newsfile

Set minimum python version to 3.9.12
This matches Twisted's minimum required version. See twisted/twisted@27674f6
2025-07-16 10:42:08 +01:00 · 2025-07-16 10:41:58 +01:00 · 2025-07-15 15:55:23 -05:00 · 2025-07-15 15:53:56 -05:00 · 2025-07-15 13:25:25 -05:00 · 2025-07-15 15:07:20 +01:00
126 changed files with 1934 additions and 852 deletions
@@ -60,7 +60,7 @@ jobs:
      - run: poetry run pip list > before.txt
      # Upgrade all runtime dependencies only. This is intended to mimic a fresh
      # `pip install matrix-synapse[all]` as closely as possible.
-      - run: poetry update --no-dev
+      - run: poetry update --without dev
      - run: poetry run pip list > after.txt && (diff -u before.txt after.txt || true)
      - name: Remove unhelpful options from mypy config
        run: sed -e '/warn_unused_ignores = True/d' -e '/warn_redundant_casts = True/d' -i mypy.ini
@@ -65,12 +65,6 @@ dependencies = [
 "windows-targets",
 ]

-[[package]]
-name = "base64"
-version = "0.21.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
-
 [[package]]
 name = "base64"
 version = "0.22.1"
@@ -380,7 +374,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b3314d5adb5d94bcdf56771f2e50dbbc80bb4bdf88967526706205ac9eff24eb"
 dependencies = [
- "base64 0.22.1",
+ "base64",
 "bytes",
 "headers-core",
 "http",
@@ -500,7 +494,7 @@ version = "0.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dc2fdfdbff08affe55bb779f33b053aa1fe5dd5b54c257343c17edfa55711bdb"
 dependencies = [
- "base64 0.22.1",
+ "base64",
 "bytes",
 "futures-channel",
 "futures-core",
@@ -1190,7 +1184,7 @@ version = "0.12.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cbc931937e6ca3a06e3b6c0aa7841849b160a90351d6ab467a8b9b9959767531"
 dependencies = [
- "base64 0.22.1",
+ "base64",
 "bytes",
 "futures-core",
 "futures-util",
@@ -1464,7 +1458,7 @@ name = "synapse"
 version = "0.1.0"
 dependencies = [
 "anyhow",
- "base64 0.21.7",
+ "base64",
 "blake2",
 "bytes",
 "futures",
@@ -0,0 +1 @@
+Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
@@ -0,0 +1 @@
+Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
@@ -0,0 +1 @@
+If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.
@@ -0,0 +1 @@
+Add experimental support for [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277).
@@ -0,0 +1 @@
+Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events.
@@ -0,0 +1 @@
+Add ability to limit amount uploaded by a user in a given time period.
@@ -0,0 +1 @@
+Document that some config options for the user directory are in violation of the Matrix spec.
@@ -0,0 +1 @@
+Allow user registrations to be done on workers.
@@ -0,0 +1 @@
+Remove unnecessary HTTP replication calls.
@@ -0,0 +1 @@
+Refactor `Measure` block metrics to be homeserver-scoped.
@@ -0,0 +1 @@
+Unbreak "Latest dependencies" workflow by using the `--without dev` poetry option instead of removed `--no-dev`.
@@ -0,0 +1 @@
+Raise minimum Python version to `3.9.12`.
@@ -0,0 +1 @@
+Update URL Preview code to work with `lxml` 6.0.0+.
@@ -0,0 +1 @@
+Use `markdown-it-py` instead of `commonmark` in the release script.
@@ -0,0 +1 @@
+Advertise support for Matrix v1.12.
@@ -0,0 +1 @@
+Fix typing errors with upgraded mypy version.
@@ -0,0 +1 @@
+Add doc comment explaining that config files are shallowly merged.
@@ -0,0 +1 @@
+Minor speed up of insertion into `stream_positions` table.
@@ -0,0 +1 @@
+Remove unused `allow_no_prev_events` option when creating an event.
@@ -0,0 +1 @@
+Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
@@ -74,6 +74,7 @@
      - [Users](admin_api/user_admin_api.md)
      - [Server Version](admin_api/version_api.md)
      - [Federation](usage/administration/admin_api/federation.md)
+      - [Client-Server API Extensions](admin_api/client_server_api_extensions.md)
    - [Manhole](manhole.md)
    - [Monitoring](metrics-howto.md)
      - [Reporting Homeserver Usage Statistics](usage/administration/monitoring/reporting_homeserver_usage_statistics.md)
@@ -0,0 +1,25 @@
+# Client-Server API Extensions
+
+Server administrators can set special account data to change how the Client-Server API behaves for
+their clients. Setting the account data, or having it already set, as a non-admin has no effect.
+
+All configuration options can be set through the `io.element.synapse.admin_client_config` global 
+account data on the admin's user account. 
+
+Example:
+```
+PUT /_matrix/client/v3/user/{adminUserId}/account_data/io.element.synapse.admin_client_config
+{
+    "return_soft_failed_events": true
+}
+```
+
+## See soft failed events
+
+Learn more about soft failure from [the spec](https://spec.matrix.org/v1.14/server-server-api/#soft-failure).
+
+To receive soft failed events in APIs like `/sync` and `/messages`, set `return_soft_failed_events`
+to `true` in the admin client config. When `false`, the normal behaviour of these endpoints is to
+exclude soft failed events.
+
+Default: `false`
@@ -117,6 +117,14 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).

+# Upgrading to v1.135.0
+
+## `on_user_registration` module API callback may now run on any worker
+
+Previously, the `on_user_registration` callback would only run on the main
+process. Modules relying on this callback must assume that they may now be
+called from any worker, not just the main process.
+
 # Upgrading to v1.134.0

 ## ICU bundled with Synapse
@@ -2086,6 +2086,23 @@ Example configuration:
 max_upload_size: 60M
 ```
 ---
+### `media_upload_limits`
+
+*(array)* A list of media upload limits defining how much data a given user can upload in a given time period.
+
+An empty list means no limits are applied.
+
+Defaults to `[]`.
+
+Example configuration:
+```yaml
+media_upload_limits:
+- time_period: 1h
+  max_size: 100M
+- time_period: 1w
+  max_size: 500M
+```
+---
 ### `max_image_pixels`

 *(byte size)* Maximum number of pixels that will be thumbnailed. Defaults to `"32M"`.
@@ -2340,6 +2357,21 @@ Example configuration:
 recaptcha_public_key: YOUR_PUBLIC_KEY
 ```
 ---
+### `recaptcha_public_key_path`
+
+*(string|null)* An alternative to [`recaptcha_public_key`](#recaptcha_public_key): allows the public key to be specified in an external file.
+
+The file should be a plain text file, containing only the public key. Synapse reads the public key from the given file once at startup.
+
+_Added in Synapse 1.135.0._
+
+Defaults to `null`.
+
+Example configuration:
+```yaml
+recaptcha_public_key_path: /path/to/key/file
+```
+---
 ### `recaptcha_private_key`

 *(string|null)* This homeserver's ReCAPTCHA private key. Must be specified if [`enable_registration_captcha`](#enable_registration_captcha) is enabled. Defaults to `null`.
@@ -2349,6 +2381,21 @@ Example configuration:
 recaptcha_private_key: YOUR_PRIVATE_KEY
 ```
 ---
+### `recaptcha_private_key_path`
+
+*(string|null)* An alternative to [`recaptcha_private_key`](#recaptcha_private_key): allows the private key to be specified in an external file.
+
+The file should be a plain text file, containing only the private key. Synapse reads the private key from the given file once at startup.
+
+_Added in Synapse 1.135.0._
+
+Defaults to `null`.
+
+Example configuration:
+```yaml
+recaptcha_private_key_path: /path/to/key/file
+```
+---
 ### `enable_registration_captcha`

 *(boolean)* Set to `true` to require users to complete a CAPTCHA test when registering an account. Requires a valid ReCaptcha public/private key.
@@ -3761,7 +3808,11 @@ encryption_enabled_by_default_for_room_type: invite

 This setting has the following sub-options:

-* `enabled` (boolean): Defines whether users can search the user directory. If false then empty responses are returned to all queries. Defaults to `true`.
+* `enabled` (boolean): Defines whether users can search the user directory. If `false` then empty responses are returned to all queries.
+
+  *Warning: While the homeserver may determine which subset of users are searched, the Matrix specification requires homeservers to include (at minimum) users visible in public rooms and users sharing a room with the requester. Using `false` improves performance but violates this requirement.*
+
+  Defaults to `true`.

 * `search_all_users` (boolean): Defines whether to search all users visible to your homeserver at the time the search is performed. If set to true, will return all users known to the homeserver matching the search query. If false, search results will only contain users visible in public rooms and users sharing a room with the requester.

@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.1.3 and should not be changed by hand.

 [[package]]
 name = "annotated-types"
@@ -39,7 +39,7 @@ description = "The ultimate Python library in building OAuth and OpenID Connect
 optional = true
 python-versions = ">=3.9"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"jwt\" or extra == \"oidc\""
+markers = "extra == \"oidc\" or extra == \"jwt\" or extra == \"all\""
 files = [
    {file = "authlib-1.6.0-py2.py3-none-any.whl", hash = "sha256:91685589498f79e8655e8a8947431ad6288831d643f11c55c2143ffcc738048d"},
    {file = "authlib-1.6.0.tar.gz", hash = "sha256:4367d32031b7af175ad3a323d571dc7257b7099d55978087ceae4a0d88cd3210"},
@@ -366,21 +366,6 @@ files = [
    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
 ]

-[[package]]
-name = "commonmark"
-version = "0.9.1"
-description = "Python parser for the CommonMark Markdown spec"
-optional = false
-python-versions = "*"
-groups = ["dev"]
-files = [
-    {file = "commonmark-0.9.1-py2.py3-none-any.whl", hash = "sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9"},
-    {file = "commonmark-0.9.1.tar.gz", hash = "sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60"},
-]
-
-[package.extras]
-test = ["flake8 (==3.7.8)", "hypothesis (==3.55.3)"]
-
 [[package]]
 name = "constantly"
 version = "15.1.0"
@@ -450,7 +435,7 @@ description = "XML bomb protection for Python stdlib modules"
 optional = true
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "defusedxml-0.7.1-py2.py3-none-any.whl", hash = "sha256:a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"},
    {file = "defusedxml-0.7.1.tar.gz", hash = "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69"},
@@ -493,7 +478,7 @@ description = "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and l
 optional = true
 python-versions = ">=3.7"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "elementpath-4.1.5-py3-none-any.whl", hash = "sha256:2ac1a2fb31eb22bbbf817f8cf6752f844513216263f0e3892c8e79782fe4bb55"},
    {file = "elementpath-4.1.5.tar.gz", hash = "sha256:c2d6dc524b29ef751ecfc416b0627668119d8812441c555d7471da41d4bacb8d"},
@@ -543,7 +528,7 @@ description = "Python wrapper for hiredis"
 optional = true
 python-versions = ">=3.8"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"redis\""
+markers = "extra == \"redis\" or extra == \"all\""
 files = [
    {file = "hiredis-3.2.1-cp310-cp310-macosx_10_15_universal2.whl", hash = "sha256:add17efcbae46c5a6a13b244ff0b4a8fa079602ceb62290095c941b42e9d5dec"},
    {file = "hiredis-3.2.1-cp310-cp310-macosx_10_15_x86_64.whl", hash = "sha256:5fe955cc4f66c57df1ae8e5caf4de2925d43b5efab4e40859662311d1bcc5f54"},
@@ -880,7 +865,7 @@ description = "Jaeger Python OpenTracing Tracer implementation"
 optional = true
 python-versions = ">=3.7"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"opentracing\""
+markers = "extra == \"opentracing\" or extra == \"all\""
 files = [
    {file = "jaeger-client-4.8.0.tar.gz", hash = "sha256:3157836edab8e2c209bd2d6ae61113db36f7ee399e66b1dcbb715d87ab49bfe0"},
 ]
@@ -1018,7 +1003,7 @@ description = "A strictly RFC 4510 conforming LDAP V3 pure Python client library
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"matrix-synapse-ldap3\""
+markers = "extra == \"matrix-synapse-ldap3\" or extra == \"all\""
 files = [
    {file = "ldap3-2.9.1-py2.py3-none-any.whl", hash = "sha256:5869596fc4948797020d3f03b7939da938778a0f9e2009f7a072ccf92b8e8d70"},
    {file = "ldap3-2.9.1.tar.gz", hash = "sha256:f3e7fc4718e3f09dda568b57100095e0ce58633bcabbed8667ce3f8fbaa4229f"},
@@ -1034,7 +1019,7 @@ description = "Powerful and Pythonic XML processing library combining libxml2/li
 optional = true
 python-versions = ">=3.6"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"url-preview\""
+markers = "extra == \"url-preview\" or extra == \"all\""
 files = [
    {file = "lxml-5.4.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:e7bc6df34d42322c5289e37e9971d6ed114e3776b45fa879f734bded9d1fea9c"},
    {file = "lxml-5.4.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6854f8bd8a1536f8a1d9a3655e6354faa6406621cf857dc27b681b69860645c7"},
@@ -1194,14 +1179,14 @@ test = ["coverage[toml] (>=7.2.5)", "mypy (>=1.2.0)", "pytest (>=7.3.0)", "pytes

 [[package]]
 name = "markdown-it-py"
-version = "2.2.0"
+version = "3.0.0"
 description = "Python port of markdown-it. Markdown parsing, done right!"
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 groups = ["dev"]
 files = [
-    {file = "markdown-it-py-2.2.0.tar.gz", hash = "sha256:7c9a5e412688bc771c67432cbfebcdd686c93ce6484913dccf06cb5a0bea35a1"},
-    {file = "markdown_it_py-2.2.0-py3-none-any.whl", hash = "sha256:5a35f8d1870171d9acc47b99612dc146129b631baf04970128b568f190d0cc30"},
+    {file = "markdown-it-py-3.0.0.tar.gz", hash = "sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb"},
+    {file = "markdown_it_py-3.0.0-py3-none-any.whl", hash = "sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"},
 ]

 [package.dependencies]
@@ -1214,7 +1199,7 @@ compare = ["commonmark (>=0.9,<1.0)", "markdown (>=3.4,<4.0)", "mistletoe (>=1.0
 linkify = ["linkify-it-py (>=1,<3)"]
 plugins = ["mdit-py-plugins"]
 profiling = ["gprof2dot"]
-rtd = ["attrs", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
+rtd = ["jupyter_sphinx", "mdit-py-plugins", "myst-parser", "pyyaml", "sphinx", "sphinx-copybutton", "sphinx-design", "sphinx_book_theme"]
 testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"]

 [[package]]
@@ -1314,7 +1299,7 @@ description = "An LDAP3 auth provider for Synapse"
 optional = true
 python-versions = ">=3.7"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"matrix-synapse-ldap3\""
+markers = "extra == \"matrix-synapse-ldap3\" or extra == \"all\""
 files = [
    {file = "matrix-synapse-ldap3-0.3.0.tar.gz", hash = "sha256:8bb6517173164d4b9cc44f49de411d8cebdb2e705d5dd1ea1f38733c4a009e1d"},
    {file = "matrix_synapse_ldap3-0.3.0-py3-none-any.whl", hash = "sha256:8b4d701f8702551e98cc1d8c20dbed532de5613584c08d0df22de376ba99159d"},
@@ -1440,50 +1425,51 @@ docs = ["sphinx (>=8,<9)", "sphinx-autobuild"]

 [[package]]
 name = "mypy"
-version = "1.13.0"
+version = "1.16.1"
 description = "Optional static typing for Python"
 optional = false
-python-versions = ">=3.8"
+python-versions = ">=3.9"
 groups = ["dev"]
 files = [
-    {file = "mypy-1.13.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:6607e0f1dd1fb7f0aca14d936d13fd19eba5e17e1cd2a14f808fa5f8f6d8f60a"},
-    {file = "mypy-1.13.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8a21be69bd26fa81b1f80a61ee7ab05b076c674d9b18fb56239d72e21d9f4c80"},
-    {file = "mypy-1.13.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7b2353a44d2179846a096e25691d54d59904559f4232519d420d64da6828a3a7"},
-    {file = "mypy-1.13.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:0730d1c6a2739d4511dc4253f8274cdd140c55c32dfb0a4cf8b7a43f40abfa6f"},
-    {file = "mypy-1.13.0-cp310-cp310-win_amd64.whl", hash = "sha256:c5fc54dbb712ff5e5a0fca797e6e0aa25726c7e72c6a5850cfd2adbc1eb0a372"},
-    {file = "mypy-1.13.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:581665e6f3a8a9078f28d5502f4c334c0c8d802ef55ea0e7276a6e409bc0d82d"},
-    {file = "mypy-1.13.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:3ddb5b9bf82e05cc9a627e84707b528e5c7caaa1c55c69e175abb15a761cec2d"},
-    {file = "mypy-1.13.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:20c7ee0bc0d5a9595c46f38beb04201f2620065a93755704e141fcac9f59db2b"},
-    {file = "mypy-1.13.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:3790ded76f0b34bc9c8ba4def8f919dd6a46db0f5a6610fb994fe8efdd447f73"},
-    {file = "mypy-1.13.0-cp311-cp311-win_amd64.whl", hash = "sha256:51f869f4b6b538229c1d1bcc1dd7d119817206e2bc54e8e374b3dfa202defcca"},
-    {file = "mypy-1.13.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:5c7051a3461ae84dfb5dd15eff5094640c61c5f22257c8b766794e6dd85e72d5"},
-    {file = "mypy-1.13.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:39bb21c69a5d6342f4ce526e4584bc5c197fd20a60d14a8624d8743fffb9472e"},
-    {file = "mypy-1.13.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:164f28cb9d6367439031f4c81e84d3ccaa1e19232d9d05d37cb0bd880d3f93c2"},
-    {file = "mypy-1.13.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a4c1bfcdbce96ff5d96fc9b08e3831acb30dc44ab02671eca5953eadad07d6d0"},
-    {file = "mypy-1.13.0-cp312-cp312-win_amd64.whl", hash = "sha256:a0affb3a79a256b4183ba09811e3577c5163ed06685e4d4b46429a271ba174d2"},
-    {file = "mypy-1.13.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:a7b44178c9760ce1a43f544e595d35ed61ac2c3de306599fa59b38a6048e1aa7"},
-    {file = "mypy-1.13.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:5d5092efb8516d08440e36626f0153b5006d4088c1d663d88bf79625af3d1d62"},
-    {file = "mypy-1.13.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:de2904956dac40ced10931ac967ae63c5089bd498542194b436eb097a9f77bc8"},
-    {file = "mypy-1.13.0-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:7bfd8836970d33c2105562650656b6846149374dc8ed77d98424b40b09340ba7"},
-    {file = "mypy-1.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:9f73dba9ec77acb86457a8fc04b5239822df0c14a082564737833d2963677dbc"},
-    {file = "mypy-1.13.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:100fac22ce82925f676a734af0db922ecfea991e1d7ec0ceb1e115ebe501301a"},
-    {file = "mypy-1.13.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7bcb0bb7f42a978bb323a7c88f1081d1b5dee77ca86f4100735a6f541299d8fb"},
-    {file = "mypy-1.13.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:bde31fc887c213e223bbfc34328070996061b0833b0a4cfec53745ed61f3519b"},
-    {file = "mypy-1.13.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:07de989f89786f62b937851295ed62e51774722e5444a27cecca993fc3f9cd74"},
-    {file = "mypy-1.13.0-cp38-cp38-win_amd64.whl", hash = "sha256:4bde84334fbe19bad704b3f5b78c4abd35ff1026f8ba72b29de70dda0916beb6"},
-    {file = "mypy-1.13.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:0246bcb1b5de7f08f2826451abd947bf656945209b140d16ed317f65a17dc7dc"},
-    {file = "mypy-1.13.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7f5b7deae912cf8b77e990b9280f170381fdfbddf61b4ef80927edd813163732"},
-    {file = "mypy-1.13.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:7029881ec6ffb8bc233a4fa364736789582c738217b133f1b55967115288a2bc"},
-    {file = "mypy-1.13.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:3e38b980e5681f28f033f3be86b099a247b13c491f14bb8b1e1e134d23bb599d"},
-    {file = "mypy-1.13.0-cp39-cp39-win_amd64.whl", hash = "sha256:a6789be98a2017c912ae6ccb77ea553bbaf13d27605d2ca20a76dfbced631b24"},
-    {file = "mypy-1.13.0-py3-none-any.whl", hash = "sha256:9c250883f9fd81d212e0952c92dbfcc96fc237f4b7c92f56ac81fd48460b3e5a"},
-    {file = "mypy-1.13.0.tar.gz", hash = "sha256:0291a61b6fbf3e6673e3405cfcc0e7650bebc7939659fdca2702958038bd835e"},
+    {file = "mypy-1.16.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b4f0fed1022a63c6fec38f28b7fc77fca47fd490445c69d0a66266c59dd0b88a"},
+    {file = "mypy-1.16.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:86042bbf9f5a05ea000d3203cf87aa9d0ccf9a01f73f71c58979eb9249f46d72"},
+    {file = "mypy-1.16.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ea7469ee5902c95542bea7ee545f7006508c65c8c54b06dc2c92676ce526f3ea"},
+    {file = "mypy-1.16.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:352025753ef6a83cb9e7f2427319bb7875d1fdda8439d1e23de12ab164179574"},
+    {file = "mypy-1.16.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:ff9fa5b16e4c1364eb89a4d16bcda9987f05d39604e1e6c35378a2987c1aac2d"},
+    {file = "mypy-1.16.1-cp310-cp310-win_amd64.whl", hash = "sha256:1256688e284632382f8f3b9e2123df7d279f603c561f099758e66dd6ed4e8bd6"},
+    {file = "mypy-1.16.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:472e4e4c100062488ec643f6162dd0d5208e33e2f34544e1fc931372e806c0cc"},
+    {file = "mypy-1.16.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ea16e2a7d2714277e349e24d19a782a663a34ed60864006e8585db08f8ad1782"},
+    {file = "mypy-1.16.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:08e850ea22adc4d8a4014651575567b0318ede51e8e9fe7a68f25391af699507"},
+    {file = "mypy-1.16.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:22d76a63a42619bfb90122889b903519149879ddbf2ba4251834727944c8baca"},
+    {file = "mypy-1.16.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:2c7ce0662b6b9dc8f4ed86eb7a5d505ee3298c04b40ec13b30e572c0e5ae17c4"},
+    {file = "mypy-1.16.1-cp311-cp311-win_amd64.whl", hash = "sha256:211287e98e05352a2e1d4e8759c5490925a7c784ddc84207f4714822f8cf99b6"},
+    {file = "mypy-1.16.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:af4792433f09575d9eeca5c63d7d90ca4aeceda9d8355e136f80f8967639183d"},
+    {file = "mypy-1.16.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:66df38405fd8466ce3517eda1f6640611a0b8e70895e2a9462d1d4323c5eb4b9"},
+    {file = "mypy-1.16.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:44e7acddb3c48bd2713994d098729494117803616e116032af192871aed80b79"},
+    {file = "mypy-1.16.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0ab5eca37b50188163fa7c1b73c685ac66c4e9bdee4a85c9adac0e91d8895e15"},
+    {file = "mypy-1.16.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:dedb6229b2c9086247e21a83c309754b9058b438704ad2f6807f0d8227f6ebdd"},
+    {file = "mypy-1.16.1-cp312-cp312-win_amd64.whl", hash = "sha256:1f0435cf920e287ff68af3d10a118a73f212deb2ce087619eb4e648116d1fe9b"},
+    {file = "mypy-1.16.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ddc91eb318c8751c69ddb200a5937f1232ee8efb4e64e9f4bc475a33719de438"},
+    {file = "mypy-1.16.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:87ff2c13d58bdc4bbe7dc0dedfe622c0f04e2cb2a492269f3b418df2de05c536"},
+    {file = "mypy-1.16.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0a7cfb0fe29fe5a9841b7c8ee6dffb52382c45acdf68f032145b75620acfbd6f"},
+    {file = "mypy-1.16.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:051e1677689c9d9578b9c7f4d206d763f9bbd95723cd1416fad50db49d52f359"},
+    {file = "mypy-1.16.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d5d2309511cc56c021b4b4e462907c2b12f669b2dbeb68300110ec27723971be"},
+    {file = "mypy-1.16.1-cp313-cp313-win_amd64.whl", hash = "sha256:4f58ac32771341e38a853c5d0ec0dfe27e18e27da9cdb8bbc882d2249c71a3ee"},
+    {file = "mypy-1.16.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:7fc688329af6a287567f45cc1cefb9db662defeb14625213a5b7da6e692e2069"},
+    {file = "mypy-1.16.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5e198ab3f55924c03ead626ff424cad1732d0d391478dfbf7bb97b34602395da"},
+    {file = "mypy-1.16.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:09aa4f91ada245f0a45dbc47e548fd94e0dd5a8433e0114917dc3b526912a30c"},
+    {file = "mypy-1.16.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13c7cd5b1cb2909aa318a90fd1b7e31f17c50b242953e7dd58345b2a814f6383"},
+    {file = "mypy-1.16.1-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:58e07fb958bc5d752a280da0e890c538f1515b79a65757bbdc54252ba82e0b40"},
+    {file = "mypy-1.16.1-cp39-cp39-win_amd64.whl", hash = "sha256:f895078594d918f93337a505f8add9bd654d1a24962b4c6ed9390e12531eb31b"},
+    {file = "mypy-1.16.1-py3-none-any.whl", hash = "sha256:5fc2ac4027d0ef28d6ba69a0343737a23c4d1b83672bf38d1fe237bdc0643b37"},
+    {file = "mypy-1.16.1.tar.gz", hash = "sha256:6bd00a0a2094841c5e47e7374bb42b83d64c527a502e3334e1173a0c24437bab"},
 ]

 [package.dependencies]
-mypy-extensions = ">=1.0.0"
+mypy_extensions = ">=1.0.0"
+pathspec = ">=0.9.0"
 tomli = {version = ">=1.1.0", markers = "python_version < \"3.11\""}
-typing-extensions = ">=4.6.0"
+typing_extensions = ">=4.6.0"

 [package.extras]
 dmypy = ["psutil (>=4.0)"]
@@ -1546,7 +1532,7 @@ description = "OpenTracing API for Python. See documentation at http://opentraci
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"opentracing\""
+markers = "extra == \"opentracing\" or extra == \"all\""
 files = [
    {file = "opentracing-2.4.0.tar.gz", hash = "sha256:a173117e6ef580d55874734d1fa7ecb6f3655160b8b8974a2a1e98e5ec9c840d"},
 ]
@@ -1581,16 +1567,28 @@ files = [
 [package.extras]
 dev = ["jinja2"]

+[[package]]
+name = "pathspec"
+version = "0.12.1"
+description = "Utility library for gitignore style pattern matching of file paths."
+optional = false
+python-versions = ">=3.8"
+groups = ["dev"]
+files = [
+    {file = "pathspec-0.12.1-py3-none-any.whl", hash = "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08"},
+    {file = "pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712"},
+]
+
 [[package]]
 name = "phonenumbers"
-version = "9.0.8"
+version = "9.0.9"
 description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers."
 optional = false
 python-versions = "*"
 groups = ["main"]
 files = [
-    {file = "phonenumbers-9.0.8-py2.py3-none-any.whl", hash = "sha256:53d357111c0ead0d6408ae443613b18d3a053431ca1ddf7e881457c0969afcf9"},
-    {file = "phonenumbers-9.0.8.tar.gz", hash = "sha256:16f03f2cf65b5eee99ed25827d810febcab92b5d76f977e425fcd2e4ca6d4865"},
+    {file = "phonenumbers-9.0.9-py2.py3-none-any.whl", hash = "sha256:13b91aa153f87675902829b38a556bad54824f9c121b89588bbb5fa8550d97ef"},
+    {file = "phonenumbers-9.0.9.tar.gz", hash = "sha256:c640545019a07e68b0bea57a5fede6eef45c7391165d28935f45615f9a567a5b"},
 ]

 [[package]]
@@ -1603,8 +1601,6 @@ groups = ["main"]
 files = [
    {file = "pillow-11.3.0-cp310-cp310-macosx_10_10_x86_64.whl", hash = "sha256:1b9c17fd4ace828b3003dfd1e30bff24863e0eb59b535e8f80194d9cc7ecf860"},
    {file = "pillow-11.3.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:65dc69160114cdd0ca0f35cb434633c75e8e7fad4cf855177a05bf38678f73ad"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7107195ddc914f656c7fc8e4a5e1c25f32e9236ea3ea860f257b0436011fddd0"},
-    {file = "pillow-11.3.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:cc3e831b563b3114baac7ec2ee86819eb03caa1a2cef0b481a5675b59c4fe23b"},
    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f1f182ebd2303acf8c380a54f615ec883322593320a9b00438eb842c1f37ae50"},
    {file = "pillow-11.3.0-cp310-cp310-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:4445fa62e15936a028672fd48c4c11a66d641d2c05726c7ec1f8ba6a572036ae"},
    {file = "pillow-11.3.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:71f511f6b3b91dd543282477be45a033e4845a40278fa8dcdbfdb07109bf18f9"},
@@ -1614,8 +1610,6 @@ files = [
    {file = "pillow-11.3.0-cp310-cp310-win_arm64.whl", hash = "sha256:819931d25e57b513242859ce1876c58c59dc31587847bf74cfe06b2e0cb22d2f"},
    {file = "pillow-11.3.0-cp311-cp311-macosx_10_10_x86_64.whl", hash = "sha256:1cd110edf822773368b396281a2293aeb91c90a2db00d78ea43e7e861631b722"},
    {file = "pillow-11.3.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:9c412fddd1b77a75aa904615ebaa6001f169b26fd467b4be93aded278266b288"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7d1aa4de119a0ecac0a34a9c8bde33f34022e2e8f99104e47a3ca392fd60e37d"},
-    {file = "pillow-11.3.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:91da1d88226663594e3f6b4b8c3c8d85bd504117d043740a8e0ec449087cc494"},
    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:643f189248837533073c405ec2f0bb250ba54598cf80e8c1e043381a60632f58"},
    {file = "pillow-11.3.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:106064daa23a745510dabce1d84f29137a37224831d88eb4ce94bb187b1d7e5f"},
    {file = "pillow-11.3.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:cd8ff254faf15591e724dc7c4ddb6bf4793efcbe13802a4ae3e863cd300b493e"},
@@ -1625,8 +1619,6 @@ files = [
    {file = "pillow-11.3.0-cp311-cp311-win_arm64.whl", hash = "sha256:30807c931ff7c095620fe04448e2c2fc673fcbb1ffe2a7da3fb39613489b1ddd"},
    {file = "pillow-11.3.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:fdae223722da47b024b867c1ea0be64e0df702c5e0a60e27daad39bf960dd1e4"},
    {file = "pillow-11.3.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:921bd305b10e82b4d1f5e802b6850677f965d8394203d182f078873851dada69"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:eb76541cba2f958032d79d143b98a3a6b3ea87f0959bbe256c0b5e416599fd5d"},
-    {file = "pillow-11.3.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:67172f2944ebba3d4a7b54f2e95c786a3a50c21b88456329314caaa28cda70f6"},
    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:97f07ed9f56a3b9b5f49d3661dc9607484e85c67e27f3e8be2c7d28ca032fec7"},
    {file = "pillow-11.3.0-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:676b2815362456b5b3216b4fd5bd89d362100dc6f4945154ff172e206a22c024"},
    {file = "pillow-11.3.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:3e184b2f26ff146363dd07bde8b711833d7b0202e27d13540bfe2e35a323a809"},
@@ -1639,8 +1631,6 @@ files = [
    {file = "pillow-11.3.0-cp313-cp313-ios_13_0_x86_64_iphonesimulator.whl", hash = "sha256:7859a4cc7c9295f5838015d8cc0a9c215b77e43d07a25e460f35cf516df8626f"},
    {file = "pillow-11.3.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ec1ee50470b0d050984394423d96325b744d55c701a439d2bd66089bff963d3c"},
    {file = "pillow-11.3.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:7db51d222548ccfd274e4572fdbf3e810a5e66b00608862f947b163e613b67dd"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:2d6fcc902a24ac74495df63faad1884282239265c6839a0a6416d33faedfae7e"},
-    {file = "pillow-11.3.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f0f5d8f4a08090c6d6d578351a2b91acf519a54986c055af27e7a93feae6d3f1"},
    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c37d8ba9411d6003bba9e518db0db0c58a680ab9fe5179f040b0463644bc9805"},
    {file = "pillow-11.3.0-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:13f87d581e71d9189ab21fe0efb5a23e9f28552d5be6979e84001d3b8505abe8"},
    {file = "pillow-11.3.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:023f6d2d11784a465f09fd09a34b150ea4672e85fb3d05931d89f373ab14abb2"},
@@ -1650,8 +1640,6 @@ files = [
    {file = "pillow-11.3.0-cp313-cp313-win_arm64.whl", hash = "sha256:1904e1264881f682f02b7f8167935cce37bc97db457f8e7849dc3a6a52b99580"},
    {file = "pillow-11.3.0-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4c834a3921375c48ee6b9624061076bc0a32a60b5532b322cc0ea64e639dd50e"},
    {file = "pillow-11.3.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:5e05688ccef30ea69b9317a9ead994b93975104a677a36a8ed8106be9260aa6d"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:1019b04af07fc0163e2810167918cb5add8d74674b6267616021ab558dc98ced"},
-    {file = "pillow-11.3.0-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f944255db153ebb2b19c51fe85dd99ef0ce494123f21b9db4877ffdfc5590c7c"},
    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:1f85acb69adf2aaee8b7da124efebbdb959a104db34d3a2cb0f3793dbae422a8"},
    {file = "pillow-11.3.0-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:05f6ecbeff5005399bb48d198f098a9b4b6bdf27b8487c7f38ca16eeb070cd59"},
    {file = "pillow-11.3.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a7bc6e6fd0395bc052f16b1a8670859964dbd7003bd0af2ff08342eb6e442cfe"},
@@ -1661,8 +1649,6 @@ files = [
    {file = "pillow-11.3.0-cp313-cp313t-win_arm64.whl", hash = "sha256:8797edc41f3e8536ae4b10897ee2f637235c94f27404cac7297f7b607dd0716e"},
    {file = "pillow-11.3.0-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:d9da3df5f9ea2a89b81bb6087177fb1f4d1c7146d583a3fe5c672c0d94e55e12"},
    {file = "pillow-11.3.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:0b275ff9b04df7b640c59ec5a3cb113eefd3795a8df80bac69646ef699c6981a"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0743841cabd3dba6a83f38a92672cccbd69af56e3e91777b0ee7f4dba4385632"},
-    {file = "pillow-11.3.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:2465a69cf967b8b49ee1b96d76718cd98c4e925414ead59fdf75cf0fd07df673"},
    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41742638139424703b4d01665b807c6468e23e699e8e90cffefe291c5832b027"},
    {file = "pillow-11.3.0-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:93efb0b4de7e340d99057415c749175e24c8864302369e05914682ba642e5d77"},
    {file = "pillow-11.3.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7966e38dcd0fa11ca390aed7c6f20454443581d758242023cf36fcb319b1a874"},
@@ -1672,8 +1658,6 @@ files = [
    {file = "pillow-11.3.0-cp314-cp314-win_arm64.whl", hash = "sha256:155658efb5e044669c08896c0c44231c5e9abcaadbc5cd3648df2f7c0b96b9a6"},
    {file = "pillow-11.3.0-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:59a03cdf019efbfeeed910bf79c7c93255c3d54bc45898ac2a4140071b02b4ae"},
    {file = "pillow-11.3.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:f8a5827f84d973d8636e9dc5764af4f0cf2318d26744b3d902931701b0d46653"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:ee92f2fd10f4adc4b43d07ec5e779932b4eb3dbfbc34790ada5a6669bc095aa6"},
-    {file = "pillow-11.3.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:c96d333dcf42d01f47b37e0979b6bd73ec91eae18614864622d9b87bbd5bbf36"},
    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:4c96f993ab8c98460cd0c001447bff6194403e8b1d7e149ade5f00594918128b"},
    {file = "pillow-11.3.0-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:41342b64afeba938edb034d122b2dda5db2139b9a4af999729ba8818e0056477"},
    {file = "pillow-11.3.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:068d9c39a2d1b358eb9f245ce7ab1b5c3246c7c8c7d9ba58cfa5b43146c06e50"},
@@ -1683,8 +1667,6 @@ files = [
    {file = "pillow-11.3.0-cp314-cp314t-win_arm64.whl", hash = "sha256:79ea0d14d3ebad43ec77ad5272e6ff9bba5b679ef73375ea760261207fa8e0aa"},
    {file = "pillow-11.3.0-cp39-cp39-macosx_10_10_x86_64.whl", hash = "sha256:48d254f8a4c776de343051023eb61ffe818299eeac478da55227d96e241de53f"},
    {file = "pillow-11.3.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:7aee118e30a4cf54fdd873bd3a29de51e29105ab11f9aad8c32123f58c8f8081"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:23cff760a9049c502721bdb743a7cb3e03365fafcdfc2ef9784610714166e5a4"},
-    {file = "pillow-11.3.0-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:6359a3bc43f57d5b375d1ad54a0074318a0844d11b76abccf478c37c986d3cfc"},
    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:092c80c76635f5ecb10f3f83d76716165c96f5229addbd1ec2bdbbda7d496e06"},
    {file = "pillow-11.3.0-cp39-cp39-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:cadc9e0ea0a2431124cde7e1697106471fc4c1da01530e679b2391c37d3fbb3a"},
    {file = "pillow-11.3.0-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:6a418691000f2a418c9135a7cf0d797c1bb7d9a485e61fe8e7722845b95ef978"},
@@ -1694,15 +1676,11 @@ files = [
    {file = "pillow-11.3.0-cp39-cp39-win_arm64.whl", hash = "sha256:6abdbfd3aea42be05702a8dd98832329c167ee84400a1d1f61ab11437f1717eb"},
    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:3cee80663f29e3843b68199b9d6f4f54bd1d4a6b59bdd91bceefc51238bcb967"},
    {file = "pillow-11.3.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:b5f56c3f344f2ccaf0dd875d3e180f631dc60a51b314295a3e681fe8cf851fbe"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e67d793d180c9df62f1f40aee3accca4829d3794c95098887edc18af4b8b780c"},
-    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d000f46e2917c705e9fb93a3606ee4a819d1e3aa7a9b442f6444f07e77cf5e25"},
    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:527b37216b6ac3a12d7838dc3bd75208ec57c1c6d11ef01902266a5a0c14fc27"},
    {file = "pillow-11.3.0-pp310-pypy310_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:be5463ac478b623b9dd3937afd7fb7ab3d79dd290a28e2b6df292dc75063eb8a"},
    {file = "pillow-11.3.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:8dc70ca24c110503e16918a658b869019126ecfe03109b754c402daff12b3d9f"},
    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:7c8ec7a017ad1bd562f93dbd8505763e688d388cde6e4a010ae1486916e713e6"},
    {file = "pillow-11.3.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:9ab6ae226de48019caa8074894544af5b53a117ccb9d3b3dcb2871464c829438"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:fe27fb049cdcca11f11a7bfda64043c37b30e6b91f10cb5bab275806c32f6ab3"},
-    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:465b9e8844e3c3519a983d58b80be3f668e2a7a5db97f2784e7079fbc9f9822c"},
    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5418b53c0d59b3824d05e029669efa023bbef0f3e92e75ec8428f3799487f361"},
    {file = "pillow-11.3.0-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:504b6f59505f08ae014f724b6207ff6222662aab5cc9542577fb084ed0676ac7"},
    {file = "pillow-11.3.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:c84d689db21a1c397d001aa08241044aa2069e7587b398c8cc63020390b1c1b8"},
@@ -1740,7 +1718,7 @@ description = "psycopg2 - Python-PostgreSQL Database Adapter"
 optional = true
 python-versions = ">=3.8"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"postgres\""
+markers = "extra == \"postgres\" or extra == \"all\""
 files = [
    {file = "psycopg2-2.9.10-cp310-cp310-win32.whl", hash = "sha256:5df2b672140f95adb453af93a7d669d7a7bf0a56bcd26f1502329166f4a61716"},
    {file = "psycopg2-2.9.10-cp310-cp310-win_amd64.whl", hash = "sha256:c6f7b8561225f9e711a9c47087388a97fdc948211c10a4bccbf0ba68ab7b3b5a"},
@@ -1748,7 +1726,6 @@ files = [
    {file = "psycopg2-2.9.10-cp311-cp311-win_amd64.whl", hash = "sha256:0435034157049f6846e95103bd8f5a668788dd913a7c30162ca9503fdf542cb4"},
    {file = "psycopg2-2.9.10-cp312-cp312-win32.whl", hash = "sha256:65a63d7ab0e067e2cdb3cf266de39663203d38d6a8ed97f5ca0cb315c73fe067"},
    {file = "psycopg2-2.9.10-cp312-cp312-win_amd64.whl", hash = "sha256:4a579d6243da40a7b3182e0430493dbd55950c493d8c68f4eec0b302f6bbf20e"},
-    {file = "psycopg2-2.9.10-cp313-cp313-win_amd64.whl", hash = "sha256:91fd603a2155da8d0cfcdbf8ab24a2d54bca72795b90d2a3ed2b6da8d979dee2"},
    {file = "psycopg2-2.9.10-cp39-cp39-win32.whl", hash = "sha256:9d5b3b94b79a844a986d029eee38998232451119ad653aea42bb9220a8c5066b"},
    {file = "psycopg2-2.9.10-cp39-cp39-win_amd64.whl", hash = "sha256:88138c8dedcbfa96408023ea2b0c369eda40fe5d75002c0964c78f46f11fa442"},
    {file = "psycopg2-2.9.10.tar.gz", hash = "sha256:12ec0b40b0273f95296233e8750441339298e6a572f7039da5b260e3c8b60e11"},
@@ -1761,7 +1738,7 @@ description = ".. image:: https://travis-ci.org/chtd/psycopg2cffi.svg?branch=mas
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "platform_python_implementation == \"PyPy\" and (extra == \"all\" or extra == \"postgres\")"
+markers = "platform_python_implementation == \"PyPy\" and (extra == \"postgres\" or extra == \"all\")"
 files = [
    {file = "psycopg2cffi-2.9.0.tar.gz", hash = "sha256:7e272edcd837de3a1d12b62185eb85c45a19feda9e62fa1b120c54f9e8d35c52"},
 ]
@@ -1777,7 +1754,7 @@ description = "A Simple library to enable psycopg2 compatability"
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "platform_python_implementation == \"PyPy\" and (extra == \"all\" or extra == \"postgres\")"
+markers = "platform_python_implementation == \"PyPy\" and (extra == \"postgres\" or extra == \"all\")"
 files = [
    {file = "psycopg2cffi-compat-1.1.tar.gz", hash = "sha256:d25e921748475522b33d13420aad5c2831c743227dc1f1f2585e0fdb5c914e05"},
 ]
@@ -2037,7 +2014,7 @@ description = "A development tool to measure, monitor and analyze the memory beh
 optional = true
 python-versions = ">=3.6"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"cache-memory\""
+markers = "extra == \"cache-memory\" or extra == \"all\""
 files = [
    {file = "Pympler-1.0.1-py3-none-any.whl", hash = "sha256:d260dda9ae781e1eab6ea15bacb84015849833ba5555f141d2d9b7b7473b307d"},
    {file = "Pympler-1.0.1.tar.gz", hash = "sha256:993f1a3599ca3f4fcd7160c7545ad06310c9e12f70174ae7ae8d4e25f6c5d3fa"},
@@ -2097,7 +2074,7 @@ description = "Python implementation of SAML Version 2 Standard"
 optional = true
 python-versions = ">=3.9,<4.0"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "pysaml2-7.5.0-py3-none-any.whl", hash = "sha256:bc6627cc344476a83c757f440a73fda1369f13b6fda1b4e16bca63ffbabb5318"},
    {file = "pysaml2-7.5.0.tar.gz", hash = "sha256:f36871d4e5ee857c6b85532e942550d2cf90ea4ee943d75eb681044bbc4f54f7"},
@@ -2122,7 +2099,7 @@ description = "Extensions to the standard Python datetime module"
 optional = true
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "python-dateutil-2.8.2.tar.gz", hash = "sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"},
    {file = "python_dateutil-2.8.2-py2.py3-none-any.whl", hash = "sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9"},
@@ -2150,7 +2127,7 @@ description = "World timezone definitions, modern and historical"
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "pytz-2022.7.1-py2.py3-none-any.whl", hash = "sha256:78f4f37d8198e0627c5f1143240bb0206b8691d8d7ac6d78fee88b78733f8c4a"},
    {file = "pytz-2022.7.1.tar.gz", hash = "sha256:01a0681c4b9684a28304615eba55d1ab31ae00bf68ec157ec3708a8182dbbcd0"},
@@ -2322,19 +2299,20 @@ idna2008 = ["idna"]

 [[package]]
 name = "rich"
-version = "13.3.2"
+version = "14.0.0"
 description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal"
 optional = false
-python-versions = ">=3.7.0"
+python-versions = ">=3.8.0"
 groups = ["dev"]
 files = [
-    {file = "rich-13.3.2-py3-none-any.whl", hash = "sha256:a104f37270bf677148d8acb07d33be1569eeee87e2d1beb286a4e9113caf6f2f"},
-    {file = "rich-13.3.2.tar.gz", hash = "sha256:91954fe80cfb7985727a467ca98a7618e5dd15178cc2da10f553b36a93859001"},
+    {file = "rich-14.0.0-py3-none-any.whl", hash = "sha256:1c9491e1951aac09caffd42f448ee3d04e58923ffe14993f6e83068dc395d7e0"},
+    {file = "rich-14.0.0.tar.gz", hash = "sha256:82f1bc23a6a21ebca4ae0c45af9bdbc492ed20231dcb63f297d6d1021a9d5725"},
 ]

 [package.dependencies]
-markdown-it-py = ">=2.2.0,<3.0.0"
+markdown-it-py = ">=2.2.0"
 pygments = ">=2.13.0,<3.0.0"
+typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.11\""}

 [package.extras]
 jupyter = ["ipywidgets (>=7.5.1,<9)"]
@@ -2514,7 +2492,7 @@ description = "Python client for Sentry (https://sentry.io)"
 optional = true
 python-versions = ">=3.6"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"sentry\""
+markers = "extra == \"sentry\" or extra == \"all\""
 files = [
    {file = "sentry_sdk-2.32.0-py2.py3-none-any.whl", hash = "sha256:6cf51521b099562d7ce3606da928c473643abe99b00ce4cb5626ea735f4ec345"},
    {file = "sentry_sdk-2.32.0.tar.gz", hash = "sha256:9016c75d9316b0f6921ac14c8cd4fb938f26002430ac5be9945ab280f78bec6b"},
@@ -2702,7 +2680,7 @@ description = "Tornado IOLoop Backed Concurrent Futures"
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"opentracing\""
+markers = "extra == \"opentracing\" or extra == \"all\""
 files = [
    {file = "threadloop-1.0.2-py2-none-any.whl", hash = "sha256:5c90dbefab6ffbdba26afb4829d2a9df8275d13ac7dc58dccb0e279992679599"},
    {file = "threadloop-1.0.2.tar.gz", hash = "sha256:8b180aac31013de13c2ad5c834819771992d350267bddb854613ae77ef571944"},
@@ -2718,7 +2696,7 @@ description = "Python bindings for the Apache Thrift RPC system"
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"opentracing\""
+markers = "extra == \"opentracing\" or extra == \"all\""
 files = [
    {file = "thrift-0.16.0.tar.gz", hash = "sha256:2b5b6488fcded21f9d312aa23c9ff6a0195d0f6ae26ddbd5ad9e3e25dfc14408"},
 ]
@@ -2780,7 +2758,7 @@ description = "Tornado is a Python web framework and asynchronous networking lib
 optional = true
 python-versions = ">=3.9"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"opentracing\""
+markers = "extra == \"opentracing\" or extra == \"all\""
 files = [
    {file = "tornado-6.5-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:f81067dad2e4443b015368b24e802d0083fecada4f0a4572fdb72fc06e54a9a6"},
    {file = "tornado-6.5-cp39-abi3-macosx_10_9_x86_64.whl", hash = "sha256:9ac1cbe1db860b3cbb251e795c701c41d343f06a96049d6274e7c77559117e41"},
@@ -2917,7 +2895,7 @@ description = "non-blocking redis client for python"
 optional = true
 python-versions = "*"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"redis\""
+markers = "extra == \"redis\" or extra == \"all\""
 files = [
    {file = "txredisapi-1.4.11-py3-none-any.whl", hash = "sha256:ac64d7a9342b58edca13ef267d4fa7637c1aa63f8595e066801c1e8b56b22d0b"},
    {file = "txredisapi-1.4.11.tar.gz", hash = "sha256:3eb1af99aefdefb59eb877b1dd08861efad60915e30ad5bf3d5bf6c5cedcdbc6"},
@@ -2957,18 +2935,6 @@ files = [
 [package.dependencies]
 types-setuptools = "*"

-[[package]]
-name = "types-commonmark"
-version = "0.9.2.20240106"
-description = "Typing stubs for commonmark"
-optional = false
-python-versions = ">=3.8"
-groups = ["dev"]
-files = [
-    {file = "types-commonmark-0.9.2.20240106.tar.gz", hash = "sha256:52a062b71766d6ab258fca2d8e19fb0853796e25ca9afa9d0f67a1e42c93479f"},
-    {file = "types_commonmark-0.9.2.20240106-py3-none-any.whl", hash = "sha256:606d9de1e3a96cab0b1c0b6cccf4df099116148d1d864d115fde2e27ad6877c3"},
-]
-
 [[package]]
 name = "types-html5lib"
 version = "1.1.11.20240228"
@@ -3260,7 +3226,7 @@ description = "An XML Schema validator and decoder"
 optional = true
 python-versions = ">=3.7"
 groups = ["main"]
-markers = "extra == \"all\" or extra == \"saml2\""
+markers = "extra == \"saml2\" or extra == \"all\""
 files = [
    {file = "xmlschema-2.4.0-py3-none-any.whl", hash = "sha256:dc87be0caaa61f42649899189aab2fd8e0d567f2cf548433ba7b79278d231a4a"},
    {file = "xmlschema-2.4.0.tar.gz", hash = "sha256:d74cd0c10866ac609e1ef94a5a69b018ad16e39077bc6393408b40c6babee793"},
@@ -3403,5 +3369,5 @@ url-preview = ["lxml"]

 [metadata]
 lock-version = "2.1"
-python-versions = "^3.9.0"
-content-hash = "6871453202e2ffc3c9ee5761481e0ef4ad99f08d9b8f24c6d6a64c2683683845"
+python-versions = "^3.9.12"
+content-hash = "e0373e8c1b4cffc0d5b48fcf58b1be5c755dd31ce6671f5dd97ae9c50a6dbdb6"
@@ -159,7 +159,13 @@ synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
 update_synapse_database = "synapse._scripts.update_synapse_database:main"

 [tool.poetry.dependencies]
-python = "^3.9.0"
+# We aim to support all versions of Python currently supported upstream as per
+# our dependency deprecation policy:
+# https://element-hq.github.io/synapse/latest/deprecation_policy.html#policy
+#
+# 3.9.12 is currently the minimum version due to Twisted requiring it:
+# https://github.com/twisted/twisted/commit/27674f64d8a553ad5e68913bfb1c936e6fdeb46a
+python = "^3.9.12"

 # Mandatory Dependencies
 # ----------------------
@@ -224,7 +230,7 @@ pydantic = ">=1.7.4, <3"
 # https://github.com/python-poetry/poetry/issues/6154). Both `pip install` and
 # `poetry build` do the right thing without this explicit dependency.
 #
-# This isn't really a dev-dependency, as `poetry install --no-dev` will fail,
+# This isn't really a dev-dependency, as `poetry install --without dev` will fail,
 # but the alternative is to add it to the main list of deps where it isn't
 # needed.
 setuptools_rust = ">=1.3"
@@ -326,7 +332,6 @@ lxml-stubs = ">=0.4.0"
 mypy = "*"
 mypy-zope = "*"
 types-bleach = ">=4.1.0"
-types-commonmark = ">=0.9.2"
 types-jsonschema = ">=3.2.0"
 types-netaddr = ">=0.8.0.6"
 types-opentracing = ">=2.4.2"
@@ -349,7 +354,7 @@ idna = ">=2.5"
 click = ">=8.1.3"
 # GitPython was == 3.1.14; bumped to 3.1.20, the first release with type hints.
 GitPython = ">=3.1.20"
-commonmark = ">=0.9.1"
+markdown-it-py = ">=3.0.0"
 pygithub = ">=1.55"
 # The following are executed as commands by the release script.
 twine = "*"
@@ -2335,6 +2335,30 @@ properties:
    default: 50M
    examples:
      - 60M
+  media_upload_limits:
+    type: array
+    description: >-
+      A list of media upload limits defining how much data a given user can
+      upload in a given time period.
+
+
+      An empty list means no limits are applied.
+    default: []
+    items:
+      time_period:
+        type: "#/$defs/duration"
+        description: >-
+          The time period over which the limit applies. Required.
+      max_size:
+        type: "#/$defs/bytes"
+        description: >-
+          Amount of data that can be uploaded in the time period by the user.
+          Required.
+    examples:
+      - - time_period: 1h
+          max_size: 100M
+        - time_period: 1w
+          max_size: 500M
  max_image_pixels:
    $ref: "#/$defs/bytes"
    description: Maximum number of pixels that will be thumbnailed.
@@ -2668,6 +2692,21 @@ properties:
    default: null
    examples:
      - YOUR_PUBLIC_KEY
+  recaptcha_public_key_path:
+    type: ["string", "null"]
+    description: >-
+      An alternative to [`recaptcha_public_key`](#recaptcha_public_key): allows
+      the public key to be specified in an external file.
+
+
+      The file should be a plain text file, containing only the public key.
+      Synapse reads the public key from the given file once at startup.
+
+
+      _Added in Synapse 1.135.0._
+    default: null
+    examples:
+      - /path/to/key/file
  recaptcha_private_key:
    type: ["string", "null"]
    description: >-
@@ -2676,6 +2715,21 @@ properties:
    default: null
    examples:
      - YOUR_PRIVATE_KEY
+  recaptcha_private_key_path:
+    type: ["string", "null"]
+    description: >-
+      An alternative to [`recaptcha_private_key`](#recaptcha_private_key):
+      allows the private key to be specified in an external file.
+
+
+      The file should be a plain text file, containing only the private key.
+      Synapse reads the private key from the given file once at startup.
+
+
+      _Added in Synapse 1.135.0._
+    default: null
+    examples:
+      - /path/to/key/file
  enable_registration_captcha:
    type: boolean
    description: >-
@@ -4665,8 +4719,15 @@ properties:
      enabled:
        type: boolean
        description: >-
-          Defines whether users can search the user directory. If false then
+          Defines whether users can search the user directory. If `false` then
          empty responses are returned to all queries.
+
+
+          *Warning: While the homeserver may determine which subset of users are
+          searched, the Matrix specification requires homeservers to include (at
+          minimum) users visible in public rooms and users sharing a room with
+          the requester. Using `false` improves performance but violates this
+          requirement.*
        default: true
      search_all_users:
        type: boolean
@@ -36,11 +36,11 @@ from typing import Any, List, Match, Optional, Union

 import attr
 import click
-import commonmark
 import git
 from click.exceptions import ClickException
 from git import GitCommandError, Repo
 from github import BadCredentialsException, Github
+from markdown_it import MarkdownIt
 from packaging import version


@@ -851,7 +851,7 @@ def get_changes_for_version(wanted_version: version.Version) -> str:

    # First we parse the changelog so that we can split it into sections based
    # on the release headings.
-    ast = commonmark.Parser().parse(changes)
+    tokens = MarkdownIt().parse(changes)

    @attr.s(auto_attribs=True)
    class VersionSection:
@@ -862,19 +862,22 @@ def get_changes_for_version(wanted_version: version.Version) -> str:
        end_line: Optional[int] = None  # Is none if its the last entry

    headings: List[VersionSection] = []
-    for node, _ in ast.walker():
-        # We look for all text nodes that are in a level 1 heading.
-        if node.t != "text":
+    for i, token in enumerate(tokens):
+        # We look for level 1 headings (h1 tags).
+        if token.type != "heading_open" or token.tag != "h1":
            continue

-        if node.parent.t != "heading" or node.parent.level != 1:
-            continue
+        # The next token should be an inline token containing the heading text
+        if i + 1 < len(tokens) and tokens[i + 1].type == "inline":
+            heading_text = tokens[i + 1].content
+            # The map property contains [line_begin, line_end] (0-based)
+            start_line = token.map[0] if token.map else 0

-        # If we have a previous heading then we update its `end_line`.
-        if headings:
-            headings[-1].end_line = node.parent.sourcepos[0][0] - 1
+            # If we have a previous heading then we update its `end_line`.
+            if headings:
+                headings[-1].end_line = start_line

-        headings.append(VersionSection(node.literal, node.parent.sourcepos[0][0] - 1))
+            headings.append(VersionSection(heading_text, start_line))

    changes_by_line = changes.split("\n")

@@ -262,6 +262,11 @@ class EventContentFields:

    TOMBSTONE_SUCCESSOR_ROOM: Final = "replacement_room"

+    # Used in m.room.topic events.
+    TOPIC: Final = "topic"
+    M_TOPIC: Final = "m.topic"
+    M_TEXT: Final = "m.text"
+

 class EventUnsignedContentFields:
    """Fields found inside the 'unsigned' data on events"""
@@ -270,6 +275,13 @@ class EventUnsignedContentFields:
    MEMBERSHIP: Final = "membership"


+class MTextFields:
+    """Fields found inside m.text content blocks."""
+
+    BODY: Final = "body"
+    MIMETYPE: Final = "mimetype"
+
+
 class RoomTypes:
    """Understood values of the room_type field of m.room.create events."""

@@ -290,6 +302,9 @@ class AccountDataTypes:
    MSC4155_INVITE_PERMISSION_CONFIG: Final = (
        "org.matrix.msc4155.invite_permission_config"
    )
+    # Synapse-specific behaviour. See "Client-Server API Extensions" documentation
+    # in Admin API for more information.
+    SYNAPSE_ADMIN_CLIENT_CONFIG: Final = "io.element.synapse.admin_client_config"


 class HistoryVisibility:
@@ -118,7 +118,6 @@ class GenericWorkerStore(
    # FIXME(https://github.com/matrix-org/synapse/issues/3714): We need to add
    # UserDirectoryStore as we write directly rather than going via the correct worker.
    UserDirectoryStore,
-    StatsStore,
    UIAuthWorkerStore,
    EndToEndRoomKeyStore,
    PresenceStore,
@@ -154,6 +153,7 @@ class GenericWorkerStore(
    StreamWorkerStore,
    EventsWorkerStore,
    RegistrationWorkerStore,
+    StatsStore,
    SearchStore,
    TransactionWorkerStore,
    LockStore,
@@ -555,6 +555,9 @@ class ApplicationServiceApi(SimpleHttpClient):
                        )
                        and service.is_interested_in_user(e.state_key)
                    ),
+                    # Appservices are considered 'trusted' by the admin and should have
+                    # applicable metadata on their events.
+                    include_admin_metadata=True,
                ),
            )
            for e in events
@@ -909,7 +909,10 @@ class RootConfig:


 def read_config_files(config_files: Iterable[str]) -> Dict[str, Any]:
-    """Read the config files into a dict
+    """Read the config files and shallowly merge them into a dict.
+
+    Successive configurations are shallowly merged into ones provided earlier,
+    i.e., entirely replacing top-level sections of the configuration.

    Args:
        config_files: A list of the config files to read
@@ -23,7 +23,17 @@ from typing import Any

 from synapse.types import JsonDict

-from ._base import Config, ConfigError
+from ._base import Config, ConfigError, read_file
+
+CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR = """\
+You have configured both `recaptcha_private_key` and
+`recaptcha_private_key_path`. These are mutually incompatible.
+"""
+
+CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR = """\
+You have configured both `recaptcha_public_key` and `recaptcha_public_key_path`.
+These are mutually incompatible.
+"""


 class CaptchaConfig(Config):
@@ -38,6 +48,13 @@ class CaptchaConfig(Config):
                "Config options that expect an in-line secret as value are disabled",
                ("recaptcha_private_key",),
            )
+        recaptcha_private_key_path = config.get("recaptcha_private_key_path")
+        if recaptcha_private_key_path:
+            if recaptcha_private_key:
+                raise ConfigError(CONFLICTING_RECAPTCHA_PRIVATE_KEY_OPTS_ERROR)
+            recaptcha_private_key = read_file(
+                recaptcha_private_key_path, ("recaptcha_private_key_path",)
+            ).strip()
        if recaptcha_private_key is not None and not isinstance(
            recaptcha_private_key, str
        ):
@@ -50,6 +67,13 @@ class CaptchaConfig(Config):
                "Config options that expect an in-line secret as value are disabled",
                ("recaptcha_public_key",),
            )
+        recaptcha_public_key_path = config.get("recaptcha_public_key_path")
+        if recaptcha_public_key_path:
+            if recaptcha_public_key:
+                raise ConfigError(CONFLICTING_RECAPTCHA_PUBLIC_KEY_OPTS_ERROR)
+            recaptcha_public_key = read_file(
+                recaptcha_public_key_path, ("recaptcha_public_key_path",)
+            ).strip()
        if recaptcha_public_key is not None and not isinstance(
            recaptcha_public_key, str
        ):
@@ -42,6 +42,9 @@ class CasConfig(Config):
        self.cas_enabled = cas_config and cas_config.get("enabled", True)

        if self.cas_enabled:
+            if not isinstance(cas_config, dict):
+                raise ConfigError("Must be a dictionary", ("cas_config",))
+
            self.cas_server_url = cas_config["server_url"]

            # TODO Update this to a _synapse URL.
@@ -561,6 +561,12 @@ class ExperimentalConfig(Config):
        # MSC4076: Add `disable_badge_count`` to pusher configuration
        self.msc4076_enabled: bool = experimental.get("msc4076_enabled", False)

+        # MSC4277: Harmonizing the reporting endpoints
+        #
+        # If enabled, ignore the score parameter and respond with HTTP 200 on
+        # reporting requests regardless of the subject's existence.
+        self.msc4277_enabled: bool = experimental.get("msc4277_enabled", False)
+
        # MSC4235: Add `via` param to hierarchy endpoint
        self.msc4235_enabled: bool = experimental.get("msc4235_enabled", False)

@@ -212,11 +212,14 @@ class KeyConfig(Config):
                "Config options that expect an in-line secret as value are disabled",
                ("form_secret",),
            )
+        if form_secret is not None and not isinstance(form_secret, str):
+            raise ConfigError("Config option must be a string", ("form_secret",))
+
        form_secret_path = config.get("form_secret_path", None)
        if form_secret_path:
            if form_secret:
                raise ConfigError(CONFLICTING_FORM_SECRET_OPTS_ERROR)
-            self.form_secret = read_file(
+            self.form_secret: Optional[str] = read_file(
                form_secret_path, ("form_secret_path",)
            ).strip()
        else:
@@ -119,6 +119,15 @@ def parse_thumbnail_requirements(
    }


+@attr.s(auto_attribs=True, slots=True, frozen=True)
+class MediaUploadLimit:
+    """A limit on the amount of data a user can upload in a given time
+    period."""
+
+    max_bytes: int
+    time_period_ms: int
+
+
 class ContentRepositoryConfig(Config):
    section = "media"

@@ -274,6 +283,13 @@ class ContentRepositoryConfig(Config):

        self.enable_authenticated_media = config.get("enable_authenticated_media", True)

+        self.media_upload_limits: List[MediaUploadLimit] = []
+        for limit_config in config.get("media_upload_limits", []):
+            time_period_ms = self.parse_duration(limit_config["time_period"])
+            max_bytes = self.parse_size(limit_config["max_size"])
+
+            self.media_upload_limits.append(MediaUploadLimit(max_bytes, time_period_ms))
+
    def generate_config_section(self, data_dir_path: str, **kwargs: Any) -> str:
        assert data_dir_path is not None
        media_store = os.path.join(data_dir_path, "media_store")
@@ -27,8 +27,6 @@ from typing import Any, Dict, List, Optional, Union
 import attr

 from synapse._pydantic_compat import (
-    BaseModel,
-    Extra,
    StrictBool,
    StrictInt,
    StrictStr,
@@ -47,6 +45,7 @@ from synapse.config.server import (
    parse_listener_def,
 )
 from synapse.types import JsonDict
+from synapse.util.pydantic_models import ParseModel

 _DEPRECATED_WORKER_DUTY_OPTION_USED = """
 The '%s' configuration option is deprecated and will be removed in a future
@@ -90,30 +89,7 @@ def _instance_to_list_converter(obj: Union[str, List[str]]) -> List[str]:
    return obj


-class ConfigModel(BaseModel):
-    """A custom version of Pydantic's BaseModel which
-
-     - ignores unknown fields and
-     - does not allow fields to be overwritten after construction,
-
-    but otherwise uses Pydantic's default behaviour.
-
-    For now, ignore unknown fields. In the future, we could change this so that unknown
-    config values cause a ValidationError, provided the error messages are meaningful to
-    server operators.
-
-    Subclassing in this way is recommended by
-    https://pydantic-docs.helpmanual.io/usage/model_config/#change-behaviour-globally
-    """
-
-    class Config:
-        # By default, ignore fields that we don't recognise.
-        extra = Extra.ignore
-        # By default, don't allow fields to be reassigned after parsing.
-        allow_mutation = False
-
-
-class InstanceTcpLocationConfig(ConfigModel):
+class InstanceTcpLocationConfig(ParseModel):
    """The host and port to talk to an instance via HTTP replication."""

    host: StrictStr
@@ -129,7 +105,7 @@ class InstanceTcpLocationConfig(ConfigModel):
        return f"{self.host}:{self.port}"


-class InstanceUnixLocationConfig(ConfigModel):
+class InstanceUnixLocationConfig(ParseModel):
    """The socket file to talk to an instance via HTTP replication."""

    path: StrictStr
@@ -262,10 +238,16 @@ class WorkerConfig(Config):
        if worker_replication_secret_path:
            if worker_replication_secret:
                raise ConfigError(CONFLICTING_WORKER_REPLICATION_SECRET_OPTS_ERROR)
-            self.worker_replication_secret = read_file(
+            self.worker_replication_secret: Optional[str] = read_file(
                worker_replication_secret_path, ("worker_replication_secret_path",)
            ).strip()
        else:
+            if worker_replication_secret is not None and not isinstance(
+                worker_replication_secret, str
+            ):
+                raise ConfigError(
+                    "Config option must be a string", ("worker_replication_secret",)
+                )
            self.worker_replication_secret = worker_replication_secret

        self.worker_name = config.get("worker_name", self.worker_app)
@@ -421,11 +421,21 @@ class SerializeEventConfig:
    # False, that state will be removed from the event before it is returned.
    # Otherwise, it will be kept.
    include_stripped_room_state: bool = False
+    # When True, sets unsigned fields to help clients identify events which
+    # only server admins can see through other configuration. For example,
+    # whether an event was soft failed by the server.
+    include_admin_metadata: bool = False


 _DEFAULT_SERIALIZE_EVENT_CONFIG = SerializeEventConfig()


+def make_config_for_admin(existing: SerializeEventConfig) -> SerializeEventConfig:
+    # Set the options which are only available to server admins,
+    # and copy the rest.
+    return attr.evolve(existing, include_admin_metadata=True)
+
+
 def serialize_event(
    e: Union[JsonDict, EventBase],
    time_now_ms: int,
@@ -528,6 +538,9 @@ def serialize_event(
            d["content"] = dict(d["content"])
            d["content"]["redacts"] = e.redacts

+    if config.include_admin_metadata and e.internal_metadata.is_soft_failed():
+        d["unsigned"]["io.element.synapse.soft_failed"] = True
+
    only_event_fields = config.only_event_fields
    if only_event_fields:
        if not isinstance(only_event_fields, list) or not all(
@@ -548,6 +561,7 @@ class EventClientSerializer:

    def __init__(self, hs: "HomeServer") -> None:
        self._store = hs.get_datastores().main
+        self._auth = hs.get_auth()
        self._add_extra_fields_to_unsigned_client_event_callbacks: List[
            ADD_EXTRA_FIELDS_TO_UNSIGNED_CLIENT_EVENT_CALLBACK
        ] = []
@@ -576,6 +590,15 @@ class EventClientSerializer:
        if not isinstance(event, EventBase):
            return event

+        # Force-enable server admin metadata because the only time an event with
+        # relevant metadata will be when the admin requested it via their admin
+        # client config account data. Also, it's "just" some `unsigned` fields, so
+        # shouldn't cause much in terms of problems to downstream consumers.
+        if config.requester is not None and await self._auth.is_server_admin(
+            config.requester
+        ):
+            config = make_config_for_admin(config)
+
        serialized_event = serialize_event(event, time_now, config=config)

        new_unsigned = {}
@@ -85,7 +85,6 @@ from synapse.logging.opentracing import (
 from synapse.metrics.background_process_metrics import wrap_as_background_process
 from synapse.replication.http.federation import (
    ReplicationFederationSendEduRestServlet,
-    ReplicationGetQueryRestServlet,
 )
 from synapse.storage.databases.main.lock import Lock
 from synapse.storage.databases.main.roommember import extract_heroes_from_room_summary
@@ -1380,7 +1379,6 @@ class FederationHandlerRegistry:
        # and use them. However we have guards before we use them to ensure that
        # we don't route to ourselves, and in monolith mode that will always be
        # the case.
-        self._get_query_client = ReplicationGetQueryRestServlet.make_client(hs)
        self._send_edu = ReplicationFederationSendEduRestServlet.make_client(hs)

        self.edu_handlers: Dict[str, Callable[[str, dict], Awaitable[None]]] = {}
@@ -1469,10 +1467,6 @@ class FederationHandlerRegistry:
        if handler:
            return await handler(args)

-        # Check if we can route it somewhere else that isn't us
-        if self._instance_name == "master":
-            return await self._get_query_client(query_type=query_type, args=args)
-
        # Uh oh, no handler! Let's raise an exception so the request returns an
        # error.
        logger.warning("No handler registered for query type %s", query_type)
@@ -156,7 +156,9 @@ class FederationRemoteSendQueue(AbstractFederationSender):

    def _clear_queue_before_pos(self, position_to_delete: int) -> None:
        """Clear all the queues from before a given position"""
-        with Measure(self.clock, "send_queue._clear"):
+        with Measure(
+            self.clock, name="send_queue._clear", server_name=self.server_name
+        ):
            # Delete things out of presence maps
            keys = self.presence_destinations.keys()
            i = self.presence_destinations.bisect_left(position_to_delete)
@@ -657,7 +657,11 @@ class FederationSender(AbstractFederationSender):
                    logger.debug(
                        "Handling %i events in room %s", len(events), events[0].room_id
                    )
-                    with Measure(self.clock, "handle_room_events"):
+                    with Measure(
+                        self.clock,
+                        name="handle_room_events",
+                        server_name=self.server_name,
+                    ):
                        for event in events:
                            await handle_event(event)

@@ -129,6 +129,8 @@ class PerDestinationQueue:

        # The stream_ordering of the most recent PDU that was discarded due to
        # being in catch-up mode.
+        # Can be set to zero if no PDU has been discarded since the last time
+        # we queried for new PDUs during catch-up.
        self._catchup_last_skipped: int = 0

        # Cache of the last successfully-transmitted stream ordering for this
@@ -462,8 +464,18 @@ class PerDestinationQueue:
                # of a race condition, so we check that no new events have been
                # skipped due to us being in catch-up mode

-                if self._catchup_last_skipped > last_successful_stream_ordering:
+                if (
+                    self._catchup_last_skipped != 0
+                    and self._catchup_last_skipped > last_successful_stream_ordering
+                ):
                    # another event has been skipped because we were in catch-up mode
+                    # As an exception to this case: we can hit this branch if the
+                    # room has been purged whilst we have been looping.
+                    # In that case we avoid hot-looping by resetting the 'catch-up skipped
+                    # PDU' flag.
+                    # Then if there is still no progress to be made at the next iteration,
+                    # we can exit catch-up mode.
+                    self._catchup_last_skipped = 0
                    continue

                # we are done catching up!
@@ -58,7 +58,7 @@ class TransactionManager:
    """

    def __init__(self, hs: "synapse.server.HomeServer"):
-        self._server_name = hs.hostname
+        self.server_name = hs.hostname  # nb must be called this for @measure_func
        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self._store = hs.get_datastores().main
        self._transaction_actions = TransactionActions(self._store)
@@ -116,7 +116,7 @@ class TransactionManager:
            transaction = Transaction(
                origin_server_ts=int(self.clock.time_msec()),
                transaction_id=txn_id,
-                origin=self._server_name,
+                origin=self.server_name,
                destination=destination,
                pdus=[p.get_pdu_json() for p in pdus],
                edus=[edu.get_dict() for edu in edus],
@@ -73,6 +73,7 @@ events_processed_counter = Counter("synapse_handlers_appservice_events_processed

 class ApplicationServicesHandler:
    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self.store = hs.get_datastores().main
        self.is_mine_id = hs.is_mine_id
        self.appservice_api = hs.get_application_service_api()
@@ -120,7 +121,9 @@ class ApplicationServicesHandler:

    @wrap_as_background_process("notify_interested_services")
    async def _notify_interested_services(self, max_token: RoomStreamToken) -> None:
-        with Measure(self.clock, "notify_interested_services"):
+        with Measure(
+            self.clock, name="notify_interested_services", server_name=self.server_name
+        ):
            self.is_processing = True
            try:
                upper_bound = -1
@@ -329,7 +332,11 @@ class ApplicationServicesHandler:
        users: Collection[Union[str, UserID]],
    ) -> None:
        logger.debug("Checking interested services for %s", stream_key)
-        with Measure(self.clock, "notify_interested_services_ephemeral"):
+        with Measure(
+            self.clock,
+            name="notify_interested_services_ephemeral",
+            server_name=self.server_name,
+        ):
            for service in services:
                if stream_key == StreamKeyType.TYPING:
                    # Note that we don't persist the token (via set_appservice_stream_type_pos)
@@ -174,6 +174,7 @@ def login_id_phone_to_thirdparty(identifier: JsonDict) -> Dict[str, str]:

    # Accept both "phone" and "number" as valid keys in m.id.phone
    phone_number = identifier.get("phone", identifier["number"])
+    assert isinstance(phone_number, str)

    # Convert user-provided phone number to a consistent representation
    msisdn = phone_number_to_msisdn(identifier["country"], phone_number)
@@ -378,7 +378,8 @@ class CasHandler:

            # Arbitrarily use the first attribute found.
            display_name = cas_response.attributes.get(
-                self._cas_displayname_attribute, [None]
+                self._cas_displayname_attribute,  # type: ignore[arg-type]
+                [None],
            )[0]

            return UserAttributes(localpart=localpart, display_name=display_name)
@@ -54,6 +54,7 @@ logger = logging.getLogger(__name__)

 class DelayedEventsHandler:
    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self._store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
        self._config = hs.config
@@ -159,7 +160,9 @@ class DelayedEventsHandler:

        # Loop round handling deltas until we're up to date
        while True:
-            with Measure(self._clock, "delayed_events_delta"):
+            with Measure(
+                self._clock, name="delayed_events_delta", server_name=self.server_name
+            ):
                room_max_stream_ordering = self._store.get_room_max_stream_ordering()
                if self._event_pos == room_max_stream_ordering:
                    return
@@ -526,6 +526,8 @@ class DeviceHandler(DeviceWorkerHandler):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)

+        self.server_name = hs.hostname  # nb must be called this for @measure_func
+        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self.federation_sender = hs.get_federation_sender()
        self._account_data_handler = hs.get_account_data_handler()
        self._storage_controllers = hs.get_storage_controllers()
@@ -1215,7 +1217,8 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
    def __init__(self, hs: "HomeServer", device_handler: DeviceHandler):
        self.store = hs.get_datastores().main
        self.federation = hs.get_federation_client()
-        self.clock = hs.get_clock()
+        self.server_name = hs.hostname  # nb must be called this for @measure_func
+        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self.device_handler = device_handler
        self._notifier = hs.get_notifier()

@@ -73,10 +73,6 @@ from synapse.logging.context import nested_logging_context
 from synapse.logging.opentracing import SynapseTags, set_tag, tag_args, trace
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.module_api import NOT_SPAM
-from synapse.replication.http.federation import (
-    ReplicationCleanRoomRestServlet,
-    ReplicationStoreRoomOnOutlierMembershipRestServlet,
-)
 from synapse.storage.databases.main.events_worker import EventRedactBehaviour
 from synapse.storage.invite_rule import InviteRule
 from synapse.types import JsonDict, StrCollection, get_domain_from_id
@@ -163,19 +159,6 @@ class FederationHandler:
        self._notifier = hs.get_notifier()
        self._worker_locks = hs.get_worker_locks_handler()

-        self._clean_room_for_join_client = ReplicationCleanRoomRestServlet.make_client(
-            hs
-        )
-
-        if hs.config.worker.worker_app:
-            self._maybe_store_room_on_outlier_membership = (
-                ReplicationStoreRoomOnOutlierMembershipRestServlet.make_client(hs)
-            )
-        else:
-            self._maybe_store_room_on_outlier_membership = (
-                self.store.maybe_store_room_on_outlier_membership
-            )
-
        self._room_backfill = Linearizer("room_backfill")

        self._third_party_event_rules = (
@@ -647,7 +630,7 @@ class FederationHandler:
            #    room.
            # In short, the races either have an acceptable outcome or should be
            # impossible.
-            await self._clean_room_for_join(room_id)
+            await self.store.clean_room_for_join(room_id)

        try:
            # Try the host we successfully got a response to /make_join/
@@ -857,7 +840,7 @@ class FederationHandler:
        event.internal_metadata.out_of_band_membership = True

        # Record the room ID and its version so that we have a record of the room
-        await self._maybe_store_room_on_outlier_membership(
+        await self.store.maybe_store_room_on_outlier_membership(
            room_id=event.room_id, room_version=event_format_version
        )

@@ -1115,7 +1098,7 @@ class FederationHandler:
        # keep a record of the room version, if we don't yet know it.
        # (this may get overwritten if we later get a different room version in a
        # join dance).
-        await self._maybe_store_room_on_outlier_membership(
+        await self.store.maybe_store_room_on_outlier_membership(
            room_id=event.room_id, room_version=room_version
        )

@@ -1761,18 +1744,6 @@ class FederationHandler:
        if "valid" not in response or not response["valid"]:
            raise AuthError(403, "Third party certificate was invalid")

-    async def _clean_room_for_join(self, room_id: str) -> None:
-        """Called to clean up any data in DB for a given room, ready for the
-        server to join the room.
-
-        Args:
-            room_id
-        """
-        if self.config.worker.worker_app:
-            await self._clean_room_for_join_client(room_id)
-        else:
-            await self.store.clean_room_for_join(room_id)
-
    async def get_room_complexity(
        self, remote_room_hosts: List[str], room_id: str
    ) -> Optional[dict]:
@@ -476,16 +476,16 @@ _DUMMY_EVENT_ROOM_EXCLUSION_EXPIRY = 7 * 24 * 60 * 60 * 1000
 class EventCreationHandler:
    def __init__(self, hs: "HomeServer"):
        self.hs = hs
+        self.validator = EventValidator()
+        self.event_builder_factory = hs.get_event_builder_factory()
+        self.server_name = hs.hostname  # nb must be called this for @measure_func
+        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self.auth_blocking = hs.get_auth_blocking()
        self._event_auth_handler = hs.get_event_auth_handler()
        self.store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
        self.state = hs.get_state_handler()
-        self.clock = hs.get_clock()
-        self.validator = EventValidator()
        self.profile_handler = hs.get_profile_handler()
-        self.event_builder_factory = hs.get_event_builder_factory()
-        self.server_name = hs.hostname
        self.notifier = hs.get_notifier()
        self.config = hs.config
        self.require_membership_for_aliases = (
@@ -568,7 +568,6 @@ class EventCreationHandler:
        requester: Requester,
        event_dict: dict,
        txn_id: Optional[str] = None,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        auth_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
@@ -594,10 +593,6 @@ class EventCreationHandler:
            requester
            event_dict: An entire event
            txn_id
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids:
                the forward extremities to use as the prev_events for the
                new event.
@@ -717,7 +712,6 @@ class EventCreationHandler:
        event, unpersisted_context = await self.create_new_client_event(
            builder=builder,
            requester=requester,
-            allow_no_prev_events=allow_no_prev_events,
            prev_event_ids=prev_event_ids,
            auth_event_ids=auth_event_ids,
            state_event_ids=state_event_ids,
@@ -945,7 +939,6 @@ class EventCreationHandler:
        self,
        requester: Requester,
        event_dict: dict,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
        ratelimit: bool = True,
@@ -962,10 +955,6 @@ class EventCreationHandler:
        Args:
            requester: The requester sending the event.
            event_dict: An entire event.
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids:
                The event IDs to use as the prev events.
                Should normally be left as None to automatically request them
@@ -1051,7 +1040,6 @@ class EventCreationHandler:
            return await self._create_and_send_nonmember_event_locked(
                requester=requester,
                event_dict=event_dict,
-                allow_no_prev_events=allow_no_prev_events,
                prev_event_ids=prev_event_ids,
                state_event_ids=state_event_ids,
                ratelimit=ratelimit,
@@ -1065,7 +1053,6 @@ class EventCreationHandler:
        self,
        requester: Requester,
        event_dict: dict,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
        ratelimit: bool = True,
@@ -1097,7 +1084,6 @@ class EventCreationHandler:
                    requester,
                    event_dict,
                    txn_id=txn_id,
-                    allow_no_prev_events=allow_no_prev_events,
                    prev_event_ids=prev_event_ids,
                    state_event_ids=state_event_ids,
                    outlier=outlier,
@@ -1180,7 +1166,6 @@ class EventCreationHandler:
        self,
        builder: EventBuilder,
        requester: Optional[Requester] = None,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        auth_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
@@ -1200,10 +1185,6 @@ class EventCreationHandler:
        Args:
            builder:
            requester:
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids:
                the forward extremities to use as the prev_events for the
                new event.
@@ -1241,7 +1222,6 @@ class EventCreationHandler:
        if state_event_ids is not None:
            # Do a quick check to make sure that prev_event_ids is present to
            # make the type-checking around `builder.build` happy.
-            # prev_event_ids could be an empty array though.
            assert prev_event_ids is not None

            temp_event = await builder.build(
@@ -1269,24 +1249,14 @@ class EventCreationHandler:
        else:
            prev_event_ids = await self.store.get_prev_events_for_room(builder.room_id)

+        # We now ought to have some `prev_events` (unless it's a create event).
+        #
        # Do a quick sanity check here, rather than waiting until we've created the
        # event and then try to auth it (which fails with a somewhat confusing "No
        # create event in auth events")
-        if allow_no_prev_events:
-            # We allow events with no `prev_events` but it better have some `auth_events`
-            assert (
-                builder.type == EventTypes.Create
-                # Allow an event to have empty list of prev_event_ids
-                # only if it has auth_event_ids.
-                or auth_event_ids
-            ), (
-                "Attempting to create a non-m.room.create event with no prev_events or auth_event_ids"
-            )
-        else:
-            # we now ought to have some prev_events (unless it's a create event).
-            assert builder.type == EventTypes.Create or prev_event_ids, (
-                "Attempting to create a non-m.room.create event with no prev_events"
-            )
+        assert builder.type == EventTypes.Create or len(prev_event_ids) > 0, (
+            "Attempting to create an event with no prev_events"
+        )

        if for_batch:
            assert prev_event_ids is not None
@@ -747,6 +747,7 @@ class WorkerPresenceHandler(BasePresenceHandler):
 class PresenceHandler(BasePresenceHandler):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)
+        self.server_name = hs.hostname
        self.wheel_timer: WheelTimer[str] = WheelTimer()
        self.notifier = hs.get_notifier()

@@ -941,7 +942,9 @@ class PresenceHandler(BasePresenceHandler):

        now = self.clock.time_msec()

-        with Measure(self.clock, "presence_update_states"):
+        with Measure(
+            self.clock, name="presence_update_states", server_name=self.server_name
+        ):
            # NOTE: We purposefully don't await between now and when we've
            # calculated what we want to do with the new states, to avoid races.

@@ -1405,7 +1408,7 @@ class PresenceHandler(BasePresenceHandler):
        # Based on the state of each user's device calculate the new presence state.
        presence = _combine_device_states(devices.values())

-        new_fields = {"state": presence}
+        new_fields: JsonDict = {"state": presence}

        if presence == PresenceState.ONLINE or presence == PresenceState.BUSY:
            new_fields["last_active_ts"] = now
@@ -1497,7 +1500,9 @@ class PresenceHandler(BasePresenceHandler):
    async def _unsafe_process(self) -> None:
        # Loop round handling deltas until we're up to date
        while True:
-            with Measure(self.clock, "presence_delta"):
+            with Measure(
+                self.clock, name="presence_delta", server_name=self.server_name
+            ):
                room_max_stream_ordering = self.store.get_room_max_stream_ordering()
                if self._event_pos == room_max_stream_ordering:
                    return
@@ -1759,6 +1764,7 @@ class PresenceEventSource(EventSource[int, UserPresenceState]):
        # Same with get_presence_router:
        #
        #   AuthHandler -> Notifier -> PresenceEventSource -> ModuleApi -> AuthHandler
+        self.server_name = hs.hostname
        self.get_presence_handler = hs.get_presence_handler
        self.get_presence_router = hs.get_presence_router
        self.clock = hs.get_clock()
@@ -1792,7 +1798,9 @@ class PresenceEventSource(EventSource[int, UserPresenceState]):
        user_id = user.to_string()
        stream_change_cache = self.store.presence_stream_cache

-        with Measure(self.clock, "presence.get_new_events"):
+        with Measure(
+            self.clock, name="presence.get_new_events", server_name=self.server_name
+        ):
            if from_key is not None:
                from_key = int(from_key)

@@ -49,7 +49,6 @@ from synapse.http.servlet import assert_params_in_dict
 from synapse.replication.http.login import RegisterDeviceReplicationServlet
 from synapse.replication.http.register import (
    ReplicationPostRegisterActionsServlet,
-    ReplicationRegisterServlet,
 )
 from synapse.spam_checker_api import RegistrationBehaviour
 from synapse.types import GUEST_USER_ID_PATTERN, RoomAlias, UserID, create_requester
@@ -120,7 +119,6 @@ class RegistrationHandler:
        self._spam_checker_module_callbacks = hs.get_module_api_callbacks().spam_checker

        if hs.config.worker.worker_app:
-            self._register_client = ReplicationRegisterServlet.make_client(hs)
            self._register_device_client = RegisterDeviceReplicationServlet.make_client(
                hs
            )
@@ -559,7 +557,7 @@ class RegistrationHandler:
                        if join_rules_event:
                            join_rule = join_rules_event.content.get("join_rule", None)
                            requires_invite = (
-                                join_rule and join_rule != JoinRules.PUBLIC
+                                join_rule is not None and join_rule != JoinRules.PUBLIC
                            )

                # Send the invite, if necessary.
@@ -738,37 +736,20 @@ class RegistrationHandler:
            shadow_banned: Whether to shadow-ban the user
            approved: Whether to mark the user as approved by an administrator
        """
-        if self.hs.config.worker.worker_app:
-            await self._register_client(
-                user_id=user_id,
-                password_hash=password_hash,
-                was_guest=was_guest,
-                make_guest=make_guest,
-                appservice_id=appservice_id,
-                create_profile_with_displayname=create_profile_with_displayname,
-                admin=admin,
-                user_type=user_type,
-                address=address,
-                shadow_banned=shadow_banned,
-                approved=approved,
-            )
-        else:
-            await self.store.register_user(
-                user_id=user_id,
-                password_hash=password_hash,
-                was_guest=was_guest,
-                make_guest=make_guest,
-                appservice_id=appservice_id,
-                create_profile_with_displayname=create_profile_with_displayname,
-                admin=admin,
-                user_type=user_type,
-                shadow_banned=shadow_banned,
-                approved=approved,
-            )
+        await self.store.register_user(
+            user_id=user_id,
+            password_hash=password_hash,
+            was_guest=was_guest,
+            make_guest=make_guest,
+            appservice_id=appservice_id,
+            create_profile_with_displayname=create_profile_with_displayname,
+            admin=admin,
+            user_type=user_type,
+            shadow_banned=shadow_banned,
+            approved=approved,
+        )

-            # Only call the account validity module(s) on the main process, to avoid
-            # repeating e.g. database writes on all of the workers.
-            await self._account_validity_handler.on_user_registration(user_id)
+        await self._account_validity_handler.on_user_registration(user_id)

    async def register_device(
        self,
@@ -51,6 +51,7 @@ from synapse.api.constants import (
    HistoryVisibility,
    JoinRules,
    Membership,
+    MTextFields,
    RoomCreationPreset,
    RoomEncryptionAlgorithms,
    RoomTypes,
@@ -1303,7 +1304,13 @@ class RoomCreationHandler:
            topic = room_config["topic"]
            topic_event, topic_context = await create_event(
                EventTypes.Topic,
-                {"topic": topic},
+                {
+                    EventContentFields.TOPIC: topic,
+                    EventContentFields.M_TOPIC: {
+                        # The mimetype property defaults to `text/plain` if omitted.
+                        EventContentFields.M_TEXT: [{MTextFields.BODY: topic}]
+                    },
+                },
                True,
            )
            events_to_send.append((topic_event, topic_context))
@@ -388,11 +388,11 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):

    async def _local_membership_update(
        self,
+        *,
        requester: Requester,
        target: UserID,
        room_id: str,
        membership: str,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
        depth: Optional[int] = None,
@@ -414,11 +414,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                desired membership event.
            room_id:
            membership:
-
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids: The event IDs to use as the prev events
            state_event_ids:
                The full state at a given event. This was previously used particularly
@@ -486,7 +481,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                        "origin_server_ts": origin_server_ts,
                    },
                    txn_id=txn_id,
-                    allow_no_prev_events=allow_no_prev_events,
                    prev_event_ids=prev_event_ids,
                    state_event_ids=state_event_ids,
                    depth=depth,
@@ -583,7 +577,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
        new_room: bool = False,
        require_consent: bool = True,
        outlier: bool = False,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
        depth: Optional[int] = None,
@@ -607,10 +600,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
            outlier: Indicates whether the event is an `outlier`, i.e. if
                it's from an arbitrary point and floating in the DAG as
                opposed to being inline with the current DAG.
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids: The event IDs to use as the prev events
            state_event_ids:
                The full state at a given event. This was previously used particularly
@@ -680,7 +669,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                            new_room=new_room,
                            require_consent=require_consent,
                            outlier=outlier,
-                            allow_no_prev_events=allow_no_prev_events,
                            prev_event_ids=prev_event_ids,
                            state_event_ids=state_event_ids,
                            depth=depth,
@@ -703,7 +691,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
        new_room: bool = False,
        require_consent: bool = True,
        outlier: bool = False,
-        allow_no_prev_events: bool = False,
        prev_event_ids: Optional[List[str]] = None,
        state_event_ids: Optional[List[str]] = None,
        depth: Optional[int] = None,
@@ -729,10 +716,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
            outlier: Indicates whether the event is an `outlier`, i.e. if
                it's from an arbitrary point and floating in the DAG as
                opposed to being inline with the current DAG.
-            allow_no_prev_events: Whether to allow this event to be created an empty
-                list of prev_events. Normally this is prohibited just because most
-                events should have a prev_event and we should only use this in special
-                cases (previously useful for MSC2716).
            prev_event_ids: The event IDs to use as the prev events
            state_event_ids:
                The full state at a given event. This was previously used particularly
@@ -933,7 +916,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                    )
                # InviteRule.IGNORE is handled at the sync layer.

-        # An empty prev_events list is allowed as long as the auth_event_ids are present
        if prev_event_ids is not None:
            return await self._local_membership_update(
                requester=requester,
@@ -942,7 +924,6 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                membership=effective_membership_state,
                txn_id=txn_id,
                ratelimit=ratelimit,
-                allow_no_prev_events=allow_no_prev_events,
                prev_event_ids=prev_event_ids,
                state_event_ids=state_event_ids,
                depth=depth,
@@ -197,7 +197,7 @@ class SendEmailHandler:
            additional_headers: A map of additional headers to include.
        """
        try:
-            from_string = self._from % {"app": app_name}
+            from_string = self._from % {"app": app_name}  # type: ignore[operator]
        except (KeyError, TypeError):
            from_string = self._from

@@ -818,13 +818,13 @@ class SsoHandler:
                server_name = avatar_url_parts[-2]
                media_id = avatar_url_parts[-1]
                if self._is_mine_server_name(server_name):
-                    media = await self._media_repo.store.get_local_media(media_id)  # type: ignore[has-type]
+                    media = await self._media_repo.store.get_local_media(media_id)
                    if media is not None and upload_name == media.upload_name:
                        logger.info("skipping saving the user avatar")
                        return True

            # store it in media repository
-            avatar_mxc_url = await self._media_repo.create_content(
+            avatar_mxc_url = await self._media_repo.create_or_update_content(
                media_type=headers[b"Content-Type"][0].decode("utf-8"),
                upload_name=upload_name,
                content=picture,
@@ -36,6 +36,7 @@ from synapse.metrics import event_processing_positions
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.storage.databases.main.state_deltas import StateDelta
 from synapse.types import JsonDict
+from synapse.util.events import get_plain_text_topic_from_event_content

 if TYPE_CHECKING:
    from synapse.server import HomeServer
@@ -299,7 +300,9 @@ class StatsHandler:
            elif delta.event_type == EventTypes.Name:
                room_state["name"] = event_content.get("name")
            elif delta.event_type == EventTypes.Topic:
-                room_state["topic"] = event_content.get("topic")
+                room_state["topic"] = get_plain_text_topic_from_event_content(
+                    event_content
+                )
            elif delta.event_type == EventTypes.RoomAvatar:
                room_state["avatar"] = event_content.get("url")
            elif delta.event_type == EventTypes.CanonicalAlias:
@@ -329,6 +329,7 @@ class E2eeSyncResult:

 class SyncHandler:
    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self.hs_config = hs.config
        self.store = hs.get_datastores().main
        self.notifier = hs.get_notifier()
@@ -710,7 +711,9 @@ class SyncHandler:

        sync_config = sync_result_builder.sync_config

-        with Measure(self.clock, "ephemeral_by_room"):
+        with Measure(
+            self.clock, name="ephemeral_by_room", server_name=self.server_name
+        ):
            typing_key = since_token.typing_key if since_token else 0

            room_ids = sync_result_builder.joined_room_ids
@@ -783,7 +786,9 @@ class SyncHandler:
                and current token to send down to clients.
            newly_joined_room
        """
-        with Measure(self.clock, "load_filtered_recents"):
+        with Measure(
+            self.clock, name="load_filtered_recents", server_name=self.server_name
+        ):
            timeline_limit = sync_config.filter_collection.timeline_limit()
            block_all_timeline = (
                sync_config.filter_collection.blocks_all_room_timeline()
@@ -1174,7 +1179,9 @@ class SyncHandler:
        # updates even if they occurred logically before the previous event.
        # TODO(mjark) Check for new redactions in the state events.

-        with Measure(self.clock, "compute_state_delta"):
+        with Measure(
+            self.clock, name="compute_state_delta", server_name=self.server_name
+        ):
            # The memberships needed for events in the timeline.
            # Only calculated when `lazy_load_members` is on.
            members_to_fetch: Optional[Set[str]] = None
@@ -1791,7 +1798,9 @@ class SyncHandler:
            # the DB.
            return RoomNotifCounts.empty()

-        with Measure(self.clock, "unread_notifs_for_room_id"):
+        with Measure(
+            self.clock, name="unread_notifs_for_room_id", server_name=self.server_name
+        ):
            return await self.store.get_unread_event_push_actions_by_room_for_user(
                room_id,
                sync_config.user.to_string(),
@@ -503,6 +503,7 @@ class TypingWriterHandler(FollowerTypingHandler):

 class TypingNotificationEventSource(EventSource[int, JsonMapping]):
    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self._main_store = hs.get_datastores().main
        self.clock = hs.get_clock()
        # We can't call get_typing_handler here because there's a cycle:
@@ -535,7 +536,9 @@ class TypingNotificationEventSource(EventSource[int, JsonMapping]):
                  appservice may be interested in.
                * The latest known room serial.
        """
-        with Measure(self.clock, "typing.get_new_events_as"):
+        with Measure(
+            self.clock, name="typing.get_new_events_as", server_name=self.server_name
+        ):
            handler = self.get_typing_handler()

            events = []
@@ -571,7 +574,9 @@ class TypingNotificationEventSource(EventSource[int, JsonMapping]):
        Find typing notifications for given rooms (> `from_token` and <= `to_token`)
        """

-        with Measure(self.clock, "typing.get_new_events"):
+        with Measure(
+            self.clock, name="typing.get_new_events", server_name=self.server_name
+        ):
            from_key = int(from_key)
            handler = self.get_typing_handler()

@@ -237,7 +237,9 @@ class UserDirectoryHandler(StateDeltasHandler):

        # Loop round handling deltas until we're up to date
        while True:
-            with Measure(self.clock, "user_dir_delta"):
+            with Measure(
+                self.clock, name="user_dir_delta", server_name=self.server_name
+            ):
                room_max_stream_ordering = self.store.get_room_max_stream_ordering()
                if self.pos == room_max_stream_ordering:
                    return
@@ -33,10 +33,11 @@ from twisted.internet.interfaces import (
    IAddress,
    IConnector,
    IProtocol,
+    IProtocolFactory,
    IReactorCore,
    IStreamClientEndpoint,
 )
-from twisted.internet.protocol import ClientFactory, Protocol, connectionDone
+from twisted.internet.protocol import ClientFactory, connectionDone
 from twisted.python.failure import Failure
 from twisted.web import http

@@ -116,11 +117,7 @@ class HTTPConnectProxyEndpoint:
    def __repr__(self) -> str:
        return "<HTTPConnectProxyEndpoint %s>" % (self._proxy_endpoint,)

-    # Mypy encounters a false positive here: it complains that ClientFactory
-    # is incompatible with IProtocolFactory. But ClientFactory inherits from
-    # Factory, which implements IProtocolFactory. So I think this is a bug
-    # in mypy-zope.
-    def connect(self, protocolFactory: ClientFactory) -> "defer.Deferred[IProtocol]":  # type: ignore[override]
+    def connect(self, protocolFactory: IProtocolFactory) -> "defer.Deferred[IProtocol]":
        f = HTTPProxiedClientFactory(
            self._host, self._port, protocolFactory, self._proxy_creds
        )
@@ -148,7 +145,7 @@ class HTTPProxiedClientFactory(protocol.ClientFactory):
        self,
        dst_host: bytes,
        dst_port: int,
-        wrapped_factory: ClientFactory,
+        wrapped_factory: IProtocolFactory,
        proxy_creds: Optional[ProxyCredentials],
    ):
        self.dst_host = dst_host
@@ -158,7 +155,10 @@ class HTTPProxiedClientFactory(protocol.ClientFactory):
        self.on_connection: "defer.Deferred[None]" = defer.Deferred()

    def startedConnecting(self, connector: IConnector) -> None:
-        return self.wrapped_factory.startedConnecting(connector)
+        # We expect the wrapped factory to be a ClientFactory, but the generic
+        # interfaces only guarantee that it implements IProtocolFactory.
+        if isinstance(self.wrapped_factory, ClientFactory):
+            return self.wrapped_factory.startedConnecting(connector)

    def buildProtocol(self, addr: IAddress) -> "HTTPConnectProtocol":
        wrapped_protocol = self.wrapped_factory.buildProtocol(addr)
@@ -177,13 +177,15 @@ class HTTPProxiedClientFactory(protocol.ClientFactory):
        logger.debug("Connection to proxy failed: %s", reason)
        if not self.on_connection.called:
            self.on_connection.errback(reason)
-        return self.wrapped_factory.clientConnectionFailed(connector, reason)
+        if isinstance(self.wrapped_factory, ClientFactory):
+            return self.wrapped_factory.clientConnectionFailed(connector, reason)

    def clientConnectionLost(self, connector: IConnector, reason: Failure) -> None:
        logger.debug("Connection to proxy lost: %s", reason)
        if not self.on_connection.called:
            self.on_connection.errback(reason)
-        return self.wrapped_factory.clientConnectionLost(connector, reason)
+        if isinstance(self.wrapped_factory, ClientFactory):
+            return self.wrapped_factory.clientConnectionLost(connector, reason)


 class HTTPConnectProtocol(protocol.Protocol):
@@ -208,7 +210,7 @@ class HTTPConnectProtocol(protocol.Protocol):
        self,
        host: bytes,
        port: int,
-        wrapped_protocol: Protocol,
+        wrapped_protocol: IProtocol,
        connected_deferred: defer.Deferred,
        proxy_creds: Optional[ProxyCredentials],
    ):
@@ -223,11 +225,14 @@ class HTTPConnectProtocol(protocol.Protocol):
        )
        self.http_setup_client.on_connected.addCallback(self.proxyConnected)

+        # Set once we start connecting to the wrapped protocol
+        self.wrapped_connection_started = False
+
    def connectionMade(self) -> None:
        self.http_setup_client.makeConnection(self.transport)

    def connectionLost(self, reason: Failure = connectionDone) -> None:
-        if self.wrapped_protocol.connected:
+        if self.wrapped_connection_started:
            self.wrapped_protocol.connectionLost(reason)

        self.http_setup_client.connectionLost(reason)
@@ -236,6 +241,8 @@ class HTTPConnectProtocol(protocol.Protocol):
            self.connected_deferred.errback(reason)

    def proxyConnected(self, _: Union[None, "defer.Deferred[None]"]) -> None:
+        self.wrapped_connection_started = True
+        assert self.transport is not None
        self.wrapped_protocol.makeConnection(self.transport)

        self.connected_deferred.callback(self.wrapped_protocol)
@@ -247,7 +254,7 @@ class HTTPConnectProtocol(protocol.Protocol):

    def dataReceived(self, data: bytes) -> None:
        # if we've set up the HTTP protocol, we can send the data there
-        if self.wrapped_protocol.connected:
+        if self.wrapped_connection_started:
            return self.wrapped_protocol.dataReceived(data)

        # otherwise, we must still be setting up the connection: send the data to the
@@ -92,6 +92,7 @@ class MatrixFederationAgent:

    def __init__(
        self,
+        server_name: str,
        reactor: ISynapseReactor,
        tls_client_options_factory: Optional[FederationPolicyForHTTPS],
        user_agent: bytes,
@@ -100,6 +101,11 @@ class MatrixFederationAgent:
        _srv_resolver: Optional[SrvResolver] = None,
        _well_known_resolver: Optional[WellKnownResolver] = None,
    ):
+        """
+        Args:
+            server_name: Our homeserver name (used to label metrics) (`hs.hostname`).
+        """
+
        # proxy_reactor is not blocklisting reactor
        proxy_reactor = reactor

@@ -127,6 +133,7 @@ class MatrixFederationAgent:

        if _well_known_resolver is None:
            _well_known_resolver = WellKnownResolver(
+                server_name,
                reactor,
                agent=BlocklistingAgentWrapper(
                    ProxyAgent(
@@ -91,12 +91,19 @@ class WellKnownResolver:

    def __init__(
        self,
+        server_name: str,
        reactor: IReactorTime,
        agent: IAgent,
        user_agent: bytes,
        well_known_cache: Optional[TTLCache[bytes, Optional[bytes]]] = None,
        had_well_known_cache: Optional[TTLCache[bytes, bool]] = None,
    ):
+        """
+        Args:
+            server_name: Our homeserver name (used to label metrics) (`hs.hostname`).
+        """
+
+        self.server_name = server_name
        self._reactor = reactor
        self._clock = Clock(reactor)

@@ -134,7 +141,13 @@ class WellKnownResolver:
        # TODO: should we linearise so that we don't end up doing two .well-known
        # requests for the same server in parallel?
        try:
-            with Measure(self._clock, "get_well_known"):
+            with Measure(
+                self._clock,
+                name="get_well_known",
+                # This should be our homeserver where the the code is running (used to
+                # label metrics)
+                server_name=self.server_name,
+            ):
                result: Optional[bytes]
                cache_period: float

@@ -417,6 +417,7 @@ class MatrixFederationHttpClient:
        if hs.get_instance_name() in outbound_federation_restricted_to:
            # Talk to federation directly
            federation_agent: IAgent = MatrixFederationAgent(
+                self.server_name,
                self.reactor,
                tls_client_options_factory,
                user_agent.encode("ascii"),
@@ -697,7 +698,11 @@ class MatrixFederationHttpClient:
                    outgoing_requests_counter.labels(request.method).inc()

                    try:
-                        with Measure(self.clock, "outbound_request"):
+                        with Measure(
+                            self.clock,
+                            name="outbound_request",
+                            server_name=self.server_name,
+                        ):
                            # we don't want all the fancy cookie and redirect handling
                            # that treq.request gives: just use the raw Agent.

@@ -177,6 +177,13 @@ class MediaRepository:
        else:
            self.url_previewer = None

+        # We get the media upload limits and sort them in descending order of
+        # time period, so that we can apply some optimizations.
+        self.media_upload_limits = hs.config.media.media_upload_limits
+        self.media_upload_limits.sort(
+            key=lambda limit: limit.time_period_ms, reverse=True
+        )
+
    def _start_update_recently_accessed(self) -> Deferred:
        return run_as_background_process(
            "update_recently_accessed_media", self._update_recently_accessed
@@ -285,63 +292,16 @@ class MediaRepository:
            raise NotFoundError("Media ID has expired")

    @trace
-    async def update_content(
-        self,
-        media_id: str,
-        media_type: str,
-        upload_name: Optional[str],
-        content: IO,
-        content_length: int,
-        auth_user: UserID,
-    ) -> None:
-        """Update the content of the given media ID.
-
-        Args:
-            media_id: The media ID to replace.
-            media_type: The content type of the file.
-            upload_name: The name of the file, if provided.
-            content: A file like object that is the content to store
-            content_length: The length of the content
-            auth_user: The user_id of the uploader
-        """
-        file_info = FileInfo(server_name=None, file_id=media_id)
-        sha256reader = SHA256TransparentIOReader(content)
-        # This implements all of IO as it has a passthrough
-        fname = await self.media_storage.store_file(sha256reader.wrap(), file_info)
-        sha256 = sha256reader.hexdigest()
-        should_quarantine = await self.store.get_is_hash_quarantined(sha256)
-        logger.info("Stored local media in file %r", fname)
-
-        if should_quarantine:
-            logger.warning(
-                "Media has been automatically quarantined as it matched existing quarantined media"
-            )
-
-        await self.store.update_local_media(
-            media_id=media_id,
-            media_type=media_type,
-            upload_name=upload_name,
-            media_length=content_length,
-            user_id=auth_user,
-            sha256=sha256,
-            quarantined_by="system" if should_quarantine else None,
-        )
-
-        try:
-            await self._generate_thumbnails(None, media_id, media_id, media_type)
-        except Exception as e:
-            logger.info("Failed to generate thumbnails: %s", e)
-
-    @trace
-    async def create_content(
+    async def create_or_update_content(
        self,
        media_type: str,
        upload_name: Optional[str],
        content: IO,
        content_length: int,
        auth_user: UserID,
+        media_id: Optional[str] = None,
    ) -> MXCUri:
-        """Store uploaded content for a local user and return the mxc URL
+        """Create or update the content of the given media ID.

        Args:
            media_type: The content type of the file.
@@ -349,16 +309,20 @@ class MediaRepository:
            content: A file like object that is the content to store
            content_length: The length of the content
            auth_user: The user_id of the uploader
+            media_id: The media ID to update if provided, otherwise creates
+                new media ID.

        Returns:
            The mxc url of the stored content
        """

-        media_id = random_string(24)
+        is_new_media = media_id is None
+        if media_id is None:
+            media_id = random_string(24)

        file_info = FileInfo(server_name=None, file_id=media_id)
-        # This implements all of IO as it has a passthrough
        sha256reader = SHA256TransparentIOReader(content)
+        # This implements all of IO as it has a passthrough
        fname = await self.media_storage.store_file(sha256reader.wrap(), file_info)
        sha256 = sha256reader.hexdigest()
        should_quarantine = await self.store.get_is_hash_quarantined(sha256)
@@ -370,16 +334,56 @@ class MediaRepository:
                "Media has been automatically quarantined as it matched existing quarantined media"
            )

-        await self.store.store_local_media(
-            media_id=media_id,
-            media_type=media_type,
-            time_now_ms=self.clock.time_msec(),
-            upload_name=upload_name,
-            media_length=content_length,
-            user_id=auth_user,
-            sha256=sha256,
-            quarantined_by="system" if should_quarantine else None,
-        )
+        # Check that the user has not exceeded any of the media upload limits.
+
+        # This is the total size of media uploaded by the user in the last
+        # `time_period_ms` milliseconds, or None if we haven't checked yet.
+        uploaded_media_size: Optional[int] = None
+
+        # Note: the media upload limits are sorted so larger time periods are
+        # first.
+        for limit in self.media_upload_limits:
+            # We only need to check the amount of media uploaded by the user in
+            # this latest (smaller) time period if the amount of media uploaded
+            # in a previous (larger) time period is above the limit.
+            #
+            # This optimization means that in the common case where the user
+            # hasn't uploaded much media, we only need to query the database
+            # once.
+            if (
+                uploaded_media_size is None
+                or uploaded_media_size + content_length > limit.max_bytes
+            ):
+                uploaded_media_size = await self.store.get_media_uploaded_size_for_user(
+                    user_id=auth_user.to_string(), time_period_ms=limit.time_period_ms
+                )
+
+            if uploaded_media_size + content_length > limit.max_bytes:
+                raise SynapseError(
+                    400, "Media upload limit exceeded", Codes.RESOURCE_LIMIT_EXCEEDED
+                )
+
+        if is_new_media:
+            await self.store.store_local_media(
+                media_id=media_id,
+                media_type=media_type,
+                time_now_ms=self.clock.time_msec(),
+                upload_name=upload_name,
+                media_length=content_length,
+                user_id=auth_user,
+                sha256=sha256,
+                quarantined_by="system" if should_quarantine else None,
+            )
+        else:
+            await self.store.update_local_media(
+                media_id=media_id,
+                media_type=media_type,
+                upload_name=upload_name,
+                media_length=content_length,
+                user_id=auth_user,
+                sha256=sha256,
+                quarantined_by="system" if should_quarantine else None,
+            )

        try:
            await self._generate_thumbnails(None, media_id, media_id, media_type)
@@ -133,7 +133,7 @@ def decode_body(
        content_type: The Content-Type header.

    Returns:
-        The parsed HTML body, or None if an error occurred during processed.
+        The parsed HTML body, or None if an error occurred during processing.
    """
    # If there's no body, nothing useful is going to be found.
    if not body:
@@ -158,9 +158,31 @@ def decode_body(
    # Create an HTML parser.
    parser = etree.HTMLParser(recover=True, encoding=encoding)

-    # Attempt to parse the body. Returns None if the body was successfully
-    # parsed, but no tree was found.
-    return etree.fromstring(body, parser)
+    # Attempt to parse the body. With `lxml` 6.0.0+, this will be an empty HTML
+    # tree if the body was successfully parsed, but no tree was found. In
+    # previous `lxml` versions, `etree.fromstring` would return `None` in that
+    # case.
+    html_tree = etree.fromstring(body, parser)
+
+    # Account for the above referenced case where `html_tree` is an HTML tree
+    # with an empty body. If so, return None.
+    if html_tree is not None and html_tree.tag == "html":
+        # If the tree has only a single <body> element and it's empty, then
+        # return None.
+        body_el = html_tree.find("body")
+        if body_el is not None and len(html_tree) == 1:
+            # Extract the content of the body tag as text.
+            body_text = "".join(cast(Iterable[str], body_el.itertext()))
+
+            # Strip any undecodable Unicode characters and whitespace.
+            body_text = body_text.strip("\ufffd").strip()
+
+            # If there's no text left, and there were no child tags,
+            # then we consider the <body> tag empty.
+            if not body_text and len(body_el) == 0:
+                return None
+
+    return html_tree


 def _get_meta_tags(
@@ -66,6 +66,21 @@ all_gauges: Dict[str, Collector] = {}

 HAVE_PROC_SELF_STAT = os.path.exists("/proc/self/stat")

+SERVER_NAME_LABEL = "server_name"
+"""
+The `server_name` label is used to identify the homeserver that the metrics correspond
+to. Because we support multiple instances of Synapse running in the same process and all
+metrics are in a single global `REGISTRY`, we need to manually label any metrics.
+
+In the case of a Synapse homeserver, this should be set to the homeserver name
+(`hs.hostname`).
+
+We're purposely not using the `instance` label for this purpose as that should be "The
+<host>:<port> part of the target's URL that was scraped.". Also: "In Prometheus
+terms, an endpoint you can scrape is called an *instance*, usually corresponding to a
+single process." (source: https://prometheus.io/docs/concepts/jobs_instances/)
+"""
+

 class _RegistryProxy:
    @staticmethod
@@ -192,7 +207,16 @@ class InFlightGauge(Generic[MetricsEntry], Collector):
        same key.

        Note that `callback` may be called on a separate thread.
+
+        Args:
+            key: A tuple of label values, which must match the order of the
+                `labels` given to the constructor.
+            callback
        """
+        assert len(key) == len(self.labels), (
+            f"Expected {len(self.labels)} labels in `key`, got {len(key)}: {key}"
+        )
+
        with self._lock:
            self._registrations.setdefault(key, set()).add(callback)

@@ -201,7 +225,17 @@ class InFlightGauge(Generic[MetricsEntry], Collector):
        key: Tuple[str, ...],
        callback: Callable[[MetricsEntry], None],
    ) -> None:
-        """Registers that we've exited a block with labels `key`."""
+        """
+        Registers that we've exited a block with labels `key`.
+
+        Args:
+            key: A tuple of label values, which must match the order of the
+                `labels` given to the constructor.
+            callback
+        """
+        assert len(key) == len(self.labels), (
+            f"Expected {len(self.labels)} labels in `key`, got {len(key)}: {key}"
+        )

        with self._lock:
            self._registrations.setdefault(key, set()).discard(callback)
@@ -225,7 +259,7 @@ class InFlightGauge(Generic[MetricsEntry], Collector):
            with self._lock:
                callbacks = set(self._registrations[key])

-            in_flight.add_metric(key, len(callbacks))
+            in_flight.add_metric(labels=key, value=len(callbacks))

            metrics = self._metrics_class()
            metrics_by_key[key] = metrics
@@ -239,7 +273,7 @@ class InFlightGauge(Generic[MetricsEntry], Collector):
                "_".join([self.name, name]), "", labels=self.labels
            )
            for key, metrics in metrics_by_key.items():
-                gauge.add_metric(key, getattr(metrics, name))
+                gauge.add_metric(labels=key, value=getattr(metrics, name))
            yield gauge

    def _register_with_collector(self) -> None:
@@ -33,7 +33,7 @@ from twisted.internet.asyncioreactor import AsyncioSelectorReactor
 from synapse.metrics._types import Collector

 try:
-    from selectors import KqueueSelector
+    from selectors import KqueueSelector  # type: ignore[attr-defined]
 except ImportError:

    class KqueueSelector:  # type: ignore[no-redef]
@@ -284,7 +284,7 @@ class ModuleApi:
        try:
            app_name = self._hs.config.email.email_app_name

-            self._from_string = self._hs.config.email.email_notif_from % {
+            self._from_string = self._hs.config.email.email_notif_from % {  # type: ignore[operator]
                "app": app_name
            }
        except (KeyError, TypeError):
@@ -31,6 +31,7 @@ IS_USER_ALLOWED_TO_UPLOAD_MEDIA_OF_SIZE_CALLBACK = Callable[[str, int], Awaitabl

 class MediaRepositoryModuleApiCallbacks:
    def __init__(self, hs: "HomeServer") -> None:
+        self.server_name = hs.hostname
        self.clock = hs.get_clock()
        self._get_media_config_for_user_callbacks: List[
            GET_MEDIA_CONFIG_FOR_USER_CALLBACK
@@ -57,7 +58,11 @@ class MediaRepositoryModuleApiCallbacks:

    async def get_media_config_for_user(self, user_id: str) -> Optional[JsonDict]:
        for callback in self._get_media_config_for_user_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res: Optional[JsonDict] = await delay_cancellation(callback(user_id))
            if res:
                return res
@@ -68,7 +73,11 @@ class MediaRepositoryModuleApiCallbacks:
        self, user_id: str, size: int
    ) -> bool:
        for callback in self._is_user_allowed_to_upload_media_of_size_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res: bool = await delay_cancellation(callback(user_id, size))
            if not res:
                return res
@@ -43,6 +43,7 @@ GET_RATELIMIT_OVERRIDE_FOR_USER_CALLBACK = Callable[

 class RatelimitModuleApiCallbacks:
    def __init__(self, hs: "HomeServer") -> None:
+        self.server_name = hs.hostname
        self.clock = hs.get_clock()
        self._get_ratelimit_override_for_user_callbacks: List[
            GET_RATELIMIT_OVERRIDE_FOR_USER_CALLBACK
@@ -64,7 +65,11 @@ class RatelimitModuleApiCallbacks:
        self, user_id: str, limiter_name: str
    ) -> Optional[RatelimitOverride]:
        for callback in self._get_ratelimit_override_for_user_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res: Optional[RatelimitOverride] = await delay_cancellation(
                    callback(user_id, limiter_name)
                )
@@ -356,6 +356,7 @@ class SpamCheckerModuleApiCallbacks:
    NOT_SPAM: Literal["NOT_SPAM"] = "NOT_SPAM"

    def __init__(self, hs: "synapse.server.HomeServer") -> None:
+        self.server_name = hs.hostname
        self.clock = hs.get_clock()

        self._check_event_for_spam_callbacks: List[CHECK_EVENT_FOR_SPAM_CALLBACK] = []
@@ -490,7 +491,11 @@ class SpamCheckerModuleApiCallbacks:
                generally discouraged as it doesn't support internationalization.
        """
        for callback in self._check_event_for_spam_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(event))
                if res is False or res == self.NOT_SPAM:
                    # This spam-checker accepts the event.
@@ -543,7 +548,11 @@ class SpamCheckerModuleApiCallbacks:
            True if the event should be silently dropped
        """
        for callback in self._should_drop_federated_event_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res: Union[bool, str] = await delay_cancellation(callback(event))
            if res:
                return res
@@ -565,7 +574,11 @@ class SpamCheckerModuleApiCallbacks:
            NOT_SPAM if the operation is permitted, [Codes, Dict] otherwise.
        """
        for callback in self._user_may_join_room_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(user_id, room_id, is_invited))
                # Normalize return values to `Codes` or `"NOT_SPAM"`.
                if res is True or res is self.NOT_SPAM:
@@ -604,7 +617,11 @@ class SpamCheckerModuleApiCallbacks:
            NOT_SPAM if the operation is permitted, Codes otherwise.
        """
        for callback in self._user_may_invite_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(
                    callback(inviter_userid, invitee_userid, room_id)
                )
@@ -643,7 +660,11 @@ class SpamCheckerModuleApiCallbacks:
            NOT_SPAM if the operation is permitted, Codes otherwise.
        """
        for callback in self._federated_user_may_invite_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(event))
                # Normalize return values to `Codes` or `"NOT_SPAM"`.
                if res is True or res is self.NOT_SPAM:
@@ -686,7 +707,11 @@ class SpamCheckerModuleApiCallbacks:
            NOT_SPAM if the operation is permitted, Codes otherwise.
        """
        for callback in self._user_may_send_3pid_invite_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(
                    callback(inviter_userid, medium, address, room_id)
                )
@@ -722,7 +747,11 @@ class SpamCheckerModuleApiCallbacks:
            room_config: The room creation configuration which is the body of the /createRoom request
        """
        for callback in self._user_may_create_room_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                checker_args = inspect.signature(callback)
                # Also ensure backwards compatibility with spam checker callbacks
                # that don't expect the room_config argument.
@@ -786,7 +815,11 @@ class SpamCheckerModuleApiCallbacks:
            content: The content of the state event
        """
        for callback in self._user_may_send_state_event_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                # We make a copy of the content to ensure that the spam checker cannot modify it.
                res = await delay_cancellation(
                    callback(user_id, room_id, event_type, state_key, deepcopy(content))
@@ -814,7 +847,11 @@ class SpamCheckerModuleApiCallbacks:

        """
        for callback in self._user_may_create_room_alias_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(userid, room_alias))
                if res is True or res is self.NOT_SPAM:
                    continue
@@ -847,7 +884,11 @@ class SpamCheckerModuleApiCallbacks:
            room_id: The ID of the room that would be published
        """
        for callback in self._user_may_publish_room_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(userid, room_id))
                if res is True or res is self.NOT_SPAM:
                    continue
@@ -889,7 +930,11 @@ class SpamCheckerModuleApiCallbacks:
            True if the user is spammy.
        """
        for callback in self._check_username_for_spam_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                checker_args = inspect.signature(callback)
                # Make a copy of the user profile object to ensure the spam checker cannot
                # modify it.
@@ -938,7 +983,11 @@ class SpamCheckerModuleApiCallbacks:
        """

        for callback in self._check_registration_for_spam_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                behaviour = await delay_cancellation(
                    callback(email_threepid, username, request_info, auth_provider_id)
                )
@@ -980,7 +1029,11 @@ class SpamCheckerModuleApiCallbacks:
        """

        for callback in self._check_media_file_for_spam_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(callback(file_wrapper, file_info))
                # Normalize return values to `Codes` or `"NOT_SPAM"`.
                if res is False or res is self.NOT_SPAM:
@@ -1027,7 +1080,11 @@ class SpamCheckerModuleApiCallbacks:
        """

        for callback in self._check_login_for_spam_callbacks:
-            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
+            with Measure(
+                self.clock,
+                name=f"{callback.__module__}.{callback.__qualname__}",
+                server_name=self.server_name,
+            ):
                res = await delay_cancellation(
                    callback(
                        user_id,
@@ -129,7 +129,8 @@ class BulkPushRuleEvaluator:
    def __init__(self, hs: "HomeServer"):
        self.hs = hs
        self.store = hs.get_datastores().main
-        self.clock = hs.get_clock()
+        self.server_name = hs.hostname  # nb must be called this for @measure_func
+        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self._event_auth_handler = hs.get_event_auth_handler()
        self.should_calculate_push_rules = self.hs.config.push.enable_push

@@ -76,6 +76,7 @@ class ReplicationFederationSendEventsRestServlet(ReplicationEndpoint):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)

+        self.server_name = hs.hostname
        self.store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
        self.clock = hs.get_clock()
@@ -122,7 +123,9 @@ class ReplicationFederationSendEventsRestServlet(ReplicationEndpoint):
    async def _handle_request(  # type: ignore[override]
        self, request: Request, content: JsonDict
    ) -> Tuple[int, JsonDict]:
-        with Measure(self.clock, "repl_fed_send_events_parse"):
+        with Measure(
+            self.clock, name="repl_fed_send_events_parse", server_name=self.server_name
+        ):
            room_id = content["room_id"]
            backfilled = content["backfilled"]

@@ -202,6 +205,8 @@ class ReplicationFederationSendEduRestServlet(ReplicationEndpoint):
        return 200, {}


+# FIXME(2025-07-22): Remove this on the next release, this will only get used
+# during rollout to Synapse 1.135 and can be removed after that release.
 class ReplicationGetQueryRestServlet(ReplicationEndpoint):
    """Handle responding to queries from federation.

@@ -249,6 +254,8 @@ class ReplicationGetQueryRestServlet(ReplicationEndpoint):
        return 200, result


+# FIXME(2025-07-22): Remove this on the next release, this will only get used
+# during rollout to Synapse 1.135 and can be removed after that release.
 class ReplicationCleanRoomRestServlet(ReplicationEndpoint):
    """Called to clean up any data in DB for a given room, ready for the
    server to join the room.
@@ -284,6 +291,8 @@ class ReplicationCleanRoomRestServlet(ReplicationEndpoint):
        return 200, {}


+# FIXME(2025-07-22): Remove this on the next release, this will only get used
+# during rollout to Synapse 1.135 and can be removed after that release.
 class ReplicationStoreRoomOnOutlierMembershipRestServlet(ReplicationEndpoint):
    """Called to clean up any data in DB for a given room, ready for the
    server to join the room.
@@ -33,6 +33,8 @@ if TYPE_CHECKING:
 logger = logging.getLogger(__name__)


+# FIXME(2025-07-22): Remove this on the next release, this may only be used
+# during rollout to Synapse 1.134 and can be removed after that release.
 class ReplicationRegisterServlet(ReplicationEndpoint):
    """Register a new user"""

@@ -76,6 +76,7 @@ class ReplicationSendEventRestServlet(ReplicationEndpoint):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)

+        self.server_name = hs.hostname
        self.event_creation_handler = hs.get_event_creation_handler()
        self.store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
@@ -121,7 +122,9 @@ class ReplicationSendEventRestServlet(ReplicationEndpoint):
    async def _handle_request(  # type: ignore[override]
        self, request: Request, content: JsonDict, event_id: str
    ) -> Tuple[int, JsonDict]:
-        with Measure(self.clock, "repl_send_event_parse"):
+        with Measure(
+            self.clock, name="repl_send_event_parse", server_name=self.server_name
+        ):
            event_dict = content["event"]
            room_ver = KNOWN_ROOM_VERSIONS[content["room_version"]]
            internal_metadata = content["internal_metadata"]
@@ -77,6 +77,7 @@ class ReplicationSendEventsRestServlet(ReplicationEndpoint):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)

+        self.server_name = hs.hostname
        self.event_creation_handler = hs.get_event_creation_handler()
        self.store = hs.get_datastores().main
        self._storage_controllers = hs.get_storage_controllers()
@@ -122,7 +123,9 @@ class ReplicationSendEventsRestServlet(ReplicationEndpoint):
    async def _handle_request(  # type: ignore[override]
        self, request: Request, payload: JsonDict
    ) -> Tuple[int, JsonDict]:
-        with Measure(self.clock, "repl_send_events_parse"):
+        with Measure(
+            self.clock, name="repl_send_events_parse", server_name=self.server_name
+        ):
            events_and_context = []
            events = payload["events"]
            rooms = set()
@@ -75,6 +75,7 @@ class ReplicationDataHandler:
    """

    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self.store = hs.get_datastores().main
        self.notifier = hs.get_notifier()
        self._reactor = hs.get_reactor()
@@ -342,7 +343,11 @@ class ReplicationDataHandler:
        waiting_list.add((position, deferred))

        # We measure here to get in flight counts and average waiting time.
-        with Measure(self._clock, "repl.wait_for_stream_position"):
+        with Measure(
+            self._clock,
+            name="repl.wait_for_stream_position",
+            server_name=self.server_name,
+        ):
            logger.info(
                "Waiting for repl stream %r to reach %s (%s); currently at: %s",
                stream_name,
@@ -78,6 +78,7 @@ class ReplicationStreamer:
    """

    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self.store = hs.get_datastores().main
        self.clock = hs.get_clock()
        self.notifier = hs.get_notifier()
@@ -155,7 +156,11 @@ class ReplicationStreamer:
            while self.pending_updates:
                self.pending_updates = False

-                with Measure(self.clock, "repl.stream.get_updates"):
+                with Measure(
+                    self.clock,
+                    name="repl.stream.get_updates",
+                    server_name=self.server_name,
+                ):
                    all_streams = self.streams

                    if self._replication_torture_level is not None:
@@ -69,7 +69,10 @@ class ReportEventRestServlet(RestServlet):
                "Param 'reason' must be a string",
                Codes.BAD_JSON,
            )
-        if type(body.get("score", 0)) is not int:  # noqa: E721
+        if (
+            not self.hs.config.experimental.msc4277_enabled
+            and type(body.get("score", 0)) is not int
+        ):  # noqa: E721
            raise SynapseError(
                HTTPStatus.BAD_REQUEST,
                "Param 'score' must be an integer",
@@ -85,10 +88,15 @@ class ReportEventRestServlet(RestServlet):
            event = None

        if event is None:
-            raise NotFoundError(
-                "Unable to report event: "
-                "it does not exist or you aren't able to see it."
-            )
+            if self.hs.config.experimental.msc4277_enabled:
+                # Respond with 200 and no content regardless of whether the event
+                # exists to prevent enumeration attacks.
+                return 200, {}
+            else:
+                raise NotFoundError(
+                    "Unable to report event: "
+                    "it does not exist or you aren't able to see it."
+                )

        await self.store.add_event_report(
            room_id=room_id,
@@ -138,7 +146,12 @@ class ReportRoomRestServlet(RestServlet):

        room = await self.store.get_room(room_id)
        if room is None:
-            raise NotFoundError("Room does not exist")
+            if self.hs.config.experimental.msc4277_enabled:
+                # Respond with 200 and no content regardless of whether the room
+                # exists to prevent enumeration attacks.
+                return 200, {}
+            else:
+                raise NotFoundError("Room does not exist")

        await self.store.add_room_report(
            room_id=room_id,
@@ -112,6 +112,7 @@ class VersionsRestServlet(RestServlet):
                    "v1.9",
                    "v1.10",
                    "v1.11",
+                    "v1.12",
                ],
                # as per MSC1497:
                "unstable_features": {
@@ -120,7 +120,7 @@ class UploadServlet(BaseUploadServlet):

        try:
            content: IO = request.content  # type: ignore
-            content_uri = await self.media_repo.create_content(
+            content_uri = await self.media_repo.create_or_update_content(
                media_type, upload_name, content, content_length, requester.user
            )
        except SpamMediaException:
@@ -170,13 +170,13 @@ class AsyncUploadServlet(BaseUploadServlet):

            try:
                content: IO = request.content  # type: ignore
-                await self.media_repo.update_content(
-                    media_id,
+                await self.media_repo.create_or_update_content(
                    media_type,
                    upload_name,
                    content,
                    content_length,
                    requester.user,
+                    media_id=media_id,
                )
            except SpamMediaException:
                # For uploading of media we want to respond with a 400, instead of
@@ -189,7 +189,8 @@ class StateHandler:
    """

    def __init__(self, hs: "HomeServer"):
-        self.clock = hs.get_clock()
+        self.server_name = hs.hostname  # nb must be called this for @measure_func
+        self.clock = hs.get_clock()  # nb must be called this for @measure_func
        self.store = hs.get_datastores().main
        self._state_storage_controller = hs.get_storage_controllers().state
        self.hs = hs
@@ -631,6 +632,7 @@ class StateResolutionHandler:
    """

    def __init__(self, hs: "HomeServer"):
+        self.server_name = hs.hostname
        self.clock = hs.get_clock()

        self.resolve_linearizer = Linearizer(name="state_resolve_lock")
@@ -747,7 +749,9 @@ class StateResolutionHandler:
            # which will be used as a cache key for future resolutions, but
            # not get persisted.

-            with Measure(self.clock, "state.create_group_ids"):
+            with Measure(
+                self.clock, name="state.create_group_ids", server_name=self.server_name
+            ):
                cache = _make_state_cache_entry(new_state, state_groups_ids)

            self._state_cache[group_names] = cache
@@ -785,7 +789,9 @@ class StateResolutionHandler:
            a map from (type, state_key) to event_id.
        """
        try:
-            with Measure(self.clock, "state._resolve_events") as m:
+            with Measure(
+                self.clock, name="state._resolve_events", server_name=self.server_name
+            ) as m:
                room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
                if room_version_obj.state_res == StateResolutionVersions.V1:
                    return await v1.resolve_events_with_store(
@@ -55,6 +55,7 @@ class SQLBaseStore(metaclass=ABCMeta):
        hs: "HomeServer",
    ):
        self.hs = hs
+        self.server_name = hs.hostname
        self._clock = hs.get_clock()
        self.database_engine = database.engine
        self.db_pool = database
@@ -0,0 +1,22 @@
+import logging
+from typing import Optional
+
+from synapse.types import JsonMapping
+
+logger = logging.getLogger(__name__)
+
+
+class AdminClientConfig:
+    """Class to track various Synapse-specific admin-only client-impacting config options."""
+
+    def __init__(self, account_data: Optional[JsonMapping]):
+        # Allow soft-failed events to be returned down `/sync` and other
+        # client APIs. `io.element.synapse.soft_failed: true` is added to the
+        # `unsigned` portion of the event to inform clients that the event
+        # is soft-failed.
+        self.return_soft_failed_events: bool = False
+
+        if account_data:
+            self.return_soft_failed_events = account_data.get(
+                "return_soft_failed_events", False
+            )
@@ -337,6 +337,7 @@ class EventsPersistenceStorageController:
        assert stores.persist_events
        self.persist_events_store = stores.persist_events

+        self.server_name = hs.hostname
        self._clock = hs.get_clock()
        self._instance_name = hs.get_instance_name()
        self.is_mine_id = hs.is_mine_id
@@ -616,7 +617,11 @@ class EventsPersistenceStorageController:
            state_delta_for_room = None

            if not backfilled:
-                with Measure(self._clock, "_calculate_state_and_extrem"):
+                with Measure(
+                    self._clock,
+                    name="_calculate_state_and_extrem",
+                    server_name=self.server_name,
+                ):
                    # Work out the new "current state" for the room.
                    # We do this by working out what the new extremities are and then
                    # calculating the state from that.
@@ -627,7 +632,11 @@ class EventsPersistenceStorageController:
                        room_id, chunk
                    )

-            with Measure(self._clock, "calculate_chain_cover_index_for_events"):
+            with Measure(
+                self._clock,
+                name="calculate_chain_cover_index_for_events",
+                server_name=self.server_name,
+            ):
                # We now calculate chain ID/sequence numbers for any state events we're
                # persisting. We ignore out of band memberships as we're not in the room
                # and won't have their auth chain (we'll fix it up later if we join the
@@ -719,7 +728,11 @@ class EventsPersistenceStorageController:
                    break

        logger.debug("Calculating state delta for room %s", room_id)
-        with Measure(self._clock, "persist_events.get_new_state_after_events"):
+        with Measure(
+            self._clock,
+            name="persist_events.get_new_state_after_events",
+            server_name=self.server_name,
+        ):
            res = await self._get_new_state_after_events(
                room_id,
                ev_ctx_rm,
@@ -746,7 +759,11 @@ class EventsPersistenceStorageController:
            # removed keys entirely.
            delta = DeltaState([], delta_ids)
        elif current_state is not None:
-            with Measure(self._clock, "persist_events.calculate_state_delta"):
+            with Measure(
+                self._clock,
+                name="persist_events.calculate_state_delta",
+                server_name=self.server_name,
+            ):
                delta = await self._calculate_state_delta(room_id, current_state)

        if delta:
@@ -68,6 +68,7 @@ class StateStorageController:
    """

    def __init__(self, hs: "HomeServer", stores: "Databases"):
+        self.server_name = hs.hostname
        self._is_mine_id = hs.is_mine_id
        self._clock = hs.get_clock()
        self.stores = stores
@@ -812,7 +813,9 @@ class StateStorageController:
            state_group = object()

        assert state_group is not None
-        with Measure(self._clock, "get_joined_hosts"):
+        with Measure(
+            self._clock, name="get_joined_hosts", server_name=self.server_name
+        ):
            return await self._get_joined_hosts(
                room_id, state_group, state_entry=state_entry
            )
@@ -37,6 +37,7 @@ from synapse.api.constants import AccountDataTypes
 from synapse.api.errors import Codes, SynapseError
 from synapse.replication.tcp.streams import AccountDataStream
 from synapse.storage._base import db_to_json
+from synapse.storage.admin_client_config import AdminClientConfig
 from synapse.storage.database import (
    DatabasePool,
    LoggingDatabaseConnection,
@@ -578,6 +579,21 @@ class AccountDataWorkerStore(PushRulesWorkerStore, CacheInvalidationWorkerStore)
        )
        return InviteRulesConfig(data)

+    async def get_admin_client_config_for_user(self, user_id: str) -> AdminClientConfig:
+        """
+        Get the admin client configuration for the specified user.
+
+        The admin client config contains Synapse-specific settings that clients running
+        server admin accounts can use. They have no effect on non-admin users.
+
+        Args:
+            user_id: The user ID to get config for.
+        """
+        data = await self.get_global_account_data_by_type_for_user(
+            user_id, AccountDataTypes.SYNAPSE_ADMIN_CLIENT_CONFIG
+        )
+        return AdminClientConfig(data)
+
    def process_replication_rows(
        self,
        stream_name: str,
@@ -41,7 +41,6 @@ from synapse.storage.database import (
    LoggingDatabaseConnection,
    LoggingTransaction,
 )
-from synapse.storage.databases.main.events import SLIDING_SYNC_RELEVANT_STATE_SET
 from synapse.storage.engines import PostgresEngine
 from synapse.storage.util.id_generators import MultiWriterIdGenerator
 from synapse.util.caches.descriptors import CachedFunction
@@ -284,6 +283,11 @@ class CacheInvalidationWorkerStore(SQLBaseStore):
        super().process_replication_position(stream_name, instance_name, token)

    def _process_event_stream_row(self, token: int, row: EventsStreamRow) -> None:
+        # This is needed to avoid a circular import.
+        from synapse.storage.databases.main.events import (
+            SLIDING_SYNC_RELEVANT_STATE_SET,
+        )
+
        data = row.data

        if row.type == EventsStreamEventRow.TypeId:
@@ -347,6 +351,11 @@ class CacheInvalidationWorkerStore(SQLBaseStore):
        relates_to: Optional[str],
        backfilled: bool,
    ) -> None:
+        # This is needed to avoid a circular import.
+        from synapse.storage.databases.main.events import (
+            SLIDING_SYNC_RELEVANT_STATE_SET,
+        )
+
        # XXX: If you add something to this function make sure you add it to
        # `_invalidate_caches_for_room_events` as well.

@@ -46,13 +46,14 @@ from synapse.api.room_versions import EventFormatVersions, RoomVersion
 from synapse.events import EventBase, make_event_from_dict
 from synapse.logging.opentracing import tag_args, trace
 from synapse.metrics.background_process_metrics import wrap_as_background_process
-from synapse.storage._base import SQLBaseStore, db_to_json, make_in_list_sql_clause
+from synapse.storage._base import db_to_json, make_in_list_sql_clause
 from synapse.storage.background_updates import ForeignKeyConstraint
 from synapse.storage.database import (
    DatabasePool,
    LoggingDatabaseConnection,
    LoggingTransaction,
 )
+from synapse.storage.databases.main.cache import CacheInvalidationWorkerStore
 from synapse.storage.databases.main.events_worker import EventsWorkerStore
 from synapse.storage.databases.main.signatures import SignatureWorkerStore
 from synapse.storage.engines import PostgresEngine, Sqlite3Engine
@@ -123,7 +124,9 @@ class _NoChainCoverIndex(Exception):
        super().__init__("Unexpectedly no chain cover for events in %s" % (room_id,))


-class EventFederationWorkerStore(SignatureWorkerStore, EventsWorkerStore, SQLBaseStore):
+class EventFederationWorkerStore(
+    SignatureWorkerStore, EventsWorkerStore, CacheInvalidationWorkerStore
+):
    # TODO: this attribute comes from EventPushActionWorkerStore. Should we inherit from
    # that store so that mypy can deduce this for itself?
    stream_ordering_month_ago: Optional[int]
@@ -2053,6 +2056,19 @@ class EventFederationWorkerStore(SignatureWorkerStore, EventsWorkerStore, SQLBas
        number_pdus_in_federation_queue.set(count)
        oldest_pdu_in_federation_staging.set(age)

+    async def clean_room_for_join(self, room_id: str) -> None:
+        await self.db_pool.runInteraction(
+            "clean_room_for_join", self._clean_room_for_join_txn, room_id
+        )
+
+    def _clean_room_for_join_txn(self, txn: LoggingTransaction, room_id: str) -> None:
+        query = "DELETE FROM event_forward_extremities WHERE room_id = ?"
+
+        txn.execute(query, (room_id,))
+        self._invalidate_cache_and_stream(
+            txn, self.get_latest_event_ids_in_room, (room_id,)
+        )
+

 class EventFederationStore(EventFederationWorkerStore):
    """Responsible for storing and serving up the various graphs associated
@@ -2078,17 +2094,6 @@ class EventFederationStore(EventFederationWorkerStore):
            self.EVENT_AUTH_STATE_ONLY, self._background_delete_non_state_event_auth
        )

-    async def clean_room_for_join(self, room_id: str) -> None:
-        await self.db_pool.runInteraction(
-            "clean_room_for_join", self._clean_room_for_join_txn, room_id
-        )
-
-    def _clean_room_for_join_txn(self, txn: LoggingTransaction, room_id: str) -> None:
-        query = "DELETE FROM event_forward_extremities WHERE room_id = ?"
-
-        txn.execute(query, (room_id,))
-        txn.call_after(self.get_latest_event_ids_in_room.invalidate, (room_id,))
-
    async def _background_delete_non_state_event_auth(
        self, progress: JsonDict, batch_size: int
    ) -> int:
@@ -78,6 +78,7 @@ from synapse.types import (
 from synapse.types.handlers import SLIDING_SYNC_DEFAULT_BUMP_EVENT_TYPES
 from synapse.types.state import StateFilter
 from synapse.util import json_encoder
+from synapse.util.events import get_plain_text_topic_from_event_content
 from synapse.util.iterutils import batch_iter, sorted_topologically
 from synapse.util.stringutils import non_null_str_or_none

@@ -3102,7 +3103,10 @@ class PersistEventsStore:
    def _store_room_topic_txn(self, txn: LoggingTransaction, event: EventBase) -> None:
        if isinstance(event.content.get("topic"), str):
            self.store_event_search_txn(
-                txn, event, "content.topic", event.content["topic"]
+                txn,
+                event,
+                "content.topic",
+                get_plain_text_topic_from_event_content(event.content) or "",
            )

    def _store_room_name_txn(self, txn: LoggingTransaction, event: EventBase) -> None:
@@ -1246,7 +1246,9 @@ class EventsWorkerStore(SQLBaseStore):
                to event row. Note that it may well contain additional events that
                were not part of this request.
        """
-        with Measure(self._clock, "_fetch_event_list"):
+        with Measure(
+            self._clock, name="_fetch_event_list", server_name=self.server_name
+        ):
            try:
                events_to_fetch = {
                    event_id for events, _ in event_list for event_id in events
@@ -1034,3 +1034,39 @@ class MediaRepositoryStore(MediaRepositoryBackgroundUpdateStore):
            "local_media_repository",
            sha256,
        )
+
+    async def get_media_uploaded_size_for_user(
+        self, user_id: str, time_period_ms: int
+    ) -> int:
+        """Get the total size of media uploaded by a user in the last
+        time_period_ms milliseconds.
+
+        Args:
+            user_id: The user ID to check.
+            time_period_ms: The time period in milliseconds to consider.
+
+        Returns:
+            The total size of media uploaded by the user in bytes.
+        """
+
+        sql = """
+            SELECT COALESCE(SUM(media_length), 0)
+            FROM local_media_repository
+            WHERE user_id = ? AND created_ts > ?
+        """
+
+        def _get_media_uploaded_size_for_user_txn(
+            txn: LoggingTransaction,
+        ) -> int:
+            # Calculate the timestamp for the start of the time period
+            start_ts = self._clock.time_msec() - time_period_ms
+            txn.execute(sql, (user_id, start_ts))
+            row = txn.fetchone()
+            if row is None:
+                return 0
+            return row[0]
+
+        return await self.db_pool.runInteraction(
+            "get_media_uploaded_size_for_user",
+            _get_media_uploaded_size_for_user_txn,
+        )
@@ -175,7 +175,7 @@ class ThreepidValidationSession:
    """timestamp of when this session was validated if so"""


-class RegistrationWorkerStore(CacheInvalidationWorkerStore):
+class RegistrationWorkerStore(StatsStore, CacheInvalidationWorkerStore):
    def __init__(
        self,
        database: DatabasePool,
@@ -217,12 +217,167 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore):
                    self._set_expiration_date_when_missing,
                )

+        # If support for MSC3866 is enabled and configured to require approval for new
+        # account, we will create new users with an 'approved' flag set to false.
+        self._require_approval = (
+            hs.config.experimental.msc3866.enabled
+            and hs.config.experimental.msc3866.require_approval_for_new_accounts
+        )
+
        # Create a background job for culling expired 3PID validity tokens
        if hs.config.worker.run_background_tasks:
            self._clock.looping_call(
                self.cull_expired_threepid_validation_tokens, THIRTY_MINUTES_IN_MS
            )

+    async def register_user(
+        self,
+        user_id: str,
+        password_hash: Optional[str] = None,
+        was_guest: bool = False,
+        make_guest: bool = False,
+        appservice_id: Optional[str] = None,
+        create_profile_with_displayname: Optional[str] = None,
+        admin: bool = False,
+        user_type: Optional[str] = None,
+        shadow_banned: bool = False,
+        approved: bool = False,
+    ) -> None:
+        """Attempts to register an account.
+
+        Args:
+            user_id: The desired user ID to register.
+            password_hash: Optional. The password hash for this user.
+            was_guest: Whether this is a guest account being upgraded to a
+                non-guest account.
+            make_guest: True if the the new user should be guest, false to add a
+                regular user account.
+            appservice_id: The ID of the appservice registering the user.
+            create_profile_with_displayname: Optionally create a profile for
+                the user, setting their displayname to the given value
+            admin: is an admin user?
+            user_type: type of user. One of the values from api.constants.UserTypes,
+                a custom value set in the configuration file, or None for a normal
+                user.
+            shadow_banned: Whether the user is shadow-banned, i.e. they may be
+                told their requests succeeded but we ignore them.
+            approved: Whether to consider the user has already been approved by an
+                administrator.
+
+        Raises:
+            StoreError if the user_id could not be registered.
+        """
+        await self.db_pool.runInteraction(
+            "register_user",
+            self._register_user,
+            user_id,
+            password_hash,
+            was_guest,
+            make_guest,
+            appservice_id,
+            create_profile_with_displayname,
+            admin,
+            user_type,
+            shadow_banned,
+            approved,
+        )
+
+    def _register_user(
+        self,
+        txn: LoggingTransaction,
+        user_id: str,
+        password_hash: Optional[str],
+        was_guest: bool,
+        make_guest: bool,
+        appservice_id: Optional[str],
+        create_profile_with_displayname: Optional[str],
+        admin: bool,
+        user_type: Optional[str],
+        shadow_banned: bool,
+        approved: bool,
+    ) -> None:
+        user_id_obj = UserID.from_string(user_id)
+
+        now = int(self._clock.time())
+
+        user_approved = approved or not self._require_approval
+
+        try:
+            if was_guest:
+                # Ensure that the guest user actually exists
+                # ``allow_none=False`` makes this raise an exception
+                # if the row isn't in the database.
+                self.db_pool.simple_select_one_txn(
+                    txn,
+                    "users",
+                    keyvalues={"name": user_id, "is_guest": 1},
+                    retcols=("name",),
+                    allow_none=False,
+                )
+
+                self.db_pool.simple_update_one_txn(
+                    txn,
+                    "users",
+                    keyvalues={"name": user_id, "is_guest": 1},
+                    updatevalues={
+                        "password_hash": password_hash,
+                        "upgrade_ts": now,
+                        "is_guest": 1 if make_guest else 0,
+                        "appservice_id": appservice_id,
+                        "admin": 1 if admin else 0,
+                        "user_type": user_type,
+                        "shadow_banned": shadow_banned,
+                        "approved": user_approved,
+                    },
+                )
+            else:
+                self.db_pool.simple_insert_txn(
+                    txn,
+                    "users",
+                    values={
+                        "name": user_id,
+                        "password_hash": password_hash,
+                        "creation_ts": now,
+                        "is_guest": 1 if make_guest else 0,
+                        "appservice_id": appservice_id,
+                        "admin": 1 if admin else 0,
+                        "user_type": user_type,
+                        "shadow_banned": shadow_banned,
+                        "approved": user_approved,
+                    },
+                )
+
+        except self.database_engine.module.IntegrityError:
+            raise StoreError(400, "User ID already taken.", errcode=Codes.USER_IN_USE)
+
+        if self._account_validity_enabled:
+            self.set_expiration_date_for_user_txn(txn, user_id)
+
+        if create_profile_with_displayname:
+            # set a default displayname serverside to avoid ugly race
+            # between auto-joins and clients trying to set displaynames
+            #
+            # *obviously* the 'profiles' table uses localpart for user_id
+            # while everything else uses the full mxid.
+            txn.execute(
+                "INSERT INTO profiles(full_user_id, user_id, displayname) VALUES (?,?,?)",
+                (user_id, user_id_obj.localpart, create_profile_with_displayname),
+            )
+
+        if self.hs.config.stats.stats_enabled:
+            # we create a new completed user statistics row
+
+            # we don't strictly need current_token since this user really can't
+            # have any state deltas before now (as it is a new user), but still,
+            # we include it for completeness.
+            current_token = self._get_max_stream_id_in_current_state_deltas_txn(txn)
+
+            self._update_stats_delta_txn(
+                txn, now, "user", user_id, {}, complete_with_stream_id=current_token
+            )
+
+        self._invalidate_cache_and_stream(txn, self.get_user_by_id, (user_id,))
+
    @cached()
    async def get_user_by_id(self, user_id: str) -> Optional[UserInfo]:
        """Returns info about the user account, if it exists."""
@@ -2354,7 +2509,7 @@ class RegistrationBackgroundUpdateStore(RegistrationWorkerStore):
        return nb_processed


-class RegistrationStore(StatsStore, RegistrationBackgroundUpdateStore):
+class RegistrationStore(RegistrationBackgroundUpdateStore):
    def __init__(
        self,
        database: DatabasePool,
@@ -2370,13 +2525,6 @@ class RegistrationStore(StatsStore, RegistrationBackgroundUpdateStore):
        self._access_tokens_id_gen = IdGenerator(db_conn, "access_tokens", "id")
        self._refresh_tokens_id_gen = IdGenerator(db_conn, "refresh_tokens", "id")

-        # If support for MSC3866 is enabled and configured to require approval for new
-        # account, we will create new users with an 'approved' flag set to false.
-        self._require_approval = (
-            hs.config.experimental.msc3866.enabled
-            and hs.config.experimental.msc3866.require_approval_for_new_accounts
-        )
-
        # Create a background job for removing expired login tokens
        if hs.config.worker.run_background_tasks:
            self._clock.looping_call(
@@ -2524,153 +2672,6 @@ class RegistrationStore(StatsStore, RegistrationBackgroundUpdateStore):
            device_id,
        )

-    async def register_user(
-        self,
-        user_id: str,
-        password_hash: Optional[str] = None,
-        was_guest: bool = False,
-        make_guest: bool = False,
-        appservice_id: Optional[str] = None,
-        create_profile_with_displayname: Optional[str] = None,
-        admin: bool = False,
-        user_type: Optional[str] = None,
-        shadow_banned: bool = False,
-        approved: bool = False,
-    ) -> None:
-        """Attempts to register an account.
-
-        Args:
-            user_id: The desired user ID to register.
-            password_hash: Optional. The password hash for this user.
-            was_guest: Whether this is a guest account being upgraded to a
-                non-guest account.
-            make_guest: True if the the new user should be guest, false to add a
-                regular user account.
-            appservice_id: The ID of the appservice registering the user.
-            create_profile_with_displayname: Optionally create a profile for
-                the user, setting their displayname to the given value
-            admin: is an admin user?
-            user_type: type of user. One of the values from api.constants.UserTypes,
-                a custom value set in the configuration file, or None for a normal
-                user.
-            shadow_banned: Whether the user is shadow-banned, i.e. they may be
-                told their requests succeeded but we ignore them.
-            approved: Whether to consider the user has already been approved by an
-                administrator.
-
-        Raises:
-            StoreError if the user_id could not be registered.
-        """
-        await self.db_pool.runInteraction(
-            "register_user",
-            self._register_user,
-            user_id,
-            password_hash,
-            was_guest,
-            make_guest,
-            appservice_id,
-            create_profile_with_displayname,
-            admin,
-            user_type,
-            shadow_banned,
-            approved,
-        )
-
-    def _register_user(
-        self,
-        txn: LoggingTransaction,
-        user_id: str,
-        password_hash: Optional[str],
-        was_guest: bool,
-        make_guest: bool,
-        appservice_id: Optional[str],
-        create_profile_with_displayname: Optional[str],
-        admin: bool,
-        user_type: Optional[str],
-        shadow_banned: bool,
-        approved: bool,
-    ) -> None:
-        user_id_obj = UserID.from_string(user_id)
-
-        now = int(self._clock.time())
-
-        user_approved = approved or not self._require_approval
-
-        try:
-            if was_guest:
-                # Ensure that the guest user actually exists
-                # ``allow_none=False`` makes this raise an exception
-                # if the row isn't in the database.
-                self.db_pool.simple_select_one_txn(
-                    txn,
-                    "users",
-                    keyvalues={"name": user_id, "is_guest": 1},
-                    retcols=("name",),
-                    allow_none=False,
-                )
-
-                self.db_pool.simple_update_one_txn(
-                    txn,
-                    "users",
-                    keyvalues={"name": user_id, "is_guest": 1},
-                    updatevalues={
-                        "password_hash": password_hash,
-                        "upgrade_ts": now,
-                        "is_guest": 1 if make_guest else 0,
-                        "appservice_id": appservice_id,
-                        "admin": 1 if admin else 0,
-                        "user_type": user_type,
-                        "shadow_banned": shadow_banned,
-                        "approved": user_approved,
-                    },
-                )
-            else:
-                self.db_pool.simple_insert_txn(
-                    txn,
-                    "users",
-                    values={
-                        "name": user_id,
-                        "password_hash": password_hash,
-                        "creation_ts": now,
-                        "is_guest": 1 if make_guest else 0,
-                        "appservice_id": appservice_id,
-                        "admin": 1 if admin else 0,
-                        "user_type": user_type,
-                        "shadow_banned": shadow_banned,
-                        "approved": user_approved,
-                    },
-                )
-
-        except self.database_engine.module.IntegrityError:
-            raise StoreError(400, "User ID already taken.", errcode=Codes.USER_IN_USE)
-
-        if self._account_validity_enabled:
-            self.set_expiration_date_for_user_txn(txn, user_id)
-
-        if create_profile_with_displayname:
-            # set a default displayname serverside to avoid ugly race
-            # between auto-joins and clients trying to set displaynames
-            #
-            # *obviously* the 'profiles' table uses localpart for user_id
-            # while everything else uses the full mxid.
-            txn.execute(
-                "INSERT INTO profiles(full_user_id, user_id, displayname) VALUES (?,?,?)",
-                (user_id, user_id_obj.localpart, create_profile_with_displayname),
-            )
-
-        if self.hs.config.stats.stats_enabled:
-            # we create a new completed user statistics row
-
-            # we don't strictly need current_token since this user really can't
-            # have any state deltas before now (as it is a new user), but still,
-            # we include it for completeness.
-            current_token = self._get_max_stream_id_in_current_state_deltas_txn(txn)
-            self._update_stats_delta_txn(
-                txn, now, "user", user_id, {}, complete_with_stream_id=current_token
-            )
-
-        self._invalidate_cache_and_stream(txn, self.get_user_by_id, (user_id,))
-
    async def user_set_password_hash(
        self, user_id: str, password_hash: Optional[str]
    ) -> None:
@@ -1935,6 +1935,65 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
                desc="set_room_is_public_appservice_false",
            )

+    async def has_auth_chain_index(self, room_id: str) -> bool:
+        """Check if the room has (or can have) a chain cover index.
+
+        Defaults to True if we don't have an entry in `rooms` table nor any
+        events for the room.
+        """
+
+        has_auth_chain_index = await self.db_pool.simple_select_one_onecol(
+            table="rooms",
+            keyvalues={"room_id": room_id},
+            retcol="has_auth_chain_index",
+            desc="has_auth_chain_index",
+            allow_none=True,
+        )
+
+        if has_auth_chain_index:
+            return True
+
+        # It's possible that we already have events for the room in our DB
+        # without a corresponding room entry. If we do then we don't want to
+        # mark the room as having an auth chain cover index.
+        max_ordering = await self.db_pool.simple_select_one_onecol(
+            table="events",
+            keyvalues={"room_id": room_id},
+            retcol="MAX(stream_ordering)",
+            allow_none=True,
+            desc="has_auth_chain_index_fallback",
+        )
+
+        return max_ordering is None
+
+    async def maybe_store_room_on_outlier_membership(
+        self, room_id: str, room_version: RoomVersion
+    ) -> None:
+        """
+        When we receive an invite or any other event over federation that may relate to a room
+        we are not in, store the version of the room if we don't already know the room version.
+        """
+        # It's possible that we already have events for the room in our DB
+        # without a corresponding room entry. If we do then we don't want to
+        # mark the room as having an auth chain cover index.
+        has_auth_chain_index = await self.has_auth_chain_index(room_id)
+
+        await self.db_pool.simple_upsert(
+            desc="maybe_store_room_on_outlier_membership",
+            table="rooms",
+            keyvalues={"room_id": room_id},
+            values={},
+            insertion_values={
+                "room_version": room_version.identifier,
+                "is_public": False,
+                # We don't worry about setting the `creator` here because
+                # we don't process any messages in a room while a user is
+                # invited (only after the join).
+                "creator": "",
+                "has_auth_chain_index": has_auth_chain_index,
+            },
+        )
+

 class _BackgroundUpdates:
    REMOVE_TOMESTONED_ROOMS_BG_UPDATE = "remove_tombstoned_rooms_from_directory"
@@ -2186,37 +2245,6 @@ class RoomBackgroundUpdateStore(RoomWorkerStore):

        return len(rooms)

-    async def has_auth_chain_index(self, room_id: str) -> bool:
-        """Check if the room has (or can have) a chain cover index.
-
-        Defaults to True if we don't have an entry in `rooms` table nor any
-        events for the room.
-        """
-
-        has_auth_chain_index = await self.db_pool.simple_select_one_onecol(
-            table="rooms",
-            keyvalues={"room_id": room_id},
-            retcol="has_auth_chain_index",
-            desc="has_auth_chain_index",
-            allow_none=True,
-        )
-
-        if has_auth_chain_index:
-            return True
-
-        # It's possible that we already have events for the room in our DB
-        # without a corresponding room entry. If we do then we don't want to
-        # mark the room as having an auth chain cover index.
-        max_ordering = await self.db_pool.simple_select_one_onecol(
-            table="events",
-            keyvalues={"room_id": room_id},
-            retcol="MAX(stream_ordering)",
-            allow_none=True,
-            desc="has_auth_chain_index_fallback",
-        )
-
-        return max_ordering is None
-
    async def _background_populate_room_depth_min_depth2(
        self, progress: JsonDict, batch_size: int
    ) -> int:
@@ -2567,34 +2595,6 @@ class RoomStore(RoomBackgroundUpdateStore, RoomWorkerStore):
            updatevalues={"join_event_id": join_event_id},
        )

-    async def maybe_store_room_on_outlier_membership(
-        self, room_id: str, room_version: RoomVersion
-    ) -> None:
-        """
-        When we receive an invite or any other event over federation that may relate to a room
-        we are not in, store the version of the room if we don't already know the room version.
-        """
-        # It's possible that we already have events for the room in our DB
-        # without a corresponding room entry. If we do then we don't want to
-        # mark the room as having an auth chain cover index.
-        has_auth_chain_index = await self.has_auth_chain_index(room_id)
-
-        await self.db_pool.simple_upsert(
-            desc="maybe_store_room_on_outlier_membership",
-            table="rooms",
-            keyvalues={"room_id": room_id},
-            values={},
-            insertion_values={
-                "room_version": room_version.identifier,
-                "is_public": False,
-                # We don't worry about setting the `creator` here because
-                # we don't process any messages in a room while a user is
-                # invited (only after the join).
-                "creator": "",
-                "has_auth_chain_index": has_auth_chain_index,
-            },
-        )
-
    async def add_event_report(
        self,
        room_id: str,
@@ -983,7 +983,11 @@ class RoomMemberWorkerStore(EventsWorkerStore, CacheInvalidationWorkerStore):
        `_get_user_ids_from_membership_event_ids` for any uncached events.
        """

-        with Measure(self._clock, "get_joined_user_ids_from_state"):
+        with Measure(
+            self._clock,
+            name="get_joined_user_ids_from_state",
+            server_name=self.server_name,
+        ):
            users_in_room = set()
            member_event_ids = [
                e_id for key, e_id in state.items() if key[0] == EventTypes.Member
@@ -49,6 +49,7 @@ from synapse.storage.database import (
 from synapse.storage.databases.main.events_worker import EventRedactBehaviour
 from synapse.storage.engines import PostgresEngine, Sqlite3Engine
 from synapse.types import JsonDict
+from synapse.util.events import get_plain_text_topic_from_event_content

 if TYPE_CHECKING:
    from synapse.server import HomeServer
@@ -212,7 +213,9 @@ class SearchBackgroundUpdateStore(SearchWorkerStore):
                        value = content["body"]
                    elif etype == "m.room.topic":
                        key = "content.topic"
-                        value = content["topic"]
+                        value = (
+                            get_plain_text_topic_from_event_content(content) or "",
+                        )
                    elif etype == "m.room.name":
                        key = "content.name"
                        value = content["name"]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andrew Morgan	41e22d1e95	newsfile	2025-07-16 10:42:08 +01:00
Andrew Morgan	4f9c523cb5	Set minimum python version to 3.9.12 This matches Twisted's minimum required version. See twisted/twisted@27674f6	2025-07-16 10:41:58 +01:00
Eric Eastwood	fc10a5ee29	Refactor `Measure` block metrics to be homeserver-scoped (v2) (#18601 ) Refactor `Measure` block metrics to be homeserver-scoped (add `server_name` label to block metrics). Part of https://github.com/element-hq/synapse/issues/18592 ### Testing strategy #### See behavior of previous `metrics` listener 1. Add the `metrics` listener in your `homeserver.yaml` ```yaml listeners: - port: 9323 type: metrics bind_addresses: ['127.0.0.1'] ``` 1. Start the homeserver: `poetry run synapse_homeserver --config-path homeserver.yaml` 1. Fetch `http://localhost:9323/metrics` 1. Observe response includes the block metrics (`synapse_util_metrics_block_count`, `synapse_util_metrics_block_in_flight`, etc) #### See behavior of the `http` `metrics` resource 1. Add the `metrics` resource to a new or existing `http` listeners in your `homeserver.yaml` ```yaml listeners: - port: 9322 type: http bind_addresses: ['127.0.0.1'] resources: - names: [metrics] compress: false ``` 1. Start the homeserver: `poetry run synapse_homeserver --config-path homeserver.yaml` 1. Fetch `http://localhost:9322/_synapse/metrics` (it's just a `GET` request so you can even do in the browser) 1. Observe response includes the block metrics (`synapse_util_metrics_block_count`, `synapse_util_metrics_block_in_flight`, etc)	2025-07-15 15:55:23 -05:00
Eric Eastwood	d72c278a07	Remove `allow_no_prev_events` option (MSC2716 cleanup) (#18676 ) This option is no longer used since we backed out the MSC2716 changes in https://github.com/matrix-org/synapse/pull/15748 and is even mentioned as a follow-up task in the PR description there. The `allow_no_prev_events` option was first introduced in https://github.com/matrix-org/synapse/pull/11243 to support MSC2716 back in the day.	2025-07-15 15:53:56 -05:00
Johannes Marbach	b274d6561c	Document that some config options for the user directory are in violation of the Matrix spec (#18548 ) Fix #17534 Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>	2025-07-15 13:25:25 -05:00
Andrew Morgan	49cb78376e	Advertise support for Matrix v1.12 (#18647 )	2025-07-15 15:07:20 +01:00
Eric Eastwood	88f38ea149	Correct version that `recaptcha_{private,public}_key_path` config options were introduced (#18684 ) Introduced in https://github.com/element-hq/synapse/pull/17984 I already see a [`v1.134.0rc1`](https://github.com/element-hq/synapse/releases/tag/v1.134.0rc1) tag from 5 days ago so I assume https://github.com/element-hq/synapse/pull/17984 will actually ship in the next release (which will be `v1.135.0`)	2025-07-15 09:05:45 -05:00
Andrew Morgan	5f027adb33	Update URL Preview code to work with `lxml` 6.0.0 (#18622 )	2025-07-15 15:04:29 +01:00
Erik Johnston	e6dbbbb315	Merge remote-tracking branch 'origin/master' into develop	2025-07-15 14:55:25 +01:00
dependabot[bot]	78ce4dc26f	Bump mypy from 1.13.0 to 1.16.1 (#18653 )	2025-07-15 14:42:54 +01:00
reivilibre	97d2738eef	Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events. (#18499 ) Fixes: #18491 Fix hotlooping due to skipped PDUs if there is still no progress to be made. This could bite if the event was purged since being skipped during catch-up. Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>	2025-07-15 12:01:41 +01:00
dependabot[bot]	945e22303c	Bump phonenumbers from 9.0.8 to 9.0.9 (#18681 )	2025-07-15 11:47:59 +01:00
V02460	481c4e2b55	Add recaptcha_{private,public}_key_path config option (#17984 ) Another config option on my quest to a `_path` variant for every secret. Adds the config options `recaptcha_private_key_path` and `recaptcha_public_key_path`. Tests and docs are included. A public key is of course no secret, but it is closely related to the private key, so it’s still useful to have a `_path` variant for it.	2025-07-14 11:37:36 -05:00
Travis Ralston	5129668449	Allow admins to see soft failed events (if they want to) (#18238 )	2025-07-14 16:55:19 +01:00
dependabot[bot]	3c13c3bebf	Bump base64 from 0.21.7 to 0.22.1 (#18666 ) Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.21.7 to 0.22.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md">base64's changelog</a>.</em></p> <blockquote> <h1>0.22.1</h1> <ul> <li>Correct the symbols used for the predefined <code>alphabet::BIN_HEX</code>.</li> </ul> <h1>0.22.0</h1> <ul> <li><code>DecodeSliceError::OutputSliceTooSmall</code> is now conservative rather than precise. That is, the error will only occur if the decoded output <em>cannot</em> fit, meaning that <code>Engine::decode_slice</code> can now be used with exactly-sized output slices. As part of this, <code>Engine::internal_decode</code> now returns <code>DecodeSliceError</code> instead of <code>DecodeError</code>, but that is not expected to affect any external callers.</li> <li><code>DecodeError::InvalidLength</code> now refers specifically to the <em>number of valid symbols</em> being invalid (i.e. <code>len % 4 == 1</code>), rather than just the number of input bytes. This avoids confusing scenarios when based on interpretation you could make a case for either <code>InvalidLength</code> or <code>InvalidByte</code> being appropriate.</li> <li>Decoding is somewhat faster (5-10%)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/marshallpierce/rust-base64/commit/e14400697453bcc85997119b874bc03d9601d0af"><code>e144006</code></a> v0.22.1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/64cca59ddbb4c43244a8f38629b59960ffe36bc0"><code>64cca59</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/271">#271</a> from JobanSD/patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/838355e0ac5fb8237ec9b96be5edb011bff00275"><code>838355e</code></a> Correct BinHex 4.0 alphabet according to specifications</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/bf15ccf30af8bb6b1f326fffa025d7b0aaa3342f"><code>bf15ccf</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/270">#270</a> from marshallpierce/mp/clippy</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/fc6aabee8afaf8b2f4cfb12df4cf461bcf9b003d"><code>fc6aabe</code></a> Appease clippy</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/9a518a2d5d028068d4bf83ebf437f7a3575e640e"><code>9a518a2</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/267">#267</a> from bdura/patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/d96c80f242e3080a03fd1c079730e17373ef0eb6"><code>d96c80f</code></a> Merge branch 'marshallpierce:master' into patch-1</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/5d70ba7576f9aafcbf02bd8acfcb9973411fb95f"><code>5d70ba7</code></a> Merge pull request <a href="https://redirect.github.com/marshallpierce/rust-base64/issues/269">#269</a> from marshallpierce/mp/decode-precisely</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/efb6c006c75ddbe60c084c2e3e0e084cd18b0122"><code>efb6c00</code></a> Release notes</li> <li><a href="https://github.com/marshallpierce/rust-base64/commit/2b91084a31ad11624acd81e06455ba0cbd21d4a8"><code>2b91084</code></a> Add some tests to boost coverage</li> <li>Additional commits viewable in <a href="https://github.com/marshallpierce/rust-base64/compare/v0.21.7...v0.22.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=base64&package-manager=cargo&previous-version=0.21.7&new-version=0.22.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-07-11 13:26:59 +00:00
Quentin Gliech	1e5e6a48be	Use markdown-it-py instead of commonmark in the release script. (#18637 ) `commonmark` has been deprecated in favor of `markdown-it-py`, and its type hints have been [removed from typeshed](https://github.com/python/typeshed/issues/13725). This switches the release script to use `markdown-it-py` instead of `commonmark` for parsing the `CHANGES.md`	2025-07-11 12:54:46 +00:00
Andrew Morgan	947216abc0	Update `latest_deps` workflow to migrate `poetry --no-dev` -> `--without dev` (#18617 )	2025-07-11 12:34:37 +01:00
V02460	c5999cf452	Document config file merge behavior (#18664 ) Explains in the doc comment of `synapse.config._base.read_config_file` how config files are merged.	2025-07-11 11:15:12 +01:00
Quentin Gliech	28c9ed3ccb	Remove unnecessary replication calls (#18564 ) This should be reviewed commit by commit. Nowadays it's trivial to propagate cache invalidations, which means we can move some things off the main process, and not go through HTTP replication. `ReplicationGetQueryRestServlet` appeared to be unused, and was very weird, as it was being called if the current instance is the main one… to RPC to the main one (if no instance is set on a replication client, it makes it to the main process) The other two handlers could be relatively trivially moved to any workers, moving some methods to the worker store. I've intentionally not removed the replication servlets yet so that it's safe to rollout, and will do another PR that clean those up to remove on the N+1 version	2025-07-11 08:47:54 +00:00
Quentin Gliech	1dc29563c1	Move registrations off the main worker (#18552 ) This is mainly moving a few store methods around. Note that this doesn't yet remove the replication servlet to avoid breaking during rollout.	2025-07-10 13:13:27 +00:00
Erik Johnston	66daf0bfae	Add ability to limit amount uploaded by a user (#18527 ) You can now configure how much media can be uploaded by a user in a given time period. Note the first commit here is a refactor of create/upload content function	2025-07-10 13:39:09 +01:00
Johannes Marbach	b9b8775db7	Add plain-text handling for rich-text topics as per MSC3765 (#18195 ) This implements https://github.com/matrix-org/matrix-spec-proposals/pull/3765 which is already merged and, therefore, can use stable identifiers. For `/publicRooms` and `/hierarchy`, the topic is read from the eponymous field of the `current_state_events` table. Rather than introduce further columns in this table, I changed the insertion / update logic to write the plain-text topic from the rich topic into the existing field. This will not take effect for existing rooms unless their topic is changed. However, existing rooms shouldn't have rich topics to begin with. Similarly, for server-side search, I changed the insertion logic of the `event_search` table to prefer the value from the rich topic. Again, existing events shouldn't have rich topics and, therefore, don't need to be migrated in the table. Spec doc: https://spec.matrix.org/v1.15/client-server-api/#mroomtopic Part of supporting Matrix v1.15: https://spec.matrix.org/v1.15/client-server-api/#mroomtopic Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org> Co-authored-by: Eric Eastwood <erice@element.io>	2025-07-09 14:13:54 -05:00
Johannes Marbach	e1b429d88e	Add experimental support for MSC4277: Harmonizing the reporting endpoints (#18263 ) [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277): Harmonizing the reporting endpoints	2025-07-09 14:08:21 -05:00
Andrew Morgan	8c1e60045c	Merge branch 'release-v1.134' into develop	2025-07-09 14:38:52 +01:00
Erik Johnston	bf0370162f	Speed up inserting into stream_positions (#18672 ) By ensuring we don't do a no-op `UPDATE`, as this causes new tuples to be written in postgres.	2025-07-09 11:48:06 +01:00
				`@@ -0,0 +1 @@`
				Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
				`@@ -0,0 +1 @@`
				`Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).`
				`@@ -0,0 +1 @@`
				`If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.`
				`@@ -0,0 +1 @@`
				`Add experimental support for [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277).`
				`@@ -0,0 +1 @@`
				`Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events.`
				`@@ -0,0 +1 @@`
				`Add ability to limit amount uploaded by a user in a given time period.`
				`@@ -0,0 +1 @@`
				`Document that some config options for the user directory are in violation of the Matrix spec.`
				`@@ -0,0 +1 @@`
				`Allow user registrations to be done on workers.`
				`@@ -0,0 +1 @@`
				Refactor `Measure` block metrics to be homeserver-scoped.