazyLock<PyObject> = LazyLock::new(|| {
-    Python::with_gil(|py| {
-        py.import("twisted.internet.defer")
-            .expect("module 'twisted.internet.defer' should be importable")
-            .getattr("Deferred")
-            .expect("module 'twisted.internet.defer' should have a 'Deferred' class")
-            .unbind()
-    })
-});
-
-/// A reference to the twisted `reactor`.
-static TWISTED_REACTOR: LazyLock<Py<PyModule>> = LazyLock::new(|| {
-    Python::with_gil(|py| {
-        py.import("twisted.internet.reactor")
-            .expect("module 'twisted.internet.reactor' should be importable")
-            .unbind()
-    })
-});
-
-/// Called when registering modules with python.
-pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module: Bound<'_, PyModule> = PyModule::new(py, "http_client")?;
-    child_module.add_class::<HttpClient>()?;
-
-    // Make sure we fail early if we can't build the lazy statics.
-    LazyLock::force(&RUNTIME);
-    LazyLock::force(&DEFERRED_CLASS);
-
-    m.add_submodule(&child_module)?;
-
-    // We need to manually add the module to sys.modules to make `from
-    // synapse.synapse_rust import acl` work.
-    py.import("sys")?
-        .getattr("modules")?
-        .set_item("synapse.synapse_rust.http_client", child_module)?;
-
-    Ok(())
-}
-
-#[pyclass]
-#[derive(Clone)]
-struct HttpClient {
-    client: reqwest::Client,
-}
-
-#[pymethods]
-impl HttpClient {
-    #[new]
-    pub fn py_new(user_agent: &str) -> PyResult<HttpClient> {
-        // The twisted reactor can only be imported after Synapse has been
-        // imported, to allow Synapse to change the twisted reactor. If we try
-        // and import the reactor too early twisted installs a default reactor,
-        // which can't be replaced.
-        LazyLock::force(&TWISTED_REACTOR);
-
-        Ok(HttpClient {
-            client: reqwest::Client::builder()
-                .user_agent(user_agent)
-                .build()
-                .context("building reqwest client")?,
-        })
-    }
-
-    pub fn get<'a>(
-        &self,
-        py: Python<'a>,
-        url: String,
-        response_limit: usize,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        self.send_request(py, self.client.get(url), response_limit)
-    }
-
-    pub fn post<'a>(
-        &self,
-        py: Python<'a>,
-        url: String,
-        response_limit: usize,
-        headers: HashMap<String, String>,
-        request_body: String,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        let mut builder = self.client.post(url);
-        for (name, value) in headers {
-            builder = builder.header(name, value);
-        }
-        builder = builder.body(request_body);
-
-        self.send_request(py, builder, response_limit)
-    }
-}
-
-impl HttpClient {
-    fn send_request<'a>(
-        &self,
-        py: Python<'a>,
-        builder: RequestBuilder,
-        response_limit: usize,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        create_deferred(py, async move {
-            let response = builder.send().await.context("sending request")?;
-
-            let status = response.status();
-
-            let mut stream = response.bytes_stream();
-            let mut buffer = Vec::new();
-            while let Some(chunk) = stream.try_next().await.context("reading body")? {
-                if buffer.len() + chunk.len() > response_limit {
-                    Err(anyhow::anyhow!("Response size too large"))?;
-                }
-
-                buffer.extend_from_slice(&chunk);
-            }
-
-            if !status.is_success() {
-                return Err(HttpResponseException::new(status, buffer));
-            }
-
-            let r = Python::with_gil(|py| buffer.into_pyobject(py).map(|o| o.unbind()))?;
-
-            Ok(r)
-        })
-    }
-}
-
-/// Creates a twisted deferred from the given future, spawning the task on the
-/// tokio runtime.
-///
-/// Does not handle deferred cancellation or contextvars.
-fn create_deferred<F, O>(py: Python, fut: F) -> PyResult<Bound<'_, PyAny>>
-where
-    F: Future<Output = PyResult<O>> + Send + 'static,
-    for<'a> O: IntoPyObject<'a>,
-{
-    let deferred = DEFERRED_CLASS.bind(py).call0()?;
-    let deferred_callback = deferred.getattr("callback")?.unbind();
-    let deferred_errback = deferred.getattr("errback")?.unbind();
-
-    RUNTIME.spawn(async move {
-        // TODO: Is it safe to assert unwind safety here? I think so, as we
-        // don't use anything that could be tainted by the panic afterwards.
-        // Note that `.spawn(..)` asserts unwind safety on the future too.
-        let res = AssertUnwindSafe(fut).catch_unwind().await;
-
-        Python::with_gil(move |py| {
-            // Flatten the panic into standard python error
-            let res = match res {
-                Ok(r) => r,
-                Err(panic_err) => {
-                    let panic_message = get_panic_message(&panic_err);
-                    Err(PyException::new_err(
-                        PyString::new(py, panic_message).unbind(),
-                    ))
-                }
-            };
-
-            // Send the result to the deferred, via `.callback(..)` or `.errback(..)`
-            match res {
-                Ok(obj) => {
-                    TWISTED_REACTOR
-                        .call_method(py, "callFromThread", (deferred_callback, obj), None)
-                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
-                }
-                Err(err) => {
-                    TWISTED_REACTOR
-                        .call_method(py, "callFromThread", (deferred_errback, err), None)
-                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
-                }
-            }
-        });
-    });
-
-    Ok(deferred)
-}
-
-/// Try and get the panic message out of the panic
-fn get_panic_message<'a>(panic_err: &'a (dyn std::any::Any + Send + 'static)) -> &'a str {
-    // Apparently this is how you extract the panic message from a panic
-    if let Some(str_slice) = panic_err.downcast_ref::<&str>() {
-        str_slice
-    } else if let Some(string) = panic_err.downcast_ref::<String>() {
-        string
-    } else {
-        "unknown error"
-    }
-}
--- a/rust/src/identifier.rs
+++ b/rust/src/identifier.rs
@@ -27,7 +27,7 @@ pub enum IdentifierError {

 impl fmt::Display for IdentifierError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{self:?}")
+        write!(f, "{:?}", self)
    }
 }

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Travis Ralston	339660851d	Merge branch 'develop' into travis/adminapi-report-room	2025-05-02 11:02:47 -06:00
Travis Ralston	2584a6fe8f	Apply suggestions from code review Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>	2025-05-02 11:02:28 -06:00
Travis Ralston	9766e110e4	Apply suggestions from code review Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>	2025-05-02 11:02:17 -06:00
Andrew Morgan	960bb62788	Merge branch 'develop' into travis/adminapi-report-room	2025-05-02 10:50:04 +01:00
Travis Ralston	c7e4846a2e	Empty commit to fix CI	2025-03-18 15:42:35 -06:00
turt2live	97dc729005	Attempt to fix linting	2025-03-18 21:39:51 +00:00
Travis Ralston	0f35e9af04	changelog	2025-03-18 15:38:07 -06:00
Travis Ralston	33e0abff8c	Add admin API for fetching room reports	2025-03-18 15:35:28 -06:00
				`@@ -1 +0,0 @@`
				Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
				`@@ -0,0 +1 @@`
				`Disable statement timeout during room purge.`
				`@@ -0,0 +1 @@`
				`Stop auto-provisionning missing users & devices when delegating auth to Matrix Authentication Service. Requires MAS 0.13.0 or later.`
				`@@ -1 +0,0 @@`
				`Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).`
				`@@ -0,0 +1 @@`
				Add an Admin API endpoint `GET /_synapse/admin/v1/scheduled_tasks` to fetch scheduled tasks.
				`@@ -0,0 +1 @@`
				Add `passthrough_authorization_parameters` in OIDC configuration to allow to pass parameters to the authorization grant URL.
				`@@ -0,0 +1 @@`
				`Add documentation for configuring [Pocket ID](https://github.com/pocket-id/pocket-id) as an OIDC provider.`
				`@@ -1 +0,0 @@`
				`If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.`
				`@@ -0,0 +1 @@`
				`Add admin API for fetching (paginated) room reports.`