Fixup

Update
Bump setuptools_rust
2024-11-18 18:00:36 +00:00 · 2024-11-18 17:53:49 +00:00 · 2024-11-18 17:28:11 +00:00
173 changed files with 5583 additions and 9456 deletions
@@ -60,7 +60,7 @@ trial_postgres_tests = [
    {
        "python-version": "3.9",
        "database": "postgres",
-        "postgres-version": "13",
+        "postgres-version": "11",
        "extras": "all",
    }
 ]
@@ -14,7 +14,7 @@ permissions:
  id-token: write # needed for signing the images with GitHub OIDC Token
 jobs:
  build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
    steps:
      - name: Set up QEMU
        id: qemu
@@ -14,7 +14,7 @@ jobs:
      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
      - name: 📥 Download artifact
-        uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
        with:
          workflow: docs-pr.yaml
          run_id: ${{ github.event.workflow_run.id }}
@@ -212,8 +212,7 @@ jobs:
          mv debs*/* debs/
          tar -cvJf debs.tar.xz debs
      - name: Attach to release
-        # Pinned to work around https://github.com/softprops/action-gh-release/issues/445
-        uses: softprops/action-gh-release@v0.1.15
+        uses: softprops/action-gh-release@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -221,7 +220,3 @@ jobs:
            Sdist/*
            Wheel*/*
            debs.tar.xz
-          # if it's not already published, keep the release as a draft.
-          draft: true
-          # mark it as a prerelease if the tag contains 'rc'.
-          prerelease: ${{ contains(github.ref, 'rc') }}
@@ -581,7 +581,7 @@ jobs:
      matrix:
        include:
          - python-version: "3.9"
-            postgres-version: "13"
+            postgres-version: "11"

          - python-version: "3.13"
            postgres-version: "17"
@@ -13,9 +13,9 @@ dependencies = [

 [[package]]
 name = "anyhow"
-version = "1.0.95"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34ac096ce696dc2fcabef30516bb13c0a68a11d30131d3df6f04711467681b04"
+checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775"

 [[package]]
 name = "arc-swap"
@@ -35,6 +35,12 @@ version = "0.21.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"

+[[package]]
+name = "bitflags"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1"
+
 [[package]]
 name = "blake2"
 version = "0.10.6"
@@ -61,9 +67,9 @@ checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"

 [[package]]
 name = "bytes"
-version = "1.9.0"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
+checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da"

 [[package]]
 name = "cfg-if"
@@ -124,8 +130,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
 dependencies = [
 "cfg-if",
+ "js-sys",
 "libc",
 "wasi",
+ "wasm-bindgen",
 ]

 [[package]]
@@ -154,9 +162,9 @@ dependencies = [

 [[package]]
 name = "heck"
-version = "0.5.0"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
+checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"

 [[package]]
 name = "hex"
@@ -166,9 +174,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"

 [[package]]
 name = "http"
-version = "1.2.0"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
+checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258"
 dependencies = [
 "bytes",
 "fnv",
@@ -214,6 +222,16 @@ version = "0.2.154"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346"

+[[package]]
+name = "lock_api"
+version = "0.4.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
 [[package]]
 name = "log"
 version = "0.4.22"
@@ -247,6 +265,29 @@ version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"

+[[package]]
+name = "parking_lot"
+version = "0.12.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e4af0ca4f6caed20e900d564c242b8e5d4903fdacf31d3daf527b66fe6f42fb"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-targets",
+]
+
 [[package]]
 name = "portable-atomic"
 version = "1.6.0"
@@ -270,16 +311,16 @@ dependencies = [

 [[package]]
 name = "pyo3"
-version = "0.23.4"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57fe09249128b3173d092de9523eaa75136bf7ba85e0d69eca241c7939c933cc"
+checksum = "a5e00b96a521718e08e03b1a622f01c8a8deb50719335de3f60b3b3950f069d8"
 dependencies = [
 "anyhow",
 "cfg-if",
 "indoc",
 "libc",
 "memoffset",
- "once_cell",
+ "parking_lot",
 "portable-atomic",
 "pyo3-build-config",
 "pyo3-ffi",
@@ -289,9 +330,9 @@ dependencies = [

 [[package]]
 name = "pyo3-build-config"
-version = "0.23.4"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1cd3927b5a78757a0d71aa9dff669f903b1eb64b54142a9bd9f757f8fde65fd7"
+checksum = "7883df5835fafdad87c0d888b266c8ec0f4c9ca48a5bed6bbb592e8dedee1b50"
 dependencies = [
 "once_cell",
 "target-lexicon",
@@ -299,9 +340,9 @@ dependencies = [

 [[package]]
 name = "pyo3-ffi"
-version = "0.23.4"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dab6bb2102bd8f991e7749f130a70d05dd557613e39ed2deeee8e9ca0c4d548d"
+checksum = "01be5843dc60b916ab4dad1dca6d20b9b4e6ddc8e15f50c47fe6d85f1fb97403"
 dependencies = [
 "libc",
 "pyo3-build-config",
@@ -309,9 +350,9 @@ dependencies = [

 [[package]]
 name = "pyo3-log"
-version = "0.12.0"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3eb421dc86d38d08e04b927b02424db480be71b777fa3a56f32e2f2a3a1a3b08"
+checksum = "2af49834b8d2ecd555177e63b273b708dea75150abc6f5341d0a6e1a9623976c"
 dependencies = [
 "arc-swap",
 "log",
@@ -320,9 +361,9 @@ dependencies = [

 [[package]]
 name = "pyo3-macros"
-version = "0.23.4"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91871864b353fd5ffcb3f91f2f703a22a9797c91b9ab497b1acac7b07ae509c7"
+checksum = "77b34069fc0682e11b31dbd10321cbf94808394c56fd996796ce45217dfac53c"
 dependencies = [
 "proc-macro2",
 "pyo3-macros-backend",
@@ -332,9 +373,9 @@ dependencies = [

 [[package]]
 name = "pyo3-macros-backend"
-version = "0.23.4"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43abc3b80bc20f3facd86cd3c60beed58c3e2aa26213f3cda368de39c60a27e4"
+checksum = "08260721f32db5e1a5beae69a55553f56b99bd0e1c3e6e0a5e8851a9d0f5a85c"
 dependencies = [
 "heck",
 "proc-macro2",
@@ -345,9 +386,9 @@ dependencies = [

 [[package]]
 name = "pythonize"
-version = "0.23.0"
+version = "0.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91a6ee7a084f913f98d70cdc3ebec07e852b735ae3059a1500db2661265da9ff"
+checksum = "9d0664248812c38cc55a4ed07f88e4df516ce82604b93b1ffdc041aa77a6cb3c"
 dependencies = [
 "pyo3",
 "serde",
@@ -392,6 +433,15 @@ dependencies = [
 "getrandom",
 ]

+[[package]]
+name = "redox_syscall"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "469052894dcb553421e483e4209ee581a45100d31b4018de03e5a7ad86374a7e"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "regex"
 version = "1.11.1"
@@ -428,19 +478,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"

 [[package]]
-name = "serde"
-version = "1.0.217"
+name = "scopeguard"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02fc4265df13d6fa1d00ecff087228cc0a2b5f3c0e87e258d8b94a156e984c70"
+checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+
+[[package]]
+name = "serde"
+version = "1.0.214"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f55c3193aca71c12ad7890f1785d2b73e1b9f63a0bbc353c08ef26fe03fc56b5"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.217"
+version = "1.0.214"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a9bf7cf98d04a2b28aead066b7496853d4779c9cc183c440dbac457641e19a0"
+checksum = "de523f781f095e28fa605cdce0f8307e451cc0fd14e2eb4cd2e98a355b147766"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -449,9 +505,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.135"
+version = "1.0.132"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b0d7ba2887406110130a978386c4e1befb98c674b4fba677954e4db976630d9"
+checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03"
 dependencies = [
 "itoa",
 "memchr",
@@ -481,6 +537,12 @@ dependencies = [
 "digest",
 ]

+[[package]]
+name = "smallvec"
+version = "1.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67"
+
 [[package]]
 name = "subtle"
 version = "2.5.0"
@@ -536,10 +598,11 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"

 [[package]]
 name = "ulid"
-version = "1.1.4"
+version = "1.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f294bff79170ed1c5633812aff1e565c35d993a36e757f9bc0accf5eec4e6045"
+checksum = "04f903f293d11f31c0c29e4148f6dc0d033a7f80cebc0282bea147611667d289"
 dependencies = [
+ "getrandom",
 "rand",
 "web-time",
 ]
@@ -631,3 +694,67 @@ dependencies = [
 "js-sys",
 "wasm-bindgen",
 ]
+
+[[package]]
+name = "windows-targets"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.52.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0"
@@ -1,10 +1,8 @@
 # A build script for poetry that adds the rust extension.

-import itertools
 import os
 from typing import Any, Dict

-from packaging.specifiers import SpecifierSet
 from setuptools_rust import Binding, RustExtension


@@ -16,27 +14,10 @@ def build(setup_kwargs: Dict[str, Any]) -> None:
        target="synapse.synapse_rust",
        path=cargo_toml_path,
        binding=Binding.PyO3,
-        # This flag is a no-op in the latest versions. Instead, we need to
-        # specify this in the `bdist_wheel` config below.
-        py_limited_api=True,
+        # py_limited_api=True,
        # We force always building in release mode, as we can't tell the
        # difference between using `poetry` in development vs production.
        debug=False,
    )
    setup_kwargs.setdefault("rust_extensions", []).append(extension)
    setup_kwargs["zip_safe"] = False
-
-    # We lookup the minimum supported python version by looking at
-    # `python_requires` (e.g. ">=3.9.0,<4.0.0") and finding the first python
-    # version that matches. We then convert that into the `py_limited_api` form,
-    # e.g. cp39 for python 3.9.
-    py_limited_api: str
-    python_bounds = SpecifierSet(setup_kwargs["python_requires"])
-    for minor_version in itertools.count(start=8):
-        if f"3.{minor_version}.0" in python_bounds:
-            py_limited_api = f"cp3{minor_version}"
-            break
-
-    setup_kwargs.setdefault("options", {}).setdefault("bdist_wheel", {})[
-        "py_limited_api"
-    ] = py_limited_api
@@ -0,0 +1 @@
+Remove support for closed [MSC3886](https://github.com/matrix-org/matrix-spec-proposals/pull/3886).
@@ -0,0 +1 @@
+Addressed some typos in docs and returned error message for unknown MXC ID.
@@ -0,0 +1 @@
+Clarify the semantics of the `enable_authenticated_media` configuration option.
@@ -0,0 +1 @@
+Unpin the upload release GHA action.
@@ -0,0 +1 @@
+Bump macos version used to build wheels during release, as current version used is end-of-life.
@@ -0,0 +1 @@
+Move server event filtering logic to rust.
@@ -0,0 +1 @@
+Add documentation about backing up Synapse.
@@ -245,7 +245,7 @@ class SynapseCmd(cmd.Cmd):

        if "flows" not in json_res:
            print("Failed to find any login flows.")
-            return False
+            defer.returnValue(False)

        flow = json_res["flows"][0]  # assume first is the one we want.
        if "type" not in flow or "m.login.password" != flow["type"] or "stages" in flow:
@@ -254,8 +254,8 @@ class SynapseCmd(cmd.Cmd):
                "Unable to login via the command line client. Please visit "
                "%s to login." % fallback_url
            )
-            return False
-        return True
+            defer.returnValue(False)
+        defer.returnValue(True)

    def do_emailrequest(self, line):
        """Requests the association of a third party identifier
@@ -78,7 +78,7 @@ class TwistedHttpClient(HttpClient):
            url, data, headers_dict={"Content-Type": ["application/json"]}
        )
        body = yield readBody(response)
-        return response.code, body
+        defer.returnValue((response.code, body))

    @defer.inlineCallbacks
    def get_json(self, url, args=None):
@@ -88,7 +88,7 @@ class TwistedHttpClient(HttpClient):
            url = "%s?%s" % (url, qs)
        response = yield self._create_get_request(url)
        body = yield readBody(response)
-        return json.loads(body)
+        defer.returnValue(json.loads(body))

    def _create_put_request(self, url, json_data, headers_dict: Optional[dict] = None):
        """Wrapper of _create_request to issue a PUT request"""
@@ -134,7 +134,7 @@ class TwistedHttpClient(HttpClient):
            response = yield self._create_request(method, url)

        body = yield readBody(response)
-        return json.loads(body)
+        defer.returnValue(json.loads(body))

    @defer.inlineCallbacks
    def _create_request(
@@ -173,7 +173,7 @@ class TwistedHttpClient(HttpClient):
        if self.verbose:
            print("Status %s %s" % (response.code, response.phrase))
            print(pformat(list(response.headers.getAllRawHeaders())))
-        return response
+        defer.returnValue(response)

    def sleep(self, seconds):
        d = defer.Deferred()
@@ -30,6 +30,3 @@ docker-compose up -d
 ### More information

 For more information on required environment variables and mounts, see the main docker documentation at [/docker/README.md](../../docker/README.md)
-
-**For a more comprehensive Docker Compose example showcasing a full Matrix 2.0 stack, please see
-https://github.com/element-hq/element-docker-demo**
@@ -8,9 +8,6 @@ All examples and snippets assume that your Synapse service is called `synapse` i

 An example Docker Compose file can be found [here](docker-compose.yaml).

-**For a more comprehensive Docker Compose example, showcasing a full Matrix 2.0 stack (originally based on this
-docker-compose.yaml), please see https://github.com/element-hq/element-docker-demo**
-
 ## Worker Service Examples in Docker Compose

 In order to start the Synapse container as a worker, you must specify an `entrypoint` that loads both the `homeserver.yaml` and the configuration for the worker (`synapse-generic-worker-1.yaml` in the example below). You must also include the worker type in the environment variable `SYNAPSE_WORKER` or alternatively pass `-m synapse.app.generic_worker` as part of the `entrypoint` after `"/start.py", "run"`).
@@ -1,63 +1,3 @@
-matrix-synapse-py3 (1.123.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.123.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 21 Jan 2025 14:39:57 +0100
-
-matrix-synapse-py3 (1.122.0) stable; urgency=medium
-
-  * New Synapse release 1.122.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 14 Jan 2025 14:14:14 +0000
-
-matrix-synapse-py3 (1.122.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.122.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 07 Jan 2025 14:06:19 +0000
-
-matrix-synapse-py3 (1.121.1) stable; urgency=medium
-
-  * New Synapse release 1.121.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 11 Dec 2024 18:24:48 +0000
-
-matrix-synapse-py3 (1.121.0) stable; urgency=medium
-
-  * New Synapse release 1.121.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 11 Dec 2024 13:12:30 +0100
-
-matrix-synapse-py3 (1.121.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.121.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 04 Dec 2024 14:47:23 +0000
-
-matrix-synapse-py3 (1.120.2) stable; urgency=medium
-
-  * New synapse release 1.120.2.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Dec 2024 15:43:37 +0000
-
-matrix-synapse-py3 (1.120.1) stable; urgency=medium
-
-  * New synapse release 1.120.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Dec 2024 09:07:57 +0000
-
-matrix-synapse-py3 (1.120.0) stable; urgency=medium
-
-  * New synapse release 1.120.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 26 Nov 2024 13:10:23 +0000
-
-matrix-synapse-py3 (1.120.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.120.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 20 Nov 2024 15:02:21 +0000
-
 matrix-synapse-py3 (1.119.0) stable; urgency=medium

  * New Synapse release 1.119.0.
@@ -7,7 +7,6 @@
 #}

 ## Server ##
-public_baseurl: http://127.0.0.1:8008/
 report_stats: False
 trusted_key_servers: []
 enable_registration: true
@@ -85,9 +84,6 @@ rc_invites:
  per_user:
    per_second: 1000
    burst_count: 1000
-  per_issuer:
-    per_second: 1000
-    burst_count: 1000

 federation_rr_transactions_per_room_per_second: 9999

@@ -108,16 +104,6 @@ experimental_features:
  msc3967_enabled: true
  # Expose a room summary for public rooms
  msc3266_enabled: true
-  # Send to-device messages to application services
-  msc2409_to_device_messages_enabled: true
-  # Allow application services to masquerade devices
-  msc3202_device_masquerading: true
-  # Sending device list changes, one-time key counts and fallback key usage to application services
-  msc3202_transaction_extensions: true
-  # Proxy OTK claim requests to exclusive ASes
-  msc3983_appservice_otk_claims: true
-  # Proxy key queries to exclusive ASes
-  msc3984_appservice_key_query: true

 server_notices:
  system_mxid_localpart: _server
@@ -38,13 +38,10 @@ server {
 {% if using_unix_sockets %}
        proxy_pass http://unix:/run/main_public.sock;
 {% else %}
-        # note: do not add a path (even a single /) after the port in `proxy_pass`,
-        # otherwise nginx will canonicalise the URI and cause signature verification
-        # errors.
        proxy_pass http://localhost:8080;
 {% endif %}
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host:$server_port;
+        proxy_set_header Host $host;
    }
 }
@@ -60,11 +60,10 @@ paginate through.
  anything other than the return value of `next_token` from a previous call. Defaults to `0`.
 * `dir`: string - Direction of event report order. Whether to fetch the most recent
  first (`b`) or the oldest first (`f`). Defaults to `b`.
-* `user_id`: optional string - Filter by the user ID of the reporter. This is the user who reported the event
-   and wrote the reason.
-* `room_id`: optional string - Filter by room id.
-* `event_sender_user_id`: optional string - Filter by the sender of the reported event. This is the user who 
-   the report was made against.
+* `user_id`: string - Is optional and filters to only return users with user IDs that
+  contain this value. This is the user who reported the event and wrote the reason.
+* `room_id`: string - Is optional and filters to only return rooms with room IDs that
+  contain this value.

 **Response**

@@ -385,13 +385,6 @@ The API is:
 GET /_synapse/admin/v1/rooms/<room_id>/state
 ```

-**Parameters**
-
-The following query parameter is available:
-
-* `type` - The type of room state event to filter by, eg "m.room.create". If provided, only state events
-    of this type will be returned (regardless of their `state_key` value).
-
 A response body like the following is returned:

 ```json
@@ -40,7 +40,6 @@ It returns a JSON body like the following:
    "erased": false,
    "shadow_banned": 0,
    "creation_ts": 1560432506,
-    "last_seen_ts": 1732919539393,
    "appservice_id": null,
    "consent_server_notice_sent": null,
    "consent_version": null,
@@ -56,8 +55,7 @@ It returns a JSON body like the following:
        }
    ],
    "user_type": null,
-    "locked": false,
-    "suspended": false
+    "locked": false
 }
 ```

@@ -478,9 +476,9 @@ with a body of:
 }
 ```

-## List joined rooms of a user
+## List room memberships of a user

-Gets a list of all `room_id` that a specific `user_id` is joined to and is a member of (participating in).
+Gets a list of all `room_id` that a specific `user_id` is member.

 The API is:

@@ -517,73 +515,6 @@ The following fields are returned in the JSON response body:
 - `joined_rooms` - An array of `room_id`.
 - `total` - Number of rooms.

-## Get the number of invites sent by the user
-
-Fetches the number of invites sent by the provided user ID across all rooms
-after the given timestamp.
-
-```
-GET /_synapse/admin/v1/users/$user_id/sent_invite_count
-```
-
-**Parameters**
-
-The following parameters should be set in the URL:
-
-* `user_id`: fully qualified: for example, `@user:server.com`
-
-The following should be set as query parameters in the URL:
-
-* `from_ts`: int, required. A timestamp in ms from the unix epoch. Only
-   invites sent at or after the provided timestamp will be returned.
-   This works by comparing the provided timestamp to the `received_ts`
-   column in the `events` table.
-   Note: https://currentmillis.com/ is a useful tool for converting dates
-   into timestamps and vice versa.
-
-A response body like the following is returned:
-
-```json
-{
-  "invite_count": 30
-}
-```
-
-_Added in Synapse 1.122.0_
-
-## Get the cumulative number of rooms a user has joined after a given timestamp
-
-Fetches the number of rooms that the user joined after the given timestamp, even
-if they have subsequently left/been banned from those rooms.
-
-```
-GET /_synapse/admin/v1/users/$<user_id/cumulative_joined_room_count
-```
-
-**Parameters**
-
-The following parameters should be set in the URL:
-
-* `user_id`: fully qualified: for example, `@user:server.com`
-
-The following should be set as query parameters in the URL:
-
-* `from_ts`: int, required. A timestamp in ms from the unix epoch. Only
-   invites sent at or after the provided timestamp will be returned.
-   This works by comparing the provided timestamp to the `received_ts`
-   column in the `events` table.
-   Note: https://currentmillis.com/ is a useful tool for converting dates
-   into timestamps and vice versa.
-
-A response body like the following is returned:
-
-```json
-{
-  "cumulative_joined_room_count": 30
-}
-```
-_Added in Synapse 1.122.0_
-
 ## Account Data
 Gets information about account data for a specific `user_id`.

@@ -1512,6 +1443,4 @@ The following fields are returned in the JSON response body:
 - `failed_redactions` - dictionary - the keys of the dict are event ids the process was unable to redact, if any, and the values are 
  the corresponding error that caused the redaction to fail

-_Added in Synapse 1.116.0._
-
-
+_Added in Synapse 1.116.0._
@@ -245,7 +245,7 @@ this callback.
 _First introduced in Synapse v1.37.0_

 ```python
-async def check_username_for_spam(user_profile: synapse.module_api.UserProfile, requester_id: str) -> bool
+async def check_username_for_spam(user_profile: synapse.module_api.UserProfile) -> bool
 ```

 Called when computing search results in the user directory. The module must return a
@@ -264,8 +264,6 @@ The profile is represented as a dictionary with the following keys:
 The module is given a copy of the original dictionary, so modifying it from within the
 module cannot modify a user's profile when included in user directory search results.

-The requester_id parameter is the ID of the user that called the user directory API.
-
 If multiple modules implement this callback, they will be considered in order. If a
 callback returns `False`, Synapse falls through to the next one. The value of the first
 callback that does not return `False` will be used. If this happens, Synapse will not call
@@ -336,36 +336,6 @@ but it has a `response_types_supported` which excludes "code" (which we rely on,
 is even mentioned in their [documentation](https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login)),
 so we have to disable discovery and configure the URIs manually.

-### Forgejo
-
-Forgejo is a fork of Gitea that can act as an OAuth2 provider.
-
-The implementation of OAuth2 is improved compared to Gitea, as it provides a correctly defined `subject_claim` and `scopes`.
-
-Synapse config:
-
-```yaml
-oidc_providers:
-  - idp_id: forgejo
-    idp_name: Forgejo
-    discover: false
-    issuer: "https://your-forgejo.com/"
-    client_id: "your-client-id" # TO BE FILLED
-    client_secret: "your-client-secret" # TO BE FILLED
-    client_auth_method: client_secret_post
-    scopes: ["openid", "profile", "email", "groups"]
-    authorization_endpoint: "https://your-forgejo.com/login/oauth/authorize"
-    token_endpoint: "https://your-forgejo.com/login/oauth/access_token"
-    userinfo_endpoint: "https://your-forgejo.com/api/v1/user"
-    user_mapping_provider:
-      config:
-        subject_claim: "sub"
-        picture_claim: "picture"
-        localpart_template: "{{ user.preferred_username }}"
-        display_name_template: "{{ user.name }}"
-        email_template: "{{ user.email }}"
-```
-
 ### GitHub

 [GitHub][github-idp] is a bit special as it is not an OpenID Connect compliant provider, but
@@ -74,7 +74,7 @@ server {
        proxy_pass http://localhost:8008;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host:$server_port;
+        proxy_set_header Host $host;

        # Nginx by default only allows file uploads up to 1M in size
        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
@@ -157,7 +157,7 @@ sudo pip install py-bcrypt

 #### Alpine Linux

-Jahway603 maintains [Synapse packages for Alpine Linux](https://pkgs.alpinelinux.org/packages?name=synapse&branch=edge) in the community repository. Install with:
+6543 maintains [Synapse packages for Alpine Linux](https://pkgs.alpinelinux.org/packages?name=synapse&branch=edge) in the community repository. Install with:

 ```sh
 sudo apk add synapse
@@ -72,8 +72,8 @@ class ExampleSpamChecker:
    async def user_may_publish_room(self, userid, room_id):
        return True  # allow publishing of all rooms

-    async def check_username_for_spam(self, user_profile, requester_id):
-        return False  # allow all usernames regardless of requester
+    async def check_username_for_spam(self, user_profile):
+        return False  # allow all usernames

    async def check_registration_for_spam(
        self,
@@ -117,14 +117,6 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).

-# Upgrading to v1.122.0
-
-## Dropping support for PostgreSQL 11 and 12
-
-In line with our [deprecation policy](deprecation_policy.md), we've dropped
-support for PostgreSQL 11 and 12, as they are no longer supported upstream.
-This release of Synapse requires PostgreSQL 13+.
-
 # Upgrading to v1.120.0

 ## Removal of experimental MSC3886 feature
@@ -136,29 +128,6 @@ removing the experimental support for it in this release.
 The `experimental_features.msc3886_endpoint` configuration option has
 been removed.

-## Authenticated media is now enforced by default
-
-The [`enable_authenticated_media`] configuration option now defaults to true.
-
-This means that clients and remote (federated) homeservers now need to use
-the authenticated media endpoints in order to download media from your
-homeserver.
-
-As an exception, existing media that was stored on the server prior to
-this option changing to `true` will still be accessible over the
-unauthenticated endpoints.
-
-The matrix.org homeserver has already been running with this option enabled
-since September 2024, so most common clients and homeservers should already
-be compatible.
-
-With that said, administrators who wish to disable this feature for broader
-compatibility can still do so by manually configuring
-`enable_authenticated_media: False`.
-
-[`enable_authenticated_media`]: usage/configuration/config_documentation.md#enable_authenticated_media
-
-
 # Upgrading to v1.119.0

 ## Minimum supported Python version
@@ -673,9 +673,8 @@ This setting has the following sub-options:
   TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
   Synapse will refuse to connect unless the server supports STARTTLS.
 * `enable_tls`: By default, if the server supports TLS, it will be used, and the server
-   must present a certificate that is valid for `tlsname`. If this option
+   must present a certificate that is valid for 'smtp_host'. If this option
   is set to false, TLS will not be used.
-* `tlsname`: The domain name the SMTP server's TLS certificate must be valid for, defaulting to `smtp_host`.
 * `notif_from`: defines the "From" address to use when sending emails.
    It must be set if email sending is enabled. The placeholder '%(app)s' will be replaced by the application name,
    which is normally set in `app_name`, but may be overridden by the
@@ -742,7 +741,6 @@ email:
  force_tls: true
  require_transport_security: true
  enable_tls: false
-  tlsname: mail.server.example.com
  notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
  app_name: my_branded_matrix_server
  enable_notifs: true
@@ -1889,7 +1887,8 @@ Config options related to Synapse's media store.

 When set to true, all subsequent media uploads will be marked as authenticated, and will not be available over legacy
 unauthenticated media endpoints (`/_matrix/media/(r0|v3|v1)/download` and `/_matrix/media/(r0|v3|v1)/thumbnail`) - requests for authenticated media over these endpoints will result in a 404. All media, including authenticated media, will be available over the authenticated media endpoints `_matrix/client/v1/media/download` and `_matrix/client/v1/media/thumbnail`. Media uploaded prior to setting this option to true will still be available over the legacy endpoints. Note if the setting is switched to false
-after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to true (previously false). In a future release of Synapse, this option will be removed and become always-on.
+after enabling, media marked as authenticated will be available over legacy endpoints. Defaults to false, but
+this will change to true in a future Synapse release.

 In all cases, authenticated requests to download media will succeed, but for unauthenticated requests, this
 case-by-case breakdown describes whether media downloads are permitted:
@@ -1911,11 +1910,9 @@ will perpetually be available over the legacy, unauthenticated endpoint, even af
 This is for backwards compatibility with older clients and homeservers that do not yet support requesting authenticated media;
 those older clients or homeservers will not be cut off from media they can already see.

-_Changed in Synapse 1.120:_ This option now defaults to `True` when not set, whereas before this version it defaulted to `False`.
-
 Example configuration:
 ```yaml
-enable_authenticated_media: false
+enable_authenticated_media: true
 ```
 ---
 ### `enable_media_repo`
@@ -3093,22 +3090,6 @@ Example configuration:
 ```yaml
 macaroon_secret_key: <PRIVATE STRING>
 ```
---
-### `macaroon_secret_key_path`
-
-An alternative to [`macaroon_secret_key`](#macaroon_secret_key):
-allows the secret key to be specified in an external file.
-
-The file should be a plain text file, containing only the secret key.
-Synapse reads the secret key from the given file once at startup.
-
-Example configuration:
-```yaml
-macaroon_secret_key_path: /path/to/secrets/file
-```
-
-_Added in Synapse 1.121.0._
-
 ---
 ### `form_secret`

@@ -4465,10 +4446,6 @@ instance_map:
  worker1:
    host: localhost
    port: 8034
-  other:
-    host: localhost
-    port: 8035
-    tls: true
 ```
 Example configuration(#2, for UNIX sockets):
 ```yaml
@@ -273,6 +273,17 @@ information.
    ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/
    ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/

+    # Account data requests
+    ^/_matrix/client/(r0|v3|unstable)/.*/tags
+    ^/_matrix/client/(r0|v3|unstable)/.*/account_data
+
+    # Receipts requests
+    ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
+    ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
+
+    # Presence requests
+    ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
+
    # User directory search requests
    ^/_matrix/client/(r0|v3|unstable)/user_directory/search$

@@ -281,13 +292,6 @@ Additionally, the following REST endpoints can be handled for GET requests:
    ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
    ^/_matrix/client/unstable/org.matrix.msc4140/delayed_events

-    # Account data requests
-    ^/_matrix/client/(r0|v3|unstable)/.*/tags
-    ^/_matrix/client/(r0|v3|unstable)/.*/account_data
-
-    # Presence requests
-    ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
-
 Pagination requests can also be handled, but all requests for a given
 room must be routed to the same instance. Additionally, care must be taken to
 ensure that the purge history admin API is not used while pagination requests
@@ -0,0 +1,2 @@
+[bdist_wheel]
+py_limited_api = cp39
@@ -56,6 +56,24 @@
        "type": "github"
      }
    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
@@ -184,11 +202,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1728538411,
-        "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
+        "lastModified": 1681358109,
+        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
+        "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
        "type": "github"
      },
      "original": {
@@ -231,19 +249,20 @@
        "devenv": "devenv",
        "nixpkgs": "nixpkgs_2",
        "rust-overlay": "rust-overlay",
-        "systems": "systems_2"
+        "systems": "systems_3"
      }
    },
    "rust-overlay": {
      "inputs": {
+        "flake-utils": "flake-utils_2",
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1731897198,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "lastModified": 1693966243,
+        "narHash": "sha256-a2CA1aMIPE67JWSVIGoGtD3EGlFdK9+OlJQs0FOWCKY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "a8b4bb4cbb744baaabc3e69099f352f99164e2c1",
        "type": "github"
      },
      "original": {
@@ -281,6 +300,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
@@ -82,7 +82,7 @@
                  #
                  # NOTE: We currently need to set the Rust version unnecessarily high
                  # in order to work around https://github.com/matrix-org/synapse/issues/15939
-                  (rust-bin.stable."1.82.0".default.override {
+                  (rust-bin.stable."1.71.1".default.override {
                    # Additionally install the "rust-src" extension to allow diving into the
                    # Rust source code in an IDE (rust-analyzer will also make use of it).
                    extensions = [ "rust-src" ];
@@ -205,7 +205,7 @@
                # corresponding Nix packages on https://search.nixos.org/packages.
                #
                # This was done until `./install-deps.pl --dryrun` produced no output.
-                env.PERL5LIB = "${with pkgs.perl538Packages; makePerlPath [
+                env.PERL5LIB = "${with pkgs.perl536Packages; makePerlPath [
                  DBI
                  ClassMethodModifiers
                  CryptEd25519
@@ -1,38 +1,38 @@
 [tool.towncrier]
-    package = "synapse"
-    filename = "CHANGES.md"
-    directory = "changelog.d"
-    issue_format = "[\\#{issue}](https://github.com/element-hq/synapse/issues/{issue})"
+package = "synapse"
+filename = "CHANGES.md"
+directory = "changelog.d"
+issue_format = "[\\#{issue}](https://github.com/element-hq/synapse/issues/{issue})"

-    [[tool.towncrier.type]]
-        directory = "feature"
-        name = "Features"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "feature"
+name = "Features"
+showcontent = true

-    [[tool.towncrier.type]]
-        directory = "bugfix"
-        name = "Bugfixes"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "bugfix"
+name = "Bugfixes"
+showcontent = true

-    [[tool.towncrier.type]]
-        directory = "docker"
-        name = "Updates to the Docker image"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "docker"
+name = "Updates to the Docker image"
+showcontent = true

-    [[tool.towncrier.type]]
-        directory = "doc"
-        name = "Improved Documentation"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "doc"
+name = "Improved Documentation"
+showcontent = true

-    [[tool.towncrier.type]]
-        directory = "removal"
-        name = "Deprecations and Removals"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "removal"
+name = "Deprecations and Removals"
+showcontent = true

-    [[tool.towncrier.type]]
-        directory = "misc"
-        name = "Internal Changes"
-        showcontent = true
+[[tool.towncrier.type]]
+directory = "misc"
+name = "Internal Changes"
+showcontent = true

 [tool.ruff]
 line-length = 88
@@ -47,11 +47,7 @@ target-version = "py39"
 # flake8-bugbear compatible checks. Its error codes are described at
 # https://beta.ruff.rs/docs/rules/#flake8-bugbear-b
 #  B023: Functions defined inside a loop must not use variables redefined in the loop
-ignore = [
-    "B023",
-    "E501",
-    "E731",
-]
+ignore = ["B023", "E501", "E731"]
 select = [
    # pycodestyle
    "E",
@@ -78,7 +74,15 @@ select = [

 [tool.ruff.lint.isort]
 combine-as-imports = true
-section-order = ["future", "standard-library", "third-party", "twisted", "first-party", "testing", "local-folder"]
+section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "twisted",
+    "first-party",
+    "testing",
+    "local-folder",
+]
 known-first-party = ["synapse"]

 [tool.ruff.lint.isort.sections]
@@ -97,15 +101,13 @@ module-name = "synapse.synapse_rust"

 [tool.poetry]
 name = "matrix-synapse"
-version = "1.123.0rc1"
+version = "1.119.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"
 readme = "README.rst"
 repository = "https://github.com/element-hq/synapse"
-packages = [
-    { include = "synapse" },
-]
+packages = [{ include = "synapse" }]
 classifiers = [
    "Development Status :: 5 - Production/Stable",
    "Topic :: Communications :: Chat",
@@ -121,7 +123,7 @@ include = [
    { path = "INSTALL.md", format = "sdist" },
    { path = "mypy.ini", format = "sdist" },
    { path = "scripts-dev", format = "sdist" },
-    { path = "synmark", format="sdist" },
+    { path = "synmark", format = "sdist" },
    { path = "sytest-blacklist", format = "sdist" },
    { path = "tests", format = "sdist" },
    { path = "UPGRADE.rst", format = "sdist" },
@@ -131,9 +133,7 @@ include = [
    { path = "rust/build.rs", format = "sdist" },
    { path = "rust/src/**", format = "sdist" },
 ]
-exclude = [
-    { path = "synapse/*.so", format = "sdist"}
-]
+exclude = [{ path = "synapse/*.so", format = "sdist" }]

 [tool.poetry.build]
 script = "build_rust.py"
@@ -174,7 +174,7 @@ signedjson = "^1.1.0"
 service-identity = ">=18.1.0"
 # Twisted 18.9 introduces some logger improvements that the structured
 # logger utilises
-Twisted = {extras = ["tls"], version = ">=18.9.0"}
+Twisted = { extras = ["tls"], version = ">=18.9.0" }
 treq = ">=15.1"
 # Twisted has required pyopenssl 16.0 since about Twisted 16.6.
 pyOpenSSL = ">=16.0.0"
@@ -293,7 +293,9 @@ all = [
    # matrix-synapse-ldap3
    "matrix-synapse-ldap3",
    # postgres
-    "psycopg2", "psycopg2cffi", "psycopg2cffi-compat",
+    "psycopg2",
+    "psycopg2cffi",
+    "psycopg2cffi-compat",
    # saml2
    "pysaml2",
    # oidc and jwt
@@ -303,9 +305,11 @@ all = [
    # sentry
    "sentry-sdk",
    # opentracing
-    "jaeger-client", "opentracing",
+    "jaeger-client",
+    "opentracing",
    # redis
-    "txredisapi", "hiredis",
+    "txredisapi",
+    "hiredis",
    # cache-memory
    "pympler",
    # improved user search
@@ -386,12 +390,9 @@ build-backend = "poetry.core.masonry.api"
 #    c.f. https://github.com/matrix-org/synapse/pull/14259
 skip = "cp36* cp37* cp38* pp37* pp38* *-musllinux_i686 pp*aarch64 *-musllinux_aarch64"

-# We need a rust compiler.
-#
-# We temporarily pin Rust to 1.82.0 to work around
-# https://github.com/element-hq/synapse/issues/17988
-before-all =  "curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.82.0 -y --profile minimal"
-environment= { PATH = "$PATH:$HOME/.cargo/bin" }
+# We need a rust compiler
+before-all = "curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y --profile minimal"
+environment = { PATH = "$PATH:$HOME/.cargo/bin", DIST_EXTRA_CONFIG = "$(pwd)/extra_config.cfg" }

 # For some reason if we don't manually clean the build directory we
 # can end up polluting the next build with a .so that is for the wrong
@@ -30,14 +30,14 @@ http = "1.1.0"
 lazy_static = "1.4.0"
 log = "0.4.17"
 mime = "0.3.17"
-pyo3 = { version = "0.23.2", features = [
+pyo3 = { version = "0.21.0", features = [
    "macros",
    "anyhow",
    "abi3",
    "abi3-py38",
 ] }
-pyo3-log = "0.12.0"
-pythonize = "0.23.0"
+pyo3-log = "0.10.0"
+pythonize = "0.21.0"
 regex = "1.6.0"
 sha2 = "0.10.8"
 serde = { version = "1.0.144", features = ["derive"] }
@@ -32,14 +32,14 @@ use crate::push::utils::{glob_to_regex, GlobMatchType};

 /// Called when registering modules with python.
 pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "acl")?;
+    let child_module = PyModule::new_bound(py, "acl")?;
    child_module.add_class::<ServerAclEvaluator>()?;

    m.add_submodule(&child_module)?;

    // We need to manually add the module to sys.modules to make `from
    // synapse.synapse_rust import acl` work.
-    py.import("sys")?
+    py.import_bound("sys")?
        .getattr("modules")?
        .set_item("synapse.synapse_rust.acl", child_module)?;

@@ -41,11 +41,9 @@ use pyo3::{
    pybacked::PyBackedStr,
    pyclass, pymethods,
    types::{PyAnyMethods, PyDict, PyDictMethods, PyString},
-    Bound, IntoPyObject, PyAny, PyObject, PyResult, Python,
+    Bound, IntoPy, PyAny, PyObject, PyResult, Python,
 };

-use crate::UnwrapInfallible;
-
 /// Definitions of the various fields of the internal metadata.
 #[derive(Clone)]
 enum EventInternalMetadataData {
@@ -62,59 +60,31 @@ enum EventInternalMetadataData {

 impl EventInternalMetadataData {
    /// Convert the field to its name and python object.
-    fn to_python_pair<'a>(&self, py: Python<'a>) -> (&'a Bound<'a, PyString>, Bound<'a, PyAny>) {
+    fn to_python_pair<'a>(&self, py: Python<'a>) -> (&'a Bound<'a, PyString>, PyObject) {
        match self {
-            EventInternalMetadataData::OutOfBandMembership(o) => (
-                pyo3::intern!(py, "out_of_band_membership"),
-                o.into_pyobject(py)
-                    .unwrap_infallible()
-                    .to_owned()
-                    .into_any(),
-            ),
-            EventInternalMetadataData::SendOnBehalfOf(o) => (
-                pyo3::intern!(py, "send_on_behalf_of"),
-                o.into_pyobject(py).unwrap_infallible().into_any(),
-            ),
-            EventInternalMetadataData::RecheckRedaction(o) => (
-                pyo3::intern!(py, "recheck_redaction"),
-                o.into_pyobject(py)
-                    .unwrap_infallible()
-                    .to_owned()
-                    .into_any(),
-            ),
-            EventInternalMetadataData::SoftFailed(o) => (
-                pyo3::intern!(py, "soft_failed"),
-                o.into_pyobject(py)
-                    .unwrap_infallible()
-                    .to_owned()
-                    .into_any(),
-            ),
-            EventInternalMetadataData::ProactivelySend(o) => (
-                pyo3::intern!(py, "proactively_send"),
-                o.into_pyobject(py)
-                    .unwrap_infallible()
-                    .to_owned()
-                    .into_any(),
-            ),
-            EventInternalMetadataData::Redacted(o) => (
-                pyo3::intern!(py, "redacted"),
-                o.into_pyobject(py)
-                    .unwrap_infallible()
-                    .to_owned()
-                    .into_any(),
-            ),
-            EventInternalMetadataData::TxnId(o) => (
-                pyo3::intern!(py, "txn_id"),
-                o.into_pyobject(py).unwrap_infallible().into_any(),
-            ),
-            EventInternalMetadataData::TokenId(o) => (
-                pyo3::intern!(py, "token_id"),
-                o.into_pyobject(py).unwrap_infallible().into_any(),
-            ),
-            EventInternalMetadataData::DeviceId(o) => (
-                pyo3::intern!(py, "device_id"),
-                o.into_pyobject(py).unwrap_infallible().into_any(),
-            ),
+            EventInternalMetadataData::OutOfBandMembership(o) => {
+                (pyo3::intern!(py, "out_of_band_membership"), o.into_py(py))
+            }
+            EventInternalMetadataData::SendOnBehalfOf(o) => {
+                (pyo3::intern!(py, "send_on_behalf_of"), o.into_py(py))
+            }
+            EventInternalMetadataData::RecheckRedaction(o) => {
+                (pyo3::intern!(py, "recheck_redaction"), o.into_py(py))
+            }
+            EventInternalMetadataData::SoftFailed(o) => {
+                (pyo3::intern!(py, "soft_failed"), o.into_py(py))
+            }
+            EventInternalMetadataData::ProactivelySend(o) => {
+                (pyo3::intern!(py, "proactively_send"), o.into_py(py))
+            }
+            EventInternalMetadataData::Redacted(o) => {
+                (pyo3::intern!(py, "redacted"), o.into_py(py))
+            }
+            EventInternalMetadataData::TxnId(o) => (pyo3::intern!(py, "txn_id"), o.into_py(py)),
+            EventInternalMetadataData::TokenId(o) => (pyo3::intern!(py, "token_id"), o.into_py(py)),
+            EventInternalMetadataData::DeviceId(o) => {
+                (pyo3::intern!(py, "device_id"), o.into_py(py))
+            }
        }
    }

@@ -277,7 +247,7 @@ impl EventInternalMetadata {
    ///
    /// Note that `outlier` and `stream_ordering` are stored in separate columns so are not returned here.
    fn get_dict(&self, py: Python<'_>) -> PyResult<PyObject> {
-        let dict = PyDict::new(py);
+        let dict = PyDict::new_bound(py);

        for entry in &self.data {
            let (key, value) = entry.to_python_pair(py);
@@ -30,7 +30,7 @@ mod internal_metadata;

 /// Called when registering modules with python.
 pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "events")?;
+    let child_module = PyModule::new_bound(py, "events")?;
    child_module.add_class::<internal_metadata::EventInternalMetadata>()?;
    child_module.add_function(wrap_pyfunction!(filter::event_visible_to_server_py, m)?)?;

@@ -38,7 +38,7 @@ pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()>

    // We need to manually add the module to sys.modules to make `from
    // synapse.synapse_rust import events` work.
-    py.import("sys")?
+    py.import_bound("sys")?
        .getattr("modules")?
        .set_item("synapse.synapse_rust.events", child_module)?;

@@ -70,7 +70,7 @@ pub fn http_request_from_twisted(request: &Bound<'_, PyAny>) -> PyResult<Request
    let headers_iter = request
        .getattr("requestHeaders")?
        .call_method0("getAllRawHeaders")?
-        .try_iter()?;
+        .iter()?;

    for header in headers_iter {
        let header = header?;
@@ -71,34 +71,6 @@ impl TryFrom<&str> for UserID {
    }
 }

-impl TryFrom<String> for UserID {
-    type Error = IdentifierError;
-
-    /// Will try creating a `UserID` from the provided `&str`.
-    /// Can fail if the user_id is incorrectly formatted.
-    fn try_from(s: String) -> Result<Self, Self::Error> {
-        if !s.starts_with('@') {
-            return Err(IdentifierError::IncorrectSigil);
-        }
-
-        if s.find(':').is_none() {
-            return Err(IdentifierError::MissingColon);
-        }
-
-        Ok(UserID(s))
-    }
-}
-
-impl<'de> serde::Deserialize<'de> for UserID {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        let s: String = serde::Deserialize::deserialize(deserializer)?;
-        UserID::try_from(s).map_err(serde::de::Error::custom)
-    }
-}
-
 impl Deref for UserID {
    type Target = str;

@@ -112,141 +84,3 @@ impl fmt::Display for UserID {
        write!(f, "{}", self.0)
    }
 }
-
-/// A Matrix room_id.
-#[derive(Clone, Debug, PartialEq)]
-pub struct RoomID(String);
-
-impl RoomID {
-    /// Returns the `localpart` of the room_id.
-    pub fn localpart(&self) -> &str {
-        &self[1..self.colon_pos()]
-    }
-
-    /// Returns the `server_name` / `domain` of the room_id.
-    pub fn server_name(&self) -> &str {
-        &self[self.colon_pos() + 1..]
-    }
-
-    /// Returns the position of the ':' inside of the room_id.
-    /// Used when splitting the room_id into it's respective parts.
-    fn colon_pos(&self) -> usize {
-        self.find(':').unwrap()
-    }
-}
-
-impl TryFrom<&str> for RoomID {
-    type Error = IdentifierError;
-
-    /// Will try creating a `RoomID` from the provided `&str`.
-    /// Can fail if the room_id is incorrectly formatted.
-    fn try_from(s: &str) -> Result<Self, Self::Error> {
-        if !s.starts_with('!') {
-            return Err(IdentifierError::IncorrectSigil);
-        }
-
-        if s.find(':').is_none() {
-            return Err(IdentifierError::MissingColon);
-        }
-
-        Ok(RoomID(s.to_string()))
-    }
-}
-
-impl TryFrom<String> for RoomID {
-    type Error = IdentifierError;
-
-    /// Will try creating a `RoomID` from the provided `String`.
-    /// Can fail if the room_id is incorrectly formatted.
-    fn try_from(s: String) -> Result<Self, Self::Error> {
-        if !s.starts_with('!') {
-            return Err(IdentifierError::IncorrectSigil);
-        }
-
-        if s.find(':').is_none() {
-            return Err(IdentifierError::MissingColon);
-        }
-
-        Ok(RoomID(s))
-    }
-}
-
-impl<'de> serde::Deserialize<'de> for RoomID {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        let s: String = serde::Deserialize::deserialize(deserializer)?;
-        RoomID::try_from(s).map_err(serde::de::Error::custom)
-    }
-}
-
-impl Deref for RoomID {
-    type Target = str;
-
-    fn deref(&self) -> &Self::Target {
-        &self.0
-    }
-}
-
-impl fmt::Display for RoomID {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{}", self.0)
-    }
-}
-
-/// A Matrix event_id.
-#[derive(Clone, Debug, PartialEq)]
-pub struct EventID(String);
-
-impl TryFrom<&str> for EventID {
-    type Error = IdentifierError;
-
-    /// Will try creating a `EventID` from the provided `&str`.
-    /// Can fail if the event_id is incorrectly formatted.
-    fn try_from(s: &str) -> Result<Self, Self::Error> {
-        if !s.starts_with('$') {
-            return Err(IdentifierError::IncorrectSigil);
-        }
-
-        Ok(EventID(s.to_string()))
-    }
-}
-
-impl TryFrom<String> for EventID {
-    type Error = IdentifierError;
-
-    /// Will try creating a `EventID` from the provided `String`.
-    /// Can fail if the event_id is incorrectly formatted.
-    fn try_from(s: String) -> Result<Self, Self::Error> {
-        if !s.starts_with('$') {
-            return Err(IdentifierError::IncorrectSigil);
-        }
-
-        Ok(EventID(s))
-    }
-}
-
-impl<'de> serde::Deserialize<'de> for EventID {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        let s: String = serde::Deserialize::deserialize(deserializer)?;
-        EventID::try_from(s).map_err(serde::de::Error::custom)
-    }
-}
-
-impl Deref for EventID {
-    type Target = str;
-
-    fn deref(&self) -> &Self::Target {
-        &self.0
-    }
-}
-
-impl fmt::Display for EventID {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{}", self.0)
-    }
-}
@@ -1,5 +1,3 @@
-use std::convert::Infallible;
-
 use lazy_static::lazy_static;
 use pyo3::prelude::*;
 use pyo3_log::ResetHandle;
@@ -54,16 +52,3 @@ fn synapse_rust(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {

    Ok(())
 }
-
-pub trait UnwrapInfallible<T> {
-    fn unwrap_infallible(self) -> T;
-}
-
-impl<T> UnwrapInfallible<T> for Result<T, Infallible> {
-    fn unwrap_infallible(self) -> T {
-        match self {
-            Ok(val) => val,
-            Err(never) => match never {},
-        }
-    }
-}
@@ -167,7 +167,6 @@ impl PushRuleEvaluator {
    ///
    /// Returns the set of actions, if any, that match (filtering out any
    /// `dont_notify` and `coalesce` actions).
-    #[pyo3(signature = (push_rules, user_id=None, display_name=None))]
    pub fn run(
        &self,
        push_rules: &FilteredPushRules,
@@ -237,7 +236,6 @@ impl PushRuleEvaluator {
    }

    /// Check if the given condition matches.
-    #[pyo3(signature = (condition, user_id=None, display_name=None))]
    fn matches(
        &self,
        condition: Condition,
@@ -65,8 +65,8 @@ use anyhow::{Context, Error};
 use log::warn;
 use pyo3::exceptions::PyTypeError;
 use pyo3::prelude::*;
-use pyo3::types::{PyBool, PyInt, PyList, PyString};
-use pythonize::{depythonize, pythonize, PythonizeError};
+use pyo3::types::{PyBool, PyList, PyLong, PyString};
+use pythonize::{depythonize_bound, pythonize};
 use serde::de::Error as _;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
@@ -79,7 +79,7 @@ pub mod utils;

 /// Called when registering modules with python.
 pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "push")?;
+    let child_module = PyModule::new_bound(py, "push")?;
    child_module.add_class::<PushRule>()?;
    child_module.add_class::<PushRules>()?;
    child_module.add_class::<FilteredPushRules>()?;
@@ -90,7 +90,7 @@ pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()>

    // We need to manually add the module to sys.modules to make `from
    // synapse.synapse_rust import push` work.
-    py.import("sys")?
+    py.import_bound("sys")?
        .getattr("modules")?
        .set_item("synapse.synapse_rust.push", child_module)?;

@@ -182,16 +182,12 @@ pub enum Action {
    Unknown(Value),
 }

-impl<'py> IntoPyObject<'py> for Action {
-    type Target = PyAny;
-    type Output = Bound<'py, Self::Target>;
-    type Error = PythonizeError;
-
-    fn into_pyobject(self, py: Python<'py>) -> Result<Self::Output, Self::Error> {
+impl IntoPy<PyObject> for Action {
+    fn into_py(self, py: Python<'_>) -> PyObject {
        // When we pass the `Action` struct to Python we want it to be converted
        // to a dict. We use `pythonize`, which converts the struct using the
        // `serde` serialization.
-        pythonize(py, &self)
+        pythonize(py, &self).expect("valid action")
    }
 }

@@ -274,13 +270,13 @@ pub enum SimpleJsonValue {
 }

 impl<'source> FromPyObject<'source> for SimpleJsonValue {
-    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
+    fn extract(ob: &'source PyAny) -> PyResult<Self> {
        if let Ok(s) = ob.downcast::<PyString>() {
            Ok(SimpleJsonValue::Str(Cow::Owned(s.to_string())))
        // A bool *is* an int, ensure we try bool first.
        } else if let Ok(b) = ob.downcast::<PyBool>() {
            Ok(SimpleJsonValue::Bool(b.extract()?))
-        } else if let Ok(i) = ob.downcast::<PyInt>() {
+        } else if let Ok(i) = ob.downcast::<PyLong>() {
            Ok(SimpleJsonValue::Int(i.extract()?))
        } else if ob.is_none() {
            Ok(SimpleJsonValue::Null)
@@ -302,19 +298,15 @@ pub enum JsonValue {
 }

 impl<'source> FromPyObject<'source> for JsonValue {
-    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
+    fn extract(ob: &'source PyAny) -> PyResult<Self> {
        if let Ok(l) = ob.downcast::<PyList>() {
-            match l
-                .iter()
-                .map(|it| SimpleJsonValue::extract_bound(&it))
-                .collect()
-            {
+            match l.iter().map(SimpleJsonValue::extract).collect() {
                Ok(a) => Ok(JsonValue::Array(a)),
                Err(e) => Err(PyTypeError::new_err(format!(
                    "Can't convert to JsonValue::Array: {e}"
                ))),
            }
-        } else if let Ok(v) = SimpleJsonValue::extract_bound(ob) {
+        } else if let Ok(v) = SimpleJsonValue::extract(ob) {
            Ok(JsonValue::Value(v))
        } else {
            Err(PyTypeError::new_err(format!(
@@ -371,19 +363,15 @@ pub enum KnownCondition {
    },
 }

-impl<'source> IntoPyObject<'source> for Condition {
-    type Target = PyAny;
-    type Output = Bound<'source, Self::Target>;
-    type Error = PythonizeError;
-
-    fn into_pyobject(self, py: Python<'source>) -> Result<Self::Output, Self::Error> {
-        pythonize(py, &self)
+impl IntoPy<PyObject> for Condition {
+    fn into_py(self, py: Python<'_>) -> PyObject {
+        pythonize(py, &self).expect("valid condition")
    }
 }

 impl<'source> FromPyObject<'source> for Condition {
    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
-        Ok(depythonize(ob)?)
+        Ok(depythonize_bound(ob.clone())?)
    }
 }

@@ -29,7 +29,7 @@ use pyo3::{
    exceptions::PyValueError,
    pyclass, pymethods,
    types::{PyAnyMethods, PyModule, PyModuleMethods},
-    Bound, IntoPyObject, Py, PyAny, PyObject, PyResult, Python,
+    Bound, Py, PyAny, PyObject, PyResult, Python, ToPyObject,
 };
 use ulid::Ulid;

@@ -37,7 +37,6 @@ use self::session::Session;
 use crate::{
    errors::{NotFoundError, SynapseError},
    http::{http_request_from_twisted, http_response_to_twisted, HeaderMapPyExt},
-    UnwrapInfallible,
 };

 mod session;
@@ -126,11 +125,7 @@ impl RendezvousHandler {
        let base = Uri::try_from(format!("{base}_synapse/client/rendezvous"))
            .map_err(|_| PyValueError::new_err("Invalid base URI"))?;

-        let clock = homeserver
-            .call_method0("get_clock")?
-            .into_pyobject(py)
-            .unwrap_infallible()
-            .unbind();
+        let clock = homeserver.call_method0("get_clock")?.to_object(py);

        // Construct a Python object so that we can get a reference to the
        // evict method and schedule it to run.
@@ -293,13 +288,6 @@ impl RendezvousHandler {
        let mut response = Response::new(Bytes::new());
        *response.status_mut() = StatusCode::ACCEPTED;
        prepare_headers(response.headers_mut(), session);
-
-        // Even though this isn't mandated by the MSC, we set a Content-Type on the response. It
-        // doesn't do any harm as the body is empty, but this helps escape a bug in some reverse
-        // proxy/cache setup which strips the ETag header if there is no Content-Type set.
-        // Specifically, we noticed this behaviour when placing Synapse behind Cloudflare.
-        response.headers_mut().typed_insert(ContentType::text());
-
        http_response_to_twisted(twisted_request, response)?;

        Ok(())
@@ -323,7 +311,7 @@ impl RendezvousHandler {
 }

 pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "rendezvous")?;
+    let child_module = PyModule::new_bound(py, "rendezvous")?;

    child_module.add_class::<RendezvousHandler>()?;

@@ -331,7 +319,7 @@ pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()>

    // We need to manually add the module to sys.modules to make `from
    // synapse.synapse_rust import rendezvous` work.
-    py.import("sys")?
+    py.import_bound("sys")?
        .getattr("modules")?
        .set_item("synapse.synapse_rust.rendezvous", child_module)?;

@@ -195,10 +195,6 @@ if [ -z "$skip_docker_build" ]; then
        # Build the unified Complement image (from the worker Synapse image we just built).
        echo_if_github "::group::Build Docker image: complement/Dockerfile"
        $CONTAINER_RUNTIME build -t complement-synapse \
-            `# This is the tag we end up pushing to the registry (see` \
-            `# .github/workflows/push_complement_image.yml) so let's just label it now` \
-            `# so people can reference it by the same name locally.` \
-            -t ghcr.io/element-hq/synapse/complement-synapse \
            -f "docker/complement/Dockerfile" "docker/complement"
        echo_if_github "::endgroup::"

@@ -88,7 +88,6 @@ from synapse.storage.databases.main.relations import RelationsWorkerStore
 from synapse.storage.databases.main.room import RoomBackgroundUpdateStore
 from synapse.storage.databases.main.roommember import RoomMemberBackgroundUpdateStore
 from synapse.storage.databases.main.search import SearchBackgroundUpdateStore
-from synapse.storage.databases.main.sliding_sync import SlidingSyncStore
 from synapse.storage.databases.main.state import MainStateBackgroundUpdateStore
 from synapse.storage.databases.main.stats import StatsStore
 from synapse.storage.databases.main.user_directory import (
@@ -256,7 +255,6 @@ class Store(
    ReceiptsBackgroundUpdateStore,
    RelationsWorkerStore,
    EventFederationWorkerStore,
-    SlidingSyncStore,
 ):
    def execute(self, f: Callable[..., R], *args: Any, **kwargs: Any) -> Awaitable[R]:
        return self.db_pool.runInteraction(f.__name__, f, *args, **kwargs)
@@ -174,12 +174,6 @@ class MSC3861DelegatedAuth(BaseAuth):
            logger.warning("Failed to load metadata:", exc_info=True)
            return None

-    async def auth_metadata(self) -> Dict[str, Any]:
-        """
-        Returns the auth metadata dict
-        """
-        return await self._issuer_metadata.get()
-
    async def _introspection_endpoint(self) -> str:
        """
        Returns the introspection endpoint of the issuer
@@ -231,8 +231,6 @@ class EventContentFields:
    ROOM_NAME: Final = "name"

    MEMBERSHIP: Final = "membership"
-    MEMBERSHIP_DISPLAYNAME: Final = "displayname"
-    MEMBERSHIP_AVATAR_URL: Final = "avatar_url"

    # Used in m.room.guest_access events.
    GUEST_ACCESS: Final = "guest_access"
@@ -320,8 +318,3 @@ class ApprovalNoticeMedium:
 class Direction(enum.Enum):
    BACKWARDS = "b"
    FORWARDS = "f"
-
-
-class ProfileFields:
-    DISPLAYNAME: Final = "displayname"
-    AVATAR_URL: Final = "avatar_url"
@@ -87,7 +87,8 @@ class Codes(str, Enum):
    WEAK_PASSWORD = "M_WEAK_PASSWORD"
    INVALID_SIGNATURE = "M_INVALID_SIGNATURE"
    USER_DEACTIVATED = "M_USER_DEACTIVATED"
-    USER_LOCKED = "M_USER_LOCKED"
+    # USER_LOCKED = "M_USER_LOCKED"
+    USER_LOCKED = "ORG_MATRIX_MSC3939_USER_LOCKED"
    NOT_YET_UPLOADED = "M_NOT_YET_UPLOADED"
    CANNOT_OVERWRITE_MEDIA = "M_CANNOT_OVERWRITE_MEDIA"

@@ -100,9 +101,8 @@ class Codes(str, Enum):
    # The account has been suspended on the server.
    # By opposition to `USER_DEACTIVATED`, this is a reversible measure
    # that can possibly be appealed and reverted.
-    # Introduced by MSC3823
-    # https://github.com/matrix-org/matrix-spec-proposals/pull/3823
-    USER_ACCOUNT_SUSPENDED = "M_USER_SUSPENDED"
+    # Part of MSC3823.
+    USER_ACCOUNT_SUSPENDED = "ORG.MATRIX.MSC3823.USER_ACCOUNT_SUSPENDED"

    BAD_ALIAS = "M_BAD_ALIAS"
    # For restricted join rules.
@@ -132,10 +132,6 @@ class Codes(str, Enum):
    # connection.
    UNKNOWN_POS = "M_UNKNOWN_POS"

-    # Part of MSC4133
-    PROFILE_TOO_LARGE = "M_PROFILE_TOO_LARGE"
-    KEY_TOO_LARGE = "M_KEY_TOO_LARGE"
-

 class CodeMessageException(RuntimeError):
    """An exception with integer code, a message string attributes and optional headers.
@@ -23,8 +23,7 @@

 import hmac
 from hashlib import sha256
-from typing import Optional
-from urllib.parse import urlencode, urljoin
+from urllib.parse import urlencode

 from synapse.config import ConfigError
 from synapse.config.homeserver import HomeServerConfig
@@ -67,42 +66,3 @@ class ConsentURIBuilder:
            urlencode({"u": user_id, "h": mac}),
        )
        return consent_uri
-
-
-class LoginSSORedirectURIBuilder:
-    def __init__(self, hs_config: HomeServerConfig):
-        self._public_baseurl = hs_config.server.public_baseurl
-
-    def build_login_sso_redirect_uri(
-        self, *, idp_id: Optional[str], client_redirect_url: str
-    ) -> str:
-        """Build a `/login/sso/redirect` URI for the given identity provider.
-
-        Builds `/_matrix/client/v3/login/sso/redirect/{idpId}?redirectUrl=xxx` when `idp_id` is specified.
-        Otherwise, builds `/_matrix/client/v3/login/sso/redirect?redirectUrl=xxx` when `idp_id` is `None`.
-
-        Args:
-            idp_id: Optional ID of the identity provider
-            client_redirect_url: URL to redirect the user to after login
-
-        Returns
-            The URI to follow when choosing a specific identity provider.
-        """
-        base_url = urljoin(
-            self._public_baseurl,
-            f"{CLIENT_API_PREFIX}/v3/login/sso/redirect",
-        )
-
-        serialized_query_parameters = urlencode({"redirectUrl": client_redirect_url})
-
-        if idp_id:
-            resultant_url = urljoin(
-                # We have to add a trailing slash to the base URL to ensure that the
-                # last path segment is not stripped away when joining with another path.
-                f"{base_url}/",
-                f"{idp_id}?{serialized_query_parameters}",
-            )
-        else:
-            resultant_url = f"{base_url}?{serialized_query_parameters}"
-
-        return resultant_url
@@ -87,7 +87,6 @@ class ApplicationService:
        ip_range_whitelist: Optional[IPSet] = None,
        supports_ephemeral: bool = False,
        msc3202_transaction_extensions: bool = False,
-        msc4190_device_management: bool = False,
    ):
        self.token = token
        self.url = (
@@ -101,7 +100,6 @@ class ApplicationService:
        self.ip_range_whitelist = ip_range_whitelist
        self.supports_ephemeral = supports_ephemeral
        self.msc3202_transaction_extensions = msc3202_transaction_extensions
-        self.msc4190_device_management = msc4190_device_management

        if "|" in self.id:
            raise Exception("application service ID cannot contain '|' character")
@@ -183,18 +183,6 @@ def _load_appservice(
            "The `org.matrix.msc3202` option should be true or false if specified."
        )

-    # Opt-in flag for the MSC4190 behaviours.
-    # When enabled, the following C-S API endpoints change for appservices:
-    # - POST /register does not return an access token
-    # - PUT /devices/{device_id} creates a new device if one does not exist
-    # - DELETE /devices/{device_id} no longer requires UIA
-    # - POST /delete_devices/{device_id} no longer requires UIA
-    msc4190_enabled = as_info.get("io.element.msc4190", False)
-    if not isinstance(msc4190_enabled, bool):
-        raise ValueError(
-            "The `io.element.msc4190` option should be true or false if specified."
-        )
-
    return ApplicationService(
        token=as_info["as_token"],
        url=as_info["url"],
@@ -207,5 +195,4 @@ def _load_appservice(
        ip_range_whitelist=ip_range_whitelist,
        supports_ephemeral=supports_ephemeral,
        msc3202_transaction_extensions=msc3202_transaction_extensions,
-        msc4190_device_management=msc4190_enabled,
    )
@@ -20,7 +20,7 @@
 #
 #

-from typing import Any, List, Optional
+from typing import Any, List

 from synapse.config.sso import SsoAttributeRequirement
 from synapse.types import JsonDict
@@ -46,9 +46,7 @@ class CasConfig(Config):

            # TODO Update this to a _synapse URL.
            public_baseurl = self.root.server.public_baseurl
-            self.cas_service_url: Optional[str] = (
-                public_baseurl + "_matrix/client/r0/login/cas/ticket"
-            )
+            self.cas_service_url = public_baseurl + "_matrix/client/r0/login/cas/ticket"

            self.cas_protocol_version = cas_config.get("protocol_version")
            if (
@@ -110,7 +110,6 @@ class EmailConfig(Config):
            raise ConfigError(
                "email.require_transport_security requires email.enable_tls to be true"
            )
-        self.email_tlsname = email_config.get("tlsname", None)

        if "app_name" in email_config:
            self.email_app_name = email_config["app_name"]
@@ -436,14 +436,15 @@ class ExperimentalConfig(Config):
                ("experimental", "msc4108_delegation_endpoint"),
            )

-        # MSC4133: Custom profile fields
-        self.msc4133_enabled: bool = experimental.get("msc4133_enabled", False)
+        self.msc3823_account_suspension = experimental.get(
+            "msc3823_account_suspension", False
+        )
+
+        # MSC4151: Report room API (Client-Server API)
+        self.msc4151_enabled: bool = experimental.get("msc4151_enabled", False)

        # MSC4210: Remove legacy mentions
        self.msc4210_enabled: bool = experimental.get("msc4210_enabled", False)

        # MSC4222: Adding `state_after` to sync v2
        self.msc4222_enabled: bool = experimental.get("msc4222_enabled", False)
-
-        # MSC4076: Add `disable_badge_count`` to pusher configuration
-        self.msc4076_enabled: bool = experimental.get("msc4076_enabled", False)
@@ -43,7 +43,7 @@ from unpaddedbase64 import decode_base64
 from synapse.types import JsonDict
 from synapse.util.stringutils import random_string, random_string_with_symbols

-from ._base import Config, ConfigError, read_file
+from ._base import Config, ConfigError

 if TYPE_CHECKING:
    from signedjson.key import VerifyKeyWithExpiry
@@ -91,11 +91,6 @@ To suppress this warning and continue using 'matrix.org', admins should set
 'suppress_key_server_warning' to 'true' in homeserver.yaml.
 --------------------------------------------------------------------------------"""

-CONFLICTING_MACAROON_SECRET_KEY_OPTS_ERROR = """\
-Conflicting options 'macaroon_secret_key' and 'macaroon_secret_key_path' are
-both defined in config file.
-"""
-
 logger = logging.getLogger(__name__)


@@ -171,16 +166,10 @@ class KeyConfig(Config):
            )
        )

-        macaroon_secret_key = config.get("macaroon_secret_key")
-        macaroon_secret_key_path = config.get("macaroon_secret_key_path")
-        if macaroon_secret_key_path:
-            if macaroon_secret_key:
-                raise ConfigError(CONFLICTING_MACAROON_SECRET_KEY_OPTS_ERROR)
-            macaroon_secret_key = read_file(
-                macaroon_secret_key_path, "macaroon_secret_key_path"
-            ).strip()
-        if not macaroon_secret_key:
-            macaroon_secret_key = self.root.registration.registration_shared_secret
+        macaroon_secret_key: Optional[str] = config.get(
+            "macaroon_secret_key", self.root.registration.registration_shared_secret
+        )
+
        if not macaroon_secret_key:
            # Unfortunately, there are people out there that don't have this
            # set. Lets just be "nice" and derive one from their secret key.
@@ -360,6 +360,5 @@ def setup_logging(
        "Licensed under the AGPL 3.0 license. Website: https://github.com/element-hq/synapse"
    )
    logging.info("Server hostname: %s", config.server.server_name)
-    logging.info("Public Base URL: %s", config.server.public_baseurl)
    logging.info("Instance name: %s", hs.get_instance_name())
    logging.info("Twisted reactor: %s", type(reactor).__name__)
@@ -22,7 +22,7 @@
 import logging
 import os
 from typing import Any, Dict, List, Tuple
-from urllib.request import getproxies_environment
+from urllib.request import getproxies_environment  # type: ignore

 import attr

@@ -272,7 +272,9 @@ class ContentRepositoryConfig(Config):
                remote_media_lifetime
            )

-        self.enable_authenticated_media = config.get("enable_authenticated_media", True)
+        self.enable_authenticated_media = config.get(
+            "enable_authenticated_media", False
+        )

    def generate_config_section(self, data_dir_path: str, **kwargs: Any) -> str:
        assert data_dir_path is not None
@@ -332,14 +332,8 @@ class ServerConfig(Config):
            logger.info("Using default public_baseurl %s", public_baseurl)
        else:
            self.serve_client_wellknown = True
-            # Ensure that public_baseurl ends with a trailing slash
            if public_baseurl[-1] != "/":
                public_baseurl += "/"
-
-        # Scrutinize user-provided config
-        if not isinstance(public_baseurl, str):
-            raise ConfigError("Must be a string", ("public_baseurl",))
-
        self.public_baseurl = public_baseurl

        # check that public_baseurl is valid
@@ -248,7 +248,7 @@ class EventContext(UnpersistedEventContextBase):
    @tag_args
    async def get_current_state_ids(
        self, state_filter: Optional["StateFilter"] = None
-    ) -> StateMap[str]:
+    ) -> Optional[StateMap[str]]:
        """
        Gets the room state map, including this event - ie, the state in ``state_group``

@@ -256,12 +256,13 @@ class EventContext(UnpersistedEventContextBase):
        not make it into the room state. This method will raise an exception if
        ``rejected`` is set.

-        It is also an error to access this for an outlier event.
-
        Arg:
           state_filter: specifies the type of state event to fetch from DB, example: EventTypes.JoinRules

        Returns:
+            Returns None if state_group is None, which happens when the associated
+            event is an outlier.
+
            Maps a (type, state_key) to the event ID of the state event matching
            this tuple.
        """
@@ -299,8 +300,7 @@ class EventContext(UnpersistedEventContextBase):
            this tuple.
        """

-        if self.state_group_before_event is None:
-            return {}
+        assert self.state_group_before_event is not None
        return await self._storage.state.get_state_ids_for_group(
            self.state_group_before_event, state_filter
        )
@@ -140,6 +140,7 @@ from typing import (
    Iterable,
    List,
    Optional,
+    Set,
    Tuple,
 )

@@ -169,13 +170,7 @@ from synapse.metrics.background_process_metrics import (
    run_as_background_process,
    wrap_as_background_process,
 )
-from synapse.types import (
-    JsonDict,
-    ReadReceipt,
-    RoomStreamToken,
-    StrCollection,
-    get_domain_from_id,
-)
+from synapse.types import JsonDict, ReadReceipt, RoomStreamToken, StrCollection
 from synapse.util import Clock
 from synapse.util.metrics import Measure
 from synapse.util.retryutils import filter_destinations_by_retry_limiter
@@ -302,10 +297,12 @@ class _DestinationWakeupQueue:
    # being woken up.
    _MAX_TIME_IN_QUEUE = 30.0

+    # The maximum duration in seconds between waking up consecutive destination
+    # queues.
+    _MAX_DELAY = 0.1
+
    sender: "FederationSender" = attr.ib()
    clock: Clock = attr.ib()
-    max_delay_s: int = attr.ib()
-
    queue: "OrderedDict[str, Literal[None]]" = attr.ib(factory=OrderedDict)
    processing: bool = attr.ib(default=False)

@@ -335,7 +332,7 @@ class _DestinationWakeupQueue:
            # We also add an upper bound to the delay, to gracefully handle the
            # case where the queue only has a few entries in it.
            current_sleep_seconds = min(
-                self.max_delay_s, self._MAX_TIME_IN_QUEUE / len(self.queue)
+                self._MAX_DELAY, self._MAX_TIME_IN_QUEUE / len(self.queue)
            )

            while self.queue:
@@ -419,15 +416,20 @@ class FederationSender(AbstractFederationSender):
        self._is_processing = False
        self._last_poked_id = -1

-        self._external_cache = hs.get_external_cache()
+        # map from room_id to a set of PerDestinationQueues which we believe are
+        # awaiting a call to flush_read_receipts_for_room. The presence of an entry
+        # here for a given room means that we are rate-limiting RR flushes to that room,
+        # and that there is a pending call to _flush_rrs_for_room in the system.
+        self._queues_awaiting_rr_flush_by_room: Dict[str, Set[PerDestinationQueue]] = {}

-        rr_txn_interval_per_room_s = (
-            1.0 / hs.config.ratelimiting.federation_rr_transactions_per_room_per_second
-        )
-        self._destination_wakeup_queue = _DestinationWakeupQueue(
-            self, self.clock, max_delay_s=rr_txn_interval_per_room_s
+        self._rr_txn_interval_per_room_ms = (
+            1000.0
+            / hs.config.ratelimiting.federation_rr_transactions_per_room_per_second
        )

+        self._external_cache = hs.get_external_cache()
+        self._destination_wakeup_queue = _DestinationWakeupQueue(self, self.clock)
+
        # Regularly wake up destinations that have outstanding PDUs to be caught up
        self.clock.looping_call_now(
            run_as_background_process,
@@ -743,48 +745,37 @@ class FederationSender(AbstractFederationSender):

        # Some background on the rate-limiting going on here.
        #
-        # It turns out that if we attempt to send out RRs as soon as we get them
-        # from a client, then we end up trying to do several hundred Hz of
-        # federation transactions. (The number of transactions scales as O(N^2)
-        # on the size of a room, since in a large room we have both more RRs
-        # coming in, and more servers to send them to.)
+        # It turns out that if we attempt to send out RRs as soon as we get them from
+        # a client, then we end up trying to do several hundred Hz of federation
+        # transactions. (The number of transactions scales as O(N^2) on the size of a
+        # room, since in a large room we have both more RRs coming in, and more servers
+        # to send them to.)
        #
-        # This leads to a lot of CPU load, and we end up getting behind. The
-        # solution currently adopted is to differentiate between receipts and
-        # destinations we should immediately send to, and those we can trickle
-        # the receipts to.
+        # This leads to a lot of CPU load, and we end up getting behind. The solution
+        # currently adopted is as follows:
        #
-        # The current logic is to send receipts out immediately if:
-        #   - the room is "small", i.e. there's only N servers to send receipts
-        #     to, and so sending out the receipts immediately doesn't cause too
-        #     much load; or
-        #   - the receipt is for an event that happened recently, as users
-        #     notice if receipts are delayed when they know other users are
-        #     currently reading the room; or
-        #   - the receipt is being sent to the server that sent the event, so
-        #     that users see receipts for their own receipts quickly.
+        # The first receipt in a given room is sent out immediately, at time T0. Any
+        # further receipts are, in theory, batched up for N seconds, where N is calculated
+        # based on the number of servers in the room to achieve a transaction frequency
+        # of around 50Hz. So, for example, if there were 100 servers in the room, then
+        # N would be 100 / 50Hz = 2 seconds.
        #
-        # For destinations that we should delay sending the receipt to, we queue
-        # the receipts up to be sent in the next transaction, but don't trigger
-        # a new transaction to be sent. We then add the destination to the
-        # `DestinationWakeupQueue`, which will slowly iterate over each
-        # destination and trigger a new transaction to be sent.
+        # Then, after T+N, we flush out any receipts that have accumulated, and restart
+        # the timer to flush out more receipts at T+2N, etc. If no receipts accumulate,
+        # we stop the cycle and go back to the start.
        #
-        # However, in practice, it is often possible to send out delayed
-        # receipts earlier: in particular, if we are sending a transaction to a
-        # given server anyway (for example, because we have a PDU or a RR in
-        # another room to send), then we may as well send out all of the pending
-        # RRs for that server. So it may be that by the time we get to waking up
-        # the destination, we don't actually have any RRs left to send out.
+        # However, in practice, it is often possible to flush out receipts earlier: in
+        # particular, if we are sending a transaction to a given server anyway (for
+        # example, because we have a PDU or a RR in another room to send), then we may
+        # as well send out all of the pending RRs for that server. So it may be that
+        # by the time we get to T+N, we don't actually have any RRs left to send out.
+        # Nevertheless we continue to buffer up RRs for the room in question until we
+        # reach the point that no RRs arrive between timer ticks.
        #
-        # For even more background, see
-        # https://github.com/matrix-org/synapse/issues/4730.
+        # For even more background, see https://github.com/matrix-org/synapse/issues/4730.

        room_id = receipt.room_id

-        # Local read receipts always have 1 event ID.
-        event_id = receipt.event_ids[0]
-
        # Work out which remote servers should be poked and poke them.
        domains_set = await self._storage_controllers.state.get_current_hosts_in_room_or_partial_state_approximation(
            room_id
@@ -806,51 +797,49 @@ class FederationSender(AbstractFederationSender):
        if not domains:
            return

-        # We now split which domains we want to wake up immediately vs which we
-        # want to delay waking up.
-        immediate_domains: StrCollection
-        delay_domains: StrCollection
+        queues_pending_flush = self._queues_awaiting_rr_flush_by_room.get(room_id)

-        if len(domains) < 10:
-            # For "small" rooms send to all domains immediately
-            immediate_domains = domains
-            delay_domains = ()
+        # if there is no flush yet scheduled, we will send out these receipts with
+        # immediate flushes, and schedule the next flush for this room.
+        if queues_pending_flush is not None:
+            logger.debug("Queuing receipt for: %r", domains)
        else:
-            metadata = await self.store.get_metadata_for_event(
-                receipt.room_id, event_id
-            )
-            assert metadata is not None
+            logger.debug("Sending receipt to: %r", domains)
+            self._schedule_rr_flush_for_room(room_id, len(domains))

-            sender_domain = get_domain_from_id(metadata.sender)
+        for domain in domains:
+            queue = self._get_per_destination_queue(domain)
+            queue.queue_read_receipt(receipt)

-            if self.clock.time_msec() - metadata.received_ts < 60_000:
-                # We always send receipts for recent messages immediately
-                immediate_domains = domains
-                delay_domains = ()
+            # if there is already a RR flush pending for this room, then make sure this
+            # destination is registered for the flush
+            if queues_pending_flush is not None:
+                queues_pending_flush.add(queue)
            else:
-                # Otherwise, we delay waking up all destinations except for the
-                # sender's domain.
-                immediate_domains = []
-                delay_domains = []
-                for domain in domains:
-                    if domain == sender_domain:
-                        immediate_domains.append(domain)
-                    else:
-                        delay_domains.append(domain)
+                queue.flush_read_receipts_for_room(room_id)

-        for domain in immediate_domains:
-            # Add to destination queue and wake the destination up
-            queue = self._get_per_destination_queue(domain)
-            queue.queue_read_receipt(receipt)
-            queue.attempt_new_transaction()
+    def _schedule_rr_flush_for_room(self, room_id: str, n_domains: int) -> None:
+        # that is going to cause approximately len(domains) transactions, so now back
+        # off for that multiplied by RR_TXN_INTERVAL_PER_ROOM
+        backoff_ms = self._rr_txn_interval_per_room_ms * n_domains

-        for domain in delay_domains:
-            # Add to destination queue...
-            queue = self._get_per_destination_queue(domain)
-            queue.queue_read_receipt(receipt)
+        logger.debug("Scheduling RR flush in %s in %d ms", room_id, backoff_ms)
+        self.clock.call_later(backoff_ms, self._flush_rrs_for_room, room_id)
+        self._queues_awaiting_rr_flush_by_room[room_id] = set()

-            # ... and schedule the destination to be woken up.
-            self._destination_wakeup_queue.add_to_queue(domain)
+    def _flush_rrs_for_room(self, room_id: str) -> None:
+        queues = self._queues_awaiting_rr_flush_by_room.pop(room_id)
+        logger.debug("Flushing RRs in %s to %s", room_id, queues)
+
+        if not queues:
+            # no more RRs arrived for this room; we are done.
+            return
+
+        # schedule the next flush
+        self._schedule_rr_flush_for_room(room_id, len(queues))
+
+        for queue in queues:
+            queue.flush_read_receipts_for_room(room_id)

    async def send_presence_to_destinations(
        self, states: Iterable[UserPresenceState], destinations: Iterable[str]
@@ -156,6 +156,7 @@ class PerDestinationQueue:
        # Each receipt can only have a single receipt per
        # (room ID, receipt type, user ID, thread ID) tuple.
        self._pending_receipt_edus: List[Dict[str, Dict[str, Dict[str, dict]]]] = []
+        self._rrs_pending_flush = False

        # stream_id of last successfully sent to-device message.
        # NB: may be a long or an int.
@@ -257,7 +258,15 @@ class PerDestinationQueue:
                }
            )

-        self.mark_new_data()
+    def flush_read_receipts_for_room(self, room_id: str) -> None:
+        # If there are any pending receipts for this room then force-flush them
+        # in a new transaction.
+        for edu in self._pending_receipt_edus:
+            if room_id in edu:
+                self._rrs_pending_flush = True
+                self.attempt_new_transaction()
+                # No use in checking remaining EDUs if the room was found.
+                break

    def send_keyed_edu(self, edu: Edu, key: Hashable) -> None:
        self._pending_edus_keyed[(edu.edu_type, key)] = edu
@@ -594,9 +603,12 @@ class PerDestinationQueue:
                    self._destination, last_successful_stream_ordering
                )

-    def _get_receipt_edus(self, limit: int) -> Iterable[Edu]:
+    def _get_receipt_edus(self, force_flush: bool, limit: int) -> Iterable[Edu]:
        if not self._pending_receipt_edus:
            return
+        if not force_flush and not self._rrs_pending_flush:
+            # not yet time for this lot
+            return

        # Send at most limit EDUs for receipts.
        for content in self._pending_receipt_edus[:limit]:
@@ -735,7 +747,7 @@ class _TransactionQueueManager:
            )

        # Add read receipt EDUs.
-        pending_edus.extend(self.queue._get_receipt_edus(limit=5))
+        pending_edus.extend(self.queue._get_receipt_edus(force_flush=False, limit=5))
        edu_limit = MAX_EDUS_PER_TRANSACTION - len(pending_edus)

        # Next, prioritize to-device messages so that existing encryption channels
@@ -783,6 +795,13 @@ class _TransactionQueueManager:
        if not self._pdus and not pending_edus:
            return [], []

+        # if we've decided to send a transaction anyway, and we have room, we
+        # may as well send any pending RRs
+        if edu_limit:
+            pending_edus.extend(
+                self.queue._get_receipt_edus(force_flush=True, limit=edu_limit)
+            )
+
        if self._pdus:
            self._last_stream_ordering = self._pdus[
                -1
@@ -509,9 +509,6 @@ class FederationV2InviteServlet(BaseFederationServerServlet):
        event = content["event"]
        invite_room_state = content.get("invite_room_state", [])

-        if not isinstance(invite_room_state, list):
-            invite_room_state = []
-
        # Synapse expects invite_room_state to be in unsigned, as it is in v1
        # API

@@ -124,7 +124,6 @@ class AdminHandler:
            "consent_ts": user_info.consent_ts,
            "user_type": user_info.user_type,
            "is_guest": user_info.is_guest,
-            "suspended": user_info.suspended,
        }

        if self._msc3866_enabled:
@@ -473,7 +472,7 @@ class AdminHandler:
                    "type": EventTypes.Redaction,
                    "content": {"reason": reason} if reason else {},
                    "room_id": room,
-                    "sender": requester.user.to_string(),
+                    "sender": user_id,
                }
                if room_version.updated_redaction_rules:
                    event_dict["content"]["redacts"] = event.event_id
@@ -896,10 +896,10 @@ class ApplicationServicesHandler:
        results = await make_deferred_yieldable(
            defer.DeferredList(
                [
-                    run_in_background(  # type: ignore[call-overload]
+                    run_in_background(
                        self.appservice_api.claim_client_keys,
                        # We know this must be an app service.
-                        self.store.get_app_service_by_id(service_id),
+                        self.store.get_app_service_by_id(service_id),  # type: ignore[arg-type]
                        service_query,
                    )
                    for service_id, service_query in query_by_appservice.items()
@@ -952,10 +952,10 @@ class ApplicationServicesHandler:
        results = await make_deferred_yieldable(
            defer.DeferredList(
                [
-                    run_in_background(  # type: ignore[call-overload]
+                    run_in_background(
                        self.appservice_api.query_keys,
                        # We know this must be an app service.
-                        self.store.get_app_service_by_id(service_id),
+                        self.store.get_app_service_by_id(service_id),  # type: ignore[arg-type]
                        service_query,
                    )
                    for service_id, service_query in query_by_appservice.items()
@@ -729,40 +729,6 @@ class DeviceHandler(DeviceWorkerHandler):

        await self.notify_device_update(user_id, device_ids)

-    async def upsert_device(
-        self, user_id: str, device_id: str, display_name: Optional[str] = None
-    ) -> bool:
-        """Create or update a device
-
-        Args:
-            user_id: The user to update devices of.
-            device_id: The device to update.
-            display_name: The new display name for this device.
-
-        Returns:
-            True if the device was created, False if it was updated.
-
-        """
-
-        # Reject a new displayname which is too long.
-        self._check_device_name_length(display_name)
-
-        created = await self.store.store_device(
-            user_id,
-            device_id,
-            initial_device_display_name=display_name,
-        )
-
-        if not created:
-            await self.store.update_device(
-                user_id,
-                device_id,
-                new_display_name=display_name,
-            )
-
-        await self.notify_device_update(user_id, [device_id])
-        return created
-
    async def update_device(self, user_id: str, device_id: str, content: dict) -> None:
        """Update the given device

@@ -39,8 +39,6 @@ from synapse.replication.http.devices import ReplicationUploadKeysForUserRestSer
 from synapse.types import (
    JsonDict,
    JsonMapping,
-    ScheduledTask,
-    TaskStatus,
    UserID,
    get_domain_from_id,
    get_verify_key_from_cross_signing_key,
@@ -72,7 +70,6 @@ class E2eKeysHandler:
        self.is_mine = hs.is_mine
        self.clock = hs.get_clock()
        self._worker_lock_handler = hs.get_worker_locks_handler()
-        self._task_scheduler = hs.get_task_scheduler()

        federation_registry = hs.get_federation_registry()

@@ -119,10 +116,6 @@ class E2eKeysHandler:
            hs.config.experimental.msc3984_appservice_key_query
        )

-        self._task_scheduler.register_action(
-            self._delete_old_one_time_keys_task, "delete_old_otks"
-        )
-
    @trace
    @cancellable
    async def query_devices(
@@ -1581,45 +1574,6 @@ class E2eKeysHandler:
                    return True
        return False

-    async def _delete_old_one_time_keys_task(
-        self, task: ScheduledTask
-    ) -> Tuple[TaskStatus, Optional[JsonMapping], Optional[str]]:
-        """Scheduler task to delete old one time keys.
-
-        Until Synapse 1.119, Synapse used to issue one-time-keys in a random order, leading to the possibility
-        that it could still have old OTKs that the client has dropped. This task is scheduled exactly once
-        by a database schema delta file, and it clears out old one-time-keys that look like they came from libolm.
-        """
-        last_user = task.result.get("from_user", "") if task.result else ""
-        while True:
-            # We process users in batches of 100
-            users, rowcount = await self.store.delete_old_otks_for_next_user_batch(
-                last_user, 100
-            )
-            if len(users) == 0:
-                # We're done!
-                return TaskStatus.COMPLETE, None, None
-
-            logger.debug(
-                "Deleted %i old one-time-keys for users '%s'..'%s'",
-                rowcount,
-                users[0],
-                users[-1],
-            )
-            last_user = users[-1]
-
-            # Store our progress
-            await self._task_scheduler.update_task(
-                task.id, result={"from_user": last_user}
-            )
-
-            # Sleep a little before doing the next user.
-            #
-            # matrix.org has about 15M users in the e2e_one_time_keys_json table
-            # (comprising 20M devices). We want this to take about a week, so we need
-            # to do about one batch of 100 users every 4 seconds.
-            await self.clock.sleep(4)
-

 def _check_cross_signing_key(
    key: JsonDict, user_id: str, key_type: str, signing_key: Optional[VerifyKey] = None
@@ -880,9 +880,6 @@ class FederationHandler:
        if stripped_room_state is None:
            raise KeyError("Missing 'knock_room_state' field in send_knock response")

-        if not isinstance(stripped_room_state, list):
-            raise TypeError("'knock_room_state' has wrong type")
-
        event.unsigned["knock_room_state"] = stripped_room_state

        context = EventContext.for_outlier(self._storage_controllers)
@@ -22,7 +22,6 @@ import logging
 import random
 from typing import TYPE_CHECKING, List, Optional, Union

-from synapse.api.constants import ProfileFields
 from synapse.api.errors import (
    AuthError,
    Codes,
@@ -32,7 +31,7 @@ from synapse.api.errors import (
    SynapseError,
 )
 from synapse.storage.databases.main.media_repository import LocalMedia, RemoteMedia
-from synapse.types import JsonDict, JsonValue, Requester, UserID, create_requester
+from synapse.types import JsonDict, Requester, UserID, create_requester
 from synapse.util.caches.descriptors import cached
 from synapse.util.stringutils import parse_and_validate_mxc_uri

@@ -43,8 +42,6 @@ logger = logging.getLogger(__name__)

 MAX_DISPLAYNAME_LEN = 256
 MAX_AVATAR_URL_LEN = 1000
-# Field name length is specced at 255 bytes.
-MAX_CUSTOM_FIELD_LEN = 255


 class ProfileHandler:
@@ -86,33 +83,19 @@ class ProfileHandler:

        Returns:
            A JSON dictionary. For local queries this will include the displayname and avatar_url
-            fields, if set. For remote queries it may contain arbitrary information.
+            fields. For remote queries it may contain arbitrary information.
        """
        target_user = UserID.from_string(user_id)

        if self.hs.is_mine(target_user):
            profileinfo = await self.store.get_profileinfo(target_user)
-            extra_fields = {}
-            if self.hs.config.experimental.msc4133_enabled:
-                extra_fields = await self.store.get_profile_fields(target_user)
-
-            if (
-                profileinfo.display_name is None
-                and profileinfo.avatar_url is None
-                and not extra_fields
-            ):
+            if profileinfo.display_name is None and profileinfo.avatar_url is None:
                raise SynapseError(404, "Profile was not found", Codes.NOT_FOUND)

-            # Do not include display name or avatar if unset.
-            ret = {}
-            if profileinfo.display_name is not None:
-                ret[ProfileFields.DISPLAYNAME] = profileinfo.display_name
-            if profileinfo.avatar_url is not None:
-                ret[ProfileFields.AVATAR_URL] = profileinfo.avatar_url
-            if extra_fields:
-                ret.update(extra_fields)
-
-            return ret
+            return {
+                "displayname": profileinfo.display_name,
+                "avatar_url": profileinfo.avatar_url,
+            }
        else:
            try:
                result = await self.federation.make_query(
@@ -416,110 +399,6 @@ class ProfileHandler:

        return True

-    async def get_profile_field(
-        self, target_user: UserID, field_name: str
-    ) -> JsonValue:
-        """
-        Fetch a user's profile from the database for local users and over federation
-        for remote users.
-
-        Args:
-            target_user: The user ID to fetch the profile for.
-            field_name: The field to fetch the profile for.
-
-        Returns:
-            The value for the profile field or None if the field does not exist.
-        """
-        if self.hs.is_mine(target_user):
-            try:
-                field_value = await self.store.get_profile_field(
-                    target_user, field_name
-                )
-            except StoreError as e:
-                if e.code == 404:
-                    raise SynapseError(404, "Profile was not found", Codes.NOT_FOUND)
-                raise
-
-            return field_value
-        else:
-            try:
-                result = await self.federation.make_query(
-                    destination=target_user.domain,
-                    query_type="profile",
-                    args={"user_id": target_user.to_string(), "field": field_name},
-                    ignore_backoff=True,
-                )
-            except RequestSendFailed as e:
-                raise SynapseError(502, "Failed to fetch profile") from e
-            except HttpResponseException as e:
-                raise e.to_synapse_error()
-
-            return result.get(field_name)
-
-    async def set_profile_field(
-        self,
-        target_user: UserID,
-        requester: Requester,
-        field_name: str,
-        new_value: JsonValue,
-        by_admin: bool = False,
-        deactivation: bool = False,
-    ) -> None:
-        """Set a new profile field for a user.
-
-        Args:
-            target_user: the user whose profile is to be changed.
-            requester: The user attempting to make this change.
-            field_name: The name of the profile field to update.
-            new_value: The new field value for this user.
-            by_admin: Whether this change was made by an administrator.
-            deactivation: Whether this change was made while deactivating the user.
-        """
-        if not self.hs.is_mine(target_user):
-            raise SynapseError(400, "User is not hosted on this homeserver")
-
-        if not by_admin and target_user != requester.user:
-            raise AuthError(403, "Cannot set another user's profile")
-
-        await self.store.set_profile_field(target_user, field_name, new_value)
-
-        # Custom fields do not propagate into the user directory *or* rooms.
-        profile = await self.store.get_profileinfo(target_user)
-        await self._third_party_rules.on_profile_update(
-            target_user.to_string(), profile, by_admin, deactivation
-        )
-
-    async def delete_profile_field(
-        self,
-        target_user: UserID,
-        requester: Requester,
-        field_name: str,
-        by_admin: bool = False,
-        deactivation: bool = False,
-    ) -> None:
-        """Delete a field from a user's profile.
-
-        Args:
-            target_user: the user whose profile is to be changed.
-            requester: The user attempting to make this change.
-            field_name: The name of the profile field to remove.
-            by_admin: Whether this change was made by an administrator.
-            deactivation: Whether this change was made while deactivating the user.
-        """
-        if not self.hs.is_mine(target_user):
-            raise SynapseError(400, "User is not hosted on this homeserver")
-
-        if not by_admin and target_user != requester.user:
-            raise AuthError(400, "Cannot set another user's profile")
-
-        await self.store.delete_profile_field(target_user, field_name)
-
-        # Custom fields do not propagate into the user directory *or* rooms.
-        profile = await self.store.get_profileinfo(target_user)
-        await self._third_party_rules.on_profile_update(
-            target_user.to_string(), profile, by_admin, deactivation
-        )
-
    async def on_profile_query(self, args: JsonDict) -> JsonDict:
        """Handles federation profile query requests."""

@@ -536,24 +415,13 @@ class ProfileHandler:

        just_field = args.get("field", None)

-        response: JsonDict = {}
+        response = {}
        try:
-            if just_field is None or just_field == ProfileFields.DISPLAYNAME:
+            if just_field is None or just_field == "displayname":
                response["displayname"] = await self.store.get_profile_displayname(user)

-            if just_field is None or just_field == ProfileFields.AVATAR_URL:
+            if just_field is None or just_field == "avatar_url":
                response["avatar_url"] = await self.store.get_profile_avatar_url(user)
-
-            if self.hs.config.experimental.msc4133_enabled:
-                if just_field is None:
-                    response.update(await self.store.get_profile_fields(user))
-                elif just_field not in (
-                    ProfileFields.DISPLAYNAME,
-                    ProfileFields.AVATAR_URL,
-                ):
-                    response[just_field] = await self.store.get_profile_field(
-                        user, just_field
-                    )
        except StoreError as e:
            if e.code == 404:
                raise SynapseError(404, "Profile was not found", Codes.NOT_FOUND)
@@ -630,9 +630,7 @@ class RegistrationHandler:
        """
        await self._auto_join_rooms(user_id)

-    async def appservice_register(
-        self, user_localpart: str, as_token: str
-    ) -> Tuple[str, ApplicationService]:
+    async def appservice_register(self, user_localpart: str, as_token: str) -> str:
        user = UserID(user_localpart, self.hs.hostname)
        user_id = user.to_string()
        service = self.store.get_app_service_by_token(as_token)
@@ -655,7 +653,7 @@ class RegistrationHandler:
            appservice_id=service_id,
            create_profile_with_displayname=user.localpart,
        )
-        return (user_id, service)
+        return user_id

    def check_user_id_not_appservice_exclusive(
        self, user_id: str, allowed_appservice: Optional[ApplicationService] = None
@@ -47,45 +47,15 @@ logger = logging.getLogger(__name__)
 _is_old_twisted = parse_version(twisted.__version__) < parse_version("21")


-class _BackportESMTPSender(ESMTPSender):
-    """Extend old versions of ESMTPSender to configure TLS.
+class _NoTLSESMTPSender(ESMTPSender):
+    """Extend ESMTPSender to disable TLS

-    Unfortunately, before Twisted 21.2, ESMTPSender doesn't give an easy way to
-    disable TLS, or to configure the hostname used for TLS certificate validation.
-    This backports the `hostname` parameter for that functionality.
+    Unfortunately, before Twisted 21.2, ESMTPSender doesn't give an easy way to disable
+    TLS, so we override its internal method which it uses to generate a context factory.
    """

-    __hostname: Optional[str]
-
-    def __init__(self, *args: Any, **kwargs: Any) -> None:
-        """"""
-        self.__hostname = kwargs.pop("hostname", None)
-        super().__init__(*args, **kwargs)
-
    def _getContextFactory(self) -> Optional[IOpenSSLContextFactory]:
-        if self.context is not None:
-            return self.context
-        elif self.__hostname is None:
-            return None  # disable TLS if hostname is None
-        return optionsForClientTLS(self.__hostname)
-
-
-class _BackportESMTPSenderFactory(ESMTPSenderFactory):
-    """An ESMTPSenderFactory for _BackportESMTPSender.
-
-    This backports the `hostname` parameter, to disable or configure TLS.
-    """
-
-    __hostname: Optional[str]
-
-    def __init__(self, *args: Any, **kwargs: Any) -> None:
-        self.__hostname = kwargs.pop("hostname", None)
-        super().__init__(*args, **kwargs)
-
-    def protocol(self, *args: Any, **kwargs: Any) -> ESMTPSender:  # type: ignore
-        # this overrides ESMTPSenderFactory's `protocol` attribute, with a Callable
-        # instantiating our _BackportESMTPSender, providing the hostname parameter
-        return _BackportESMTPSender(*args, **kwargs, hostname=self.__hostname)
+        return None


 async def _sendmail(
@@ -101,7 +71,6 @@ async def _sendmail(
    require_tls: bool = False,
    enable_tls: bool = True,
    force_tls: bool = False,
-    tlsname: Optional[str] = None,
 ) -> None:
    """A simple wrapper around ESMTPSenderFactory, to allow substitution in tests

@@ -119,33 +88,39 @@ async def _sendmail(
        enable_tls: True to enable STARTTLS. If this is False and require_tls is True,
           the request will fail.
        force_tls: True to enable Implicit TLS.
-        tlsname: the domain name expected as the TLS certificate's commonname,
-           defaults to smtphost.
    """
    msg = BytesIO(msg_bytes)
    d: "Deferred[object]" = Deferred()
-    if not enable_tls:
-        tlsname = None
-    elif tlsname is None:
-        tlsname = smtphost

-    factory: IProtocolFactory = (
-        _BackportESMTPSenderFactory if _is_old_twisted else ESMTPSenderFactory
-    )(
-        username,
-        password,
-        from_addr,
-        to_addr,
-        msg,
-        d,
-        heloFallback=True,
-        requireAuthentication=require_auth,
-        requireTransportSecurity=require_tls,
-        hostname=tlsname,
-    )
+    def build_sender_factory(**kwargs: Any) -> ESMTPSenderFactory:
+        return ESMTPSenderFactory(
+            username,
+            password,
+            from_addr,
+            to_addr,
+            msg,
+            d,
+            heloFallback=True,
+            requireAuthentication=require_auth,
+            requireTransportSecurity=require_tls,
+            **kwargs,
+        )
+
+    factory: IProtocolFactory
+    if _is_old_twisted:
+        # before twisted 21.2, we have to override the ESMTPSender protocol to disable
+        # TLS
+        factory = build_sender_factory()
+
+        if not enable_tls:
+            factory.protocol = _NoTLSESMTPSender
+    else:
+        # for twisted 21.2 and later, there is a 'hostname' parameter which we should
+        # set to enable TLS.
+        factory = build_sender_factory(hostname=smtphost if enable_tls else None)

    if force_tls:
-        factory = TLSMemoryBIOFactory(optionsForClientTLS(tlsname), True, factory)
+        factory = TLSMemoryBIOFactory(optionsForClientTLS(smtphost), True, factory)

    endpoint = HostnameEndpoint(
        reactor, smtphost, smtpport, timeout=30, bindAddress=None
@@ -173,7 +148,6 @@ class SendEmailHandler:
        self._require_transport_security = hs.config.email.require_transport_security
        self._enable_tls = hs.config.email.enable_smtp_tls
        self._force_tls = hs.config.email.force_tls
-        self._tlsname = hs.config.email.email_tlsname

        self._sendmail = _sendmail

@@ -253,5 +227,4 @@ class SendEmailHandler:
            require_tls=self._require_transport_security,
            enable_tls=self._enable_tls,
            force_tls=self._force_tls,
-            tlsname=self._tlsname,
        )
@@ -39,7 +39,6 @@ from synapse.logging.opentracing import (
    trace,
 )
 from synapse.storage.databases.main.roommember import extract_heroes_from_room_summary
-from synapse.storage.databases.main.state_deltas import StateDelta
 from synapse.storage.databases.main.stream import PaginateFunction
 from synapse.storage.roommember import (
    MemberSummary,
@@ -49,7 +48,6 @@ from synapse.types import (
    MutableStateMap,
    PersistedEventPosition,
    Requester,
-    RoomStreamToken,
    SlidingSyncStreamToken,
    StateMap,
    StrCollection,
@@ -472,64 +470,6 @@ class SlidingSyncHandler:

        return state_map

-    @trace
-    async def get_current_state_deltas_for_room(
-        self,
-        room_id: str,
-        room_membership_for_user_at_to_token: RoomsForUserType,
-        from_token: RoomStreamToken,
-        to_token: RoomStreamToken,
-    ) -> List[StateDelta]:
-        """
-        Get the state deltas between two tokens taking into account the user's
-        membership. If the user is LEAVE/BAN, we will only get the state deltas up to
-        their LEAVE/BAN event (inclusive).
-
-        (> `from_token` and <= `to_token`)
-        """
-        membership = room_membership_for_user_at_to_token.membership
-        # We don't know how to handle `membership` values other than these. The
-        # code below would need to be updated.
-        assert membership in (
-            Membership.JOIN,
-            Membership.INVITE,
-            Membership.KNOCK,
-            Membership.LEAVE,
-            Membership.BAN,
-        )
-
-        # People shouldn't see past their leave/ban event
-        if membership in (
-            Membership.LEAVE,
-            Membership.BAN,
-        ):
-            to_bound = (
-                room_membership_for_user_at_to_token.event_pos.to_room_stream_token()
-            )
-        # If we are participating in the room, we can get the latest current state in
-        # the room
-        elif membership == Membership.JOIN:
-            to_bound = to_token
-        # We can only rely on the stripped state included in the invite/knock event
-        # itself so there will never be any state deltas to send down.
-        elif membership in (Membership.INVITE, Membership.KNOCK):
-            return []
-        else:
-            # We don't know how to handle this type of membership yet
-            #
-            # FIXME: We should use `assert_never` here but for some reason
-            # the exhaustive matching doesn't recognize the `Never` here.
-            # assert_never(membership)
-            raise AssertionError(
-                f"Unexpected membership {membership} that we don't know how to handle yet"
-            )
-
-        return await self.store.get_current_state_deltas_for_room(
-            room_id=room_id,
-            from_token=from_token,
-            to_token=to_bound,
-        )
-
    @trace
    async def get_room_sync_data(
        self,
@@ -815,19 +755,13 @@ class SlidingSyncHandler:

            stripped_state = []
            if invite_or_knock_event.membership == Membership.INVITE:
-                invite_state = invite_or_knock_event.unsigned.get(
-                    "invite_room_state", []
+                stripped_state.extend(
+                    invite_or_knock_event.unsigned.get("invite_room_state", [])
                )
-                if not isinstance(invite_state, list):
-                    invite_state = []
-
-                stripped_state.extend(invite_state)
            elif invite_or_knock_event.membership == Membership.KNOCK:
-                knock_state = invite_or_knock_event.unsigned.get("knock_room_state", [])
-                if not isinstance(knock_state, list):
-                    knock_state = []
-
-                stripped_state.extend(knock_state)
+                stripped_state.extend(
+                    invite_or_knock_event.unsigned.get("knock_room_state", [])
+                )

            stripped_state.append(strip_event(invite_or_knock_event))

@@ -856,9 +790,8 @@ class SlidingSyncHandler:
            # TODO: Limit the number of state events we're about to send down
            # the room, if its too many we should change this to an
            # `initial=True`?
-            deltas = await self.get_current_state_deltas_for_room(
+            deltas = await self.store.get_current_state_deltas_for_room(
                room_id=room_id,
-                room_membership_for_user_at_to_token=room_membership_for_user_at_to_token,
                from_token=from_bound,
                to_token=to_token.room_key,
            )
@@ -1022,21 +955,15 @@ class SlidingSyncHandler:
                            and state_key == StateValues.LAZY
                        ):
                            lazy_load_room_members = True
-
                            # Everyone in the timeline is relevant
+                            #
+                            # FIXME: We probably also care about invite, ban, kick, targets, etc
+                            # but the spec only mentions "senders".
                            timeline_membership: Set[str] = set()
                            if timeline_events is not None:
                                for timeline_event in timeline_events:
-                                    # Anyone who sent a message is relevant
                                    timeline_membership.add(timeline_event.sender)

-                                    # We also care about invite, ban, kick, targets,
-                                    # etc.
-                                    if timeline_event.type == EventTypes.Member:
-                                        timeline_membership.add(
-                                            timeline_event.state_key
-                                        )
-
                            # Update the required state filter so we pick up the new
                            # membership
                            for user_id in timeline_membership:
@@ -43,7 +43,7 @@ from typing_extensions import Protocol
 from twisted.web.iweb import IRequest
 from twisted.web.server import Request

-from synapse.api.constants import LoginType, ProfileFields
+from synapse.api.constants import LoginType
 from synapse.api.errors import Codes, NotFoundError, RedirectException, SynapseError
 from synapse.config.sso import SsoAttributeRequirement
 from synapse.handlers.device import DeviceHandler
@@ -813,10 +813,9 @@ class SsoHandler:

            # bail if user already has the same avatar
            profile = await self._profile_handler.get_profile(user_id)
-            if ProfileFields.AVATAR_URL in profile:
-                avatar_url_parts = profile[ProfileFields.AVATAR_URL].split("/")
-                server_name = avatar_url_parts[-2]
-                media_id = avatar_url_parts[-1]
+            if profile["avatar_url"] is not None:
+                server_name = profile["avatar_url"].split("/")[-2]
+                media_id = profile["avatar_url"].split("/")[-1]
                if self._is_mine_server_name(server_name):
                    media = await self._media_repo.store.get_local_media(media_id)  # type: ignore[has-type]
                    if media is not None and upload_name == media.upload_name:
@@ -26,13 +26,7 @@ from typing import TYPE_CHECKING, List, Optional, Set, Tuple
 from twisted.internet.interfaces import IDelayedCall

 import synapse.metrics
-from synapse.api.constants import (
-    EventTypes,
-    HistoryVisibility,
-    JoinRules,
-    Membership,
-    ProfileFields,
-)
+from synapse.api.constants import EventTypes, HistoryVisibility, JoinRules, Membership
 from synapse.api.errors import Codes, SynapseError
 from synapse.handlers.state_deltas import MatchChange, StateDeltasHandler
 from synapse.metrics.background_process_metrics import run_as_background_process
@@ -167,7 +161,7 @@ class UserDirectoryHandler(StateDeltasHandler):
        non_spammy_users = []
        for user in results["results"]:
            if not await self._spam_checker_module_callbacks.check_username_for_spam(
-                user, user_id
+                user
            ):
                non_spammy_users.append(user)
        results["results"] = non_spammy_users
@@ -762,10 +756,6 @@ class UserDirectoryHandler(StateDeltasHandler):

                await self.store.update_profile_in_user_dir(
                    user_id,
-                    display_name=non_null_str_or_none(
-                        profile.get(ProfileFields.DISPLAYNAME)
-                    ),
-                    avatar_url=non_null_str_or_none(
-                        profile.get(ProfileFields.AVATAR_URL)
-                    ),
+                    display_name=non_null_str_or_none(profile.get("displayname")),
+                    avatar_url=non_null_str_or_none(profile.get("avatar_url")),
                )
@@ -36,12 +36,13 @@ from typing import (
 )

 import attr
+import multipart
 import treq
 from canonicaljson import encode_canonical_json
 from netaddr import AddrFormatError, IPAddress, IPSet
 from prometheus_client import Counter
 from typing_extensions import Protocol
-from zope.interface import implementer
+from zope.interface import implementer, provider

 from OpenSSL import SSL
 from OpenSSL.SSL import VERIFY_NONE
@@ -92,20 +93,6 @@ from synapse.util.async_helpers import timeout_deferred
 if TYPE_CHECKING:
    from synapse.server import HomeServer

-# Support both import names for the `python-multipart` (PyPI) library,
-# which renamed its package name from `multipart` to `python_multipart`
-# in 0.0.13 (though supports the old import name for compatibility).
-# Note that the `multipart` package name conflicts with `multipart` (PyPI)
-# so we should prefer importing from `python_multipart` when possible.
-try:
-    from python_multipart import MultipartParser
-
-    if TYPE_CHECKING:
-        from python_multipart import multipart
-except ImportError:
-    from multipart import MultipartParser  # type: ignore[no-redef]
-
-
 logger = logging.getLogger(__name__)

 outgoing_requests_counter = Counter("synapse_http_client_requests", "", ["method"])
@@ -225,7 +212,7 @@ class _IPBlockingResolver:
                    recv.addressResolved(address)
            recv.resolutionComplete()

-        @implementer(IResolutionReceiver)
+        @provider(IResolutionReceiver)
        class EndpointReceiver:
            @staticmethod
            def resolutionBegan(resolutionInProgress: IHostResolution) -> None:
@@ -239,9 +226,8 @@ class _IPBlockingResolver:
            def resolutionComplete() -> None:
                _callback()

-        endpoint_receiver_wrapper = EndpointReceiver()
        self._reactor.nameResolver.resolveHostName(
-            endpoint_receiver_wrapper, hostname, portNumber=portNumber
+            EndpointReceiver, hostname, portNumber=portNumber
        )

        return recv
@@ -1053,7 +1039,7 @@ class _MultipartParserProtocol(protocol.Protocol):
        self.deferred = deferred
        self.boundary = boundary
        self.max_length = max_length
-        self.parser: Optional[MultipartParser] = None
+        self.parser: Optional[multipart.MultipartParser] = None
        self.multipart_response = MultipartResponse()
        self.has_redirect = False
        self.in_json = False
@@ -1111,12 +1097,12 @@ class _MultipartParserProtocol(protocol.Protocol):
                        self.deferred.errback()
                    self.file_length += end - start

-            callbacks: "multipart.MultipartCallbacks" = {
+            callbacks: "multipart.multipart.MultipartCallbacks" = {
                "on_header_field": on_header_field,
                "on_header_value": on_header_value,
                "on_part_data": on_part_data,
            }
-            self.parser = MultipartParser(self.boundary, callbacks)
+            self.parser = multipart.MultipartParser(self.boundary, callbacks)

        self.total_length += len(incoming_data)
        if self.max_length is not None and self.total_length >= self.max_length:
@@ -21,7 +21,7 @@
 import logging
 import random
 import re
-from typing import Any, Collection, Dict, List, Optional, Sequence, Tuple, Union
+from typing import Any, Collection, Dict, List, Optional, Sequence, Tuple
 from urllib.parse import urlparse
 from urllib.request import (  # type: ignore[attr-defined]
    getproxies_environment,
@@ -351,9 +351,7 @@ def http_proxy_endpoint(
    proxy: Optional[bytes],
    reactor: IReactorCore,
    tls_options_factory: Optional[IPolicyForHTTPS],
-    timeout: float = 30,
-    bindAddress: Optional[Union[bytes, str, tuple[Union[bytes, str], int]]] = None,
-    attemptDelay: Optional[float] = None,
+    **kwargs: object,
 ) -> Tuple[Optional[IStreamClientEndpoint], Optional[ProxyCredentials]]:
    """Parses an http proxy setting and returns an endpoint for the proxy

@@ -384,15 +382,12 @@ def http_proxy_endpoint(
    # 3.9+) on scheme-less proxies, e.g. host:port.
    scheme, host, port, credentials = parse_proxy(proxy)

-    proxy_endpoint = HostnameEndpoint(
-        reactor, host, port, timeout, bindAddress, attemptDelay
-    )
+    proxy_endpoint = HostnameEndpoint(reactor, host, port, **kwargs)

    if scheme == b"https":
        if tls_options_factory:
            tls_options = tls_options_factory.creatorForNetloc(host, port)
-            wrapped_proxy_endpoint = wrapClientTLS(tls_options, proxy_endpoint)
-            return wrapped_proxy_endpoint, credentials
+            proxy_endpoint = wrapClientTLS(tls_options, proxy_endpoint)
        else:
            raise RuntimeError(
                f"No TLS options for a https connection via proxy {proxy!s}"
@@ -89,7 +89,7 @@ class ReplicationEndpointFactory:
                location_config.port,
            )
            if scheme == "https":
-                wrapped_endpoint = wrapClientTLS(
+                endpoint = wrapClientTLS(
                    # The 'port' argument below isn't actually used by the function
                    self.context_factory.creatorForNetloc(
                        location_config.host.encode("utf-8"),
@@ -97,8 +97,6 @@ class ReplicationEndpointFactory:
                    ),
                    endpoint,
                )
-                return wrapped_endpoint
-
            return endpoint
        elif isinstance(location_config, InstanceUnixLocationConfig):
            return UNIXClientEndpoint(self.reactor, location_config.path)
@@ -21,7 +21,6 @@
 import contextlib
 import logging
 import time
-from http import HTTPStatus
 from typing import TYPE_CHECKING, Any, Generator, Optional, Tuple, Union

 import attr
@@ -140,41 +139,6 @@ class SynapseRequest(Request):
            self.synapse_site.site_tag,
        )

-    # Twisted machinery: this method is called by the Channel once the full request has
-    # been received, to dispatch the request to a resource.
-    #
-    # We're patching Twisted to bail/abort early when we see someone trying to upload
-    # `multipart/form-data` so we can avoid Twisted parsing the entire request body into
-    # in-memory (specific problem of this specific `Content-Type`). This protects us
-    # from an attacker uploading something bigger than the available RAM and crashing
-    # the server with a `MemoryError`, or carefully block just enough resources to cause
-    # all other requests to fail.
-    #
-    # FIXME: This can be removed once we Twisted releases a fix and we update to a
-    # version that is patched
-    def requestReceived(self, command: bytes, path: bytes, version: bytes) -> None:
-        if command == b"POST":
-            ctype = self.requestHeaders.getRawHeaders(b"content-type")
-            if ctype and b"multipart/form-data" in ctype[0]:
-                self.method, self.uri = command, path
-                self.clientproto = version
-                self.code = HTTPStatus.UNSUPPORTED_MEDIA_TYPE.value
-                self.code_message = bytes(
-                    HTTPStatus.UNSUPPORTED_MEDIA_TYPE.phrase, "ascii"
-                )
-                self.responseHeaders.setRawHeaders(b"content-length", [b"0"])
-
-                logger.warning(
-                    "Aborting connection from %s because `content-type: multipart/form-data` is unsupported: %s %s",
-                    self.client,
-                    command,
-                    path,
-                )
-                self.write(b"")
-                self.loseConnection()
-                return
-        return super().requestReceived(command, path, version)
-
    def handleContentChunk(self, data: bytes) -> None:
        # we should have a `content` by now.
        assert self.content, "handleContentChunk() called before gotLength()"
@@ -20,10 +20,13 @@
 #

 import logging
-from typing import Optional
+from types import TracebackType
+from typing import Optional, Type

 from opentracing import Scope, ScopeManager, Span

+import twisted
+
 from synapse.logging.context import (
    LoggingContext,
    current_context,
@@ -109,6 +112,9 @@ class _LogContextScope(Scope):
    """
    A custom opentracing scope, associated with a LogContext

+      * filters out _DefGen_Return exceptions which arise from calling
+        `defer.returnValue` in Twisted code
+
      * When the scope is closed, the logcontext's active scope is reset to None.
        and - if enter_logcontext was set - the logcontext is finished too.
    """
@@ -140,6 +146,17 @@ class _LogContextScope(Scope):
        self._finish_on_close = finish_on_close
        self._enter_logcontext = enter_logcontext

+    def __exit__(
+        self,
+        exc_type: Optional[Type[BaseException]],
+        value: Optional[BaseException],
+        traceback: Optional[TracebackType],
+    ) -> None:
+        if exc_type == twisted.internet.defer._DefGen_Return:
+            # filter out defer.returnValue() calls
+            exc_type = value = traceback = None
+        super().__exit__(exc_type, value, traceback)
+
    def __str__(self) -> str:
        return f"Scope<{self.span}>"

@@ -67,11 +67,6 @@ class ThumbnailError(Exception):
 class Thumbnailer:
    FORMATS = {"image/jpeg": "JPEG", "image/png": "PNG"}

-    # Which image formats we allow Pillow to open.
-    # This should intentionally be kept restrictive, because the decoder of any
-    # format in this list becomes part of our trusted computing base.
-    PILLOW_FORMATS = ("jpeg", "png", "webp", "gif")
-
    @staticmethod
    def set_limits(max_image_pixels: int) -> None:
        Image.MAX_IMAGE_PIXELS = max_image_pixels
@@ -81,7 +76,7 @@ class Thumbnailer:
        self._closed = False

        try:
-            self.image = Image.open(input_path, formats=self.PILLOW_FORMATS)
+            self.image = Image.open(input_path)
        except OSError as e:
            # If an error occurs opening the image, a thumbnail won't be able to
            # be generated.
@@ -45,7 +45,6 @@ from twisted.internet.interfaces import IDelayedCall
 from twisted.web.resource import Resource

 from synapse.api import errors
-from synapse.api.constants import ProfileFields
 from synapse.api.errors import SynapseError
 from synapse.api.presence import UserPresenceState
 from synapse.config import ConfigError
@@ -1087,10 +1086,7 @@ class ModuleApi:
            content = {}

        # Set the profile if not already done by the module.
-        if (
-            ProfileFields.AVATAR_URL not in content
-            or ProfileFields.DISPLAYNAME not in content
-        ):
+        if "avatar_url" not in content or "displayname" not in content:
            try:
                # Try to fetch the user's profile.
                profile = await self._hs.get_profile_handler().get_profile(
@@ -1099,8 +1095,8 @@ class ModuleApi:
            except SynapseError as e:
                # If the profile couldn't be found, use default values.
                profile = {
-                    ProfileFields.DISPLAYNAME: target_user_id.localpart,
-                    ProfileFields.AVATAR_URL: None,
+                    "displayname": target_user_id.localpart,
+                    "avatar_url": None,
                }

                if e.code != 404:
@@ -1113,9 +1109,11 @@ class ModuleApi:
                    )

            # Set the profile where it needs to be set.
-            for field_name in [ProfileFields.AVATAR_URL, ProfileFields.DISPLAYNAME]:
-                if field_name not in content and field_name in profile:
-                    content[field_name] = profile[field_name]
+            if "avatar_url" not in content:
+                content["avatar_url"] = profile["avatar_url"]
+
+            if "displayname" not in content:
+                content["displayname"] = profile["displayname"]

        event_id, _ = await self._hs.get_room_member_handler().update_membership(
            requester=requester,
@@ -31,7 +31,6 @@ from typing import (
    Optional,
    Tuple,
    Union,
-    cast,
 )

 # `Literal` appears with Python 3.8.
@@ -169,10 +168,7 @@ USER_MAY_PUBLISH_ROOM_CALLBACK = Callable[
        ]
    ],
 ]
-CHECK_USERNAME_FOR_SPAM_CALLBACK = Union[
-    Callable[[UserProfile], Awaitable[bool]],
-    Callable[[UserProfile, str], Awaitable[bool]],
-]
+CHECK_USERNAME_FOR_SPAM_CALLBACK = Callable[[UserProfile], Awaitable[bool]]
 LEGACY_CHECK_REGISTRATION_FOR_SPAM_CALLBACK = Callable[
    [
        Optional[dict],
@@ -720,9 +716,7 @@ class SpamCheckerModuleApiCallbacks:

        return self.NOT_SPAM

-    async def check_username_for_spam(
-        self, user_profile: UserProfile, requester_id: str
-    ) -> bool:
+    async def check_username_for_spam(self, user_profile: UserProfile) -> bool:
        """Checks if a user ID or display name are considered "spammy" by this server.

        If the server considers a username spammy, then it will not be included in
@@ -733,33 +727,15 @@ class SpamCheckerModuleApiCallbacks:
                * user_id
                * display_name
                * avatar_url
-            requester_id: The user ID of the user making the user directory search request.

        Returns:
            True if the user is spammy.
        """
        for callback in self._check_username_for_spam_callbacks:
            with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"):
-                checker_args = inspect.signature(callback)
                # Make a copy of the user profile object to ensure the spam checker cannot
                # modify it.
-                # Also ensure backwards compatibility with spam checker callbacks
-                # that don't expect the requester_id argument.
-                if len(checker_args.parameters) == 2:
-                    callback_with_requester_id = cast(
-                        Callable[[UserProfile, str], Awaitable[bool]], callback
-                    )
-                    res = await delay_cancellation(
-                        callback_with_requester_id(user_profile.copy(), requester_id)
-                    )
-                else:
-                    callback_without_requester_id = cast(
-                        Callable[[UserProfile], Awaitable[bool]], callback
-                    )
-                    res = await delay_cancellation(
-                        callback_without_requester_id(user_profile.copy())
-                    )
-
+                res = await delay_cancellation(callback(user_profile.copy()))
            if res:
                return True

@@ -371,7 +371,7 @@ class BulkPushRuleEvaluator:
                "Deferred[Tuple[int, Tuple[dict, Optional[int]], Dict[str, Dict[str, JsonValue]], Mapping[str, ProfileInfo]]]",
                gather_results(
                    (
-                        run_in_background(  # type: ignore[call-overload]
+                        run_in_background(  # type: ignore[call-arg]
                            self.store.get_number_joined_users_in_room,
                            event.room_id,  # type: ignore[arg-type]
                        ),
@@ -382,10 +382,10 @@ class BulkPushRuleEvaluator:
                            event_id_to_event,
                        ),
                        run_in_background(self._related_events, event),
-                        run_in_background(  # type: ignore[call-overload]
+                        run_in_background(  # type: ignore[call-arg]
                            self.store.get_subset_users_in_room_with_profiles,
-                            event.room_id,
-                            rules_by_user.keys(),
+                            event.room_id,  # type: ignore[arg-type]
+                            rules_by_user.keys(),  # type: ignore[arg-type]
                        ),
                    ),
                    consumeErrors=True,
@@ -127,11 +127,6 @@ class HttpPusher(Pusher):
        if self.data is None:
            raise PusherConfigException("'data' key can not be null for HTTP pusher")

-        # Check if badge counts should be disabled for this push gateway
-        self.disable_badge_count = self.hs.config.experimental.msc4076_enabled and bool(
-            self.data.get("org.matrix.msc4076.disable_badge_count", False)
-        )
-
        self.name = "%s/%s/%s" % (
            pusher_config.user_name,
            pusher_config.app_id,
@@ -466,10 +461,9 @@ class HttpPusher(Pusher):
            content: JsonDict = {
                "event_id": event.event_id,
                "room_id": event.room_id,
+                "counts": {"unread": badge},
                "prio": priority,
            }
-            if not self.disable_badge_count:
-                content["counts"] = {"unread": badge}
            # event_id_only doesn't include the tweaks, so override them.
            tweaks = {}
        else:
@@ -484,11 +478,11 @@ class HttpPusher(Pusher):
                "type": event.type,
                "sender": event.user_id,
                "prio": priority,
-            }
-            if not self.disable_badge_count:
-                content["counts"] = {
+                "counts": {
                    "unread": badge,
-                }
+                    # 'missed_calls': 2
+                },
+            }
            if event.type == "m.room.member" and event.is_state():
                content["membership"] = event.content["membership"]
                content["user_is_target"] = event.state_key == self.user_id
@@ -74,13 +74,9 @@ async def get_context_for_event(

        room_state = []
        if ev.content.get("membership") == Membership.INVITE:
-            invite_room_state = ev.unsigned.get("invite_room_state", [])
-            if isinstance(invite_room_state, list):
-                room_state = invite_room_state
+            room_state = ev.unsigned.get("invite_room_state", [])
        elif ev.content.get("membership") == Membership.KNOCK:
-            knock_room_state = ev.unsigned.get("knock_room_state", [])
-            if isinstance(knock_room_state, list):
-                room_state = knock_room_state
+            room_state = ev.unsigned.get("knock_room_state", [])

        # Ideally we'd reuse the logic in `calculate_room_name`, but that gets
        # complicated to handle partial events vs pulling events from the DB.
@@ -495,7 +495,7 @@ class LockReleasedCommand(Command):


 class NewActiveTaskCommand(_SimpleCommand):
-    """Sent to inform instance handling background tasks that a new task is ready to run.
+    """Sent to inform instance handling background tasks that a new active task is available to run.

    Format::

@@ -727,7 +727,7 @@ class ReplicationCommandHandler:
    ) -> None:
        """Called when get a new NEW_ACTIVE_TASK command."""
        if self._task_scheduler:
-            self._task_scheduler.on_new_task(cmd.data)
+            self._task_scheduler.launch_task_by_id(cmd.data)

    def new_connection(self, connection: IReplicationConnection) -> None:
        """Called when we have a new connection."""
@@ -29,7 +29,7 @@ from synapse.rest.client import (
    account_validity,
    appservice_ping,
    auth,
-    auth_metadata,
+    auth_issuer,
    capabilities,
    delayed_events,
    devices,
@@ -121,7 +121,7 @@ CLIENT_SERVLET_FUNCTIONS: Tuple[RegisterServletsFunc, ...] = (
    mutual_rooms.register_servlets,
    login_token_request.register_servlets,
    rendezvous.register_servlets,
-    auth_metadata.register_servlets,
+    auth_issuer.register_servlets,
 )

 SERVLET_GROUPS: Dict[str, Iterable[RegisterServletsFunc]] = {
@@ -187,7 +187,7 @@ class ClientRestResource(JsonResource):
                    mutual_rooms.register_servlets,
                    login_token_request.register_servlets,
                    rendezvous.register_servlets,
-                    auth_metadata.register_servlets,
+                    auth_issuer.register_servlets,
                ]:
                    continue

@@ -107,8 +107,6 @@ from synapse.rest.admin.users import (
    UserAdminServlet,
    UserByExternalId,
    UserByThreePid,
-    UserInvitesCount,
-    UserJoinedRoomCount,
    UserMembershipRestServlet,
    UserRegisterServlet,
    UserReplaceMasterCrossSigningKeyRestServlet,
@@ -325,8 +323,6 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
    UserByThreePid(hs).register(http_server)
    RedactUser(hs).register(http_server)
    RedactUserStatus(hs).register(http_server)
-    UserInvitesCount(hs).register(http_server)
-    UserJoinedRoomCount(hs).register(http_server)

    DeviceRestServlet(hs).register(http_server)
    DevicesRestServlet(hs).register(http_server)
@@ -336,7 +332,8 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
    BackgroundUpdateRestServlet(hs).register(http_server)
    BackgroundUpdateStartJobRestServlet(hs).register(http_server)
    ExperimentalFeaturesRestServlet(hs).register(http_server)
-    SuspendAccountRestServlet(hs).register(http_server)
+    if hs.config.experimental.msc3823_account_suspension:
+        SuspendAccountRestServlet(hs).register(http_server)


 def register_servlets_for_client_rest_resource(
@@ -50,10 +50,8 @@ class EventReportsRestServlet(RestServlet):
        The parameters `from` and `limit` are required only for pagination.
        By default, a `limit` of 100 is used.
        The parameter `dir` can be used to define the order of results.
-        The `user_id` query parameter filters by the user ID of the reporter of the event.
-        The `room_id` query parameter filters by room id.
-        The `event_sender_user_id` query parameter can be used to filter by the user id
-        of the sender of the reported event.
+        The parameter `user_id` can be used to filter by user id.
+        The parameter `room_id` can be used to filter by room id.
    Returns:
        A list of reported events and an integer representing the total number of
        reported events that exist given this query
@@ -73,7 +71,6 @@ class EventReportsRestServlet(RestServlet):
        direction = parse_enum(request, "dir", Direction, Direction.BACKWARDS)
        user_id = parse_string(request, "user_id")
        room_id = parse_string(request, "room_id")
-        event_sender_user_id = parse_string(request, "event_sender_user_id")

        if start < 0:
            raise SynapseError(
@@ -90,7 +87,7 @@ class EventReportsRestServlet(RestServlet):
            )

        event_reports, total = await self._store.get_event_reports_paginate(
-            start, limit, direction, user_id, room_id, event_sender_user_id
+            start, limit, direction, user_id, room_id
        )
        ret = {"event_reports": event_reports, "total": total}
        if (start + limit) < total:
@@ -23,7 +23,6 @@ from http import HTTPStatus
 from typing import TYPE_CHECKING, List, Optional, Tuple, cast

 import attr
-from immutabledict import immutabledict

 from synapse.api.constants import Direction, EventTypes, JoinRules, Membership
 from synapse.api.errors import AuthError, Codes, NotFoundError, SynapseError
@@ -464,18 +463,7 @@ class RoomStateRestServlet(RestServlet):
        if not room:
            raise NotFoundError("Room not found")

-        state_filter = None
-        type = parse_string(request, "type")
-
-        if type:
-            state_filter = StateFilter(
-                types=immutabledict({type: None}),
-                include_others=False,
-            )
-
-        event_ids = await self._storage_controllers.state.get_current_state_ids(
-            room_id, state_filter
-        )
+        event_ids = await self._storage_controllers.state.get_current_state_ids(room_id)
        events = await self.store.get_events(event_ids.values())
        now = self.clock.time_msec()
        room_state = await self._event_serializer.serialize_events(events.values(), now)
@@ -983,7 +983,7 @@ class UserAdminServlet(RestServlet):

 class UserMembershipRestServlet(RestServlet):
    """
-    Get list of joined room ID's for a user.
+    Get room list of an user.
    """

    PATTERNS = admin_patterns("/users/(?P<user_id>[^/]*)/joined_rooms$")
@@ -999,9 +999,8 @@ class UserMembershipRestServlet(RestServlet):
        await assert_requester_is_admin(self.auth, request)

        room_ids = await self.store.get_rooms_for_user(user_id)
-        rooms_response = {"joined_rooms": list(room_ids), "total": len(room_ids)}
-
-        return HTTPStatus.OK, rooms_response
+        ret = {"joined_rooms": list(room_ids), "total": len(room_ids)}
+        return HTTPStatus.OK, ret


 class PushersRestServlet(RestServlet):
@@ -1502,50 +1501,3 @@ class RedactUserStatus(RestServlet):
                }
        else:
            raise NotFoundError("redact id '%s' not found" % redact_id)
-
-
-class UserInvitesCount(RestServlet):
-    """
-    Return the count of invites that the user has sent after the given timestamp
-    """
-
-    PATTERNS = admin_patterns("/users/(?P<user_id>[^/]*)/sent_invite_count")
-
-    def __init__(self, hs: "HomeServer"):
-        self._auth = hs.get_auth()
-        self.store = hs.get_datastores().main
-
-    async def on_GET(
-        self, request: SynapseRequest, user_id: str
-    ) -> Tuple[int, JsonDict]:
-        await assert_requester_is_admin(self._auth, request)
-        from_ts = parse_integer(request, "from_ts", required=True)
-
-        sent_invite_count = await self.store.get_sent_invite_count_by_user(
-            user_id, from_ts
-        )
-
-        return HTTPStatus.OK, {"invite_count": sent_invite_count}
-
-
-class UserJoinedRoomCount(RestServlet):
-    """
-    Return the count of rooms that the user has joined at or after the given timestamp, even
-    if they have subsequently left/been banned from those rooms.
-    """
-
-    PATTERNS = admin_patterns("/users/(?P<user_id>[^/]*)/cumulative_joined_room_count")
-
-    def __init__(self, hs: "HomeServer"):
-        self._auth = hs.get_auth()
-        self.store = hs.get_datastores().main
-
-    async def on_GET(
-        self, request: SynapseRequest, user_id: str
-    ) -> Tuple[int, JsonDict]:
-        await assert_requester_is_admin(self._auth, request)
-        from_ts = parse_integer(request, "from_ts", required=True)
-
-        joined_rooms = await self.store.get_rooms_for_user_by_date(user_id, from_ts)
-
-        return HTTPStatus.OK, {"cumulative_joined_room_count": len(joined_rooms)}
@@ -32,8 +32,6 @@ logger = logging.getLogger(__name__)
 class AuthIssuerServlet(RestServlet):
    """
    Advertises what OpenID Connect issuer clients should use to authorise users.
-    This endpoint was defined in a previous iteration of MSC2965, and is still
-    used by some clients.
    """

    PATTERNS = client_patterns(
@@ -65,42 +63,7 @@ class AuthIssuerServlet(RestServlet):
            )


-class AuthMetadataServlet(RestServlet):
-    """
-    Advertises the OAuth 2.0 server metadata for the homeserver.
-    """
-
-    PATTERNS = client_patterns(
-        "/org.matrix.msc2965/auth_metadata$",
-        unstable=True,
-        releases=(),
-    )
-
-    def __init__(self, hs: "HomeServer"):
-        super().__init__()
-        self._config = hs.config
-        self._auth = hs.get_auth()
-
-    async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
-        if self._config.experimental.msc3861.enabled:
-            # If MSC3861 is enabled, we can assume self._auth is an instance of MSC3861DelegatedAuth
-            # We import lazily here because of the authlib requirement
-            from synapse.api.auth.msc3861_delegated import MSC3861DelegatedAuth
-
-            auth = cast(MSC3861DelegatedAuth, self._auth)
-            return 200, await auth.auth_metadata()
-        else:
-            # Wouldn't expect this to be reached: the servlet shouldn't have been
-            # registered. Still, fail gracefully if we are registered for some reason.
-            raise SynapseError(
-                404,
-                "OIDC discovery has not been configured on this homeserver",
-                Codes.NOT_FOUND,
-            )
-
-
 def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
    # We use the MSC3861 values as they are used by multiple MSCs
    if hs.config.experimental.msc3861.enabled:
        AuthIssuerServlet(hs).register(http_server)
-        AuthMetadataServlet(hs).register(http_server)
@@ -92,23 +92,6 @@ class CapabilitiesRestServlet(RestServlet):
                "enabled": self.config.experimental.msc3664_enabled,
            }

-        if self.config.experimental.msc4133_enabled:
-            response["capabilities"]["uk.tcpip.msc4133.profile_fields"] = {
-                "enabled": True,
-            }
-
-            # Ensure this is consistent with the legacy m.set_displayname and
-            # m.set_avatar_url.
-            disallowed = []
-            if not self.config.registration.enable_set_displayname:
-                disallowed.append("displayname")
-            if not self.config.registration.enable_set_avatar_url:
-                disallowed.append("avatar_url")
-            if disallowed:
-                response["capabilities"]["uk.tcpip.msc4133.profile_fields"][
-                    "disallowed"
-                ] = disallowed
-
        return HTTPStatus.OK, response


--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Erik Johnston	b2c11a23e2	Fixup	2024-11-18 18:00:36 +00:00
Erik Johnston	db44a3a434	Update	2024-11-18 17:53:49 +00:00
Erik Johnston	a7ad582ac7	Bump setuptools_rust	2024-11-18 17:28:11 +00:00
				`@@ -0,0 +1 @@`
				`Remove support for closed [MSC3886](https://github.com/matrix-org/matrix-spec-proposals/pull/3886).`
				`@@ -0,0 +1 @@`
				`Addressed some typos in docs and returned error message for unknown MXC ID.`
				`@@ -0,0 +1 @@`
				Clarify the semantics of the `enable_authenticated_media` configuration option.
				`@@ -0,0 +1 @@`
				`Bump macos version used to build wheels during release, as current version used is end-of-life.`
				`@@ -0,0 +1 @@`
				`Add documentation about backing up Synapse.`