Allow the multi-pg, workers, asyncio Synapse config to fail

Without causing CI to fail, as it's very flaky.

.ci/scripts/calculate_jobs.py

@@ -120,6 +120,7 @@ sytest_tests = [
         "postgres": "multi-postgres",
         "workers": "workers",
         "reactor": "asyncio",
+        "failure_allowed": True,
     },
 ]
 

.github/workflows/docker.yml

@@ -5,7 +5,7 @@ name: Build docker images
 on:
   push:
     tags: ["v*"]
-    branches: [master, main, develop]
+    branches: [ master, main, develop ]
   workflow_dispatch:
 
 permissions:
@@ -14,21 +14,23 @@ permissions:
   id-token: write # needed for signing the images with GitHub OIDC Token
 jobs:
   build:
-    name: Build and push image for ${{ matrix.platform }}
-    runs-on: ${{ matrix.runs_on }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runs_on: ubuntu-24.04
-            suffix: linux-amd64
-          - platform: linux/arm64
-            runs_on: ubuntu-24.04-arm
-            suffix: linux-arm64
+    runs-on: ubuntu-22.04
     steps:
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        with:
+          platforms: arm64
+
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Inspect builder
+        run: docker buildx inspect
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
 
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -53,79 +55,13 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          push: true
-          labels: |
-            gitsha1=${{ github.sha }}
-            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
-          tags: |
-            docker.io/matrixdotorg/synapse
-            ghcr.io/element-hq/synapse
-          file: "docker/Dockerfile"
-          platforms: ${{ matrix.platform }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
-
-      - name: Export digest
-        run: |
-          mkdir -p ${{ runner.temp }}/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
-
-      - name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ matrix.suffix }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    name: Push merged images to ${{ matrix.repository }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        repository:
-          - docker.io/matrixdotorg/synapse
-          - ghcr.io/element-hq/synapse
-
-    needs:
-      - build
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          path: ${{ runner.temp }}/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - name: Log in to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        if: ${{ startsWith(matrix.repository, 'docker.io') }}
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to GHCR
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
-
       - name: Calculate docker image tag
+        id: set-tag
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
-          images: ${{ matrix.repository }}
+          images: |
+            docker.io/matrixdotorg/synapse
+            ghcr.io/element-hq/synapse
           flavor: |
             latest=false
           tags: |
@@ -133,23 +69,31 @@ jobs:
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
             type=pep440,pattern={{raw}}
-            type=sha
 
-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        env:
-          REPOSITORY: ${{ matrix.repository }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "$REPOSITORY@sha256:%s " *)
+      - name: Build and push all platforms
+        id: build-and-push
+        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        with:
+          push: true
+          labels: |
+            gitsha1=${{ github.sha }}
+            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
+          tags: "${{ steps.set-tag.outputs.tags }}"
+          file: "docker/Dockerfile"
+          platforms: linux/amd64,linux/arm64
 
-      - name: Sign each manifest
+          # arm64 builds OOM without the git fetch setting. c.f.
+          # https://github.com/rust-lang/cargo/issues/10583
+          build-args: |
+            CARGO_NET_GIT_FETCH_WITH_CLI=true
+
+      - name: Sign the images with GitHub OIDC Token
         env:
-          REPOSITORY: ${{ matrix.repository }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.set-tag.outputs.tags }}
         run: |
-          DIGESTS=""
-          for TAG in $(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[]'); do
-            DIGEST="$(docker buildx imagetools inspect $TAG --format '{{json .Manifest}}' | jq -r '.digest')"
-            DIGESTS="$DIGESTS $REPOSITORY@$DIGEST"
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
           done
-          cosign sign --yes $DIGESTS
+          cosign sign --yes ${images}

.github/workflows/docs-pr-netlify.yaml

@@ -14,7 +14,7 @@ jobs:
       # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
       # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
       - name: 📥 Download artifact
-        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
+        uses: dawidd6/action-download-artifact@07ab29fd4a977ae4d2b275087cf67563dfdf0295 # v9
         with:
           workflow: docs-pr.yaml
           run_id: ${{ github.event.workflow_run.id }}

.github/workflows/fix_lint.yaml

@@ -6,11 +6,6 @@ name: Attempt to automatically fix linting errors
 on:
   workflow_dispatch:
 
-env:
-  # We use nightly so that `fmt` correctly groups together imports, and
-  # clippy correctly fixes up the benchmarks.
-  RUST_VERSION: nightly-2025-06-24
-
 jobs:
   fixup:
     name: Fix up
@@ -21,11 +16,13 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
         with:
-          toolchain: ${{ env.RUST_VERSION }}
+          # We use nightly so that `fmt` correctly groups together imports, and
+          # clippy correctly fixes up the benchmarks.
+          toolchain: nightly-2022-12-01
           components: clippy, rustfmt
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Setup Poetry
         uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -47,6 +44,6 @@ jobs:
       - run: cargo fmt
         continue-on-error: true
 
-      - uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
+      - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
         with:
           commit_message: "Attempt to fix linting"

.github/workflows/latest_deps.yml

@@ -21,9 +21,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
   check_repo:
     # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -44,10 +41,8 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       # The dev dependencies aren't exposed in the wheel metadata (at least with current
       # poetry-core versions), so we install with poetry.
@@ -80,10 +75,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: sudo apt-get -qq install xmlsec1
       - name: Set up PostgreSQL ${{ matrix.postgres-version }}
@@ -155,10 +148,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Ensure sytest runs `pip install`
         # Delete the lockfile so sytest will `pip install` rather than `poetry install`

.github/workflows/release-artifacts.yml

@@ -30,7 +30,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
-          python-version: "3.x"
+          python-version: '3.x'
       - id: set-distros
         run: |
           # if we're running from a tag, get the full list of distros; otherwise just use debian:sid
@@ -61,7 +61,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
         with:
           install: true
 
@@ -76,7 +76,7 @@ jobs:
       - name: Set up python
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
-          python-version: "3.x"
+          python-version: '3.x'
 
       - name: Build the packages
         # see https://github.com/docker/build-push-action/issues/252
@@ -107,15 +107,12 @@ jobs:
           path: debs/*
 
   build-wheels:
-    name: Build wheels on ${{ matrix.os }}
+    name: Build wheels on ${{ matrix.os }} for ${{ matrix.arch }}
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os:
-          - ubuntu-24.04
-          - ubuntu-24.04-arm
-          - macos-13 # This uses x86-64
-          - macos-14 # This uses arm64
+        os: [ubuntu-22.04, macos-13]
+        arch: [x86_64, aarch64]
         # is_pr is a flag used to exclude certain jobs from the matrix on PRs.
         # It is not read by the rest of the workflow.
         is_pr:
@@ -125,11 +122,12 @@ jobs:
           # Don't build macos wheels on PR CI.
           - is_pr: true
             os: "macos-13"
-          - is_pr: true
-            os: "macos-14"
+          # Don't build aarch64 wheels on mac.
+          - os: "macos-13"
+            arch: aarch64
           # Don't build aarch64 wheels on PR CI.
           - is_pr: true
-            os: "ubuntu-24.04-arm"
+            arch: aarch64
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -141,11 +139,21 @@ jobs:
           python-version: "3.x"
 
       - name: Install cibuildwheel
-        run: python -m pip install cibuildwheel==3.0.0
+        run: python -m pip install cibuildwheel==2.23.0
+
+      - name: Set up QEMU to emulate aarch64
+        if: matrix.arch == 'aarch64'
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        with:
+          platforms: arm64
+
+      - name: Build aarch64 wheels
+        if: matrix.arch == 'aarch64'
+        run: echo 'CIBW_ARCHS_LINUX=aarch64' >> $GITHUB_ENV
 
       - name: Only build a single wheel on PR
         if: startsWith(github.ref, 'refs/pull/')
-        run: echo "CIBW_BUILD="cp39-manylinux_*"" >> $GITHUB_ENV
+        run: echo "CIBW_BUILD="cp39-manylinux_${{ matrix.arch }}"" >> $GITHUB_ENV
 
       - name: Build wheels
         run: python -m cibuildwheel --output-dir wheelhouse
@@ -153,10 +161,13 @@ jobs:
           # Skip testing for platforms which various libraries don't have wheels
           # for, and so need extra build deps.
           CIBW_TEST_SKIP: pp3*-* *i686* *musl*
+          # Fix Rust OOM errors on emulated aarch64: https://github.com/rust-lang/cargo/issues/10583
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+          CIBW_ENVIRONMENT_PASS_LINUX: CARGO_NET_GIT_FETCH_WITH_CLI
 
       - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
-          name: Wheel-${{ matrix.os }}
+          name: Wheel-${{ matrix.os }}-${{ matrix.arch }}
           path: ./wheelhouse/*.whl
 
   build-sdist:
@@ -168,7 +179,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
-          python-version: "3.10"
+          python-version: '3.10'
 
       - run: pip install build
 
@@ -180,6 +191,7 @@ jobs:
           name: Sdist
           path: dist/*.tar.gz
 
+
   # if it's a tag, create a release and attach the artifacts to it
   attach-assets:
     name: "Attach assets to release"

.github/workflows/schema.yaml

@@ -5,9 +5,6 @@ on:
     paths:
       - schema/**
       - docs/usage/configuration/config_documentation.md
-  push:
-    branches: ["develop", "release-*"]
-  workflow_dispatch:
 
 jobs:
   validate-schema:
@@ -15,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: "3.x"
       - name: Install check-jsonschema
@@ -41,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+      - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
         with:
           python-version: "3.x"
       - name: Install PyYAML
@@ -54,4 +51,4 @@ jobs:
           > docs/usage/configuration/config_documentation.md
       - name: Error in case of any differences
       # Errors if there are now any modified files (untracked files are ignored).
-        run: 'git diff --exit-code'
+        run: 'git diff || ! git status --porcelain=1 | grep "^ M"'

.github/workflows/tests.yml

@@ -11,9 +11,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
   # Job to detect what has changed so we don't run e.g. Rust checks on PRs that
   # don't modify Rust code.
@@ -88,10 +85,8 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           python-version: "3.x"
@@ -154,10 +149,8 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Setup Poetry
         uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -217,10 +210,8 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
           poetry-version: "2.1.1"
@@ -236,11 +227,10 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
         with:
             components: clippy
-            toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: cargo clippy -- -D warnings
 
@@ -255,11 +245,11 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
         with:
-            toolchain: nightly-2025-04-23
+            toolchain: nightly-2022-12-01
             components: clippy
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: cargo clippy --all-features -- -D warnings
 
@@ -272,12 +262,12 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
         with:
           # We use nightly so that it correctly groups together imports
-          toolchain: nightly-2025-04-23
+          toolchain: nightly-2022-12-01
           components: rustfmt
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: cargo fmt --check
 
@@ -372,10 +362,8 @@ jobs:
             postgres:${{ matrix.job.postgres-version }}
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
@@ -416,10 +404,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       # There aren't wheels for some of the older deps, so we need to install
       # their build dependencies
@@ -533,14 +519,17 @@ jobs:
         run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Run SyTest
         run: /bootstrap.sh synapse
         working-directory: /src
+        # Prevent failures of this configuration from causing all of CI to
+        # marked as failed. This is useful for testing a new Synapse configuration
+        # in anger without causing sporatic CI failures.
+        continue-on-error: ${{ matrix.job.failure_allowed || false }}
+
       - name: Summarise results.tap
         if: ${{ always() }}
         run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
@@ -679,10 +668,8 @@ jobs:
           path: synapse
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Prepare Complement's Prerequisites
         run: synapse/.ci/scripts/setup_complement_prerequisites.sh
@@ -713,10 +700,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@e05ebb0e73db581a4877c6ce762e29fe1e0b5073 # 1.66.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: cargo test
 
@@ -733,10 +718,10 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
+        uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 # master (rust 1.85.1)
         with:
             toolchain: nightly-2022-12-01
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - run: cargo bench --no-run
 

.github/workflows/twisted_trunk.yml

@@ -20,9 +20,6 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
   check_repo:
     # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -46,10 +43,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
@@ -74,10 +69,8 @@ jobs:
       - run: sudo apt-get -qq install xmlsec1
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
         with:
@@ -120,10 +113,8 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install Rust
-        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
+        uses: dtolnay/rust-toolchain@fcf085fcb4b4b8f63f96906cd713eb52181b5ea4 # stable (rust 1.85.1)
+      - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
 
       - name: Patch dependencies
         # Note: The poetry commands want to create a virtualenv in /src/.venv/,

.gitignore

@@ -47,7 +47,6 @@ __pycache__/
 /.idea/
 /.ropeproject/
 /.vscode/
-/.zed/
 
 # build products
 !/.coveragerc

CHANGES.md

@@ -1,246 +1,3 @@
-# Synapse 1.134.0 (2025-07-15)
-
-No significant changes since 1.134.0rc1.
-
-
-
-
-# Synapse 1.134.0rc1 (2025-07-09)
-
-### Features
-
-- Support for [MSC4235](https://github.com/matrix-org/matrix-spec-proposals/pull/4235): `via` query param for hierarchy endpoint. Contributed by Krishan (@kfiven). ([\#18070](https://github.com/element-hq/synapse/issues/18070))
-- Add `forget_forced_upon_leave` capability as per [MSC4267](https://github.com/matrix-org/matrix-spec-proposals/pull/4267). ([\#18196](https://github.com/element-hq/synapse/issues/18196))
-- Add `federated_user_may_invite` spam checker callback which receives the entire invite event. Contributed by @tulir @ Beeper. ([\#18241](https://github.com/element-hq/synapse/issues/18241))
-
-### Bugfixes
-
-- Fix `KeyError` on background updates when using split main/state databases. ([\#18509](https://github.com/element-hq/synapse/issues/18509))
-- Improve performance of device deletion by adding missing index. ([\#18582](https://github.com/element-hq/synapse/issues/18582))
-- Fix `avatar_url` and `displayname` being sent on federation profile queries when they are not set. ([\#18593](https://github.com/element-hq/synapse/issues/18593))
-- Respond with 401 & `M_USER_LOCKED` when a locked user calls `POST /login`, as per the spec. ([\#18594](https://github.com/element-hq/synapse/issues/18594))
-- Ensure policy servers are not asked to scan policy server change events, allowing rooms to disable the use of a policy server while the policy server is down. ([\#18605](https://github.com/element-hq/synapse/issues/18605))
-
-### Improved Documentation
-
-- Fix documentation of the Delete Room Admin API's status field. ([\#18519](https://github.com/element-hq/synapse/issues/18519))
-
-### Deprecations and Removals
-
-- Stop adding the "origin" field to newly-created events (PDUs). ([\#18418](https://github.com/element-hq/synapse/issues/18418))
-
-### Internal Changes
-
-- Replace `PyICU` crate with equivalent `icu_segmenter` Rust crate. ([\#18553](https://github.com/element-hq/synapse/issues/18553), [\#18646](https://github.com/element-hq/synapse/issues/18646))
-- Improve docstring on `simple_upsert_many`. ([\#18573](https://github.com/element-hq/synapse/issues/18573))
-- Raise poetry-core version cap to 2.1.3. ([\#18575](https://github.com/element-hq/synapse/issues/18575))
-- Raise setuptools_rust version cap to 1.11.1. ([\#18576](https://github.com/element-hq/synapse/issues/18576))
-- Better handling of ratelimited requests. ([\#18595](https://github.com/element-hq/synapse/issues/18595), [\#18600](https://github.com/element-hq/synapse/issues/18600))
-- Update to Rust 1.87.0 in CI, and bump the pinned commit of the `dtolnay/rust-toolchain` GitHub Action to `b3b07ba8b418998c39fb20f53e8b695cdcc8de1b`. ([\#18596](https://github.com/element-hq/synapse/issues/18596))
-- Speed up bulk device deletion. ([\#18602](https://github.com/element-hq/synapse/issues/18602))
-- Speed up the building of arm-based wheels in CI. ([\#18618](https://github.com/element-hq/synapse/issues/18618))
-- Speed up the building of Docker images in CI. ([\#18620](https://github.com/element-hq/synapse/issues/18620))
-- Add `.zed/` directory to `.gitignore`. ([\#18623](https://github.com/element-hq/synapse/issues/18623))
-- Log the room ID we're purging state for. ([\#18625](https://github.com/element-hq/synapse/issues/18625))
-
-
-
-### Updates to locked dependencies
-
-* Bump Swatinem/rust-cache from 2.7.8 to 2.8.0. ([\#18612](https://github.com/element-hq/synapse/issues/18612))
-* Bump attrs from 24.2.0 to 25.3.0. ([\#18649](https://github.com/element-hq/synapse/issues/18649))
-* Bump authlib from 1.5.2 to 1.6.0. ([\#18642](https://github.com/element-hq/synapse/issues/18642))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18589](https://github.com/element-hq/synapse/issues/18589))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18629](https://github.com/element-hq/synapse/issues/18629))
-* Bump docker/build-push-action from 6.17.0 to 6.18.0. ([\#18497](https://github.com/element-hq/synapse/issues/18497))
-* Bump docker/setup-buildx-action from 3.10.0 to 3.11.1. ([\#18587](https://github.com/element-hq/synapse/issues/18587))
-* Bump hiredis from 3.1.0 to 3.2.1. ([\#18638](https://github.com/element-hq/synapse/issues/18638))
-* Bump ijson from 3.3.0 to 3.4.0. ([\#18650](https://github.com/element-hq/synapse/issues/18650))
-* Bump jsonschema from 4.23.0 to 4.24.0. ([\#18630](https://github.com/element-hq/synapse/issues/18630))
-* Bump msgpack from 1.1.0 to 1.1.1. ([\#18651](https://github.com/element-hq/synapse/issues/18651))
-* Bump mypy-zope from 1.0.11 to 1.0.12. ([\#18640](https://github.com/element-hq/synapse/issues/18640))
-* Bump phonenumbers from 9.0.2 to 9.0.8. ([\#18652](https://github.com/element-hq/synapse/issues/18652))
-* Bump pillow from 11.2.1 to 11.3.0. ([\#18624](https://github.com/element-hq/synapse/issues/18624))
-* Bump prometheus-client from 0.21.0 to 0.22.1. ([\#18609](https://github.com/element-hq/synapse/issues/18609))
-* Bump pyasn1-modules from 0.4.1 to 0.4.2. ([\#18495](https://github.com/element-hq/synapse/issues/18495))
-* Bump pydantic from 2.11.4 to 2.11.7. ([\#18639](https://github.com/element-hq/synapse/issues/18639))
-* Bump reqwest from 0.12.15 to 0.12.20. ([\#18590](https://github.com/element-hq/synapse/issues/18590))
-* Bump reqwest from 0.12.20 to 0.12.22. ([\#18627](https://github.com/element-hq/synapse/issues/18627))
-* Bump ruff from 0.11.11 to 0.12.1. ([\#18645](https://github.com/element-hq/synapse/issues/18645))
-* Bump ruff from 0.12.1 to 0.12.2. ([\#18657](https://github.com/element-hq/synapse/issues/18657))
-* Bump sentry-sdk from 2.22.0 to 2.32.0. ([\#18633](https://github.com/element-hq/synapse/issues/18633))
-* Bump setuptools-rust from 1.10.2 to 1.11.1. ([\#18655](https://github.com/element-hq/synapse/issues/18655))
-* Bump sigstore/cosign-installer from 3.8.2 to 3.9.0. ([\#18588](https://github.com/element-hq/synapse/issues/18588))
-* Bump sigstore/cosign-installer from 3.9.0 to 3.9.1. ([\#18608](https://github.com/element-hq/synapse/issues/18608))
-* Bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1. ([\#18607](https://github.com/element-hq/synapse/issues/18607))
-* Bump tokio from 1.45.1 to 1.46.0. ([\#18628](https://github.com/element-hq/synapse/issues/18628))
-* Bump tokio from 1.46.0 to 1.46.1. ([\#18667](https://github.com/element-hq/synapse/issues/18667))
-* Bump treq from 24.9.1 to 25.5.0. ([\#18610](https://github.com/element-hq/synapse/issues/18610))
-* Bump types-bleach from 6.2.0.20241123 to 6.2.0.20250514. ([\#18634](https://github.com/element-hq/synapse/issues/18634))
-* Bump types-jsonschema from 4.23.0.20250516 to 4.24.0.20250528. ([\#18611](https://github.com/element-hq/synapse/issues/18611))
-* Bump types-opentracing from 2.4.10.6 to 2.4.10.20250622. ([\#18586](https://github.com/element-hq/synapse/issues/18586))
-* Bump types-psycopg2 from 2.9.21.20250318 to 2.9.21.20250516. ([\#18658](https://github.com/element-hq/synapse/issues/18658))
-* Bump types-pyyaml from 6.0.12.20241230 to 6.0.12.20250516. ([\#18643](https://github.com/element-hq/synapse/issues/18643))
-* Bump types-setuptools from 75.2.0.20241019 to 80.9.0.20250529. ([\#18644](https://github.com/element-hq/synapse/issues/18644))
-* Bump typing-extensions from 4.12.2 to 4.14.0. ([\#18654](https://github.com/element-hq/synapse/issues/18654))
-* Bump typing-extensions from 4.14.0 to 4.14.1. ([\#18668](https://github.com/element-hq/synapse/issues/18668))
-* Bump urllib3 from 2.2.2 to 2.5.0. ([\#18572](https://github.com/element-hq/synapse/issues/18572))
-
-# Synapse 1.133.0 (2025-07-01)
-
-Pre-built wheels are now built using the [manylinux_2_28](https://github.com/pypa/manylinux#manylinux_2_28-almalinux-8-based) base, which is expected to be compatible with distros using glibc 2.28 or later, including:
-
- - Debian 10+
- - Ubuntu 18.10+
- - Fedora 29+
- - CentOS/RHEL 8+
-
-Previously, wheels were built using the [manylinux2014](https://github.com/pypa/manylinux#manylinux2014-centos-7-based-glibc-217) base, which was expected to be compatible with distros using glibc 2.17 or later.
-
-### Bugfixes
-
-- Bump `cibuildwheel` to 3.0.0 to fix the `manylinux` wheel builds. ([\#18615](https://github.com/element-hq/synapse/issues/18615))
-
-
-
-
-# Synapse 1.133.0rc1 (2025-06-24)
-
-### Features
-
-- Add support for the [MSC4260 user report API](https://github.com/matrix-org/matrix-spec-proposals/pull/4260). ([\#18120](https://github.com/element-hq/synapse/issues/18120))
-
-### Bugfixes
-
-- Fix an issue where, during state resolution for v11 rooms, Synapse would incorrectly calculate the power level of the creator when there was no power levels event in the room. ([\#18534](https://github.com/element-hq/synapse/issues/18534), [\#18547](https://github.com/element-hq/synapse/issues/18547))
-- Fix long-standing bug where sliding sync did not honour the `room_id_to_include` config option. ([\#18535](https://github.com/element-hq/synapse/issues/18535))
-- Fix an issue where "Lock timeout is getting excessive" warnings would be logged even when the lock timeout was <10 minutes. ([\#18543](https://github.com/element-hq/synapse/issues/18543))
-- Fix an issue where Synapse could calculate the wrong power level for the creator of the room if there was no power levels event. ([\#18545](https://github.com/element-hq/synapse/issues/18545))
-
-### Improved Documentation
-
-- Generate config documentation from JSON Schema file. ([\#18528](https://github.com/element-hq/synapse/issues/18528))
-- Fix typo in user type documentation. ([\#18568](https://github.com/element-hq/synapse/issues/18568))
-
-### Internal Changes
-
-- Increase performance of introspecting access tokens when using delegated auth. ([\#18357](https://github.com/element-hq/synapse/issues/18357), [\#18561](https://github.com/element-hq/synapse/issues/18561))
-- Log user deactivations. ([\#18541](https://github.com/element-hq/synapse/issues/18541))
-- Enable [`flake8-logging`](https://docs.astral.sh/ruff/rules/#flake8-logging-log) and [`flake8-logging-format`](https://docs.astral.sh/ruff/rules/#flake8-logging-format-g) rules in Ruff and fix related issues throughout the codebase. ([\#18542](https://github.com/element-hq/synapse/issues/18542))
-- Clean up old, unused rows from the `device_federation_inbox` table. ([\#18546](https://github.com/element-hq/synapse/issues/18546))
-- Run config schema CI on develop and release branches. ([\#18551](https://github.com/element-hq/synapse/issues/18551))
-- Add support for Twisted `25.5.0`+ releases. ([\#18577](https://github.com/element-hq/synapse/issues/18577))
-- Update PyO3 to version 0.25. ([\#18578](https://github.com/element-hq/synapse/issues/18578))
-
-
-
-### Updates to locked dependencies
-
-* Bump actions/setup-python from 5.5.0 to 5.6.0. ([\#18555](https://github.com/element-hq/synapse/issues/18555))
-* Bump base64 from 0.21.7 to 0.22.1. ([\#18559](https://github.com/element-hq/synapse/issues/18559))
-* Bump dawidd6/action-download-artifact from 9 to 11. ([\#18556](https://github.com/element-hq/synapse/issues/18556))
-* Bump headers from 0.4.0 to 0.4.1. ([\#18529](https://github.com/element-hq/synapse/issues/18529))
-* Bump requests from 2.32.2 to 2.32.4. ([\#18533](https://github.com/element-hq/synapse/issues/18533))
-* Bump types-requests from 2.32.0.20250328 to 2.32.4.20250611. ([\#18558](https://github.com/element-hq/synapse/issues/18558))
-
-# Synapse 1.132.0 (2025-06-17)
-
-### Improved Documentation
-
-- Improvements to generate config documentation from JSON Schema file. ([\#18522](https://github.com/element-hq/synapse/issues/18522))
-
-
-
-
-# Synapse 1.132.0rc1 (2025-06-10)
-
-### Features
-
-- Add support for [MSC4155](https://github.com/matrix-org/matrix-spec-proposals/pull/4155) Invite Filtering. ([\#18288](https://github.com/element-hq/synapse/issues/18288))
-- Add experimental `user_may_send_state_event` module API callback. ([\#18455](https://github.com/element-hq/synapse/issues/18455))
-- Add experimental `get_media_config_for_user` and `is_user_allowed_to_upload_media_of_size` module API callbacks that allow overriding of media repository maximum upload size. ([\#18457](https://github.com/element-hq/synapse/issues/18457))
-- Add experimental `get_ratelimit_override_for_user` module API callback that allows overriding of per-user ratelimits. ([\#18458](https://github.com/element-hq/synapse/issues/18458))
-- Pass `room_config` argument to `user_may_create_room` spam checker module callback. ([\#18486](https://github.com/element-hq/synapse/issues/18486))
-- Support configuration of default and extra user types. ([\#18456](https://github.com/element-hq/synapse/issues/18456))
-- Successful requests to `/_matrix/app/v1/ping` will now force Synapse to reattempt delivering transactions to appservices. ([\#18521](https://github.com/element-hq/synapse/issues/18521))
-- Support the import of the `RatelimitOverride` type from `synapse.module_api` in modules and rename `messages_per_second` to `per_second`. ([\#18513](https://github.com/element-hq/synapse/issues/18513))
-
-### Bugfixes
-
-- Remove destinations from sending if not whitelisted. ([\#18484](https://github.com/element-hq/synapse/issues/18484))
-- Fixed room summary API incorrectly returning that a room is private in the room summary response when the join rule is omitted by the remote server. Contributed by @nexy7574. ([\#18493](https://github.com/element-hq/synapse/issues/18493))
-- Prevent users from adding themselves to their own user ignore list. ([\#18508](https://github.com/element-hq/synapse/issues/18508))
-
-### Improved Documentation
-
-- Generate config documentation from JSON Schema file. ([\#17892](https://github.com/element-hq/synapse/issues/17892))
-- Mention `CAP_NET_BIND_SERVICE` as an alternative to running Synapse as root in order to bind to a privileged port. ([\#18408](https://github.com/element-hq/synapse/issues/18408))
-- Surface hidden Admin API documentation regarding fetching of scheduled tasks. ([\#18516](https://github.com/element-hq/synapse/issues/18516))
-- Mark the new module APIs in this release as experimental. ([\#18536](https://github.com/element-hq/synapse/issues/18536))
-
-### Internal Changes
-
-- Mark dehydrated devices in the [List All User Devices Admin API](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#list-all-devices). ([\#18252](https://github.com/element-hq/synapse/issues/18252))
-- Reduce disk wastage by cleaning up `received_transactions` older than 1 day, rather than 30 days. ([\#18310](https://github.com/element-hq/synapse/issues/18310))
-- Distinguish all vs local events being persisted in the "Event Send Time Quantiles" graph (Grafana). ([\#18510](https://github.com/element-hq/synapse/issues/18510))
-
-
-
-
-# Synapse 1.131.0 (2025-06-03)
-
-No significant changes since 1.131.0rc1.
-
-# Synapse 1.131.0rc1 (2025-05-28)
-
-### Features
-
-- Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](https://github.com/matrix-org/matrix-spec-proposals/pull/4263). ([\#18180](https://github.com/element-hq/synapse/issues/18180))
-- Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f). ([\#18262](https://github.com/element-hq/synapse/issues/18262))
-- Include room ID in response to the [Room Deletion Status Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#status-of-deleting-rooms). ([\#18318](https://github.com/element-hq/synapse/issues/18318))
-- Add support for calling Policy Servers ([MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284)) to mark events as spam. ([\#18387](https://github.com/element-hq/synapse/issues/18387))
-
-### Bugfixes
-
-- Prevent race-condition in `_maybe_retry_device_resync` entrance. ([\#18391](https://github.com/element-hq/synapse/issues/18391))
-- Fix the `tests.handlers.test_worker_lock.WorkerLockTestCase.test_lock_contention` test which could spuriously time out on RISC-V architectures due to performance differences. ([\#18430](https://github.com/element-hq/synapse/issues/18430))
-- Fix admin redaction endpoint not redacting encrypted messages. ([\#18434](https://github.com/element-hq/synapse/issues/18434))
-
-### Improved Documentation
-
-- Update `room_list_publication_rules` docs to consider defaults that changed in v1.126.0. Contributed by @HarHarLinks. ([\#18286](https://github.com/element-hq/synapse/issues/18286))
-- Add advice for upgrading between major PostgreSQL versions to the database documentation. ([\#18445](https://github.com/element-hq/synapse/issues/18445))
-
-### Internal Changes
-
-- Fix a memory leak in `_NotifierUserStream`. ([\#18380](https://github.com/element-hq/synapse/issues/18380))
-- Fix a couple type annotations in the `RootConfig`/`Config`. ([\#18409](https://github.com/element-hq/synapse/issues/18409))
-- Explicitly enable PyPy builds in `cibuildwheel`s config to avoid it being disabled on a future upgrade to `cibuildwheel` v3. ([\#18417](https://github.com/element-hq/synapse/issues/18417))
-- Update the PR review template to remove an erroneous line break from the final bullet point. ([\#18419](https://github.com/element-hq/synapse/issues/18419))
-- Explain why we `flush_buffer()` for Python `print(...)` output. ([\#18420](https://github.com/element-hq/synapse/issues/18420))
-- Add lint to ensure we don't add a `CREATE/DROP INDEX` in a schema delta. ([\#18440](https://github.com/element-hq/synapse/issues/18440))
-- Allow checking only for the existence of a field in an SSO provider's response, rather than requiring the value(s) to check. ([\#18454](https://github.com/element-hq/synapse/issues/18454))
-- Add unit tests for homeserver usage statistics. ([\#18463](https://github.com/element-hq/synapse/issues/18463))
-- Don't move invited users to new room when shutting down room. ([\#18471](https://github.com/element-hq/synapse/issues/18471))
-
-
-
-### Updates to locked dependencies
-
-* Bump actions/setup-python from 5.5.0 to 5.6.0. ([\#18398](https://github.com/element-hq/synapse/issues/18398))
-* Bump authlib from 1.5.1 to 1.5.2. ([\#18452](https://github.com/element-hq/synapse/issues/18452))
-* Bump docker/build-push-action from 6.15.0 to 6.17.0. ([\#18397](https://github.com/element-hq/synapse/issues/18397), [\#18449](https://github.com/element-hq/synapse/issues/18449))
-* Bump lxml from 5.3.0 to 5.4.0. ([\#18480](https://github.com/element-hq/synapse/issues/18480))
-* Bump mypy-zope from 1.0.9 to 1.0.11. ([\#18428](https://github.com/element-hq/synapse/issues/18428))
-* Bump pyo3 from 0.23.5 to 0.24.2. ([\#18460](https://github.com/element-hq/synapse/issues/18460))
-* Bump pyo3-log from 0.12.3 to 0.12.4. ([\#18453](https://github.com/element-hq/synapse/issues/18453))
-* Bump pyopenssl from 25.0.0 to 25.1.0. ([\#18450](https://github.com/element-hq/synapse/issues/18450))
-* Bump ruff from 0.7.3 to 0.11.11. ([\#18451](https://github.com/element-hq/synapse/issues/18451), [\#18482](https://github.com/element-hq/synapse/issues/18482))
-* Bump tornado from 6.4.2 to 6.5.0. ([\#18459](https://github.com/element-hq/synapse/issues/18459))
-* Bump setuptools from 72.1.0 to 78.1.1. ([\#18461](https://github.com/element-hq/synapse/issues/18461))
-* Bump types-jsonschema from 4.23.0.20241208 to 4.23.0.20250516. ([\#18481](https://github.com/element-hq/synapse/issues/18481))
-* Bump types-requests from 2.32.0.20241016 to 2.32.0.20250328. ([\#18427](https://github.com/element-hq/synapse/issues/18427))
-
 # Synapse 1.130.0 (2025-05-20)
 
 ### Bugfixes

changelog.d/17892.doc

@@ -0,0 +1 @@
+Generate config documentation from JSON Schema file.

changelog.d/18180.feature

@@ -0,0 +1 @@
+Add `msc4263_limit_key_queries_to_users_who_share_rooms` config option as per [MSC4263](https://github.com/matrix-org/matrix-spec-proposals/pull/4263).

changelog.d/18252.misc

@@ -0,0 +1 @@
+Mark dehydrated devices in the [List All User Devices Admin API](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#list-all-devices).

changelog.d/18262.feature

@@ -0,0 +1 @@
+Add option to allow registrations that begin with `_`. Contributed by `_` (@hex5f).

changelog.d/18286.doc

@@ -0,0 +1 @@
+Update `room_list_publication_rules` docs to consider defaults that changed in v1.126.0. Contributed by @HarHarLinks.

changelog.d/18318.feature

@@ -0,0 +1 @@
+Include room ID in room deletion status response.

changelog.d/18380.misc

@@ -0,0 +1 @@
+Fix a memory leak in `_NotifierUserStream`.

changelog.d/18387.feature

@@ -0,0 +1 @@
+Add support for calling Policy Servers ([MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284)) to mark events as spam.

changelog.d/18391.bugfix

@@ -0,0 +1 @@
+Prevent race-condition in `_maybe_retry_device_resync` entrance.

changelog.d/18409.misc

@@ -0,0 +1 @@
+Fix a couple type annotations in the `RootConfig`/`Config`.

changelog.d/18417.misc

@@ -0,0 +1 @@
+Explicitly enable PyPy builds in `cibuildwheel`s config to avoid it being disabled on a future upgrade to `cibuildwheel` v3.

changelog.d/18419.misc

@@ -0,0 +1 @@
+Update the PR review template to remove an erroneous line break from the final bullet point.

changelog.d/18420.misc

@@ -0,0 +1 @@
+Explain why we `flush_buffer()` for Python `print(...)` output.

changelog.d/18430.bugfix

@@ -0,0 +1 @@
+Fix the `tests.handlers.test_worker_lock.WorkerLockTestCase.test_lock_contention` test which could spuriously time out on RISC-V architectures due to performance differences.

changelog.d/18434.bugfix

@@ -0,0 +1 @@
+Fix admin redaction endpoint not redacting encrypted messages.

changelog.d/18440.misc

@@ -0,0 +1 @@
+Add lint to ensure we don't add a `CREATE/DROP INDEX` in a schema delta.

changelog.d/18445.doc

@@ -0,0 +1 @@
+Add advice for upgrading between major PostgreSQL versions to the database documentation.

changelog.d/18451.misc

@@ -0,0 +1 @@
+Bump ruff from 0.7.3 to 0.11.10.

changelog.d/18454.misc

@@ -0,0 +1 @@
+Allow checking only for the existence of a field in an SSO provider's response, rather than requiring the value(s) to check.

changelog.d/18459.misc

@@ -0,0 +1 @@
+Bump tornado from 6.4.2 to 6.5.0.

changelog.d/18460.misc

@@ -0,0 +1 @@
+Bump pyo3 from 0.23.5 to 0.24.2.

changelog.d/18463.misc

@@ -0,0 +1 @@
+Add unit tests for homeserver usage statistics.

changelog.d/18471.misc

@@ -0,0 +1 @@
+Don't move invited users to new room when shutting down room.

contrib/grafana/synapse.json

@@ -220,24 +220,29 @@
       "yBucketBound": "auto"
     },
     {
-      "datasource": {
-        "uid": "${DS_PROMETHEUS}",
-        "type": "prometheus"
-      },
       "aliasColors": {},
+      "bars": false,
       "dashLength": 10,
+      "dashes": false,
+      "datasource": {
+        "uid": "${DS_PROMETHEUS}"
+      },
+      "description": "",
       "fieldConfig": {
         "defaults": {
           "links": []
         },
         "overrides": []
       },
+      "fill": 0,
+      "fillGradient": 0,
       "gridPos": {
         "h": 9,
         "w": 12,
         "x": 12,
         "y": 1
       },
+      "hiddenSeries": false,
       "id": 152,
       "legend": {
         "avg": false,
@@ -250,81 +255,71 @@
         "values": false
       },
       "lines": true,
+      "linewidth": 0,
+      "links": [],
       "nullPointMode": "connected",
       "options": {
         "alertThreshold": true
       },
       "paceLength": 10,
-      "pluginVersion": "10.4.3",
+      "percentage": false,
+      "pluginVersion": "9.2.2",
       "pointradius": 5,
+      "points": false,
       "renderer": "flot",
       "seriesOverrides": [
         {
           "alias": "Avg",
           "fill": 0,
-          "linewidth": 3,
-          "$$hashKey": "object:48"
+          "linewidth": 3
         },
         {
           "alias": "99%",
           "color": "#C4162A",
-          "fillBelowTo": "90%",
-          "$$hashKey": "object:49"
+          "fillBelowTo": "90%"
         },
         {
           "alias": "90%",
           "color": "#FF7383",
-          "fillBelowTo": "75%",
-          "$$hashKey": "object:50"
+          "fillBelowTo": "75%"
         },
         {
           "alias": "75%",
           "color": "#FFEE52",
-          "fillBelowTo": "50%",
-          "$$hashKey": "object:51"
+          "fillBelowTo": "50%"
         },
         {
           "alias": "50%",
           "color": "#73BF69",
-          "fillBelowTo": "25%",
-          "$$hashKey": "object:52"
+          "fillBelowTo": "25%"
         },
         {
           "alias": "25%",
           "color": "#1F60C4",
-          "fillBelowTo": "5%",
-          "$$hashKey": "object:53"
+          "fillBelowTo": "5%"
         },
         {
           "alias": "5%",
-          "lines": false,
-          "$$hashKey": "object:54"
+          "lines": false
         },
         {
           "alias": "Average",
           "color": "rgb(255, 255, 255)",
           "lines": true,
-          "linewidth": 3,
-          "$$hashKey": "object:55"
+          "linewidth": 3
         },
         {
-          "alias": "Local events being persisted",
-          "color": "#96d98D",
-          "points": true,
-          "yaxis": 2,
-          "zindex": -3,
-          "$$hashKey": "object:56"
-        },
-        {
-          "$$hashKey": "object:329",
+          "alias": "Events",
           "color": "#B877D9",
-          "alias": "All events being persisted",
+          "hideTooltip": true,
           "points": true,
           "yaxis": 2,
           "zindex": -3
         }
       ],
       "spaceLength": 10,
+      "stack": false,
+      "steppedLine": false,
       "targets": [
         {
           "datasource": {
@@ -389,20 +384,7 @@
           },
           "expr": "sum(rate(synapse_http_server_response_time_seconds_sum{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size])) / sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size]))",
           "legendFormat": "Average",
-          "refId": "H",
-          "editorMode": "code",
-          "range": true
-        },
-        {
-          "datasource": {
-            "uid": "${DS_PROMETHEUS}"
-          },
-          "expr": "sum(rate(synapse_http_server_response_time_seconds_count{servlet='RoomSendEventRestServlet',index=~\"$index\",instance=\"$instance\",code=~\"2..\"}[$bucket_size]))",
-          "hide": false,
-          "instant": false,
-          "legendFormat": "Local events being persisted",
-          "refId": "E",
-          "editorMode": "code"
+          "refId": "H"
         },
         {
           "datasource": {
@@ -411,9 +393,8 @@
           "expr": "sum(rate(synapse_storage_events_persisted_events_total{instance=\"$instance\"}[$bucket_size]))",
           "hide": false,
           "instant": false,
-          "legendFormat": "All events being persisted",
-          "refId": "I",
-          "editorMode": "code"
+          "legendFormat": "Events",
+          "refId": "E"
         }
       ],
       "thresholds": [
@@ -447,9 +428,7 @@
       "xaxis": {
         "mode": "time",
         "show": true,
-        "values": [],
-        "name": null,
-        "buckets": null
+        "values": []
       },
       "yaxes": [
         {
@@ -471,20 +450,7 @@
       ],
       "yaxis": {
         "align": false
-      },
-      "bars": false,
-      "dashes": false,
-      "description": "",
-      "fill": 0,
-      "fillGradient": 0,
-      "hiddenSeries": false,
-      "linewidth": 0,
-      "percentage": false,
-      "points": false,
-      "stack": false,
-      "steppedLine": false,
-      "timeFrom": null,
-      "timeShift": null
+      }
     },
     {
       "aliasColors": {},

contrib/graph/graph.py

@@ -45,10 +45,6 @@ def make_graph(pdus: List[dict], filename_prefix: str) -> None:
     colors = {"red", "green", "blue", "yellow", "purple"}
 
     for pdu in pdus:
-        # TODO: The "origin" field has since been removed from events generated
-        # by Synapse. We should consider removing it here as well but since this
-        # is part of `contrib/`, it is left for the community to revise and ensure things
-        # still work correctly.
         origins.add(pdu.get("origin"))
 
     color_map = {color: color for color in colors if color in origins}

debian/changelog

@@ -1,51 +1,3 @@
-matrix-synapse-py3 (1.134.0) stable; urgency=medium
-
-  * New Synapse release 1.134.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 15 Jul 2025 14:22:50 +0100
-
-matrix-synapse-py3 (1.134.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.134.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 09 Jul 2025 11:27:13 +0100
-
-matrix-synapse-py3 (1.133.0) stable; urgency=medium
-
-  * New synapse release 1.133.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 01 Jul 2025 13:13:24 +0000
-
-matrix-synapse-py3 (1.133.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.133.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 24 Jun 2025 11:57:47 +0100
-
-matrix-synapse-py3 (1.132.0) stable; urgency=medium
-
-  * New Synapse release 1.132.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 17 Jun 2025 13:16:20 +0100
-
-matrix-synapse-py3 (1.132.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.132.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 10 Jun 2025 11:15:18 +0100
-
-matrix-synapse-py3 (1.131.0) stable; urgency=medium
-
-  * New Synapse release 1.131.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Jun 2025 14:36:55 +0100
-
-matrix-synapse-py3 (1.131.0~rc1) stable; urgency=medium
-
-  * New synapse release 1.131.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 28 May 2025 10:25:44 +0000
-
 matrix-synapse-py3 (1.130.0) stable; urgency=medium
 
   * New Synapse release 1.130.0.

docker/complement/conf/workers-shared-extra.yaml.j2

@@ -127,8 +127,6 @@ experimental_features:
   msc3983_appservice_otk_claims: true
   # Proxy key queries to exclusive ASes
   msc3984_appservice_key_query: true
-  # Invite filtering
-  msc4155_enabled: true
 
 server_notices:
   system_mxid_localpart: _server

docs/SUMMARY.md

@@ -49,8 +49,6 @@
         - [Background update controller callbacks](modules/background_update_controller_callbacks.md)
         - [Account data callbacks](modules/account_data_callbacks.md)
         - [Add extra fields to client events unsigned section callbacks](modules/add_extra_fields_to_client_events_unsigned.md)
-        - [Media repository callbacks](modules/media_repository_callbacks.md)
-        - [Ratelimit callbacks](modules/ratelimit_callbacks.md)
         - [Porting a legacy module to the new interface](modules/porting_legacy_module.md)
     - [Workers](workers.md)
       - [Using `synctl` with Workers](synctl_workers.md)
@@ -68,7 +66,6 @@
       - [Registration Tokens](usage/administration/admin_api/registration_tokens.md)
       - [Manipulate Room Membership](admin_api/room_membership.md)
       - [Rooms](admin_api/rooms.md)
-      - [Scheduled tasks](admin_api/scheduled_tasks.md)
       - [Server Notices](admin_api/server_notices.md)
       - [Statistics](admin_api/statistics.md)
       - [Users](admin_api/user_admin_api.md)

docs/admin_api/event_reports.md

@@ -117,6 +117,7 @@ It returns a JSON body like the following:
         "hashes": {
             "sha256": "xK1//xnmvHJIOvbgXlkI8eEqdvoMmihVDJ9J4SNlsAw"
         },
+        "origin": "matrix.org",
         "origin_server_ts": 1592291711430,
         "prev_events": [
             "$YK4arsKKcc0LRoe700pS8DSjOvUT4NDv0HfInlMFw2M"

docs/admin_api/rooms.md

@@ -806,7 +806,7 @@ A response body like the following is returned:
         }, {
             "delete_id": "delete_id2",
             "room_id": "!roomid:example.com",
-            "status": "active",
+            "status": "purging",
             "shutdown_room": {
                 "kicked_users": [
                     "@foobar:example.com"
@@ -843,7 +843,7 @@ A response body like the following is returned:
 
 ```json
 {
-    "status": "active",
+    "status": "purging",
     "delete_id": "bHkCNQpHqOaFhPtK",
     "room_id": "!roomid:example.com",
     "shutdown_room": {
@@ -876,8 +876,8 @@ The following fields are returned in the JSON response body:
   - `delete_id` - The ID for this purge
   - `room_id` - The ID of the room being deleted
   - `status` - The status will be one of:
-    - `scheduled` - The deletion is waiting to be started
-    - `active` - The process is purging the room and event data from database.
+    - `shutting_down` - The process is removing users from the room.
+    - `purging` - The process is purging the room and event data from database.
     - `complete` - The process has completed successfully.
     - `failed` - The process is aborted, an error has occurred.
   - `error` - A string that shows an error message if `status` is `failed`.

docs/admin_api/user_admin_api.md

@@ -163,8 +163,7 @@ Body parameters:
 - `locked` - **bool**, optional. If unspecified, locked state will be left unchanged.
 - `user_type` - **string** or null, optional. If not provided, the user type will be
   not be changed. If `null` is given, the user type will be cleared.
-  Other allowed options are: `bot` and `support` and any extra values defined in the homserver
-  [configuration](../usage/configuration/config_documentation.md#user_types).
+  Other allowed options are: `bot` and `support`.
 
 ## List Accounts
 ### List Accounts (V2)

docs/development/contributing_guide.md

@@ -29,6 +29,8 @@ easiest way of installing the latest version is to use [rustup](https://rustup.r
 
 Synapse can connect to PostgreSQL via the [psycopg2](https://pypi.org/project/psycopg2/) Python library. Building this library from source requires access to PostgreSQL's C header files. On Debian or Ubuntu Linux, these can be installed with `sudo apt install libpq-dev`.
 
+Synapse has an optional, improved user search with better Unicode support. For that you need the development package of `libicu`. On Debian or Ubuntu Linux, this can be installed with `sudo apt install libicu-dev`.
+
 The source code of Synapse is hosted on GitHub. You will also need [a recent version of git](https://github.com/git-guides/install-git).
 
 For some tests, you will need [a recent version of Docker](https://docs.docker.com/get-docker/).

docs/development/dependencies.md

@@ -164,7 +164,10 @@ $ poetry cache clear --all .
 # including the wheel artifacts which is not covered by the above command
 # (see https://github.com/python-poetry/poetry/issues/10304)
 #
-# This is necessary in order to rebuild or fetch new wheels.
+# This is necessary in order to rebuild or fetch new wheels. For example, if you update
+# the `icu` library in on your system, you will need to rebuild the PyICU Python package
+# in order to incorporate the correct dynamically linked library locations otherwise you
+# will run into errors like: `ImportError: libicui18n.so.75: cannot open shared object file: No such file or directory`
 $ rm -rf $(poetry config cache-dir)
 ```
 

docs/modules/media_repository_callbacks.md

@@ -1,66 +0,0 @@
-# Media repository callbacks
-
-Media repository callbacks allow module developers to customise the behaviour of the
-media repository on a per user basis. Media repository callbacks can be registered
-using the module API's `register_media_repository_callbacks` method.
-
-The available media repository callbacks are:
-
-### `get_media_config_for_user`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def get_media_config_for_user(user_id: str) -> Optional[JsonDict]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when processing a request from a client for the
-[media config endpoint](https://spec.matrix.org/latest/client-server-api/#get_matrixclientv1mediaconfig).
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
-
-If the callback returns a dictionary then it will be used as the body of the response to the
-client.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `None`, Synapse falls through to the next one. The value of the first
-callback that does not return `None` will be used. If this happens, Synapse will not call
-any of the subsequent implementations of this callback.
-
-If no module returns a non-`None` value then the default media config will be returned.
-
-### `is_user_allowed_to_upload_media_of_size`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def is_user_allowed_to_upload_media_of_size(user_id: str, size: int) -> bool
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called before media is accepted for upload from a user, in case the module needs to
-enforce a different limit for the particular user.
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
-* `size`: The size in bytes of media that is being requested to upload.
-
-If the module returns `False`, the current request will be denied with the error code
-`M_TOO_LARGE` and the HTTP status code 413.
-
-If multiple modules implement this callback, they will be considered in order. If a callback
-returns `True`, Synapse falls through to the next one. The value of the first callback that
-returns `False` will be used. If this happens, Synapse will not call any of the subsequent
-implementations of this callback.

docs/modules/ratelimit_callbacks.md

@@ -1,43 +0,0 @@
-# Ratelimit callbacks
-
-Ratelimit callbacks allow module developers to override ratelimit settings dynamically whilst
-Synapse is running. Ratelimit callbacks can be registered using the module API's
-`register_ratelimit_callbacks` method.
-
-The available ratelimit callbacks are:
-
-### `get_ratelimit_override_for_user`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def get_ratelimit_override_for_user(user: str, limiter_name: str) -> Optional[synapse.module_api.RatelimitOverride]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when constructing a ratelimiter of a particular type for a user. The module can
-return a `messages_per_second` and `burst_count` to be used, or `None` if
-the default settings are adequate. The user is represented by their Matrix user ID
-(e.g. `@alice:example.com`). The limiter name is usually taken from the `RatelimitSettings` key
-value.
-
-The limiters that are currently supported are:
-
-- `rc_invites.per_room`
-- `rc_invites.per_user`
-- `rc_invites.per_issuer`
-
-The `RatelimitOverride` return type has the following fields:
-
-- `per_second: float`. The number of actions that can be performed in a second. `0.0` means that ratelimiting is disabled.
-- `burst_count: int`. The number of actions that can be performed before being limited.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `None`, Synapse falls through to the next one. The value of the first
-callback that does not return `None` will be used. If this happens, Synapse will not call
-any of the subsequent implementations of this callback. If no module returns a non-`None` value
-then the default settings will be used.

docs/modules/spam_checker_callbacks.md

@@ -80,8 +80,6 @@ Called when processing an invitation, both when one is created locally or when
 receiving an invite over federation. Both inviter and invitee are represented by
 their Matrix user ID (e.g. `@alice:example.com`).
 
-Note that federated invites will call `federated_user_may_invite` before this callback.
-
 
 The callback must return one of:
   - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
@@ -99,34 +97,6 @@ be used. If this happens, Synapse will not call any of the subsequent implementa
 this callback.
 
 
-### `federated_user_may_invite`
-
-_First introduced in Synapse v1.133.0_
-
-```python
-async def federated_user_may_invite(event: "synapse.events.EventBase") -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
-```
-
-Called when processing an invitation received over federation. Unlike `user_may_invite`,
-this callback receives the entire event, including any stripped state in the `unsigned`
-section, not just the room and user IDs.
-
-The callback must return one of:
-  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
-    decide to reject it.
-  - `synapse.module_api.errors.Codes` to reject the operation with an error code. In case
-    of doubt, `synapse.module_api.errors.Codes.FORBIDDEN` is a good error code.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `synapse.module_api.NOT_SPAM`, Synapse falls through to the next one.
-The value of the first callback that does not return `synapse.module_api.NOT_SPAM` will
-be used. If this happens, Synapse will not call any of the subsequent implementations of
-this callback.
-
-If all of the callbacks return `synapse.module_api.NOT_SPAM`, Synapse will also fall
-through to the `user_may_invite` callback before approving the invite.
-
-
 ### `user_may_send_3pid_invite`
 
 _First introduced in Synapse v1.45.0_
@@ -189,19 +159,12 @@ _First introduced in Synapse v1.37.0_
 
 _Changed in Synapse v1.62.0: `synapse.module_api.NOT_SPAM` and `synapse.module_api.errors.Codes` can be returned by this callback. Returning a boolean is now deprecated._ 
 
-_Changed in Synapse v1.132.0: Added the `room_config` argument. Callbacks that only expect a single `user_id` argument are still supported._
-
 ```python
-async def user_may_create_room(user_id: str, room_config: synapse.module_api.JsonDict) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
+async def user_may_create_room(user_id: str) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
 ```
 
 Called when processing a room creation request.
 
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`).
-* `room_config`: The contents of the body of a [/createRoom request](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3createroom) as a dictionary.
-
 The callback must return one of:
   - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
     decide to reject it.
@@ -276,41 +239,6 @@ be used. If this happens, Synapse will not call any of the subsequent implementa
 this callback.
 
 
-### `user_may_send_state_event`
-
-_First introduced in Synapse v1.132.0_
-
-```python
-async def user_may_send_state_event(user_id: str, room_id: str, event_type: str, state_key: str, content: JsonDict) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes"]
-```
-
-**<span style="color:red">
-Caution: This callback is currently experimental . The method signature or behaviour
-may change without notice.
-</span>**
-
-Called when processing a request to [send state events](https://spec.matrix.org/latest/client-server-api/#put_matrixclientv3roomsroomidstateeventtypestatekey) to a room.
-
-The arguments passed to this callback are:
-
-* `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) sending the state event.
-* `room_id`: The ID of the room that the requested state event is being sent to.
-* `event_type`: The requested type of event.
-* `state_key`: The requested state key.
-* `content`: The requested event contents.
-
-The callback must return one of:
-  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
-    decide to reject it.
-  - `synapse.module_api.errors.Codes` to reject the operation with an error code. In case
-    of doubt, `synapse.module_api.errors.Codes.FORBIDDEN` is a good error code.
-
-If multiple modules implement this callback, they will be considered in order. If a
-callback returns `synapse.module_api.NOT_SPAM`, Synapse falls through to the next one.
-The value of the first callback that does not return `synapse.module_api.NOT_SPAM` will
-be used. If this happens, Synapse will not call any of the subsequent implementations of
-this callback.
-
 
 ### `check_username_for_spam`
 

docs/reverse_proxy.md

@@ -5,10 +5,10 @@ It is recommended to put a reverse proxy such as
 [Apache](https://httpd.apache.org/docs/current/mod/mod_proxy_http.html),
 [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy),
 [HAProxy](https://www.haproxy.org/) or
-[relayd](https://man.openbsd.org/relayd.8) in front of Synapse.
-This has the advantage of being able to expose the default HTTPS port (443) to Matrix
-clients without requiring Synapse to bind to a privileged port (port numbers less than
-1024), avoiding the need for `CAP_NET_BIND_SERVICE` or running as root.
+[relayd](https://man.openbsd.org/relayd.8) in front of Synapse. One advantage
+of doing so is that it means that you can expose the default https port
+(443) to Matrix clients without needing to run Synapse with root
+privileges.
 
 You should configure your reverse proxy to forward requests to `/_matrix` or
 `/_synapse/client` to Synapse, and have it set the `X-Forwarded-For` and

docs/setup/installation.md

@@ -286,7 +286,7 @@ Installing prerequisites on Ubuntu or Debian:
 ```sh
 sudo apt install build-essential python3-dev libffi-dev \
                      python3-pip python3-setuptools sqlite3 \
-                     libssl-dev virtualenv libjpeg-dev libxslt1-dev
+                     libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev
 ```
 
 ##### ArchLinux
@@ -295,7 +295,7 @@ Installing prerequisites on ArchLinux:
 
 ```sh
 sudo pacman -S base-devel python python-pip \
-               python-setuptools python-virtualenv sqlite3
+               python-setuptools python-virtualenv sqlite3 icu
 ```
 
 ##### CentOS/Fedora
@@ -305,7 +305,8 @@ Installing prerequisites on CentOS or Fedora Linux:
 ```sh
 sudo dnf install libtiff-devel libjpeg-devel libzip-devel freetype-devel \
                  libwebp-devel libxml2-devel libxslt-devel libpq-devel \
-                 python3-virtualenv libffi-devel openssl-devel python3-devel
+                 python3-virtualenv libffi-devel openssl-devel python3-devel \
+                 libicu-devel
 sudo dnf group install "Development Tools"
 ```
 
@@ -332,7 +333,7 @@ dnf install python3.12 python3.12-devel
 ```
 Finally, install common prerequisites
 ```bash
-dnf install libpq5 libpq5-devel lz4 pkgconf
+dnf install libicu libicu-devel libpq5 libpq5-devel lz4 pkgconf
 dnf group install "Development Tools"
 ```
 ###### Using venv module instead of virtualenv command
@@ -364,6 +365,20 @@ xcode-select --install
 
 Some extra dependencies may be needed. You can use Homebrew (https://brew.sh) for them.
 
+You may need to install icu, and make the icu binaries and libraries accessible.
+Please follow [the official instructions of PyICU](https://pypi.org/project/PyICU/) to do so.
+
+If you're struggling to get icu discovered, and see:
+```
+  RuntimeError:
+  Please install pkg-config on your system or set the ICU_VERSION environment
+  variable to the version of ICU you have installed.
+```
+despite it being installed and having your `PATH` updated, you can omit this dependency by
+not specifying `--extras all` to `poetry`. If using postgres, you can install Synapse via
+`poetry install --extras saml2 --extras oidc --extras postgres --extras opentracing --extras redis --extras sentry`.
+ICU is not a hard dependency on getting a working installation.
+
 On ARM-based Macs you may also need to install libjpeg and libpq:
 ```sh
  brew install jpeg libpq
@@ -385,7 +400,8 @@ Installing prerequisites on openSUSE:
 ```sh
 sudo zypper in -t pattern devel_basis
 sudo zypper in python-pip python-setuptools sqlite3 python-virtualenv \
-               python-devel libffi-devel libopenssl-devel libjpeg62-devel
+               python-devel libffi-devel libopenssl-devel libjpeg62-devel \
+               libicu-devel
 ```
 
 ##### OpenBSD

docs/spam_checker.md

@@ -63,7 +63,7 @@ class ExampleSpamChecker:
     async def user_may_invite(self, inviter_userid, invitee_userid, room_id):
         return True  # allow all invites
 
-    async def user_may_create_room(self, userid, room_config):
+    async def user_may_create_room(self, userid):
         return True  # allow all room creations
 
     async def user_may_create_room_alias(self, userid, room_alias):

docs/upgrade.md

@@ -117,13 +117,6 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).
 
-# Upgrading to v1.134.0
-
-## ICU bundled with Synapse
-
-Synapse now uses the Rust `icu` library for improved user search. Installing the
-native ICU library on your system is no longer required.
-
 # Upgrading to v1.130.0
 
 ## Documented endpoint which can be delegated to a federation worker

docs/usage/configuration/config_documentation.md

@@ -762,25 +762,6 @@ Example configuration:
 max_event_delay_duration: 24h
 ```
 ---
-### `user_types`
-
-*(object)* Configuration settings related to the user types feature.
-
-This setting has the following sub-options:
-
-* `default_user_type` (string|null): The default user type to use for registering new users when no value has been specified. Defaults to none. Defaults to `null`.
-
-* `extra_user_types` (array): Array of additional user types to allow. These are treated as real users. Defaults to `[]`.
-
-Example configuration:
-```yaml
-user_types:
-  default_user_type: custom
-  extra_user_types:
-  - custom
-  - custom2
-```
----
 ## Homeserver blocking
 
 Useful options for Synapse admins.
@@ -1937,33 +1918,6 @@ rc_delayed_event_mgmt:
   burst_count: 20.0
 ```
 ---
-### `rc_reports`
-
-*(object)* Ratelimiting settings for reporting content.
-This is a ratelimiting option that ratelimits reports made by users about content they see.
-Setting this to a high value allows users to report content quickly, possibly in duplicate. This can result in higher database usage.
-
-This setting has the following sub-options:
-
-* `per_second` (number): Maximum number of requests a client can send per second.
-
-* `burst_count` (number): Maximum number of requests a client can send before being throttled.
-
-Default configuration:
-```yaml
-rc_reports:
-  per_user:
-    per_second: 1.0
-    burst_count: 5.0
-```
-
-Example configuration:
-```yaml
-rc_reports:
-  per_second: 2.0
-  burst_count: 20.0
-```
----
 ### `federation_rr_transactions_per_room_per_second`
 
 *(integer)* Sets outgoing federation transaction frequency for sending read-receipts, per-room.

docs/user_directory.md

@@ -77,11 +77,14 @@ The user provided search term is lowercased and normalized using [NFKC](https://
 this treats the string as case-insensitive, canonicalizes different forms of the
 same text, and maps some "roughly equivalent" characters together.
 
-The search term is then split into segments using the [`icu_segmenter`
-Rust crate](https://crates.io/crates/icu_segmenter). This crate ships with its
-own dictionary and Long Short Term-Memory (LSTM) machine learning models
-per-language to segment words. Read more [in the crate's
-documentation](https://docs.rs/icu/latest/icu/segmenter/struct.WordSegmenter.html#method.new_auto).
+The search term is then split into words:
+
+* If [ICU](https://en.wikipedia.org/wiki/International_Components_for_Unicode) is
+  available, then the system's [default locale](https://unicode-org.github.io/icu/userguide/locale/#default-locales)
+  will be used to break the search term into words. (See the
+  [installation instructions](setup/installation.md) for how to install ICU.)
+* If unavailable, then runs of ASCII characters, numbers, underscores, and hyphens
+  are considered words.
 
 The queries for PostgreSQL and SQLite are detailed below, but their overall goal
 is to find matching users, preferring users who are "real" (e.g. not bots,

flake.nix

@@ -96,6 +96,7 @@
                   gnumake
 
                   # Native dependencies for running Synapse.
+                  icu
                   libffi
                   libjpeg
                   libpqxx

pyproject.toml

@@ -74,10 +74,6 @@ select = [
     "PIE",
     # flake8-executable
     "EXE",
-    # flake8-logging
-    "LOG",
-    # flake8-logging-format
-    "G",
 ]
 
 [tool.ruff.lint.isort]
@@ -101,7 +97,7 @@ module-name = "synapse.synapse_rust"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.134.0"
+version = "1.130.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later"
@@ -254,6 +250,7 @@ hiredis = { version = "*", optional = true }
 Pympler = { version = "*", optional = true }
 parameterized = { version = ">=0.7.4", optional = true }
 idna = { version = ">=2.5", optional = true }
+pyicu = { version = ">=2.10.2", optional = true }
 
 [tool.poetry.extras]
 # NB: Packages that should be part of `pip install matrix-synapse[all]` need to be specified
@@ -276,6 +273,10 @@ redis = ["txredisapi", "hiredis"]
 # Required to use experimental `caches.track_memory_usage` config option.
 cache-memory = ["pympler"]
 test = ["parameterized", "idna"]
+# Allows for better search for international characters in the user directory. This
+# requires libicu's development headers installed on the system (e.g. libicu-dev on
+# Debian-based distributions).
+user-search = ["pyicu"]
 
 # The duplication here is awful. I hate hate hate hate hate it. However, for now I want
 # to ensure you can still `pip install matrix-synapse[all]` like today. Two motivations:
@@ -307,6 +308,8 @@ all = [
     "txredisapi", "hiredis",
     # cache-memory
     "pympler",
+    # improved user search
+    "pyicu",
     # omitted:
     #   - test: it's useful to have this separate from dev deps in the olddeps job
     #   - systemd: this is a system-based requirement
@@ -317,7 +320,7 @@ all = [
 # failing on new releases. Keeping lower bounds loose here means that dependabot
 # can bump versions without having to update the content-hash in the lockfile.
 # This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.12.2"
+ruff = "0.11.11"
 # Type checking only works with the pydantic.v1 compat module from pydantic v2
 pydantic = "^2"
 
@@ -367,7 +370,7 @@ tomli = ">=1.2.3"
 # runtime errors caused by build system changes.
 # We are happy to raise these upper bounds upon request,
 # provided we check that it's safe to do so (i.e. that CI passes).
-requires = ["poetry-core>=1.1.0,<=2.1.3", "setuptools_rust>=1.3,<=1.11.1"]
+requires = ["poetry-core>=1.1.0,<=1.9.1", "setuptools_rust>=1.3,<=1.10.2"]
 build-backend = "poetry.core.masonry.api"
 
 
@@ -375,10 +378,13 @@ build-backend = "poetry.core.masonry.api"
 # Skip unsupported platforms (by us or by Rust).
 # See https://cibuildwheel.readthedocs.io/en/stable/options/#build-skip for the list of build targets.
 # We skip:
-#  - CPython and PyPy 3.8: EOLed
+#  - CPython 3.6, 3.7 and 3.8: EOLed
+#  - PyPy 3.7 and 3.8: we only support Python 3.9+
 #  - musllinux i686: excluded to reduce number of wheels we build.
 #    c.f. https://github.com/matrix-org/synapse/pull/12595#discussion_r963107677
-skip = "cp38* pp38* *-musllinux_i686"
+#  - PyPy on Aarch64 and musllinux on aarch64: too slow to build.
+#    c.f. https://github.com/matrix-org/synapse/pull/14259
+skip = "cp36* cp37* cp38* pp37* pp38* *-musllinux_i686 pp*aarch64 *-musllinux_aarch64"
 # Enable non-default builds.
 # "pypy" used to be included by default up until cibuildwheel 3.
 enable = "pypy"

rust/Cargo.toml

@@ -7,7 +7,7 @@ name = "synapse"
 version = "0.1.0"
 
 edition = "2021"
-rust-version = "1.81.0"
+rust-version = "1.66.0"
 
 [lib]
 name = "synapse"
@@ -30,28 +30,19 @@ http = "1.1.0"
 lazy_static = "1.4.0"
 log = "0.4.17"
 mime = "0.3.17"
-pyo3 = { version = "0.25.1", features = [
+pyo3 = { version = "0.24.2", features = [
     "macros",
     "anyhow",
     "abi3",
     "abi3-py39",
 ] }
-pyo3-log = "0.12.4"
-pythonize = "0.25.0"
+pyo3-log = "0.12.0"
+pythonize = "0.24.0"
 regex = "1.6.0"
 sha2 = "0.10.8"
 serde = { version = "1.0.144", features = ["derive"] }
 serde_json = "1.0.85"
 ulid = "1.1.2"
-icu_segmenter = "2.0.0"
-reqwest = { version = "0.12.15", default-features = false, features = [
-    "http2",
-    "stream",
-    "rustls-tls-native-roots",
-] }
-http-body-util = "0.1.3"
-futures = "0.3.31"
-tokio = { version = "1.44.2", features = ["rt", "rt-multi-thread"] }
 
 [features]
 extension-module = ["pyo3/extension-module"]

rust/src/errors.rs

@@ -58,15 +58,3 @@ impl NotFoundError {
         NotFoundError::new_err(())
     }
 }
-
-import_exception!(synapse.api.errors, HttpResponseException);
-
-impl HttpResponseException {
-    pub fn new(status: StatusCode, bytes: Vec<u8>) -> pyo3::PyErr {
-        HttpResponseException::new_err((
-            status.as_u16(),
-            status.canonical_reason().unwrap_or_default(),
-            bytes,
-        ))
-    }
-}

rust/src/http_client.rs

@@ -1,218 +0,0 @@
-/*
- * This file is licensed under the Affero General Public License (AGPL) version 3.
- *
- * Copyright (C) 2025 New Vector, Ltd
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * See the GNU Affero General Public License for more details:
- * <https://www.gnu.org/licenses/agpl-3.0.html>.
- */
-
-use std::{collections::HashMap, future::Future, panic::AssertUnwindSafe, sync::LazyLock};
-
-use anyhow::Context;
-use futures::{FutureExt, TryStreamExt};
-use pyo3::{exceptions::PyException, prelude::*, types::PyString};
-use reqwest::RequestBuilder;
-use tokio::runtime::Runtime;
-
-use crate::errors::HttpResponseException;
-
-/// The tokio runtime that we're using to run async Rust libs.
-static RUNTIME: LazyLock<Runtime> = LazyLock::new(|| {
-    tokio::runtime::Builder::new_multi_thread()
-        .worker_threads(4)
-        .enable_all()
-        .build()
-        .unwrap()
-});
-
-/// A reference to the `Deferred` python class.
-static DEFERRED_CLASS: LazyLock<PyObject> = LazyLock::new(|| {
-    Python::with_gil(|py| {
-        py.import("twisted.internet.defer")
-            .expect("module 'twisted.internet.defer' should be importable")
-            .getattr("Deferred")
-            .expect("module 'twisted.internet.defer' should have a 'Deferred' class")
-            .unbind()
-    })
-});
-
-/// A reference to the twisted `reactor`.
-static TWISTED_REACTOR: LazyLock<Py<PyModule>> = LazyLock::new(|| {
-    Python::with_gil(|py| {
-        py.import("twisted.internet.reactor")
-            .expect("module 'twisted.internet.reactor' should be importable")
-            .unbind()
-    })
-});
-
-/// Called when registering modules with python.
-pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module: Bound<'_, PyModule> = PyModule::new(py, "http_client")?;
-    child_module.add_class::<HttpClient>()?;
-
-    // Make sure we fail early if we can't build the lazy statics.
-    LazyLock::force(&RUNTIME);
-    LazyLock::force(&DEFERRED_CLASS);
-
-    m.add_submodule(&child_module)?;
-
-    // We need to manually add the module to sys.modules to make `from
-    // synapse.synapse_rust import acl` work.
-    py.import("sys")?
-        .getattr("modules")?
-        .set_item("synapse.synapse_rust.http_client", child_module)?;
-
-    Ok(())
-}
-
-#[pyclass]
-#[derive(Clone)]
-struct HttpClient {
-    client: reqwest::Client,
-}
-
-#[pymethods]
-impl HttpClient {
-    #[new]
-    pub fn py_new(user_agent: &str) -> PyResult<HttpClient> {
-        // The twisted reactor can only be imported after Synapse has been
-        // imported, to allow Synapse to change the twisted reactor. If we try
-        // and import the reactor too early twisted installs a default reactor,
-        // which can't be replaced.
-        LazyLock::force(&TWISTED_REACTOR);
-
-        Ok(HttpClient {
-            client: reqwest::Client::builder()
-                .user_agent(user_agent)
-                .build()
-                .context("building reqwest client")?,
-        })
-    }
-
-    pub fn get<'a>(
-        &self,
-        py: Python<'a>,
-        url: String,
-        response_limit: usize,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        self.send_request(py, self.client.get(url), response_limit)
-    }
-
-    pub fn post<'a>(
-        &self,
-        py: Python<'a>,
-        url: String,
-        response_limit: usize,
-        headers: HashMap<String, String>,
-        request_body: String,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        let mut builder = self.client.post(url);
-        for (name, value) in headers {
-            builder = builder.header(name, value);
-        }
-        builder = builder.body(request_body);
-
-        self.send_request(py, builder, response_limit)
-    }
-}
-
-impl HttpClient {
-    fn send_request<'a>(
-        &self,
-        py: Python<'a>,
-        builder: RequestBuilder,
-        response_limit: usize,
-    ) -> PyResult<Bound<'a, PyAny>> {
-        create_deferred(py, async move {
-            let response = builder.send().await.context("sending request")?;
-
-            let status = response.status();
-
-            let mut stream = response.bytes_stream();
-            let mut buffer = Vec::new();
-            while let Some(chunk) = stream.try_next().await.context("reading body")? {
-                if buffer.len() + chunk.len() > response_limit {
-                    Err(anyhow::anyhow!("Response size too large"))?;
-                }
-
-                buffer.extend_from_slice(&chunk);
-            }
-
-            if !status.is_success() {
-                return Err(HttpResponseException::new(status, buffer));
-            }
-
-            let r = Python::with_gil(|py| buffer.into_pyobject(py).map(|o| o.unbind()))?;
-
-            Ok(r)
-        })
-    }
-}
-
-/// Creates a twisted deferred from the given future, spawning the task on the
-/// tokio runtime.
-///
-/// Does not handle deferred cancellation or contextvars.
-fn create_deferred<F, O>(py: Python, fut: F) -> PyResult<Bound<'_, PyAny>>
-where
-    F: Future<Output = PyResult<O>> + Send + 'static,
-    for<'a> O: IntoPyObject<'a>,
-{
-    let deferred = DEFERRED_CLASS.bind(py).call0()?;
-    let deferred_callback = deferred.getattr("callback")?.unbind();
-    let deferred_errback = deferred.getattr("errback")?.unbind();
-
-    RUNTIME.spawn(async move {
-        // TODO: Is it safe to assert unwind safety here? I think so, as we
-        // don't use anything that could be tainted by the panic afterwards.
-        // Note that `.spawn(..)` asserts unwind safety on the future too.
-        let res = AssertUnwindSafe(fut).catch_unwind().await;
-
-        Python::with_gil(move |py| {
-            // Flatten the panic into standard python error
-            let res = match res {
-                Ok(r) => r,
-                Err(panic_err) => {
-                    let panic_message = get_panic_message(&panic_err);
-                    Err(PyException::new_err(
-                        PyString::new(py, panic_message).unbind(),
-                    ))
-                }
-            };
-
-            // Send the result to the deferred, via `.callback(..)` or `.errback(..)`
-            match res {
-                Ok(obj) => {
-                    TWISTED_REACTOR
-                        .call_method(py, "callFromThread", (deferred_callback, obj), None)
-                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
-                }
-                Err(err) => {
-                    TWISTED_REACTOR
-                        .call_method(py, "callFromThread", (deferred_errback, err), None)
-                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
-                }
-            }
-        });
-    });
-
-    Ok(deferred)
-}
-
-/// Try and get the panic message out of the panic
-fn get_panic_message<'a>(panic_err: &'a (dyn std::any::Any + Send + 'static)) -> &'a str {
-    // Apparently this is how you extract the panic message from a panic
-    if let Some(str_slice) = panic_err.downcast_ref::<&str>() {
-        str_slice
-    } else if let Some(string) = panic_err.downcast_ref::<String>() {
-        string
-    } else {
-        "unknown error"
-    }
-}

rust/src/identifier.rs

@@ -27,7 +27,7 @@ pub enum IdentifierError {
 
 impl fmt::Display for IdentifierError {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "{self:?}")
+        write!(f, "{:?}", self)
     }
 }
 

rust/src/lib.rs

@@ -8,12 +8,10 @@ pub mod acl;
 pub mod errors;
 pub mod events;
 pub mod http;
-pub mod http_client;
 pub mod identifier;
 pub mod matrix_const;
 pub mod push;
 pub mod rendezvous;
-pub mod segmenter;
 
 lazy_static! {
     static ref LOGGING_HANDLE: ResetHandle = pyo3_log::init();
@@ -52,9 +50,7 @@ fn synapse_rust(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
     acl::register_module(py, m)?;
     push::register_module(py, m)?;
     events::register_module(py, m)?;
-    http_client::register_module(py, m)?;
     rendezvous::register_module(py, m)?;
-    segmenter::register_module(py, m)?;
 
     Ok(())
 }

rust/src/segmenter.rs

@@ -1,33 +0,0 @@
-use icu_segmenter::options::WordBreakInvariantOptions;
-use icu_segmenter::WordSegmenter;
-use pyo3::prelude::*;
-
-#[pyfunction]
-pub fn parse_words(text: &str) -> PyResult<Vec<String>> {
-    let segmenter = WordSegmenter::new_auto(WordBreakInvariantOptions::default());
-    let mut parts = Vec::new();
-    let mut last = 0usize;
-
-    // `segment_str` gives us word boundaries as a vector of indexes. Use that
-    // to build a vector of words, and return.
-    for boundary in segmenter.segment_str(text) {
-        if boundary > last {
-            parts.push(text[last..boundary].to_string());
-        }
-        last = boundary;
-    }
-    Ok(parts)
-}
-
-pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "segmenter")?;
-    child_module.add_function(wrap_pyfunction!(parse_words, m)?)?;
-
-    m.add_submodule(&child_module)?;
-
-    py.import("sys")?
-        .getattr("modules")?
-        .set_item("synapse.synapse_rust.segmenter", child_module)?;
-
-    Ok(())
-}

schema/synapse-config.schema.yaml

@@ -1,5 +1,5 @@
 $schema: https://element-hq.github.io/synapse/latest/schema/v1/meta.schema.json
-$id: https://element-hq.github.io/synapse/schema/synapse/v1.134/synapse-config.schema.json
+$id: https://element-hq.github.io/synapse/v1.131/schema/synapse-config.schema.json
 type: object
 properties:
   modules:
@@ -912,24 +912,6 @@ properties:
     default: null
     examples:
       - 24h
-  user_types:
-    type: object
-    description: >-
-      Configuration settings related to the user types feature.
-    properties:
-      default_user_type:
-        type: ["string", "null"]
-        description: "The default user type to use for registering new users when no value has been specified. Defaults to none."
-        default: null
-      extra_user_types:
-        type: array
-        description: "Array of additional user types to allow. These are treated as real users."
-        items:
-          type: string
-        default: []
-    examples:
-      - default_user_type: "custom"
-        extra_user_types: ["custom", "custom2"]
   admin_contact:
     type: ["string", "null"]
     description: How to reach the server admin, used in `ResourceLimitError`.
@@ -2185,23 +2167,6 @@ properties:
     examples:
       - per_second: 2.0
         burst_count: 20.0
-  rc_reports:
-    $ref: "#/$defs/rc"
-    description: >-
-      Ratelimiting settings for reporting content.
-
-      This is a ratelimiting option that ratelimits reports made by users
-      about content they see.
-
-      Setting this to a high value allows users to report content quickly, possibly in
-      duplicate. This can result in higher database usage.
-    default:
-      per_user:
-        per_second: 1.0
-        burst_count: 5.0
-    examples:
-      - per_second: 2.0
-        burst_count: 20.0
   federation_rr_transactions_per_room_per_second:
     type: integer
     description: >-

scripts-dev/check_pydantic_models.py

@@ -243,7 +243,7 @@ def do_lint() -> Set[str]:
                 importlib.import_module(module_info.name)
             except ModelCheckerException as e:
                 logger.warning(
-                    "Bad annotation found when importing %s", module_info.name
+                    f"Bad annotation found when importing {module_info.name}"
                 )
                 failures.add(format_model_checker_exception(e))
 

scripts-dev/complement.sh

@@ -229,7 +229,6 @@ test_packages=(
     ./tests/msc3902
     ./tests/msc3967
     ./tests/msc4140
-    ./tests/msc4155
 )
 
 # Enable dirty runs, so tests will reuse the same container where possible.

scripts-dev/lint.sh

@@ -139,6 +139,3 @@ cargo-fmt
 
 # Ensure type hints are correct.
 mypy
-
-# Generate configuration documentation from the JSON Schema
-./scripts-dev/gen_config_documentation.py schema/synapse-config.schema.yaml > docs/usage/configuration/config_documentation.md

synapse/api/auth/base.py

@@ -37,9 +37,7 @@ from synapse.appservice import ApplicationService
 from synapse.http import get_request_user_agent
 from synapse.http.site import SynapseRequest
 from synapse.logging.opentracing import trace
-from synapse.state import CREATE_KEY, POWER_KEY
 from synapse.types import Requester, create_requester
-from synapse.types.state import StateFilter
 from synapse.util.cancellation import cancellable
 
 if TYPE_CHECKING:
@@ -218,20 +216,18 @@ class BaseAuth:
         # by checking if they would (theoretically) be able to change the
         # m.room.canonical_alias events
 
-        auth_events = await self._storage_controllers.state.get_current_state(
-            room_id,
-            StateFilter.from_types(
-                [
-                    POWER_KEY,
-                    CREATE_KEY,
-                ]
-            ),
+        power_level_event = (
+            await self._storage_controllers.state.get_current_state_event(
+                room_id, EventTypes.PowerLevels, ""
+            )
         )
 
+        auth_events = {}
+        if power_level_event:
+            auth_events[(EventTypes.PowerLevels, "")] = power_level_event
+
         send_level = event_auth.get_send_level(
-            EventTypes.CanonicalAlias,
-            "",
-            auth_events.get(POWER_KEY),
+            EventTypes.CanonicalAlias, "", power_level_event
         )
         user_level = event_auth.get_user_power_level(
             requester.user.to_string(), auth_events

synapse/api/auth/internal.py

@@ -29,7 +29,6 @@ from synapse.api.errors import (
     InvalidClientTokenError,
     MissingClientTokenError,
     UnrecognizedRequestError,
-    UserLockedError,
 )
 from synapse.http.site import SynapseRequest
 from synapse.logging.opentracing import active_span, force_tracing, start_active_span
@@ -163,7 +162,12 @@ class InternalAuth(BaseAuth):
                 if not allow_locked and await self.store.get_user_locked_status(
                     requester.user.to_string()
                 ):
-                    raise UserLockedError()
+                    raise AuthError(
+                        401,
+                        "User account has been locked",
+                        errcode=Codes.USER_LOCKED,
+                        additional_fields={"soft_logout": True},
+                    )
 
                 # Deny the request if the user account has expired.
                 # This check is only done for regular users, not appservice ones.

synapse/api/auth/msc3861_delegated.py

@@ -30,6 +30,9 @@ from authlib.oauth2.rfc7662 import IntrospectionToken
 from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
 from prometheus_client import Histogram
 
+from twisted.web.client import readBody
+from twisted.web.http_headers import Headers
+
 from synapse.api.auth.base import BaseAuth
 from synapse.api.errors import (
     AuthError,
@@ -40,14 +43,8 @@ from synapse.api.errors import (
     UnrecognizedRequestError,
 )
 from synapse.http.site import SynapseRequest
-from synapse.logging.context import PreserveLoggingContext
-from synapse.logging.opentracing import (
-    active_span,
-    force_tracing,
-    inject_request_headers,
-    start_active_span,
-)
-from synapse.synapse_rust.http_client import HttpClient
+from synapse.logging.context import make_deferred_yieldable
+from synapse.logging.opentracing import active_span, force_tracing, start_active_span
 from synapse.types import Requester, UserID, create_requester
 from synapse.util import json_decoder
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
@@ -182,10 +179,6 @@ class MSC3861DelegatedAuth(BaseAuth):
         self._admin_token: Callable[[], Optional[str]] = self._config.admin_token
         self._force_tracing_for_users = hs.config.tracing.force_tracing_for_users
 
-        self._rust_http_client = HttpClient(
-            user_agent=self._http_client.user_agent.decode("utf8")
-        )
-
         # # Token Introspection Cache
         # This remembers what users/devices are represented by which access tokens,
         # in order to reduce overall system load:
@@ -308,6 +301,7 @@ class MSC3861DelegatedAuth(BaseAuth):
         introspection_endpoint = await self._introspection_endpoint()
         raw_headers: Dict[str, str] = {
             "Content-Type": "application/x-www-form-urlencoded",
+            "User-Agent": str(self._http_client.user_agent, "utf-8"),
             "Accept": "application/json",
             # Tell MAS that we support reading the device ID as an explicit
             # value, not encoded in the scope. This is supported by MAS 0.15+
@@ -321,34 +315,38 @@ class MSC3861DelegatedAuth(BaseAuth):
         uri, raw_headers, body = self._client_auth.prepare(
             method="POST", uri=introspection_endpoint, headers=raw_headers, body=body
         )
+        headers = Headers({k: [v] for (k, v) in raw_headers.items()})
 
         # Do the actual request
+        # We're not using the SimpleHttpClient util methods as we don't want to
+        # check the HTTP status code, and we do the body encoding ourselves.
 
-        logger.debug("Fetching token from MAS")
         start_time = self._clock.time()
         try:
-            with start_active_span("mas-introspect-token"):
-                inject_request_headers(raw_headers)
-                with PreserveLoggingContext():
-                    resp_body = await self._rust_http_client.post(
-                        url=uri,
-                        response_limit=1 * 1024 * 1024,
-                        headers=raw_headers,
-                        request_body=body,
-                    )
-        except HttpResponseException as e:
-            end_time = self._clock.time()
-            introspection_response_timer.labels(e.code).observe(end_time - start_time)
-            raise
+            response = await self._http_client.request(
+                method="POST",
+                uri=uri,
+                data=body.encode("utf-8"),
+                headers=headers,
+            )
+
+            resp_body = await make_deferred_yieldable(readBody(response))
         except Exception:
             end_time = self._clock.time()
             introspection_response_timer.labels("ERR").observe(end_time - start_time)
             raise
 
-        logger.debug("Fetched token from MAS")
-
         end_time = self._clock.time()
-        introspection_response_timer.labels(200).observe(end_time - start_time)
+        introspection_response_timer.labels(response.code).observe(
+            end_time - start_time
+        )
+
+        if response.code < 200 or response.code >= 300:
+            raise HttpResponseException(
+                response.code,
+                response.phrase.decode("ascii", errors="replace"),
+                resp_body,
+            )
 
         resp = json_decoder.decode(resp_body.decode("utf-8"))
 
@@ -477,7 +475,7 @@ class MSC3861DelegatedAuth(BaseAuth):
             # XXX: This is a temporary solution so that the admin API can be called by
             # the OIDC provider. This will be removed once we have OIDC client
             # credentials grant support in matrix-authentication-service.
-            logger.info("Admin toked used")
+            logging.info("Admin toked used")
             # XXX: that user doesn't exist and won't be provisioned.
             # This is mostly fine for admin calls, but we should also think about doing
             # requesters without a user_id.

synapse/api/constants.py

@@ -185,18 +185,12 @@ ServerNoticeLimitReached: Final = "m.server_notice.usage_limit_reached"
 
 class UserTypes:
     """Allows for user type specific behaviour. With the benefit of hindsight
-    'admin' and 'guest' users should also be UserTypes. Extra user types can be
-    added in the configuration. Normal users are type None or one of the extra
-    user types (if configured).
+    'admin' and 'guest' users should also be UserTypes. Normal users are type None
     """
 
     SUPPORT: Final = "support"
     BOT: Final = "bot"
-    ALL_BUILTIN_USER_TYPES: Final = (SUPPORT, BOT)
-    """
-    The user types that are built-in to Synapse. Extra user types can be
-    added in the configuration.
-    """
+    ALL_USER_TYPES: Final = (SUPPORT, BOT)
 
 
 class RelationTypes:
@@ -286,10 +280,6 @@ class AccountDataTypes:
     IGNORED_USER_LIST: Final = "m.ignored_user_list"
     TAG: Final = "m.tag"
     PUSH_RULES: Final = "m.push_rules"
-    # MSC4155: Invite filtering
-    MSC4155_INVITE_PERMISSION_CONFIG: Final = (
-        "org.matrix.msc4155.invite_permission_config"
-    )
 
 
 class HistoryVisibility:

synapse/api/errors.py

@@ -137,9 +137,6 @@ class Codes(str, Enum):
     PROFILE_TOO_LARGE = "M_PROFILE_TOO_LARGE"
     KEY_TOO_LARGE = "M_KEY_TOO_LARGE"
 
-    # Part of MSC4155
-    INVITE_BLOCKED = "ORG.MATRIX.MSC4155.M_INVITE_BLOCKED"
-
 
 class CodeMessageException(RuntimeError):
     """An exception with integer code, a message string attributes and optional headers.
@@ -306,20 +303,6 @@ class UserDeactivatedError(SynapseError):
         )
 
 
-class UserLockedError(SynapseError):
-    """The error returned to the client when the user attempted to access an
-    authenticated endpoint, but the account has been locked.
-    """
-
-    def __init__(self) -> None:
-        super().__init__(
-            code=HTTPStatus.UNAUTHORIZED,
-            msg="User account has been locked",
-            errcode=Codes.USER_LOCKED,
-            additional_fields={"soft_logout": True},
-        )
-
-
 class FederationDeniedError(SynapseError):
     """An error raised when the server tries to federate with a server which
     is not on its federation whitelist.
@@ -541,11 +524,7 @@ class InvalidCaptchaError(SynapseError):
 
 
 class LimitExceededError(SynapseError):
-    """A client has sent too many requests and is being throttled.
-
-    Args:
-        pause: Optional time in seconds to pause before responding to the client.
-    """
+    """A client has sent too many requests and is being throttled."""
 
     def __init__(
         self,
@@ -553,7 +532,6 @@ class LimitExceededError(SynapseError):
         code: int = 429,
         retry_after_ms: Optional[int] = None,
         errcode: str = Codes.LIMIT_EXCEEDED,
-        pause: Optional[float] = None,
     ):
         # Use HTTP header Retry-After to enable library-assisted retry handling.
         headers = (
@@ -564,7 +542,6 @@ class LimitExceededError(SynapseError):
         super().__init__(code, "Too Many Requests", errcode, headers=headers)
         self.retry_after_ms = retry_after_ms
         self.limiter_name = limiter_name
-        self.pause = pause
 
     def error_dict(self, config: Optional["HomeServerConfig"]) -> "JsonDict":
         return cs_error(self.msg, self.errcode, retry_after_ms=self.retry_after_ms)

synapse/api/ratelimiting.py

@@ -20,7 +20,7 @@
 #
 #
 
-from typing import TYPE_CHECKING, Dict, Hashable, Optional, Tuple
+from typing import Dict, Hashable, Optional, Tuple
 
 from synapse.api.errors import LimitExceededError
 from synapse.config.ratelimiting import RatelimitSettings
@@ -28,12 +28,6 @@ from synapse.storage.databases.main import DataStore
 from synapse.types import Requester
 from synapse.util import Clock
 
-if TYPE_CHECKING:
-    # To avoid circular imports:
-    from synapse.module_api.callbacks.ratelimit_callbacks import (
-        RatelimitModuleApiCallbacks,
-    )
-
 
 class Ratelimiter:
     """
@@ -78,14 +72,12 @@ class Ratelimiter:
         store: DataStore,
         clock: Clock,
         cfg: RatelimitSettings,
-        ratelimit_callbacks: Optional["RatelimitModuleApiCallbacks"] = None,
     ):
         self.clock = clock
         self.rate_hz = cfg.per_second
         self.burst_count = cfg.burst_count
         self.store = store
         self._limiter_name = cfg.key
-        self._ratelimit_callbacks = ratelimit_callbacks
 
         # A dictionary representing the token buckets tracked by this rate
         # limiter. Each entry maps a key of arbitrary type to a tuple representing:
@@ -173,20 +165,6 @@ class Ratelimiter:
             if override and not override.messages_per_second:
                 return True, -1.0
 
-        if requester and self._ratelimit_callbacks:
-            # Check if the user has a custom rate limit for this specific limiter
-            # as returned by the module API.
-            module_override = (
-                await self._ratelimit_callbacks.get_ratelimit_override_for_user(
-                    requester.user.to_string(),
-                    self._limiter_name,
-                )
-            )
-
-            if module_override:
-                rate_hz = module_override.per_second
-                burst_count = module_override.burst_count
-
         # Override default values if set
         time_now_s = _time_now_s if _time_now_s is not None else self.clock.time()
         rate_hz = rate_hz if rate_hz is not None else self.rate_hz
@@ -338,10 +316,12 @@ class Ratelimiter:
         )
 
         if not allowed:
+            if pause:
+                await self.clock.sleep(pause)
+
             raise LimitExceededError(
                 limiter_name=self._limiter_name,
                 retry_after_ms=int(1000 * (time_allowed - time_now_s)),
-                pause=pause,
             )
 
 

synapse/app/_base.py

@@ -445,8 +445,8 @@ def listen_http(
         # getHost() returns a UNIXAddress which contains an instance variable of 'name'
         # encoded as a byte string. Decode as utf-8 so pretty.
         logger.info(
-            "Synapse now listening on Unix Socket at: %s",
-            ports[0].getHost().name.decode("utf-8"),
+            "Synapse now listening on Unix Socket at: "
+            f"{ports[0].getHost().name.decode('utf-8')}"
         )
 
     return ports

synapse/app/phone_stats_home.py

@@ -28,13 +28,15 @@ from prometheus_client import Gauge
 
 from synapse.metrics.background_process_metrics import wrap_as_background_process
 from synapse.types import JsonDict
-from synapse.util.constants import ONE_HOUR_SECONDS, ONE_MINUTE_SECONDS
 
 if TYPE_CHECKING:
     from synapse.server import HomeServer
 
 logger = logging.getLogger("synapse.app.homeserver")
 
+ONE_MINUTE_SECONDS = 60
+ONE_HOUR_SECONDS = 60 * ONE_MINUTE_SECONDS
+
 MILLISECONDS_PER_SECOND = 1000
 
 INITIAL_DELAY_BEFORE_FIRST_PHONE_HOME_SECONDS = 5 * ONE_MINUTE_SECONDS
@@ -171,7 +173,7 @@ async def phone_stats_home(
     stats["log_level"] = logging.getLevelName(log_level)
 
     logger.info(
-        "Reporting stats to %s: %s", hs.config.metrics.report_stats_endpoint, stats
+        "Reporting stats to %s: %s" % (hs.config.metrics.report_stats_endpoint, stats)
     )
     try:
         await hs.get_proxied_http_client().put_json(

synapse/appservice/scheduler.py

@@ -2,7 +2,7 @@
 # This file is licensed under the Affero General Public License (AGPL) version 3.
 #
 # Copyright 2015, 2016 OpenMarket Ltd
-# Copyright (C) 2023, 2025 New Vector, Ltd
+# Copyright (C) 2023 New Vector, Ltd
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -70,8 +70,6 @@ from typing import (
     Tuple,
 )
 
-from twisted.internet.interfaces import IDelayedCall
-
 from synapse.appservice import (
     ApplicationService,
     ApplicationServiceState,
@@ -452,20 +450,6 @@ class _TransactionController:
         recoverer.recover()
         logger.info("Now %i active recoverers", len(self.recoverers))
 
-    def force_retry(self, service: ApplicationService) -> None:
-        """Forces a Recoverer to attempt delivery of transations immediately.
-
-        Args:
-            service:
-        """
-        recoverer = self.recoverers.get(service.id)
-        if not recoverer:
-            # No need to force a retry on a happy AS.
-            logger.info("%s is not in recovery, not forcing retry", service.id)
-            return
-
-        recoverer.force_retry()
-
     async def _is_service_up(self, service: ApplicationService) -> bool:
         state = await self.store.get_appservice_state(service)
         return state == ApplicationServiceState.UP or state is None
@@ -498,12 +482,11 @@ class _Recoverer:
         self.service = service
         self.callback = callback
         self.backoff_counter = 1
-        self.scheduled_recovery: Optional[IDelayedCall] = None
 
     def recover(self) -> None:
         delay = 2**self.backoff_counter
         logger.info("Scheduling retries on %s in %fs", self.service.id, delay)
-        self.scheduled_recovery = self.clock.call_later(
+        self.clock.call_later(
             delay, run_as_background_process, "as-recoverer", self.retry
         )
 
@@ -513,21 +496,6 @@ class _Recoverer:
             self.backoff_counter += 1
         self.recover()
 
-    def force_retry(self) -> None:
-        """Cancels the existing timer and forces an immediate retry in the background.
-
-        Args:
-            service:
-        """
-        # Prevent the existing backoff from occuring
-        if self.scheduled_recovery:
-            self.clock.cancel_call_later(self.scheduled_recovery)
-        # Run a retry, which will resechedule a recovery if it fails.
-        run_as_background_process(
-            "retry",
-            self.retry,
-        )
-
     async def retry(self) -> None:
         logger.info("Starting retries on %s", self.service.id)
         try:

synapse/config/_base.pyi

@@ -59,7 +59,6 @@ from synapse.config import (  # noqa: F401
     tls,
     tracer,
     user_directory,
-    user_types,
     voip,
     workers,
 )
@@ -123,7 +122,6 @@ class RootConfig:
     retention: retention.RetentionConfig
     background_updates: background_updates.BackgroundUpdateConfig
     auto_accept_invites: auto_accept_invites.AutoAcceptInvitesConfig
-    user_types: user_types.UserTypesConfig
 
     config_classes: List[Type["Config"]] = ...
     config_files: List[str]

synapse/config/experimental.py

@@ -561,17 +561,8 @@ class ExperimentalConfig(Config):
         # MSC4076: Add `disable_badge_count`` to pusher configuration
         self.msc4076_enabled: bool = experimental.get("msc4076_enabled", False)
 
-        # MSC4235: Add `via` param to hierarchy endpoint
-        self.msc4235_enabled: bool = experimental.get("msc4235_enabled", False)
-
         # MSC4263: Preventing MXID enumeration via key queries
         self.msc4263_limit_key_queries_to_users_who_share_rooms = experimental.get(
             "msc4263_limit_key_queries_to_users_who_share_rooms",
             False,
         )
-
-        # MSC4267: Automatically forgetting rooms on leave
-        self.msc4267_enabled: bool = experimental.get("msc4267_enabled", False)
-
-        # MSC4155: Invite filtering
-        self.msc4155_enabled: bool = experimental.get("msc4155_enabled", False)

synapse/config/federation.py

@@ -94,21 +94,5 @@ class FederationConfig(Config):
             2**62,
         )
 
-    def is_domain_allowed_according_to_federation_whitelist(self, domain: str) -> bool:
-        """
-        Returns whether a domain is allowed according to the federation whitelist. If a
-        federation whitelist is not set, all domains are allowed.
-
-        Args:
-            domain: The domain to test.
-
-        Returns:
-            True if the domain is allowed or if a whitelist is not set, False otherwise.
-        """
-        if self.federation_domain_whitelist is None:
-            return True
-
-        return domain in self.federation_domain_whitelist
-
 
 _METRICS_FOR_DOMAINS_SCHEMA = {"type": "array", "items": {"type": "string"}}

synapse/config/homeserver.py

@@ -59,7 +59,6 @@ from .third_party_event_rules import ThirdPartyRulesConfig
 from .tls import TlsConfig
 from .tracer import TracerConfig
 from .user_directory import UserDirectoryConfig
-from .user_types import UserTypesConfig
 from .voip import VoipConfig
 from .workers import WorkerConfig
 
@@ -108,5 +107,4 @@ class HomeServerConfig(RootConfig):
         ExperimentalConfig,
         BackgroundUpdateConfig,
         AutoAcceptInvitesConfig,
-        UserTypesConfig,
     ]

synapse/config/logger.py

@@ -51,8 +51,6 @@ if TYPE_CHECKING:
     from synapse.config.homeserver import HomeServerConfig
     from synapse.server import HomeServer
 
-logger = logging.getLogger(__name__)
-
 DEFAULT_LOG_CONFIG = Template(
     """\
 # Log configuration for Synapse.
@@ -293,7 +291,7 @@ def _load_logging_config(log_config_path: str) -> None:
         log_config = yaml.safe_load(f.read())
 
     if not log_config:
-        logger.warning("Loaded a blank logging config?")
+        logging.warning("Loaded a blank logging config?")
 
     # If the old structured logging configuration is being used, raise an error.
     if "structured" in log_config and log_config.get("structured"):
@@ -314,7 +312,7 @@ def _reload_logging_config(log_config_path: Optional[str]) -> None:
         return
 
     _load_logging_config(log_config_path)
-    logger.info("Reloaded log config from %s due to SIGHUP", log_config_path)
+    logging.info("Reloaded log config from %s due to SIGHUP", log_config_path)
 
 
 def setup_logging(
@@ -351,17 +349,17 @@ def setup_logging(
     appbase.register_sighup(_reload_logging_config, log_config_path)
 
     # Log immediately so we can grep backwards.
-    logger.warning("***** STARTING SERVER *****")
-    logger.warning(
+    logging.warning("***** STARTING SERVER *****")
+    logging.warning(
         "Server %s version %s",
         sys.argv[0],
         SYNAPSE_VERSION,
     )
-    logger.warning("Copyright (c) 2023 New Vector, Inc")
-    logger.warning(
+    logging.warning("Copyright (c) 2023 New Vector, Inc")
+    logging.warning(
         "Licensed under the AGPL 3.0 license. Website: https://github.com/element-hq/synapse"
     )
-    logger.info("Server hostname: %s", config.server.server_name)
-    logger.info("Public Base URL: %s", config.server.public_baseurl)
-    logger.info("Instance name: %s", hs.get_instance_name())
-    logger.info("Twisted reactor: %s", type(reactor).__name__)
+    logging.info("Server hostname: %s", config.server.server_name)
+    logging.info("Public Base URL: %s", config.server.public_baseurl)
+    logging.info("Instance name: %s", hs.get_instance_name())
+    logging.info("Twisted reactor: %s", type(reactor).__name__)

synapse/config/ratelimiting.py

@@ -240,9 +240,3 @@ class RatelimitConfig(Config):
             "rc_delayed_event_mgmt",
             defaults={"per_second": 1, "burst_count": 5},
         )
-
-        self.rc_reports = RatelimitSettings.parse(
-            config,
-            "rc_reports",
-            defaults={"per_second": 1, "burst_count": 5},
-        )

synapse/config/room.py

@@ -27,7 +27,7 @@ from synapse.types import JsonDict
 
 from ._base import Config, ConfigError
 
-logger = logging.getLogger(__name__)
+logger = logging.Logger(__name__)
 
 
 class RoomDefaultEncryptionTypes:
@@ -85,4 +85,4 @@ class RoomConfig(Config):
 
         # When enabled, users will forget rooms when they leave them, either via a
         # leave, kick or ban.
-        self.forget_on_leave: bool = config.get("forget_rooms_on_leave", False)
+        self.forget_on_leave = config.get("forget_rooms_on_leave", False)

synapse/config/server.py

@@ -41,7 +41,7 @@ from synapse.util.stringutils import parse_and_validate_server_name
 from ._base import Config, ConfigError
 from ._util import validate_config
 
-logger = logging.getLogger(__name__)
+logger = logging.Logger(__name__)
 
 DIRECT_TCP_ERROR = """
 Using direct TCP replication for workers is no longer supported.

synapse/config/user_types.py

@@ -1,44 +0,0 @@
-#
-# This file is licensed under the Affero General Public License (AGPL) version 3.
-#
-# Copyright (C) 2025 New Vector, Ltd
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# See the GNU Affero General Public License for more details:
-# <https://www.gnu.org/licenses/agpl-3.0.html>.
-#
-
-from typing import Any, List, Optional
-
-from synapse.api.constants import UserTypes
-from synapse.types import JsonDict
-
-from ._base import Config, ConfigError
-
-
-class UserTypesConfig(Config):
-    section = "user_types"
-
-    def read_config(self, config: JsonDict, **kwargs: Any) -> None:
-        user_types: JsonDict = config.get("user_types", {})
-
-        self.default_user_type: Optional[str] = user_types.get(
-            "default_user_type", None
-        )
-        self.extra_user_types: List[str] = user_types.get("extra_user_types", [])
-
-        all_user_types: List[str] = []
-        all_user_types.extend(UserTypes.ALL_BUILTIN_USER_TYPES)
-        all_user_types.extend(self.extra_user_types)
-
-        self.all_user_types = all_user_types
-
-        if self.default_user_type is not None:
-            if self.default_user_type not in all_user_types:
-                raise ConfigError(
-                    f"Default user type {self.default_user_type} is not in the list of all user types: {all_user_types}"
-                )

synapse/event_auth.py

@@ -64,7 +64,6 @@ from synapse.api.room_versions import (
     RoomVersion,
     RoomVersions,
 )
-from synapse.state import CREATE_KEY
 from synapse.storage.databases.main.events_worker import EventRedactBehaviour
 from synapse.types import (
     MutableStateMap,
@@ -309,13 +308,6 @@ def check_state_dependent_auth_rules(
 
     auth_dict = {(e.type, e.state_key): e for e in auth_events}
 
-    # Later code relies on there being a create event e.g _can_federate, _is_membership_change_allowed
-    # so produce a more intelligible error if we don't have one.
-    if auth_dict.get(CREATE_KEY) is None:
-        raise AuthError(
-            403, f"Event {event.event_id} is missing a create event in auth_events."
-        )
-
     # additional check for m.federate
     creating_domain = get_domain_from_id(event.room_id)
     originating_domain = get_domain_from_id(event.sender)
@@ -1018,16 +1010,11 @@ def get_user_power_level(user_id: str, auth_events: StateMap["EventBase"]) -> in
         user_id: user's id to look up in power_levels
         auth_events:
             state in force at this point in the room (or rather, a subset of
-            it including at least the create event, and possibly a power levels event).
+            it including at least the create event and power levels event.
 
     Returns:
         the user's power level in this room.
     """
-    create_event = auth_events.get(CREATE_KEY)
-    assert create_event is not None, (
-        "A create event in the auth events chain is required to calculate user power level correctly,"
-        " but was not found. This indicates a bug"
-    )
     power_level_event = get_power_level_event(auth_events)
     if power_level_event:
         level = power_level_event.content.get("users", {}).get(user_id)
@@ -1041,12 +1028,18 @@ def get_user_power_level(user_id: str, auth_events: StateMap["EventBase"]) -> in
     else:
         # if there is no power levels event, the creator gets 100 and everyone
         # else gets 0.
-        if create_event.room_version.implicit_room_creator:
-            creator = create_event.sender
-        else:
-            creator = create_event.content[EventContentFields.ROOM_CREATOR]
-        if creator == user_id:
-            return 100
+
+        # some things which call this don't pass the create event: hack around
+        # that.
+        key = (EventTypes.Create, "")
+        create_event = auth_events.get(key)
+        if create_event is not None:
+            if create_event.room_version.implicit_room_creator:
+                creator = create_event.sender
+            else:
+                creator = create_event.content[EventContentFields.ROOM_CREATOR]
+            if creator == user_id:
+                return 100
         return 0
 
 

synapse/events/__init__.py

@@ -208,6 +208,7 @@ class EventBase(metaclass=abc.ABCMeta):
     depth: DictProperty[int] = DictProperty("depth")
     content: DictProperty[JsonDict] = DictProperty("content")
     hashes: DictProperty[Dict[str, str]] = DictProperty("hashes")
+    origin: DictProperty[str] = DictProperty("origin")
     origin_server_ts: DictProperty[int] = DictProperty("origin_server_ts")
     room_id: DictProperty[str] = DictProperty("room_id")
     sender: DictProperty[str] = DictProperty("sender")

synapse/events/auto_accept_invites.py

@@ -195,18 +195,15 @@ class InviteAutoAccepter:
             except SynapseError as e:
                 if e.code == HTTPStatus.FORBIDDEN:
                     logger.debug(
-                        "Update_room_membership was forbidden. This can sometimes be expected for remote invites. Exception: %s",
-                        e,
+                        f"Update_room_membership was forbidden. This can sometimes be expected for remote invites. Exception: {e}"
                     )
                 else:
-                    logger.warning(
-                        "Update_room_membership raised the following unexpected (SynapseError) exception: %s",
-                        e,
+                    logger.warn(
+                        f"Update_room_membership raised the following unexpected (SynapseError) exception: {e}"
                     )
             except Exception as e:
-                logger.warning(
-                    "Update_room_membership raised the following unexpected exception: %s",
-                    e,
+                logger.warn(
+                    f"Update_room_membership raised the following unexpected exception: {e}"
                 )
 
             sleep = 2**retries

synapse/events/builder.py

@@ -302,8 +302,8 @@ def create_local_event_from_event_dict(
     event_dict: JsonDict,
     internal_metadata_dict: Optional[JsonDict] = None,
 ) -> EventBase:
-    """Takes a fully formed event dict, ensuring that fields like
-    `origin_server_ts` have correct values for a locally produced event,
+    """Takes a fully formed event dict, ensuring that fields like `origin`
+    and `origin_server_ts` have correct values for a locally produced event,
     then signs and hashes it.
     """
 
@@ -319,6 +319,7 @@ def create_local_event_from_event_dict(
     if format_version == EventFormatVersions.ROOM_V1_V2:
         event_dict["event_id"] = _create_event_id(clock, hostname)
 
+    event_dict["origin"] = hostname
     event_dict.setdefault("origin_server_ts", time_now)
 
     event_dict.setdefault("unsigned", {})

synapse/events/validator.py

@@ -67,6 +67,7 @@ class EventValidator:
             "auth_events",
             "content",
             "hashes",
+            "origin",
             "prev_events",
             "sender",
             "type",
@@ -76,6 +77,13 @@ class EventValidator:
             if k not in event:
                 raise SynapseError(400, "Event does not have key %s" % (k,))
 
+        # Check that the following keys have string values
+        event_strings = ["origin"]
+
+        for s in event_strings:
+            if not isinstance(getattr(event, s), str):
+                raise SynapseError(400, "'%s' not a string type" % (s,))
+
         # Depending on the room version, ensure the data is spec compliant JSON.
         if event.room_version.strict_canonicaljson:
             validate_canonicaljson(event.get_pdu_json())

synapse/federation/federation_base.py

@@ -322,7 +322,8 @@ def event_from_pdu_json(pdu_json: JsonDict, room_version: RoomVersion) -> EventB
         SynapseError: if the pdu is missing required fields or is otherwise
             not a valid matrix event
     """
-    # we could probably enforce a bunch of other fields here (room_id, sender, etc.)
+    # we could probably enforce a bunch of other fields here (room_id, sender,
+    # origin, etc etc)
     assert_params_in_dict(pdu_json, ("type", "depth"))
 
     # Strip any unauthorized values from "unsigned" if they exist

synapse/federation/federation_client.py

@@ -1818,7 +1818,7 @@ class FederationClient(FederationBase):
             )
             return timestamp_to_event_response
         except SynapseError as e:
-            logger.warning(
+            logger.warn(
                 "timestamp_to_event(room_id=%s, timestamp=%s, direction=%s): encountered error when trying to fetch from destinations: %s",
                 room_id,
                 timestamp,

synapse/federation/federation_server.py

@@ -928,8 +928,7 @@ class FederationServer(FederationBase):
             # joins) or the full state (for full joins).
             # Return a 404 as we would if we weren't in the room at all.
             logger.info(
-                "Rejecting /send_%s to %s because it's a partial state room",
-                membership_type,
+                f"Rejecting /send_{membership_type} to %s because it's a partial state room",
                 room_id,
             )
             raise SynapseError(

synapse/federation/sender/__init__.py

@@ -342,8 +342,6 @@ class _DestinationWakeupQueue:
                 destination, _ = self.queue.popitem(last=False)
 
                 queue = self.sender._get_per_destination_queue(destination)
-                if queue is None:
-                    continue
 
                 if not queue._new_data_to_send:
                     # The per destination queue has already been woken up.
@@ -438,23 +436,12 @@ class FederationSender(AbstractFederationSender):
             self._wake_destinations_needing_catchup,
         )
 
-    def _get_per_destination_queue(
-        self, destination: str
-    ) -> Optional[PerDestinationQueue]:
+    def _get_per_destination_queue(self, destination: str) -> PerDestinationQueue:
         """Get or create a PerDestinationQueue for the given destination
 
         Args:
             destination: server_name of remote server
-
-        Returns:
-            None if the destination is not allowed by the federation whitelist.
-            Otherwise a PerDestinationQueue for this destination.
         """
-        if not self.hs.config.federation.is_domain_allowed_according_to_federation_whitelist(
-            destination
-        ):
-            return None
-
         queue = self._per_destination_queues.get(destination)
         if not queue:
             queue = PerDestinationQueue(self.hs, self._transaction_manager, destination)
@@ -731,16 +718,6 @@ class FederationSender(AbstractFederationSender):
         # track the fact that we have a PDU for these destinations,
         # to allow us to perform catch-up later on if the remote is unreachable
         # for a while.
-        # Filter out any destinations not present in the federation_domain_whitelist, if
-        # the whitelist exists. These destinations should not be sent to so let's not
-        # waste time or space keeping track of events destined for them.
-        destinations = [
-            d
-            for d in destinations
-            if self.hs.config.federation.is_domain_allowed_according_to_federation_whitelist(
-                d
-            )
-        ]
         await self.store.store_destination_rooms_entries(
             destinations,
             pdu.room_id,
@@ -755,12 +732,7 @@ class FederationSender(AbstractFederationSender):
         )
 
         for destination in destinations:
-            queue = self._get_per_destination_queue(destination)
-            # We expect `queue` to not be None as we already filtered out
-            # non-whitelisted destinations above.
-            assert queue is not None
-
-            queue.send_pdu(pdu)
+            self._get_per_destination_queue(destination).send_pdu(pdu)
 
     async def send_read_receipt(self, receipt: ReadReceipt) -> None:
         """Send a RR to any other servers in the room
@@ -869,16 +841,12 @@ class FederationSender(AbstractFederationSender):
         for domain in immediate_domains:
             # Add to destination queue and wake the destination up
             queue = self._get_per_destination_queue(domain)
-            if queue is None:
-                continue
             queue.queue_read_receipt(receipt)
             queue.attempt_new_transaction()
 
         for domain in delay_domains:
             # Add to destination queue...
             queue = self._get_per_destination_queue(domain)
-            if queue is None:
-                continue
             queue.queue_read_receipt(receipt)
 
             # ... and schedule the destination to be woken up.
@@ -914,10 +882,9 @@ class FederationSender(AbstractFederationSender):
             if self.is_mine_server_name(destination):
                 continue
 
-            queue = self._get_per_destination_queue(destination)
-            if queue is None:
-                continue
-            queue.send_presence(states, start_loop=False)
+            self._get_per_destination_queue(destination).send_presence(
+                states, start_loop=False
+            )
 
             self._destination_wakeup_queue.add_to_queue(destination)
 
@@ -967,8 +934,6 @@ class FederationSender(AbstractFederationSender):
             return
 
         queue = self._get_per_destination_queue(edu.destination)
-        if queue is None:
-            return
         if key:
             queue.send_keyed_edu(edu, key)
         else:
@@ -993,15 +958,9 @@ class FederationSender(AbstractFederationSender):
 
         for destination in destinations:
             if immediate:
-                queue = self._get_per_destination_queue(destination)
-                if queue is None:
-                    continue
-                queue.attempt_new_transaction()
+                self._get_per_destination_queue(destination).attempt_new_transaction()
             else:
-                queue = self._get_per_destination_queue(destination)
-                if queue is None:
-                    continue
-                queue.mark_new_data()
+                self._get_per_destination_queue(destination).mark_new_data()
                 self._destination_wakeup_queue.add_to_queue(destination)
 
     def wake_destination(self, destination: str) -> None:
@@ -1020,9 +979,7 @@ class FederationSender(AbstractFederationSender):
         ):
             return
 
-        queue = self._get_per_destination_queue(destination)
-        if queue is not None:
-            queue.attempt_new_transaction()
+        self._get_per_destination_queue(destination).attempt_new_transaction()
 
     @staticmethod
     def get_current_token() -> int:
@@ -1067,9 +1024,6 @@ class FederationSender(AbstractFederationSender):
                 d
                 for d in destinations_to_wake
                 if self._federation_shard_config.should_handle(self._instance_name, d)
-                and self.hs.config.federation.is_domain_allowed_according_to_federation_whitelist(
-                    d
-                )
             ]
 
             for destination in destinations_to_wake:

synapse/handlers/admin.py

@@ -495,7 +495,7 @@ class AdminHandler:
                     )
                 except Exception as ex:
                     logger.info(
-                        "Redaction of event %s failed due to: %s", event.event_id, ex
+                        f"Redaction of event {event.event_id} failed due to: {ex}"
                     )
                     result["failed_redactions"][event.event_id] = str(ex)
                     await self._task_scheduler.update_task(task.id, result=result)

synapse/handlers/appservice.py

@@ -465,7 +465,9 @@ class ApplicationServicesHandler:
             service, "read_receipt"
         )
         if new_token is not None and new_token.stream <= from_key:
-            logger.debug("Rejecting token lower than or equal to stored: %s", new_token)
+            logger.debug(
+                "Rejecting token lower than or equal to stored: %s" % (new_token,)
+            )
             return []
 
         from_token = MultiWriterStreamToken(stream=from_key)
@@ -507,7 +509,9 @@ class ApplicationServicesHandler:
             service, "presence"
         )
         if new_token is not None and new_token <= from_key:
-            logger.debug("Rejecting token lower than or equal to stored: %s", new_token)
+            logger.debug(
+                "Rejecting token lower than or equal to stored: %s" % (new_token,)
+            )
             return []
 
         for user in users:

synapse/handlers/auth.py

@@ -76,7 +76,7 @@ from synapse.storage.databases.main.registration import (
     LoginTokenLookupResult,
     LoginTokenReused,
 )
-from synapse.types import JsonDict, Requester, StrCollection, UserID
+from synapse.types import JsonDict, Requester, UserID
 from synapse.util import stringutils as stringutils
 from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
 from synapse.util.msisdn import phone_number_to_msisdn
@@ -1547,31 +1547,6 @@ class AuthHandler:
             user_id, (token_id for _, token_id, _ in tokens_and_devices)
         )
 
-    async def delete_access_tokens_for_devices(
-        self,
-        user_id: str,
-        device_ids: StrCollection,
-    ) -> None:
-        """Invalidate access tokens for the devices
-
-        Args:
-            user_id:  ID of user the tokens belong to
-            device_ids:  ID of device the tokens are associated with.
-                If None, tokens associated with any device (or no device) will
-                be deleted
-        """
-        tokens_and_devices = await self.store.user_delete_access_tokens_for_devices(
-            user_id,
-            device_ids,
-        )
-
-        # see if any modules want to know about this
-        if self.password_auth_provider.on_logged_out_callbacks:
-            for token, _, device_id in tokens_and_devices:
-                await self.password_auth_provider.on_logged_out(
-                    user_id=user_id, device_id=device_id, access_token=token
-                )
-
     async def add_threepid(
         self, user_id: str, medium: str, address: str, validated_at: int
     ) -> None:
@@ -1920,7 +1895,7 @@ def load_single_legacy_password_auth_provider(
     try:
         provider = module(config=config, account_handler=api)
     except Exception as e:
-        logger.exception("Error while initializing %r: %s", module, e)
+        logger.error("Error while initializing %r: %s", module, e)
         raise
 
     # All methods that the module provides should be async, but this wasn't enforced
@@ -2453,7 +2428,7 @@ class PasswordAuthProvider:
             except CancelledError:
                 raise
             except Exception as e:
-                logger.exception("Module raised an exception in is_3pid_allowed: %s", e)
+                logger.error("Module raised an exception in is_3pid_allowed: %s", e)
                 raise SynapseError(code=500, msg="Internal Server Error")
 
         return True

synapse/handlers/deactivate_account.py

@@ -96,14 +96,6 @@ class DeactivateAccountHandler:
                 403, "Deactivation of this user is forbidden", Codes.FORBIDDEN
             )
 
-        logger.info(
-            "%s requested deactivation of %s erase_data=%s id_server=%s",
-            requester.user,
-            user_id,
-            erase_data,
-            id_server,
-        )
-
         # FIXME: Theoretically there is a race here wherein user resets
         # password using threepid.
 

synapse/handlers/device.py

@@ -671,12 +671,12 @@ class DeviceHandler(DeviceWorkerHandler):
             except_device_id: optional device id which should not be deleted
         """
         device_map = await self.store.get_devices_by_user(user_id)
+        device_ids = list(device_map)
         if except_device_id is not None:
-            device_map.pop(except_device_id, None)
-        user_device_ids = device_map.keys()
-        await self.delete_devices(user_id, user_device_ids)
+            device_ids = [d for d in device_ids if d != except_device_id]
+        await self.delete_devices(user_id, device_ids)
 
-    async def delete_devices(self, user_id: str, device_ids: StrCollection) -> None:
+    async def delete_devices(self, user_id: str, device_ids: List[str]) -> None:
         """Delete several devices
 
         Args:
@@ -695,10 +695,17 @@ class DeviceHandler(DeviceWorkerHandler):
             else:
                 raise
 
-        # Delete data specific to each device. Not optimised as its an
-        # experimental MSC.
-        if self.hs.config.experimental.msc3890_enabled:
-            for device_id in device_ids:
+        # Delete data specific to each device. Not optimised as it is not
+        # considered as part of a critical path.
+        for device_id in device_ids:
+            await self._auth_handler.delete_access_tokens_for_user(
+                user_id, device_id=device_id
+            )
+            await self.store.delete_e2e_keys_by_device(
+                user_id=user_id, device_id=device_id
+            )
+
+            if self.hs.config.experimental.msc3890_enabled:
                 # Remove any local notification settings for this device in accordance
                 # with MSC3890.
                 await self._account_data_handler.remove_account_data_for_user(
@@ -706,13 +713,6 @@ class DeviceHandler(DeviceWorkerHandler):
                     f"org.matrix.msc3890.local_notification_settings.{device_id}",
                 )
 
-        # If we're deleting a lot of devices, a bunch of them may not have any
-        # to-device messages queued up. We filter those out to avoid scheduling
-        # unnecessary tasks.
-        devices_with_messages = await self.store.get_devices_with_messages(
-            user_id, device_ids
-        )
-        for device_id in devices_with_messages:
             # Delete device messages asynchronously and in batches using the task scheduler
             # We specify an upper stream id to avoid deleting non delivered messages
             # if an user re-uses a device ID.
@@ -726,10 +726,6 @@ class DeviceHandler(DeviceWorkerHandler):
                 },
             )
 
-        await self._auth_handler.delete_access_tokens_for_devices(
-            user_id, device_ids=device_ids
-        )
-
         # Pushers are deleted after `delete_access_tokens_for_user` is called so that
         # modules using `on_logged_out` hook can use them if needed.
         await self.hs.get_pusherpool().remove_pushers_by_devices(user_id, device_ids)
@@ -823,11 +819,10 @@ class DeviceHandler(DeviceWorkerHandler):
             # This should only happen if there are no updates, so we bail.
             return
 
-        if logger.isEnabledFor(logging.DEBUG):
-            for device_id in device_ids:
-                logger.debug(
-                    "Notifying about update %r/%r, ID: %r", user_id, device_id, position
-                )
+        for device_id in device_ids:
+            logger.debug(
+                "Notifying about update %r/%r, ID: %r", user_id, device_id, position
+            )
 
         # specify the user ID too since the user should always get their own device list
         # updates, even if they aren't in any rooms.
@@ -927,6 +922,9 @@ class DeviceHandler(DeviceWorkerHandler):
         # can't call self.delete_device because that will clobber the
         # access token so call the storage layer directly
         await self.store.delete_devices(user_id, [old_device_id])
+        await self.store.delete_e2e_keys_by_device(
+            user_id=user_id, device_id=old_device_id
+        )
 
         # tell everyone that the old device is gone and that the dehydrated
         # device has a new display name
@@ -948,6 +946,7 @@ class DeviceHandler(DeviceWorkerHandler):
             raise errors.NotFoundError()
 
         await self.delete_devices(user_id, [device_id])
+        await self.store.delete_e2e_keys_by_device(user_id=user_id, device_id=device_id)
 
     @wrap_as_background_process("_handle_new_device_update_async")
     async def _handle_new_device_update_async(self) -> None:
@@ -1601,7 +1600,7 @@ class DeviceListUpdater(DeviceListWorkerUpdater):
             if prev_stream_id is not None and cached_devices == {
                 d["device_id"]: d for d in devices
             }:
-                logger.info(
+                logging.info(
                     "Skipping device list resync for %s, as our cache matches already",
                     user_id,
                 )

synapse/handlers/directory.py

@@ -282,7 +282,7 @@ class DirectoryHandler:
             except RequestSendFailed:
                 raise SynapseError(502, "Failed to fetch alias")
             except CodeMessageException as e:
-                logger.warning(
+                logging.warning(
                     "Error retrieving alias %s -> %s %s", room_alias, e.code, e.msg
                 )
                 if e.code == 404: