newsfile

Set minimum python version to 3.9.12
This matches Twisted's minimum required version. See twisted/twisted@27674f6
2025-07-16 10:42:08 +01:00 · 2025-07-16 10:41:58 +01:00
638 changed files with 8935 additions and 30857 deletions
@@ -61,7 +61,7 @@ poetry run update_synapse_database --database-config .ci/postgres-config-unporte
 echo "+++ Comparing ported schema with unported schema"
 # Ignore the tables that portdb creates. (Should it tidy them up when the porting is completed?)
 psql synapse -c "DROP TABLE port_from_sqlite3;"
-pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner --restrict-key=TESTING synapse_unported > unported.sql
+pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner synapse_unported > unported.sql
-pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner --restrict-key=TESTING synapse          >   ported.sql
+pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner synapse          >   ported.sql
 # By default, `diff` returns zero if there are no changes and nonzero otherwise
-diff -u unported.sql ported.sql | tee schema_diff
+diff -u unported.sql ported.sql | tee schema_diff
@@ -1,29 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # 1) Resolve project ID.
 PROJECT_ID=$(gh project view "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json | jq -r '.id')
 # 2) Find existing item (project card) for this issue.
 ITEM_ID=$(
  gh project item-list "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json \
  | jq -r --arg url "$ISSUE_URL" '.items[] | select(.content.url==$url) | .id' | head -n1
 )
 # 3) If one doesn't exist, add this issue to the project.
 if [ -z "${ITEM_ID:-}" ]; then
  ITEM_ID=$(gh project item-add "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --url "$ISSUE_URL" --format json | jq -r '.id')
 fi
 # 4) Get Status field id + the option id for TARGET_STATUS.
 FIELDS_JSON=$(gh project field-list "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json)
 STATUS_FIELD=$(echo "$FIELDS_JSON" | jq -r '.fields[] | select(.name=="Status")')
 STATUS_FIELD_ID=$(echo "$STATUS_FIELD" | jq -r '.id')
 OPTION_ID=$(echo "$STATUS_FIELD" | jq -r --arg name "$TARGET_STATUS" '.options[] | select(.name==$name) | .id')
 if [ -z "${OPTION_ID:-}" ]; then
  echo "No Status option named \"$TARGET_STATUS\" found"; exit 1
 fi
 # 5) Set Status (moves item to the matching column in the board view).
 gh project item-edit --id "$ITEM_ID" --project-id "$PROJECT_ID" --field-id "$STATUS_FIELD_ID" --single-select-option-id "$OPTION_ID"
@@ -31,7 +31,7 @@ jobs:
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Extract version from pyproject.toml
        # Note: explicitly requesting bash will mean bash is invoked with `-eo pipefail`, see
@@ -41,13 +41,13 @@ jobs:
          echo "SYNAPSE_VERSION=$(grep "^version" pyproject.toml | sed -E 's/version\s*=\s*["]([^"]*)["]/\1/')" >> $GITHUB_ENV
      - name: Log in to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -95,21 +95,21 @@ jobs:
      - build
    steps:
      - name: Download digests
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
        with:
          path: ${{ runner.temp }}/digests
          pattern: digests-*
          merge-multiple: true
      - name: Log in to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: ${{ startsWith(matrix.repository, 'docker.io') }}
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
        with:
          registry: ghcr.io
@@ -120,10 +120,10 @@ jobs:
        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
      - name: Install Cosign
-        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
      - name: Calculate docker image tag
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          images: ${{ matrix.repository }}
          flavor: |
@@ -13,7 +13,7 @@ jobs:
    name: GitHub Pages
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # Fetch all history so that the schema_versions script works.
          fetch-depth: 0
@@ -24,7 +24,7 @@ jobs:
          mdbook-version: '0.4.17'
      - name: Setup python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
@@ -50,7 +50,7 @@ jobs:
    name: Check links in documentation
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Setup mdbook
        uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
@@ -50,7 +50,7 @@ jobs:
    needs:
      - pre
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # Fetch all history so that the schema_versions script works.
          fetch-depth: 0
@@ -64,7 +64,7 @@ jobs:
        run: echo 'window.SYNAPSE_VERSION = "${{ needs.pre.outputs.branch-version }}";' > ./docs/website_files/version.js
      - name: Setup python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
@@ -18,14 +18,14 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
          components: clippy, rustfmt
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -42,12 +42,12 @@ jobs:
    if: needs.check_repo.outputs.should_run_workflow == 'true'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      # The dev dependencies aren't exposed in the wheel metadata (at least with current
      # poetry-core versions), so we install with poetry.
@@ -77,13 +77,13 @@ jobs:
            postgres-version: "14"
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: sudo apt-get -qq install xmlsec1
      - name: Set up PostgreSQL ${{ matrix.postgres-version }}
@@ -93,7 +93,7 @@ jobs:
            -e POSTGRES_PASSWORD=postgres \
            -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
            postgres:${{ matrix.postgres-version }}
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - run: pip install .[all,test]
@@ -152,13 +152,13 @@ jobs:
      BLACKLIST: ${{ matrix.workers && 'synapse-blacklist-with-workers' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Ensure sytest runs `pip install`
        # Delete the lockfile so sytest will `pip install` rather than `poetry install`
@@ -202,14 +202,14 @@ jobs:
    steps:
      - name: Check out synapse codebase
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          path: synapse
      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -234,7 +234,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -16,8 +16,8 @@ jobs:
    name: "Check locked dependencies have sdists"
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.x'
      - run: pip install tomli
@@ -33,29 +33,29 @@ jobs:
      packages: write
    steps:
      - name: Checkout specific branch (debug build)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        if: github.event_name == 'workflow_dispatch'
        with:
          ref: ${{ inputs.branch }}
      - name: Checkout clean copy of develop (scheduled build)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        if: github.event_name == 'schedule'
        with:
          ref: develop
      - name: Checkout clean copy of master (on-push)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        if: github.event_name == 'push'
        with:
          ref: master
      - name: Login to registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Work out labels for complement image
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          images: ghcr.io/${{ github.repository }}/complement-synapse
          tags: |
@@ -27,8 +27,8 @@ jobs:
    name: "Calculate list of debian distros"
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - id: set-distros
@@ -55,7 +55,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          path: src
@@ -66,7 +66,7 @@ jobs:
          install: true
      - name: Set up docker layer caching
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -74,7 +74,7 @@ jobs:
            ${{ runner.os }}-buildx-
      - name: Set up python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
@@ -114,8 +114,8 @@ jobs:
        os:
          - ubuntu-24.04
          - ubuntu-24.04-arm
          - macos-13 # This uses x86-64
          - macos-14 # This uses arm64
          - macos-15-intel # This uses x86-64
        # is_pr is a flag used to exclude certain jobs from the matrix on PRs.
        # It is not read by the rest of the workflow.
        is_pr:
@@ -124,7 +124,7 @@ jobs:
        exclude:
          # Don't build macos wheels on PR CI.
          - is_pr: true
-            os: "macos-15-intel"
+            os: "macos-13"
          - is_pr: true
            os: "macos-14"
          # Don't build aarch64 wheels on PR CI.
@@ -132,9 +132,9 @@ jobs:
            os: "ubuntu-24.04-arm"
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          # setup-python@v4 doesn't impose a default python version. Need to use 3.x
          # here, because `python` on osx points to Python 2.7.
@@ -165,8 +165,8 @@ jobs:
    if: ${{ !startsWith(github.ref, 'refs/pull/') }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.10"
@@ -191,7 +191,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all workflow run artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
      - name: Build a tarball for the debs
        # We need to merge all the debs uploads into one folder, then compress
        # that.
@@ -14,8 +14,8 @@ jobs:
    name: Ensure Synapse config schema is valid
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - name: Install check-jsonschema
@@ -40,8 +40,8 @@ jobs:
    name: Ensure generated documentation is up-to-date
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - name: Install PyYAML
@@ -86,12 +86,12 @@ jobs:
    if: ${{ needs.changes.outputs.linting == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
          python-version: "3.x"
@@ -106,8 +106,8 @@ jobs:
    if: ${{ needs.changes.outputs.linting == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - run: "pip install 'click==8.1.1' 'GitPython>=3.1.20'"
@@ -116,8 +116,8 @@ jobs:
  check-lockfile:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - run: .ci/scripts/check_lockfile.py
@@ -129,7 +129,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -151,13 +151,13 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -174,7 +174,7 @@ jobs:
      # Cribbed from
      # https://github.com/AustinScola/mypy-cache-github-action/blob/85ea4f2972abed39b33bd02c36e341b28ca59213/src/restore.ts#L10-L17
      - name: Restore/persist mypy's cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            .mypy_cache
@@ -187,7 +187,7 @@ jobs:
  lint-crlf:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Check line endings
        run: scripts-dev/check_line_terminators.sh
@@ -195,11 +195,11 @@ jobs:
    if: ${{ (github.base_ref == 'develop'  || contains(github.base_ref, 'release-')) && github.actor != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - run: "pip install 'towncrier>=18.6.0rc1'"
@@ -213,14 +213,14 @@ jobs:
    if: ${{ needs.changes.outputs.linting == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
          poetry-version: "2.1.1"
@@ -233,14 +233,14 @@ jobs:
    if: ${{ needs.changes.outputs.rust == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
            components: clippy
            toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: cargo clippy -- -D warnings
@@ -252,70 +252,32 @@ jobs:
    if: ${{ needs.changes.outputs.rust == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
            toolchain: nightly-2025-04-23
            components: clippy
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: cargo clippy --all-features -- -D warnings
  lint-rust:
    runs-on: ubuntu-latest
    needs: changes
    if: ${{ needs.changes.outputs.rust == 'true' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Install Rust
        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
      - name: Setup Poetry
        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
          # Install like a normal project from source with all optional dependencies
          extras: all
          install-project: "true"
          poetry-version: "2.1.1"
      - name: Ensure `Cargo.lock` is up to date (no stray changes after install)
        # The `::error::` syntax is using GitHub Actions' error annotations, see
        # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions
        run: |
          if git diff --quiet Cargo.lock; then
            echo "Cargo.lock is up to date"
          else
            echo "::error::Cargo.lock has uncommitted changes after install. Please run 'poetry install --extras all' and commit the Cargo.lock changes."
            git diff --exit-code Cargo.lock
            exit 1
          fi
  # This job is split from `lint-rust` because it requires a nightly Rust toolchain
  # for some of the unstable options we use in `.rustfmt.toml`.
  lint-rustfmt:
    runs-on: ubuntu-latest
    needs: changes
    if: ${{ needs.changes.outputs.rust == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
-          # We use nightly so that we can use some unstable options that we use in
+          # We use nightly so that it correctly groups together imports
          # `.rustfmt.toml`.
          toolchain: nightly-2025-04-23
          components: rustfmt
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: cargo fmt --check
@@ -326,8 +288,8 @@ jobs:
    needs: changes
    if: ${{ needs.changes.outputs.linting_readme == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - run: "pip install rstcheck"
@@ -347,7 +309,6 @@ jobs:
      - check-lockfile
      - lint-clippy
      - lint-clippy-nightly
      - lint-rust
      - lint-rustfmt
      - lint-readme
    runs-on: ubuntu-latest
@@ -366,7 +327,6 @@ jobs:
            lint-pydantic
            lint-clippy
            lint-clippy-nightly
            lint-rust
            lint-rustfmt
            lint-readme
@@ -376,8 +336,8 @@ jobs:
    needs: linting-done
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: "3.x"
      - id: get-matrix
@@ -397,7 +357,7 @@ jobs:
        job:  ${{ fromJson(needs.calculate-test-jobs.outputs.trial_test_matrix) }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - run: sudo apt-get -qq install xmlsec1
      - name: Set up PostgreSQL ${{ matrix.job.postgres-version }}
        if: ${{ matrix.job.postgres-version }}
@@ -412,10 +372,10 @@ jobs:
            postgres:${{ matrix.job.postgres-version }}
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -453,13 +413,13 @@ jobs:
      - changes
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      # There aren't wheels for some of the older deps, so we need to install
      # their build dependencies
@@ -468,7 +428,7 @@ jobs:
          sudo apt-get -qq install build-essential libffi-dev python3-dev \
            libxml2-dev libxslt-dev xmlsec1 zlib1g-dev libjpeg-dev libwebp-dev
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.9'
@@ -518,7 +478,7 @@ jobs:
        extras: ["all"]
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      # Install libs necessary for PyPy to build binary wheels for dependencies
      - run: sudo apt-get -qq install xmlsec1 libxml2-dev libxslt-dev
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
@@ -568,15 +528,15 @@ jobs:
        job: ${{ fromJson(needs.calculate-test-jobs.outputs.sytest_test_matrix) }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Prepare test blacklist
        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Run SyTest
        run: /bootstrap.sh synapse
@@ -615,7 +575,7 @@ jobs:
          --health-retries 5
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - run: sudo apt-get -qq install xmlsec1 postgresql-client
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -659,7 +619,7 @@ jobs:
          --health-retries 5
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Add PostgreSQL apt repository
        # We need a version of pg_dump that can handle the version of
        # PostgreSQL being tested against. The Ubuntu package repository lags
@@ -714,20 +674,20 @@ jobs:
    steps:
      - name: Checkout synapse codebase
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          path: synapse
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -750,13 +710,13 @@ jobs:
      - changes
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: cargo test
@@ -770,13 +730,13 @@ jobs:
      - changes
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
            toolchain: nightly-2022-12-01
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - run: cargo bench --no-run
@@ -6,26 +6,39 @@ on:
 jobs:
  move_needs_info:
    name: Move X-Needs-Info on the triage board
    runs-on: ubuntu-latest
    if: >
      contains(github.event.issue.labels.*.name, 'X-Needs-Info')
    permissions:
      contents: read
    env:
      # This token must have the following scopes: ["repo:public_repo", "admin:org->read:org", "user->read:user", "project"]
      GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
      PROJECT_OWNER: matrix-org
      # Backend issue triage board.
      # https://github.com/orgs/matrix-org/projects/67/views/1
      PROJECT_NUMBER: 67
      ISSUE_URL: ${{ github.event.issue.html_url }}
      # This field is case-sensitive.
      TARGET_STATUS: Needs info
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/add-to-project@5b1a254a3546aef88e0a7724a77a623fa2e47c36 # main (v1.0.2 + 10 commits)
        id: add_project
        with:
-          # Only clone the script file we care about, instead of the whole repo.
+          project-url: "https://github.com/orgs/matrix-org/projects/67"
-          sparse-checkout: .ci/scripts/triage_labelled_issue.sh
+          github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
-
+      - name: Set status
-      - name: Ensure issue exists on the board, then set Status
+        env:
-        run: .ci/scripts/triage_labelled_issue.sh
+          GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
        run: |
          gh api graphql -f query='
          mutation(
              $project: ID!
              $item: ID!
              $fieldid: ID!
              $columnid: String!
            )  {
            updateProjectV2ItemFieldValue(
              input: {
               projectId: $project
                itemId: $item
                fieldId: $fieldid
                value: { 
                  singleSelectOptionId: $columnid
                  }
              }
            ) {
              projectV2Item {
                id
              }
            }
          }' -f project="PVT_kwDOAIB0Bs4AFDdZ" -f item=${{ steps.add_project.outputs.itemId }} -f fieldid="PVTSSF_lADOAIB0Bs4AFDdZzgC6ZA4" -f columnid=ba22e43c --silent
@@ -43,13 +43,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -70,14 +70,14 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - run: sudo apt-get -qq install xmlsec1
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
        with:
@@ -117,13 +117,13 @@ jobs:
        - ${{ github.workspace }}:/src
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b # master
        with:
          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0
      - name: Patch dependencies
        # Note: The poetry commands want to create a virtualenv in /src/.venv/,
@@ -175,14 +175,14 @@ jobs:
    steps:
      - name: Run actions/checkout@v4 for synapse
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          path: synapse
      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -217,7 +217,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,6 +1 @@
 # Unstable options are only available on a nightly toolchain and must be opted into
 unstable_features = true
 # `group_imports` is an unstable option that requires nightly Rust toolchain. Tracked by
 # https://github.com/rust-lang/rustfmt/issues/5083
 group_imports = "StdExternalCrate"
@@ -1,539 +1,3 @@
 # Synapse 1.140.0 (2025-10-14)
 ## Compatibility notice for users of `synapse-s3-storage-provider`
 Deployments that make use of the
 [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider)
 module must upgrade to
 [v1.6.0](https://github.com/matrix-org/synapse-s3-storage-provider/releases/tag/v1.6.0).
 Using older versions of the module with this release of Synapse will prevent
 users from being able to upload or download media.
 No significant changes since 1.140.0rc1.
 # Synapse 1.140.0rc1 (2025-10-10)
 ## Features
 - Add [a new Media Query by ID Admin API](https://element-hq.github.io/synapse/v1.140/admin_api/media_admin_api.html#query-a-piece-of-media-by-id) that allows server admins to query and investigate the metadata of local or cached remote media via
  the `origin/media_id` identifier found in a [Matrix Content URI](https://spec.matrix.org/v1.14/client-server-api/#matrix-content-mxc-uris). ([\#18911](https://github.com/element-hq/synapse/issues/18911))
 - Add [a new Fetch Event Admin API](https://element-hq.github.io/synapse/v1.140/admin_api/fetch_event.html) to fetch an event by ID. ([\#18963](https://github.com/element-hq/synapse/issues/18963))
 - Update [MSC4284: Policy Servers](https://github.com/matrix-org/matrix-spec-proposals/pull/4284) implementation to support signatures when available. ([\#18934](https://github.com/element-hq/synapse/issues/18934))
 - Add experimental implementation of the `GET /_matrix/client/v1/rtc/transports` endpoint for the latest draft of [MSC4143: MatrixRTC](https://github.com/matrix-org/matrix-spec-proposals/pull/4143). ([\#18967](https://github.com/element-hq/synapse/issues/18967))
 - Expose a `defer_to_threadpool` function in the Synapse Module API that allows modules to run a function on a separate thread in a custom threadpool. ([\#19032](https://github.com/element-hq/synapse/issues/19032))
 ## Bugfixes
 - Fix room upgrade `room_config` argument and documentation for `user_may_create_room` spam-checker callback. ([\#18721](https://github.com/element-hq/synapse/issues/18721))
 - Compute a user's last seen timestamp from their devices' last seen timestamps instead of IPs, because the latter are automatically cleared according to `user_ips_max_age`. ([\#18948](https://github.com/element-hq/synapse/issues/18948))
 - Fix bug where ephemeral events were not filtered by room ID. Contributed by @frastefanini. ([\#19002](https://github.com/element-hq/synapse/issues/19002))
 - Update Synapse main process version string to include git info. ([\#19011](https://github.com/element-hq/synapse/issues/19011))
 ## Improved Documentation
 - Explain how `Deferred` callbacks interact with logcontexts. ([\#18914](https://github.com/element-hq/synapse/issues/18914))
 - Fix documentation for `rc_room_creation` and `rc_reports` to clarify that a `per_user` rate limit is not supported. ([\#18998](https://github.com/element-hq/synapse/issues/18998))
 ## Deprecations and Removals
 - Remove deprecated `LoggingContext.set_current_context`/`LoggingContext.current_context` methods which already have equivalent bare methods in `synapse.logging.context`. ([\#18989](https://github.com/element-hq/synapse/issues/18989))
 - Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. ([\#18996](https://github.com/element-hq/synapse/issues/18996))
 ## Internal Changes
 - Cleanly shutdown `SynapseHomeServer` object, allowing artifacts of embedded small hosts to be properly garbage collected. ([\#18828](https://github.com/element-hq/synapse/issues/18828))
 - Update OEmbed providers to use 'X' instead of 'Twitter' in URL previews, following a rebrand. Contributed by @HammyHavoc. ([\#18767](https://github.com/element-hq/synapse/issues/18767))
 - Fix `server_name` in logging context for multiple Synapse instances in one process. ([\#18868](https://github.com/element-hq/synapse/issues/18868))
 - Wrap the Rust HTTP client with `make_deferred_yieldable` so it follows Synapse logcontext rules. ([\#18903](https://github.com/element-hq/synapse/issues/18903))
 - Fix the GitHub Actions workflow that moves issues labeled "X-Needs-Info" to the "Needs info" column on the team's internal triage board. ([\#18913](https://github.com/element-hq/synapse/issues/18913))
 - Disconnect background process work from request trace. ([\#18932](https://github.com/element-hq/synapse/issues/18932))
 - Reduce overall number of calls to `_get_e2e_cross_signing_signatures_for_devices` by increasing the batch size of devices the query is called with, reducing DB load. ([\#18939](https://github.com/element-hq/synapse/issues/18939))
 - Update error code used when an appservice tries to masquerade as an unknown device using [MSC4326](https://github.com/matrix-org/matrix-spec-proposals/pull/4326). Contributed by @tulir @ Beeper. ([\#18947](https://github.com/element-hq/synapse/issues/18947))
 - Fix `no active span when trying to log` tracing error on startup (when OpenTracing is enabled). ([\#18959](https://github.com/element-hq/synapse/issues/18959))
 - Fix `run_coroutine_in_background(...)` incorrectly handling logcontext. ([\#18964](https://github.com/element-hq/synapse/issues/18964))
 - Add debug logs wherever we change current logcontext. ([\#18966](https://github.com/element-hq/synapse/issues/18966))
 - Update dockerfile metadata to fix broken link; point to documentation website. ([\#18971](https://github.com/element-hq/synapse/issues/18971))
 - Note that the code is additionally licensed under the [Element Commercial license](https://github.com/element-hq/synapse/blob/develop/LICENSE-COMMERCIAL) in SPDX expression field configs. ([\#18973](https://github.com/element-hq/synapse/issues/18973))
 - Fix logcontext handling in `timeout_deferred` tests. ([\#18974](https://github.com/element-hq/synapse/issues/18974))
 - Remove internal `ReplicationUploadKeysForUserRestServlet` as a follow-up to the work in https://github.com/element-hq/synapse/pull/18581 that moved device changes off the main process. ([\#18988](https://github.com/element-hq/synapse/issues/18988))
 - Switch task scheduler from raw logcontext manipulation to using the dedicated logcontext utils. ([\#18990](https://github.com/element-hq/synapse/issues/18990))
 - Remove `MockClock()` in tests. ([\#18992](https://github.com/element-hq/synapse/issues/18992))
 - Switch back to our own custom `LogContextScopeManager` instead of OpenTracing's `ContextVarsScopeManager` which was causing problems when using the experimental `SYNAPSE_ASYNC_IO_REACTOR` option with tracing enabled. ([\#19007](https://github.com/element-hq/synapse/issues/19007))
 - Remove `version_string` argument from `HomeServer` since it's always the same. ([\#19012](https://github.com/element-hq/synapse/issues/19012))
 - Remove duplicate call to `hs.start_background_tasks()` introduced from a bad merge. ([\#19013](https://github.com/element-hq/synapse/issues/19013))
 - Split homeserver creation (`create_homeserver`) and setup (`setup`). ([\#19015](https://github.com/element-hq/synapse/issues/19015))
 - Swap near-end-of-life `macos-13` GitHub Actions runner for the `macos-15-intel` variant. ([\#19025](https://github.com/element-hq/synapse/issues/19025))
 - Introduce `RootConfig.validate_config()` which can be subclassed in `HomeServerConfig` to do cross-config class validation. ([\#19027](https://github.com/element-hq/synapse/issues/19027))
 - Allow any command of the `release.py` script to accept a `--gh-token` argument. ([\#19035](https://github.com/element-hq/synapse/issues/19035))
 ### Updates to locked dependencies
 * Bump Swatinem/rust-cache from 2.8.0 to 2.8.1. ([\#18949](https://github.com/element-hq/synapse/issues/18949))
 * Bump actions/cache from 4.2.4 to 4.3.0. ([\#18983](https://github.com/element-hq/synapse/issues/18983))
 * Bump anyhow from 1.0.99 to 1.0.100. ([\#18950](https://github.com/element-hq/synapse/issues/18950))
 * Bump authlib from 1.6.3 to 1.6.4. ([\#18957](https://github.com/element-hq/synapse/issues/18957))
 * Bump authlib from 1.6.4 to 1.6.5. ([\#19019](https://github.com/element-hq/synapse/issues/19019))
 * Bump bcrypt from 4.3.0 to 5.0.0. ([\#18984](https://github.com/element-hq/synapse/issues/18984))
 * Bump docker/login-action from 3.5.0 to 3.6.0. ([\#18978](https://github.com/element-hq/synapse/issues/18978))
 * Bump lxml from 6.0.0 to 6.0.2. ([\#18979](https://github.com/element-hq/synapse/issues/18979))
 * Bump phonenumbers from 9.0.13 to 9.0.14. ([\#18954](https://github.com/element-hq/synapse/issues/18954))
 * Bump phonenumbers from 9.0.14 to 9.0.15. ([\#18991](https://github.com/element-hq/synapse/issues/18991))
 * Bump prometheus-client from 0.22.1 to 0.23.1. ([\#19016](https://github.com/element-hq/synapse/issues/19016))
 * Bump pydantic from 2.11.9 to 2.11.10. ([\#19017](https://github.com/element-hq/synapse/issues/19017))
 * Bump pygithub from 2.7.0 to 2.8.1. ([\#18952](https://github.com/element-hq/synapse/issues/18952))
 * Bump regex from 1.11.2 to 1.11.3. ([\#18981](https://github.com/element-hq/synapse/issues/18981))
 * Bump serde from 1.0.224 to 1.0.226. ([\#18953](https://github.com/element-hq/synapse/issues/18953))
 * Bump serde from 1.0.226 to 1.0.228. ([\#18982](https://github.com/element-hq/synapse/issues/18982))
 * Bump setuptools-rust from 1.11.1 to 1.12.0. ([\#18980](https://github.com/element-hq/synapse/issues/18980))
 * Bump twine from 6.1.0 to 6.2.0. ([\#18985](https://github.com/element-hq/synapse/issues/18985))
 * Bump types-pyyaml from 6.0.12.20250809 to 6.0.12.20250915. ([\#19018](https://github.com/element-hq/synapse/issues/19018))
 * Bump types-requests from 2.32.4.20250809 to 2.32.4.20250913. ([\#18951](https://github.com/element-hq/synapse/issues/18951))
 * Bump typing-extensions from 4.14.1 to 4.15.0. ([\#18956](https://github.com/element-hq/synapse/issues/18956))
 # Synapse 1.139.2 (2025-10-07)
 ## Bugfixes
 - Fix a bug introduced in 1.139.1 where a client could receive an Internal Server Error if they set `device_keys: null` in the request to [`POST /_matrix/client/v3/keys/upload`](https://spec.matrix.org/v1.16/client-server-api/#post_matrixclientv3keysupload). ([\#19023](https://github.com/element-hq/synapse/issues/19023))
 # Synapse 1.139.1 (2025-10-07)
 ## Security Fixes
 - Fix [CVE-2025-61672](https://www.cve.org/CVERecord?id=CVE-2025-61672) / [GHSA-fh66-fcv5-jjfr](https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr). Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. ([\#17097](https://github.com/element-hq/synapse/issues/17097))
 ## Deprecations and Removals
 - Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. ([\#18996](https://github.com/element-hq/synapse/issues/18996))
 # Synapse 1.138.4 (2025-10-07)
 ## Bugfixes
 - Fix a bug introduced in 1.138.3 where a client could receive an Internal Server Error if they set `device_keys: null` in the request to [`POST /_matrix/client/v3/keys/upload`](https://spec.matrix.org/v1.16/client-server-api/#post_matrixclientv3keysupload). ([\#19023](https://github.com/element-hq/synapse/issues/19023))
 # Synapse 1.138.3 (2025-10-07)
 ## Security Fixes
 - Fix [CVE-2025-61672](https://www.cve.org/CVERecord?id=CVE-2025-61672) / [GHSA-fh66-fcv5-jjfr](https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr). Lack of validation for device keys in Synapse before 1.139.1 allows an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. ([\#17097](https://github.com/element-hq/synapse/issues/17097))
 ## Deprecations and Removals
 - Drop support for unstable field names from the long-accepted [MSC2732](https://github.com/matrix-org/matrix-spec-proposals/pull/2732) (Olm fallback keys) proposal. This change allows unit tests to pass following the security patch above. ([\#18996](https://github.com/element-hq/synapse/issues/18996))
 # Synapse 1.139.0 (2025-09-30)
 ### `/register` requests from old application service implementations may break when using MAS
 If you are using Matrix Authentication Service (MAS), as of this release any
 Application Services that do not set `inhibit_login=true` when calling `POST
 /_matrix/client/v3/register` will receive the error
 `IO.ELEMENT.MSC4190.M_APPSERVICE_LOGIN_UNSUPPORTED` in response. Please see [the
 upgrade
 notes](https://element-hq.github.io/synapse/develop/upgrade.html#register-requests-from-old-application-service-implementations-may-break-when-using-mas)
 for more information.
 No significant changes since 1.139.0rc3.
 # Synapse 1.139.0rc3 (2025-09-25)
 ## Bugfixes
 - Fix a bug introduced in 1.139.0rc1 where `run_coroutine_in_background(...)` incorrectly handled logcontexts, resulting in partially broken logging. ([\#18964](https://github.com/element-hq/synapse/issues/18964))
 # Synapse 1.139.0rc2 (2025-09-23)
 ## Internal Changes
 - Drop support for Ubuntu 24.10 Oracular Oriole, and add support for Ubuntu 25.04 Plucky Puffin. This change was applied on top of 1.139.0rc1. ([\#18962](https://github.com/element-hq/synapse/issues/18962))
 # Synapse 1.139.0rc1 (2025-09-23)
 ## Features
 - Add experimental support for [MSC4308: Thread Subscriptions extension to Sliding Sync](https://github.com/matrix-org/matrix-spec-proposals/pull/4308) when [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-spec-proposals/pull/4306) and [MSC4186: Simplified Sliding Sync](https://github.com/matrix-org/matrix-spec-proposals/pull/4186) are enabled. ([\#18695](https://github.com/element-hq/synapse/issues/18695))
 - Update push rules for experimental [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-doc/issues/4306) to follow a newer draft. ([\#18846](https://github.com/element-hq/synapse/issues/18846))
 - Add `get_media_upload_limits_for_user` and `on_media_upload_limit_exceeded` module API callbacks to the media repository. ([\#18848](https://github.com/element-hq/synapse/issues/18848))
 - Support [MSC4169](https://github.com/matrix-org/matrix-spec-proposals/pull/4169) for backwards-compatible redaction sending using the `/send` endpoint. Contributed by @SpiritCroc @ Beeper. ([\#18898](https://github.com/element-hq/synapse/issues/18898))
 - Add an in-memory cache to `_get_e2e_cross_signing_signatures_for_devices` to reduce DB load. ([\#18899](https://github.com/element-hq/synapse/issues/18899))
 - Update [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) support to return correct errors and allow appservices to reset cross-signing keys without user-interactive authentication. Contributed by @tulir @ Beeper. ([\#18946](https://github.com/element-hq/synapse/issues/18946))
 ## Bugfixes
 - Ensure all PDUs sent via `/send` pass canonical JSON checks. ([\#18641](https://github.com/element-hq/synapse/issues/18641))
 - Fix bug where we did not send invite revocations over federation. ([\#18823](https://github.com/element-hq/synapse/issues/18823))
 - Fix prefixed support for [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133). ([\#18875](https://github.com/element-hq/synapse/issues/18875))
 - Fix open redirect in legacy SSO flow with the `idp` query parameter. ([\#18909](https://github.com/element-hq/synapse/issues/18909))
 - Fix a performance regression related to the experimental Delayed Events ([MSC4140](https://github.com/matrix-org/matrix-spec-proposals/pull/4140)) feature. ([\#18926](https://github.com/element-hq/synapse/issues/18926))
 ## Updates to the Docker image
 - Suppress "Applying schema" log noise bulk when `SYNAPSE_LOG_TESTING` is set. ([\#18878](https://github.com/element-hq/synapse/issues/18878))
 ## Improved Documentation
 - Clarify Python dependency constraints in our deprecation policy. ([\#18856](https://github.com/element-hq/synapse/issues/18856))
 - Clarify necessary `jwt_config` parameter in OIDC documentation for authentik. Contributed by @maxkratz. ([\#18931](https://github.com/element-hq/synapse/issues/18931))
 ## Deprecations and Removals
 - Remove obsolete and experimental `/sync/e2ee` endpoint. ([\#18583](https://github.com/element-hq/synapse/issues/18583))
 ## Internal Changes
 - Fix `LaterGauge` metrics to collect from all servers. ([\#18791](https://github.com/element-hq/synapse/issues/18791))
 - Configure Synapse to run [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-spec-proposals/pull/4306) Complement tests. ([\#18819](https://github.com/element-hq/synapse/issues/18819))
 - Remove `sentinel` logcontext usage where we log in `setup`, `start` and `exit`. ([\#18870](https://github.com/element-hq/synapse/issues/18870))
 - Use the `Enum`'s value for the dictionary key when responding to an admin request for experimental features. ([\#18874](https://github.com/element-hq/synapse/issues/18874))
 - Start background tasks after we fork the process (daemonize). ([\#18886](https://github.com/element-hq/synapse/issues/18886))
 - Better explain how we manage the logcontext in `run_in_background(...)` and `run_as_background_process(...)`. ([\#18900](https://github.com/element-hq/synapse/issues/18900), [\#18906](https://github.com/element-hq/synapse/issues/18906))
 - Remove `sentinel` logcontext usage in `Clock` utilities like `looping_call` and `call_later`. ([\#18907](https://github.com/element-hq/synapse/issues/18907))
 - Replace usages of the deprecated `pkg_resources` interface in preparation of setuptools dropping it soon. ([\#18910](https://github.com/element-hq/synapse/issues/18910))
 - Split loading config from homeserver `setup`. ([\#18933](https://github.com/element-hq/synapse/issues/18933))
 - Fix `run_in_background` not being awaited properly in some tests causing `LoggingContext` problems. ([\#18937](https://github.com/element-hq/synapse/issues/18937))
 - Fix `run_as_background_process` not being awaited properly causing `LoggingContext` problems in experimental [MSC4140](https://github.com/matrix-org/matrix-spec-proposals/pull/4140): Delayed events implementation. ([\#18938](https://github.com/element-hq/synapse/issues/18938))
 - Introduce `Clock.call_when_running(...)` to wrap startup code in a logcontext, ensuring we can identify which server generated the logs. ([\#18944](https://github.com/element-hq/synapse/issues/18944))
 - Introduce `Clock.add_system_event_trigger(...)` to wrap system event callback code in a logcontext, ensuring we can identify which server generated the logs. ([\#18945](https://github.com/element-hq/synapse/issues/18945))
 ### Updates to locked dependencies
 * Bump actions/setup-go from 5.5.0 to 6.0.0. ([\#18891](https://github.com/element-hq/synapse/issues/18891))
 * Bump actions/setup-python from 5.6.0 to 6.0.0. ([\#18890](https://github.com/element-hq/synapse/issues/18890))
 * Bump authlib from 1.6.1 to 1.6.3. ([\#18921](https://github.com/element-hq/synapse/issues/18921))
 * Bump jsonschema from 4.25.0 to 4.25.1. ([\#18897](https://github.com/element-hq/synapse/issues/18897))
 * Bump log from 0.4.27 to 0.4.28. ([\#18892](https://github.com/element-hq/synapse/issues/18892))
 * Bump phonenumbers from 9.0.12 to 9.0.13. ([\#18893](https://github.com/element-hq/synapse/issues/18893))
 * Bump pydantic from 2.11.7 to 2.11.9. ([\#18922](https://github.com/element-hq/synapse/issues/18922))
 * Bump serde from 1.0.219 to 1.0.223. ([\#18920](https://github.com/element-hq/synapse/issues/18920))
 * Bump serde_json from 1.0.143 to 1.0.145. ([\#18919](https://github.com/element-hq/synapse/issues/18919))
 * Bump sigstore/cosign-installer from 3.9.2 to 3.10.0. ([\#18917](https://github.com/element-hq/synapse/issues/18917))
 * Bump towncrier from 24.8.0 to 25.8.0. ([\#18894](https://github.com/element-hq/synapse/issues/18894))
 * Bump types-psycopg2 from 2.9.21.20250809 to 2.9.21.20250915. ([\#18918](https://github.com/element-hq/synapse/issues/18918))
 * Bump types-requests from 2.32.4.20250611 to 2.32.4.20250809. ([\#18895](https://github.com/element-hq/synapse/issues/18895))
 * Bump types-setuptools from 80.9.0.20250809 to 80.9.0.20250822. ([\#18924](https://github.com/element-hq/synapse/issues/18924))
 # Synapse 1.138.2 (2025-09-24)
 ## Internal Changes
 - Drop support for Ubuntu 24.10 Oracular Oriole, and add support for Ubuntu 25.04 Plucky Puffin. This change was applied on top of 1.138.1. ([\#18962](https://github.com/element-hq/synapse/issues/18962))
 # Synapse 1.138.1 (2025-09-24)
 ## Bugfixes
 - Fix a performance regression related to the experimental Delayed Events ([MSC4140](https://github.com/matrix-org/matrix-spec-proposals/pull/4140)) feature. ([\#18926](https://github.com/element-hq/synapse/issues/18926))
 # Synapse 1.138.0 (2025-09-09)
 No significant changes since 1.138.0rc1.
 # Synapse 1.138.0rc1 (2025-09-02)
 ### Features
 - Support for the stable endpoint and scopes of [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) & co. ([\#18549](https://github.com/element-hq/synapse/issues/18549))
 ### Bugfixes
 - Improve database performance of [MSC4293](https://github.com/matrix-org/matrix-spec-proposals/pull/4293) - Redact on Kick/Ban. ([\#18851](https://github.com/element-hq/synapse/issues/18851))
 - Do not throw an error when fetching a rejected delayed state event on startup. ([\#18858](https://github.com/element-hq/synapse/issues/18858))
 ### Improved Documentation
 - Fix worker documentation incorrectly indicating all room Admin API requests were capable of being handled by workers. ([\#18853](https://github.com/element-hq/synapse/issues/18853))
 ### Internal Changes
 - Instrument `_ByteProducer` with tracing to measure potential dead time while writing bytes to the request. ([\#18804](https://github.com/element-hq/synapse/issues/18804))
 - Switch to OpenTracing's `ContextVarsScopeManager` instead of our own custom `LogContextScopeManager`. ([\#18849](https://github.com/element-hq/synapse/issues/18849))
 - Trace how much work is being done while "recursively fetching redactions". ([\#18854](https://github.com/element-hq/synapse/issues/18854))
 - Link [upstream Twisted bug](https://github.com/twisted/twisted/issues/12498) tracking the problem that explains why we have to use a `Producer` to write bytes to the request. ([\#18855](https://github.com/element-hq/synapse/issues/18855))
 - Introduce `EventPersistencePair` type. ([\#18857](https://github.com/element-hq/synapse/issues/18857))
 ### Updates to locked dependencies
 * Bump actions/add-to-project from c0c5949b017d0d4a39f7ba888255881bdac2a823 to 4515659e2b458b27365e167605ac44f219494b66. ([\#18863](https://github.com/element-hq/synapse/issues/18863))
 * Bump actions/checkout from 4.3.0 to 5.0.0. ([\#18834](https://github.com/element-hq/synapse/issues/18834))
 * Bump anyhow from 1.0.98 to 1.0.99. ([\#18841](https://github.com/element-hq/synapse/issues/18841))
 * Bump docker/login-action from 3.4.0 to 3.5.0. ([\#18835](https://github.com/element-hq/synapse/issues/18835))
 * Bump dtolnay/rust-toolchain from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to e97e2d8cc328f1b50210efc529dca0028893a2d9. ([\#18862](https://github.com/element-hq/synapse/issues/18862))
 * Bump phonenumbers from 9.0.11 to 9.0.12. ([\#18837](https://github.com/element-hq/synapse/issues/18837))
 * Bump regex from 1.11.1 to 1.11.2. ([\#18864](https://github.com/element-hq/synapse/issues/18864))
 * Bump reqwest from 0.12.22 to 0.12.23. ([\#18842](https://github.com/element-hq/synapse/issues/18842))
 * Bump ruff from 0.12.7 to 0.12.10. ([\#18865](https://github.com/element-hq/synapse/issues/18865))
 * Bump serde_json from 1.0.142 to 1.0.143. ([\#18866](https://github.com/element-hq/synapse/issues/18866))
 * Bump types-bleach from 6.2.0.20250514 to 6.2.0.20250809. ([\#18838](https://github.com/element-hq/synapse/issues/18838))
 * Bump types-jsonschema from 4.25.0.20250720 to 4.25.1.20250822. ([\#18867](https://github.com/element-hq/synapse/issues/18867))
 * Bump types-psycopg2 from 2.9.21.20250718 to 2.9.21.20250809. ([\#18836](https://github.com/element-hq/synapse/issues/18836))
 # Synapse 1.137.0 (2025-08-26)
 No significant changes since 1.137.0rc1.
 # Synapse 1.137.0rc1 (2025-08-19)
 ### Bugfixes
 - Fix a bug which could corrupt auth chains making it impossible to perform state resolution. ([\#18746](https://github.com/element-hq/synapse/issues/18746))
 - Fix error message in `register_new_matrix_user` utility script for empty `registration_shared_secret`. ([\#18780](https://github.com/element-hq/synapse/issues/18780))
 - Allow enabling [MSC4108](https://github.com/matrix-org/matrix-spec-proposals/pull/4108) when the stable Matrix Authentication Service integration is enabled. ([\#18832](https://github.com/element-hq/synapse/issues/18832))
 ### Improved Documentation
 - Include IPv6 networks in `denied-peer-ips` of coturn setup. Contributed by @litetex. ([\#18781](https://github.com/element-hq/synapse/issues/18781))
 ### Internal Changes
 - Update tests to ensure all database tables are emptied when purging a room. ([\#18794](https://github.com/element-hq/synapse/issues/18794))
 - Instrument the `encode_response` part of Sliding Sync requests for more complete traces in Jaeger. ([\#18815](https://github.com/element-hq/synapse/issues/18815))
 - Tag Sliding Sync traces when we `wait_for_events`. ([\#18816](https://github.com/element-hq/synapse/issues/18816))
 - Fix `portdb` CI by hardcoding the new `pg_dump` restrict key that was added due to [CVE-2025-8714](https://nvd.nist.gov/vuln/detail/cve-2025-8714). ([\#18824](https://github.com/element-hq/synapse/issues/18824))
 ### Updates to locked dependencies
 * Bump actions/add-to-project from 5b1a254a3546aef88e0a7724a77a623fa2e47c36 to 0c37450c4be3b6a7582b2fb013c9ebfd9c8e9300. ([\#18557](https://github.com/element-hq/synapse/issues/18557))
 * Bump actions/cache from 4.2.3 to 4.2.4. ([\#18799](https://github.com/element-hq/synapse/issues/18799))
 * Bump actions/checkout from 4.2.2 to 4.3.0. ([\#18800](https://github.com/element-hq/synapse/issues/18800))
 * Bump actions/download-artifact from 4.3.0 to 5.0.0. ([\#18801](https://github.com/element-hq/synapse/issues/18801))
 * Bump docker/metadata-action from 5.7.0 to 5.8.0. ([\#18773](https://github.com/element-hq/synapse/issues/18773))
 * Bump mypy from 1.16.1 to 1.17.1. ([\#18775](https://github.com/element-hq/synapse/issues/18775))
 * Bump phonenumbers from 9.0.10 to 9.0.11. ([\#18797](https://github.com/element-hq/synapse/issues/18797))
 * Bump pygithub from 2.6.1 to 2.7.0. ([\#18779](https://github.com/element-hq/synapse/issues/18779))
 * Bump serde_json from 1.0.141 to 1.0.142. ([\#18776](https://github.com/element-hq/synapse/issues/18776))
 * Bump slab from 0.4.10 to 0.4.11. ([\#18809](https://github.com/element-hq/synapse/issues/18809))
 * Bump tokio from 1.47.0 to 1.47.1. ([\#18774](https://github.com/element-hq/synapse/issues/18774))
 * Bump types-pyyaml from 6.0.12.20250516 to 6.0.12.20250809. ([\#18798](https://github.com/element-hq/synapse/issues/18798))
 * Bump types-setuptools from 80.9.0.20250529 to 80.9.0.20250809. ([\#18796](https://github.com/element-hq/synapse/issues/18796))
 # Synapse 1.136.0 (2025-08-12)
 Note: This release includes the security fixes from `1.135.2` and `1.136.0rc2`, detailed below.
 ### Bugfixes
 - Fix bug introduced in 1.135.2 and 1.136.0rc2 where the [Make Room Admin API](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#make-room-admin-api) would not treat a room v12's creator power level as the highest in room. ([\#18805](https://github.com/element-hq/synapse/issues/18805))
 # Synapse 1.135.2 (2025-08-11)
 This is the Synapse portion of the [Matrix coordinated security release](https://matrix.org/blog/2025/07/security-predisclosure/). This release includes support for [room version](https://spec.matrix.org/v1.15/rooms/) 12 which fixes a number of security vulnerabilities, including [CVE-2025-49090](https://www.cve.org/CVERecord?id=CVE-2025-49090).
 The default room version is not changed. Not all clients will support room version 12 immediately, and not all users will be using the latest version of their clients. Large, public rooms are advised to wait a few weeks before upgrading to room version 12 to allow users throughout the Matrix ecosystem to update their clients.
 Note: release 1.135.1 was skipped due to issues discovered during the release process.
 Two patched Synapse releases are now available:
 * `1.135.2`: stable release comprised of `1.135.0` + security patches
    * Upgrade to this release **if you are currently running 1.135.0 or below**.
 * `1.136.0rc2`: unstable release candidate comprised of `1.136.0rc1` + security patches.
    * Upgrade to this release **only if you are on 1.136.0rc1**.
 ### Bugfixes
 - Fix invalidation of storage cache that was broken in 1.135.0. ([\#18786](https://github.com/element-hq/synapse/issues/18786))
 ### Internal Changes
 - Add a parameter to `upgrade_rooms(..)` to allow auto join local users. ([\#82](https://github.com/element-hq/synapse/issues/82))
 - Speed up upgrading a room with large numbers of banned users. ([\#18574](https://github.com/element-hq/synapse/issues/18574))
 # Synapse 1.136.0rc2 (2025-08-11)
 - Update MSC4293 redaction logic for room v12. ([\#80](https://github.com/element-hq/synapse/issues/80))
 ### Internal Changes
 - Add a parameter to `upgrade_rooms(..)` to allow auto join local users. ([\#83](https://github.com/element-hq/synapse/issues/83))
 # Synapse 1.136.0rc1 (2025-08-05)
 Please check [the relevant section in the upgrade notes](https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11360) as this release contains changes to MAS support, metrics labels and the module API which may require your attention when upgrading.
 ### Features
 - Add configurable rate limiting for the creation of rooms. ([\#18514](https://github.com/element-hq/synapse/issues/18514))
 - Add support for [MSC4293](https://github.com/matrix-org/matrix-spec-proposals/pull/4293) - Redact on Kick/Ban. ([\#18540](https://github.com/element-hq/synapse/issues/18540))
 - When admins enable themselves to see soft-failed events, they will also see if the cause is due to the policy server flagging them as spam via `unsigned`. ([\#18585](https://github.com/element-hq/synapse/issues/18585))
 - Add ability to configure forward/outbound proxy via homeserver config instead of environment variables. See `http_proxy`, `https_proxy`, `no_proxy_hosts`. ([\#18686](https://github.com/element-hq/synapse/issues/18686))
 - Advertise experimental support for [MSC4306](https://github.com/matrix-org/matrix-spec-proposals/pull/4306) (Thread Subscriptions) through `/_matrix/clients/versions` if enabled. ([\#18722](https://github.com/element-hq/synapse/issues/18722))
 - Stabilise support for delegating authentication to [Matrix Authentication Service](https://github.com/element-hq/matrix-authentication-service/). ([\#18759](https://github.com/element-hq/synapse/issues/18759))
 - Implement the push rules for experimental [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-doc/issues/4306). ([\#18762](https://github.com/element-hq/synapse/issues/18762))
 ### Bugfixes
 - Allow return code 403 (allowed by C2S Spec since v1.2) when fetching profiles via federation. ([\#18696](https://github.com/element-hq/synapse/issues/18696))
 - Register the MSC4306 (Thread Subscriptions) endpoints in the CS API when the experimental feature is enabled. ([\#18726](https://github.com/element-hq/synapse/issues/18726))
 - Fix a long-standing bug where suspended users could not have server notices sent to them (a 403 was returned to the admin). ([\#18750](https://github.com/element-hq/synapse/issues/18750))
 - Fix an issue that could cause logcontexts to be lost on rate-limited requests. Found by @realtyem. ([\#18763](https://github.com/element-hq/synapse/issues/18763))
 - Fix invalidation of storage cache that was broken in 1.135.0. ([\#18786](https://github.com/element-hq/synapse/issues/18786))
 ### Improved Documentation
 - Minor improvements to README. ([\#18700](https://github.com/element-hq/synapse/issues/18700))
 - Document that there can be multiple workers handling the `receipts` stream. ([\#18760](https://github.com/element-hq/synapse/issues/18760))
 - Improve worker documentation for some device paths. ([\#18761](https://github.com/element-hq/synapse/issues/18761))
 ### Deprecations and Removals
 - Deprecate `run_as_background_process` exported as part of the module API interface in favor of `ModuleApi.run_as_background_process`. See [the relevant section in the upgrade notes](https://github.com/element-hq/synapse/blob/develop/docs/upgrade.md#upgrading-to-v11360) for more information. ([\#18737](https://github.com/element-hq/synapse/issues/18737))
 ### Internal Changes
 - Add debug logging for HMAC digest verification failures when using the admin API to register users. ([\#18474](https://github.com/element-hq/synapse/issues/18474))
 - Speed up upgrading a room with large numbers of banned users. ([\#18574](https://github.com/element-hq/synapse/issues/18574))
 - Fix config documentation generation script on Windows by enforcing UTF-8. ([\#18580](https://github.com/element-hq/synapse/issues/18580))
 - Refactor cache, background process, `Counter`, `LaterGauge`, `GaugeBucketCollector`, `Histogram`, and `Gauge` metrics to be homeserver-scoped. ([\#18656](https://github.com/element-hq/synapse/issues/18656), [\#18714](https://github.com/element-hq/synapse/issues/18714), [\#18715](https://github.com/element-hq/synapse/issues/18715), [\#18724](https://github.com/element-hq/synapse/issues/18724), [\#18753](https://github.com/element-hq/synapse/issues/18753), [\#18725](https://github.com/element-hq/synapse/issues/18725), [\#18670](https://github.com/element-hq/synapse/issues/18670), [\#18748](https://github.com/element-hq/synapse/issues/18748), [\#18751](https://github.com/element-hq/synapse/issues/18751))
 - Reduce database usage in Sliding Sync by not querying for background update completion after the update is known to be complete. ([\#18718](https://github.com/element-hq/synapse/issues/18718))
 - Improve order of validation and ratelimiting in room creation. ([\#18723](https://github.com/element-hq/synapse/issues/18723))
 - Bump minimum version bound on Twisted to 21.2.0. ([\#18727](https://github.com/element-hq/synapse/issues/18727), [\#18729](https://github.com/element-hq/synapse/issues/18729))
 - Use `twisted.internet.testing` module in tests instead of deprecated `twisted.test.proto_helpers`. ([\#18728](https://github.com/element-hq/synapse/issues/18728))
 - Remove obsolete `/send_event` replication endpoint. ([\#18730](https://github.com/element-hq/synapse/issues/18730))
 - Update metrics linting to be able to handle custom metrics. ([\#18733](https://github.com/element-hq/synapse/issues/18733))
 - Work around `twisted.protocols.amp.TooLong` error by reducing logging in some tests. ([\#18736](https://github.com/element-hq/synapse/issues/18736))
 - Prevent "Move labelled issues to correct projects" GitHub Actions workflow from failing when an issue is already on the project board. ([\#18755](https://github.com/element-hq/synapse/issues/18755))
 - Bump minimum supported Rust version (MSRV) to 1.82.0. Missed in [#18553](https://github.com/element-hq/synapse/pull/18553) (released in Synapse 1.134.0). ([\#18757](https://github.com/element-hq/synapse/issues/18757))
 - Make `Clock.sleep(...)` return a coroutine, so that mypy can catch places where we don't await on it. ([\#18772](https://github.com/element-hq/synapse/issues/18772))
 - Update implementation of [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-doc/issues/4306) to include automatic subscription conflict prevention as introduced in later drafts. ([\#18756](https://github.com/element-hq/synapse/issues/18756))
 ### Updates to locked dependencies
 * Bump gitpython from 3.1.44 to 3.1.45. ([\#18743](https://github.com/element-hq/synapse/issues/18743))
 * Bump mypy-zope from 1.0.12 to 1.0.13. ([\#18744](https://github.com/element-hq/synapse/issues/18744))
 * Bump phonenumbers from 9.0.9 to 9.0.10. ([\#18741](https://github.com/element-hq/synapse/issues/18741))
 * Bump ruff from 0.12.4 to 0.12.5. ([\#18742](https://github.com/element-hq/synapse/issues/18742))
 * Bump sentry-sdk from 2.32.0 to 2.33.2. ([\#18745](https://github.com/element-hq/synapse/issues/18745))
 * Bump tokio from 1.46.1 to 1.47.0. ([\#18740](https://github.com/element-hq/synapse/issues/18740))
 * Bump types-jsonschema from 4.24.0.20250708 to 4.25.0.20250720. ([\#18703](https://github.com/element-hq/synapse/issues/18703))
 * Bump types-psycopg2 from 2.9.21.20250516 to 2.9.21.20250718. ([\#18706](https://github.com/element-hq/synapse/issues/18706))
 # Synapse 1.135.0 (2025-08-01)
 No significant changes since 1.135.0rc2.
 # Synapse 1.135.0rc2 (2025-07-30)
 ### Bugfixes
 - Fix user failing to deactivate with MAS when `/_synapse/mas` is handled by a worker. ([\#18716](https://github.com/element-hq/synapse/issues/18716))
 ### Internal Changes
 - Fix performance regression introduced in [#18238](https://github.com/element-hq/synapse/issues/18238) by adding a cache to `is_server_admin`. ([\#18747](https://github.com/element-hq/synapse/issues/18747))
 # Synapse 1.135.0rc1 (2025-07-22)
 ### Features
 - Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option. ([\#17984](https://github.com/element-hq/synapse/issues/17984), [\#18684](https://github.com/element-hq/synapse/issues/18684))
 - Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([\#18195](https://github.com/element-hq/synapse/issues/18195))
 - If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API. ([\#18238](https://github.com/element-hq/synapse/issues/18238))
 - Add experimental support for [MSC4277: Harmonizing the reporting endpoints](https://github.com/matrix-org/matrix-spec-proposals/pull/4277). ([\#18263](https://github.com/element-hq/synapse/issues/18263))
 - Add ability to limit amount of media uploaded by a user in a given time period. ([\#18527](https://github.com/element-hq/synapse/issues/18527))
 - Enable workers to write directly to the device lists stream and handle device list updates, reducing load on the main process. ([\#18581](https://github.com/element-hq/synapse/issues/18581))
 - Support arbitrary profile fields. Contributed by @clokep. ([\#18635](https://github.com/element-hq/synapse/issues/18635))
 - Advertise support for Matrix v1.12. ([\#18647](https://github.com/element-hq/synapse/issues/18647))
 - Add an option to issue redactions as an admin user via the [admin redaction endpoint](https://element-hq.github.io/synapse/latest/admin_api/user_admin_api.html#redact-all-the-events-of-a-user). ([\#18671](https://github.com/element-hq/synapse/issues/18671))
 - Add experimental and incomplete support for [MSC4306: Thread Subscriptions](https://github.com/matrix-org/matrix-spec-proposals/blob/rei/msc_thread_subscriptions/proposals/4306-thread-subscriptions.md). ([\#18674](https://github.com/element-hq/synapse/issues/18674))
 - Include `event_id` when getting state with `?format=event`. Contributed by @tulir @ Beeper. ([\#18675](https://github.com/element-hq/synapse/issues/18675))
 ### Bugfixes
 - Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events. ([\#18499](https://github.com/element-hq/synapse/issues/18499))
 - Don't allow creation of tags with names longer than 255 bytes, [as per the spec](https://spec.matrix.org/v1.15/client-server-api/#events-14). ([\#18660](https://github.com/element-hq/synapse/issues/18660))
 - Fix `sliding_sync_connections`-related errors when porting from SQLite to Postgres. ([\#18677](https://github.com/element-hq/synapse/issues/18677))
 - Fix the MAS integration not working when Synapse is started with `--daemonize` or using `synctl`. ([\#18691](https://github.com/element-hq/synapse/issues/18691))
 ### Improved Documentation
 - Document that some config options for the user directory are in violation of the Matrix spec. ([\#18548](https://github.com/element-hq/synapse/issues/18548))
 - Update `rc_delayed_event_mgmt` docs to the actual nesting level. Contributed by @HarHarLinks. ([\#18692](https://github.com/element-hq/synapse/issues/18692))
 ### Internal Changes
 - Add a dedicated internal API for Matrix Authentication Service to Synapse communication. ([\#18520](https://github.com/element-hq/synapse/issues/18520))
 - Allow user registrations to be done on workers. ([\#18552](https://github.com/element-hq/synapse/issues/18552))
 - Remove unnecessary HTTP replication calls. ([\#18564](https://github.com/element-hq/synapse/issues/18564))
 - Refactor `Measure` block metrics to be homeserver-scoped. ([\#18601](https://github.com/element-hq/synapse/issues/18601))
 - Refactor cache metrics to be homeserver-scoped. ([\#18604](https://github.com/element-hq/synapse/issues/18604))
 - Unbreak "Latest dependencies" workflow by using the `--without dev` poetry option instead of removed `--no-dev`. ([\#18617](https://github.com/element-hq/synapse/issues/18617))
 - Update URL Preview code to work with `lxml` 6.0.0+. ([\#18622](https://github.com/element-hq/synapse/issues/18622))
 - Use `markdown-it-py` instead of `commonmark` in the release script. ([\#18637](https://github.com/element-hq/synapse/issues/18637))
 - Fix typing errors with upgraded mypy version. ([\#18653](https://github.com/element-hq/synapse/issues/18653))
 - Add doc comment explaining that config files are shallowly merged. ([\#18664](https://github.com/element-hq/synapse/issues/18664))
 - Minor speed up of insertion into `stream_positions` table. ([\#18672](https://github.com/element-hq/synapse/issues/18672))
 - Remove unused `allow_no_prev_events` option when creating an event. ([\#18676](https://github.com/element-hq/synapse/issues/18676))
 - Clean up `MetricsResource` and Prometheus hacks. ([\#18687](https://github.com/element-hq/synapse/issues/18687))
 - Fix dirty `Cargo.lock` changes appearing after install (`base64`). ([\#18689](https://github.com/element-hq/synapse/issues/18689))
 - Prevent dirty `Cargo.lock` changes from install. ([\#18693](https://github.com/element-hq/synapse/issues/18693))
 - Correct spelling of 'Admin token used' log line. ([\#18697](https://github.com/element-hq/synapse/issues/18697))
 - Reduce log spam when client stops downloading media while it is being streamed to them. ([\#18699](https://github.com/element-hq/synapse/issues/18699))
 ### Updates to locked dependencies
 * Bump authlib from 1.6.0 to 1.6.1. ([\#18704](https://github.com/element-hq/synapse/issues/18704))
 * Bump base64 from 0.21.7 to 0.22.1. ([\#18666](https://github.com/element-hq/synapse/issues/18666))
 * Bump jsonschema from 4.24.0 to 4.25.0. ([\#18707](https://github.com/element-hq/synapse/issues/18707))
 * Bump lxml from 5.4.0 to 6.0.0. ([\#18631](https://github.com/element-hq/synapse/issues/18631))
 * Bump mypy from 1.13.0 to 1.16.1. ([\#18653](https://github.com/element-hq/synapse/issues/18653))
 * Bump once_cell from 1.19.0 to 1.21.3. ([\#18710](https://github.com/element-hq/synapse/issues/18710))
 * Bump phonenumbers from 9.0.8 to 9.0.9. ([\#18681](https://github.com/element-hq/synapse/issues/18681))
 * Bump ruff from 0.12.2 to 0.12.5. ([\#18683](https://github.com/element-hq/synapse/issues/18683), [\#18705](https://github.com/element-hq/synapse/issues/18705))
 * Bump serde_json from 1.0.140 to 1.0.141. ([\#18709](https://github.com/element-hq/synapse/issues/18709))
 * Bump sigstore/cosign-installer from 3.9.1 to 3.9.2. ([\#18708](https://github.com/element-hq/synapse/issues/18708))
 * Bump types-jsonschema from 4.24.0.20250528 to 4.24.0.20250708. ([\#18682](https://github.com/element-hq/synapse/issues/18682))
 # Synapse 1.134.0 (2025-07-15)
 No significant changes since 1.134.0rc1.
@@ -8,7 +8,7 @@
 Synapse is an open source `Matrix <https://matrix.org>`__ homeserver
 implementation, written and maintained by `Element <https://element.io>`_.
 `Matrix <https://github.com/matrix-org>`__ is the open standard for
-secure and interoperable real-time communications. You can directly run
+secure and interoperable real time communications. You can directly run
 and manage the source code in this repository, available under an AGPL
 license (or alternatively under a commercial license from Element).
 There is no support provided by Element unless you have a
@@ -23,13 +23,13 @@ ESS builds on Synapse to offer a complete Matrix-based backend including the ful
 `Admin Console product <https://element.io/enterprise-functionality/admin-console>`_,
 giving admins the power to easily manage an organization-wide
 deployment. It includes advanced identity management, auditing,
-moderation and data retention options as well as Long-Term Support and
+moderation and data retention options as well as Long Term Support and
-SLAs. ESS supports any Matrix-compatible client.
+SLAs. ESS can be used to support any Matrix-based frontend client.
 .. contents::
-🛠️ Installation and configuration
+🛠️ Installing and configuration
-==================================
+===============================
 The Synapse documentation describes `how to install Synapse <https://element-hq.github.io/synapse/latest/setup/installation.html>`_. We recommend using
 `Docker images <https://element-hq.github.io/synapse/latest/setup/installation.html#docker-images-and-ansible-playbooks>`_ or `Debian packages from Matrix.org
@@ -133,7 +133,7 @@ connect from a client: see
 An easy way to get started is to login or register via Element at
 https://app.element.io/#/login or https://app.element.io/#/register respectively.
 You will need to change the server you are logging into from ``matrix.org``
-and instead specify a homeserver URL of ``https://<server_name>:8448``
+and instead specify a Homeserver URL of ``https://<server_name>:8448``
 (or just ``https://<server_name>`` if you are using a reverse proxy).
 If you prefer to use another client, refer to our
 `client breakdown <https://matrix.org/ecosystem/clients/>`_.
@@ -162,15 +162,16 @@ the public internet. Without it, anyone can freely register accounts on your hom
 This can be exploited by attackers to create spambots targeting the rest of the Matrix
 federation.
-Your new Matrix ID will be formed partly from the ``server_name``, and partly
+Your new user name will be formed partly from the ``server_name``, and partly
-from a localpart you specify when you create the account in the form of::
+from a localpart you specify when you create the account. Your name will take
 the form of::
    @localpart:my.domain.name
 (pronounced "at localpart on my dot domain dot name").
 As when logging in, you will need to specify a "Custom server".  Specify your
-desired ``localpart`` in the 'Username' box.
+desired ``localpart`` in the 'User name' box.
 🎯 Troubleshooting and support
 ==============================
@@ -208,10 +209,10 @@ Identity servers have the job of mapping email addresses and other 3rd Party
 IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs
 before creating that mapping.
-**Identity servers do not store accounts or credentials - these are stored and managed on homeservers.
+**They are not where accounts or credentials are stored - these live on home
-Identity Servers are just for mapping 3rd Party IDs to Matrix IDs.**
+servers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.**
-This process is highly security-sensitive, as there is an obvious risk of spam if it
+This process is very security-sensitive, as there is obvious risk of spam if it
 is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer
 term, we hope to create a decentralised system to manage it (`matrix-doc #712
 <https://github.com/matrix-org/matrix-doc/issues/712>`_), but in the meantime,
@@ -237,9 +238,9 @@ email address.
 We welcome contributions to Synapse from the community!
 The best place to get started is our
 `guide for contributors <https://element-hq.github.io/synapse/latest/development/contributing_guide.html>`_.
-This is part of our broader `documentation <https://element-hq.github.io/synapse/latest>`_, which includes
+This is part of our larger `documentation <https://element-hq.github.io/synapse/latest>`_, which includes
 information for Synapse developers as well as Synapse administrators.
 information for Synapse developers as well as Synapse administrators.
 Developers might be particularly interested in:
 * `Synapse's database schema <https://element-hq.github.io/synapse/latest/development/database_schema.html>`_,
@@ -265,8 +266,6 @@ This software is dual-licensed by New Vector Ltd (Element). It can be used eithe
 Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.
 Please contact `licensing@element.io <mailto:licensing@element.io>`_ to purchase an Element commercial license for this software.
 .. |support| image:: https://img.shields.io/badge/matrix-community%20support-success
  :alt: (get community support in #synapse:matrix.org)
@@ -19,17 +19,17 @@ def build(setup_kwargs: Dict[str, Any]) -> None:
        # This flag is a no-op in the latest versions. Instead, we need to
        # specify this in the `bdist_wheel` config below.
        py_limited_api=True,
-        # We always build in release mode, as we can't distinguish
+        # We force always building in release mode, as we can't tell the
-        # between using `poetry` in development vs production.
+        # difference between using `poetry` in development vs production.
        debug=False,
    )
    setup_kwargs.setdefault("rust_extensions", []).append(extension)
    setup_kwargs["zip_safe"] = False
-    # We look up the minimum supported Python version with
+    # We lookup the minimum supported python version by looking at
-    # `python_requires` (e.g. ">=3.9.0,<4.0.0") and finding the first Python
+    # `python_requires` (e.g. ">=3.9.0,<4.0.0") and finding the first python
    # version that matches. We then convert that into the `py_limited_api` form,
-    # e.g. cp39 for Python 3.9.
+    # e.g. cp39 for python 3.9.
    py_limited_api: str
    python_bounds = SpecifierSet(setup_kwargs["python_requires"])
    for minor_version in itertools.count(start=8):
@@ -0,0 +1 @@
 Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
@@ -0,0 +1 @@
 Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).
@@ -0,0 +1 @@
 If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.
@@ -0,0 +1 @@
 Add experimental support for [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277).
@@ -0,0 +1 @@
 Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events.
@@ -0,0 +1 @@
 Add ability to limit amount uploaded by a user in a given time period.
@@ -0,0 +1 @@
 Document that some config options for the user directory are in violation of the Matrix spec.
@@ -0,0 +1 @@
 Allow user registrations to be done on workers.
@@ -0,0 +1 @@
 Remove unnecessary HTTP replication calls.
@@ -0,0 +1 @@
 Refactor `Measure` block metrics to be homeserver-scoped.
@@ -0,0 +1 @@
 Unbreak "Latest dependencies" workflow by using the `--without dev` poetry option instead of removed `--no-dev`.
@@ -0,0 +1 @@
 Raise minimum Python version to `3.9.12`.
@@ -0,0 +1 @@
 Update URL Preview code to work with `lxml` 6.0.0+.
@@ -0,0 +1 @@
 Use `markdown-it-py` instead of `commonmark` in the release script.
@@ -0,0 +1 @@
 Advertise support for Matrix v1.12.
@@ -0,0 +1 @@
 Fix typing errors with upgraded mypy version.
@@ -0,0 +1 @@
 Add doc comment explaining that config files are shallowly merged.
@@ -0,0 +1 @@
 Minor speed up of insertion into `stream_positions` table.
@@ -0,0 +1 @@
 Remove unused `allow_no_prev_events` option when creating an event.
@@ -0,0 +1 @@
 Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
@@ -4396,7 +4396,7 @@
              "exemplar": false,
              "expr": "(time() - max without (job, index, host) (avg_over_time(synapse_federation_last_received_pdu_time[10m]))) / 60",
              "instant": false,
-              "legendFormat": "{{origin_server_name}} ",
+              "legendFormat": "{{server_name}} ",
              "range": true,
              "refId": "A"
            }
@@ -4518,7 +4518,7 @@
              "exemplar": false,
              "expr": "(time() - max without (job, index, host) (avg_over_time(synapse_federation_last_sent_pdu_time[10m]))) / 60",
              "instant": false,
-              "legendFormat": "{{destination_server_name}}",
+              "legendFormat": "{{server_name}}",
              "range": true,
              "refId": "A"
            }
@@ -1,143 +1,3 @@
 matrix-synapse-py3 (1.140.0) stable; urgency=medium
  * New Synapse release 1.140.0.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 14 Oct 2025 15:22:36 +0100
 matrix-synapse-py3 (1.140.0~rc1) stable; urgency=medium
  * New Synapse release 1.140.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Fri, 10 Oct 2025 10:56:51 +0100
 matrix-synapse-py3 (1.139.2) stable; urgency=medium
  * New Synapse release 1.139.2.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 07 Oct 2025 16:29:47 +0100
 matrix-synapse-py3 (1.139.1) stable; urgency=medium
  * New Synapse release 1.139.1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 07 Oct 2025 11:46:51 +0100
 matrix-synapse-py3 (1.138.4) stable; urgency=medium
  * New Synapse release 1.138.4.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 07 Oct 2025 16:28:38 +0100
 matrix-synapse-py3 (1.138.3) stable; urgency=medium
  * New Synapse release 1.138.3.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 07 Oct 2025 12:54:18 +0100
 matrix-synapse-py3 (1.139.0) stable; urgency=medium
  * New Synapse release 1.139.0.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 30 Sep 2025 11:58:55 +0100
 matrix-synapse-py3 (1.139.0~rc3) stable; urgency=medium
  * New Synapse release 1.139.0rc3.
 -- Synapse Packaging team <packages@matrix.org>  Thu, 25 Sep 2025 12:13:23 +0100
 matrix-synapse-py3 (1.138.2) stable; urgency=medium
  * The licensing specifier has been updated to add an optional
    `LicenseRef-Element-Commercial` license. The code was already licensed in
    this manner - the debian metadata was just not updated to reflect it.
 -- Synapse Packaging team <packages@matrix.org>  Thu, 25 Sep 2025 12:17:17 +0100
 matrix-synapse-py3 (1.138.1) stable; urgency=medium
  * New Synapse release 1.138.1.
 -- Synapse Packaging team <packages@matrix.org>  Wed, 24 Sep 2025 11:32:38 +0100
 matrix-synapse-py3 (1.139.0~rc2) stable; urgency=medium
  * New Synapse release 1.139.0rc2.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 23 Sep 2025 15:31:42 +0100
 matrix-synapse-py3 (1.139.0~rc1) stable; urgency=medium
  * New Synapse release 1.139.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 23 Sep 2025 13:24:50 +0100
 matrix-synapse-py3 (1.138.0~rc1) stable; urgency=medium
  * New synapse release 1.138.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 02 Sep 2025 12:16:14 +0000
 matrix-synapse-py3 (1.137.0) stable; urgency=medium
  * New Synapse release 1.137.0.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 26 Aug 2025 10:23:41 +0100
 matrix-synapse-py3 (1.137.0~rc1) stable; urgency=medium
  * New Synapse release 1.137.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 19 Aug 2025 10:55:22 +0100
 matrix-synapse-py3 (1.136.0) stable; urgency=medium
  * New Synapse release 1.136.0.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 12 Aug 2025 13:18:03 +0100
 matrix-synapse-py3 (1.136.0~rc2) stable; urgency=medium
  * New Synapse release 1.136.0rc2.
 -- Synapse Packaging team <packages@matrix.org>  Mon, 11 Aug 2025 12:18:52 -0600
 matrix-synapse-py3 (1.136.0~rc1) stable; urgency=medium
  * New Synapse release 1.136.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 05 Aug 2025 08:13:30 -0600
 matrix-synapse-py3 (1.135.2) stable; urgency=medium
  * New Synapse release 1.135.2.
 -- Synapse Packaging team <packages@matrix.org>  Mon, 11 Aug 2025 11:52:01 -0600
 matrix-synapse-py3 (1.135.1) stable; urgency=medium
  * New Synapse release 1.135.1.
 -- Synapse Packaging team <packages@matrix.org>  Mon, 11 Aug 2025 11:13:15 -0600
 matrix-synapse-py3 (1.135.0) stable; urgency=medium
  * New Synapse release 1.135.0.
 -- Synapse Packaging team <packages@matrix.org>  Fri, 01 Aug 2025 13:12:28 +0100
 matrix-synapse-py3 (1.135.0~rc2) stable; urgency=medium
  * New Synapse release 1.135.0rc2.
 -- Synapse Packaging team <packages@matrix.org>  Wed, 30 Jul 2025 12:19:14 +0100
 matrix-synapse-py3 (1.135.0~rc1) stable; urgency=medium
  * New Synapse release 1.135.0rc1.
 -- Synapse Packaging team <packages@matrix.org>  Tue, 22 Jul 2025 12:08:37 +0100
 matrix-synapse-py3 (1.134.0) stable; urgency=medium
  * New Synapse release 1.134.0.
@@ -8,7 +8,7 @@ License: Apache-2.0
 Files: *
 Copyright: 2023 New Vector Ltd
-License: AGPL-3.0-or-later or LicenseRef-Element-Commercial
+License: AGPL-3.0-or-later
 Files: synapse/config/saml2.py
 Copyright: 2015, Ericsson
@@ -171,10 +171,10 @@ FROM docker.io/library/python:${PYTHON_VERSION}-slim-${DEBIAN_VERSION}
 ARG TARGETARCH
-LABEL org.opencontainers.image.url='https://github.com/element-hq/synapse'
+LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'
-LABEL org.opencontainers.image.documentation='https://element-hq.github.io/synapse/latest/'
+LABEL org.opencontainers.image.documentation='https://github.com/element-hq/synapse/blob/master/docker/README.md'
 LABEL org.opencontainers.image.source='https://github.com/element-hq/synapse.git'
-LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later OR LicenseRef-Element-Commercial'
+LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later'
 # On the runtime image, /lib is a symlink to /usr/lib, so we need to copy the
 # libraries to the right place, else the `COPY` won't work.
@@ -54,6 +54,7 @@ if [[ -n "$SYNAPSE_COMPLEMENT_USE_WORKERS" ]]; then
    export SYNAPSE_WORKER_TYPES="\
      event_persister:2, \
      background_worker, \
      frontend_proxy, \
      event_creator, \
      user_dir, \
      media_repository, \
@@ -64,7 +65,6 @@ if [[ -n "$SYNAPSE_COMPLEMENT_USE_WORKERS" ]]; then
      client_reader, \
      appservice, \
      pusher, \
      device_lists:2, \
      stream_writers=account_data+presence+receipts+to_device+typing"
  fi
@@ -98,10 +98,6 @@ rc_delayed_event_mgmt:
  per_second: 9999
  burst_count: 9999
 rc_room_creation:
  per_second: 9999
  burst_count: 9999
 federation_rr_transactions_per_room_per_second: 9999
 allow_device_name_lookup_over_federation: true
@@ -133,8 +129,6 @@ experimental_features:
  msc3984_appservice_key_query: true
  # Invite filtering
  msc4155_enabled: true
  # Thread Subscriptions
  msc4306_enabled: true
 server_notices:
  system_mxid_localpart: _server
@@ -77,13 +77,6 @@ loggers:
    #}
    synapse.visibility.filtered_event_debug:
        level: DEBUG
    {#
      If Synapse is under test, we don't care about seeing the "Applying schema" log
      lines at the INFO level every time we run the tests (it's 100 lines of bulk)
    #}
    synapse.storage.prepare_database:
      level: WARN
    {% endif %}
 root:
@@ -178,9 +178,6 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
            "^/_matrix/client/(api/v1|r0|v3|unstable)/login$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/account/whoami$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/account/deactivate$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$)",
            "^/_matrix/client/(r0|v3)/delete_devices$",
            "^/_matrix/client/versions$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$",
            "^/_matrix/client/(r0|v3|unstable)/register$",
@@ -197,9 +194,6 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
            "^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$",
            "^/_matrix/client/(r0|v3|unstable)/capabilities$",
            "^/_matrix/client/(r0|v3|unstable)/notifications$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$",
            "^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$",
        ],
        "shared_extra_conf": {},
        "worker_extra_conf": "",
@@ -271,6 +265,13 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
    "frontend_proxy": {
        "app": "synapse.app.generic_worker",
        "listener_resources": ["client", "replication"],
        "endpoint_patterns": ["^/_matrix/client/(api/v1|r0|v3|unstable)/keys/upload"],
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
    "account_data": {
        "app": "synapse.app.generic_worker",
        "listener_resources": ["client", "replication"],
@@ -305,13 +306,6 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
    "device_lists": {
        "app": "synapse.app.generic_worker",
        "listener_resources": ["client", "replication"],
        "endpoint_patterns": [],
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
    "typing": {
        "app": "synapse.app.generic_worker",
        "listener_resources": ["client", "replication"],
@@ -328,15 +322,6 @@ WORKERS_CONFIG: Dict[str, Dict[str, Any]] = {
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
    "thread_subscriptions": {
        "app": "synapse.app.generic_worker",
        "listener_resources": ["client", "replication"],
        "endpoint_patterns": [
            "^/_matrix/client/unstable/io.element.msc4306/.*",
        ],
        "shared_extra_conf": {},
        "worker_extra_conf": "",
    },
 }
 # Templates for sections that may be inserted multiple times in config files
@@ -427,18 +412,16 @@ def add_worker_roles_to_shared_config(
    # streams
    instance_map = shared_config.setdefault("instance_map", {})
-    # This is a list of the stream_writers.
+    # This is a list of the stream_writers that there can be only one of. Events can be
-    stream_writers = {
+    # sharded, and therefore doesn't belong here.
    singular_stream_writers = [
        "account_data",
        "events",
        "device_lists",
        "presence",
        "receipts",
        "to_device",
        "typing",
        "push_rules",
-        "thread_subscriptions",
+    ]
    }
    # Worker-type specific sharding config. Now a single worker can fulfill multiple
    # roles, check each.
@@ -448,11 +431,28 @@ def add_worker_roles_to_shared_config(
    if "federation_sender" in worker_types_set:
        shared_config.setdefault("federation_sender_instances", []).append(worker_name)
    if "event_persister" in worker_types_set:
        # Event persisters write to the events stream, so we need to update
        # the list of event stream writers
        shared_config.setdefault("stream_writers", {}).setdefault("events", []).append(
            worker_name
        )
        # Map of stream writer instance names to host/ports combos
        if os.environ.get("SYNAPSE_USE_UNIX_SOCKET", False):
            instance_map[worker_name] = {
                "path": f"/run/worker.{worker_port}",
            }
        else:
            instance_map[worker_name] = {
                "host": "localhost",
                "port": worker_port,
            }
    # Update the list of stream writers. It's convenient that the name of the worker
    # type is the same as the stream to write. Iterate over the whole list in case there
    # is more than one.
    for worker in worker_types_set:
-        if worker in stream_writers:
+        if worker in singular_stream_writers:
            shared_config.setdefault("stream_writers", {}).setdefault(
                worker, []
            ).append(worker_name)
@@ -876,13 +876,6 @@ def generate_worker_files(
        else:
            healthcheck_urls.append("http://localhost:%d/health" % (worker_port,))
        # Special case for event_persister: those are just workers that write to
        # the `events` stream. For other workers, the worker name is the same
        # name of the stream they write to, but for some reason it is not the
        # case for event_persister.
        if "event_persister" in worker_types_set:
            worker_types_set.add("events")
        # Update the shared config with sharding-related options if necessary
        add_worker_roles_to_shared_config(
            shared_config, worker_types_set, worker_name, worker_port
@@ -60,7 +60,6 @@
    - [Admin API](usage/administration/admin_api/README.md)
      - [Account Validity](admin_api/account_validity.md)
      - [Background Updates](usage/administration/admin_api/background_updates.md)
      - [Fetch Event](admin_api/fetch_event.md)
      - [Event Reports](admin_api/event_reports.md)
      - [Experimental Features](admin_api/experimental_features.md)
      - [Media](admin_api/media_admin_api.md)
@@ -22,46 +22,4 @@ To receive soft failed events in APIs like `/sync` and `/messages`, set `return_
 to `true` in the admin client config. When `false`, the normal behaviour of these endpoints is to
 exclude soft failed events.
 **Note**: If the policy server flagged the event as spam and that caused soft failure, that will be indicated
 in the event's `unsigned` content like so:
 ```json
 {
  "type": "m.room.message",
  "other": "event_fields_go_here",
  "unsigned": {
    "io.element.synapse.soft_failed": true,
    "io.element.synapse.policy_server_spammy": true
  }
 }
 ```
 Default: `false`
 ## See events marked spammy by policy servers
 Learn more about policy servers from [MSC4284](https://github.com/matrix-org/matrix-spec-proposals/pull/4284).
 Similar to `return_soft_failed_events`, clients logged in with admin accounts can see events which were
 flagged by the policy server as spammy (and thus soft failed) by setting `return_policy_server_spammy_events`
 to `true`.
 `return_policy_server_spammy_events` may be `true` while `return_soft_failed_events` is `false` to only see
 policy server-flagged events. When `return_soft_failed_events` is `true` however, `return_policy_server_spammy_events`
 is always `true`.
 Events which were flagged by the policy will be flagged as `io.element.synapse.policy_server_spammy` in the
 event's `unsigned` content, like so:
 ```json
 {
  "type": "m.room.message",
  "other": "event_fields_go_here",
  "unsigned": {
    "io.element.synapse.soft_failed": true,
    "io.element.synapse.policy_server_spammy": true
  }
 }
 ```
 Default: `true` if `return_soft_failed_events` is `true`, otherwise `false`
@@ -1,53 +0,0 @@
 # Fetch Event API
 The fetch event API allows admins to fetch an event regardless of their membership in the room it
 originated in.
 To use it, you will need to authenticate by providing an `access_token`
 for a server admin: see [Admin API](../usage/administration/admin_api/).
 Request:
 ```http
 GET /_synapse/admin/v1/fetch_event/<event_id>
 ```
 The API returns a JSON body like the following:
 Response:
 ```json
 {
    "event": {
        "auth_events": [
            "$WhLChbYg6atHuFRP7cUd95naUtc8L0f7fqeizlsUVvc",
            "$9Wj8dt02lrNEWweeq-KjRABUYKba0K9DL2liRvsAdtQ",
            "$qJxBFxBt8_ODd9b3pgOL_jXP98S_igc1_kizuPSZFi4"
        ],
        "content": {
            "body": "Hey now",
            "msgtype": "m.text"
        },
        "depth": 6,
        "event_id": "$hJ_kcXbVMcI82JDrbqfUJIHu61tJD86uIFJ_8hNHi7s",
        "hashes": {
            "sha256": "LiNw8DtrRVf55EgAH8R42Wz7WCJUqGsPt2We6qZO5Rg"
        },
        "origin_server_ts": 799,
        "prev_events": [
            "$cnSUrNMnC3Ywh9_W7EquFxYQjC_sT3BAAVzcUVxZq1g"
        ],
        "room_id": "!aIhKToCqgPTBloWMpf:test",
        "sender": "@user:test",
        "signatures": {
            "test": {
                "ed25519:a_lPym": "7mqSDwK1k7rnw34Dd8Fahu0rhPW7jPmcWPRtRDoEN9Yuv+BCM2+Rfdpv2MjxNKy3AYDEBwUwYEuaKMBaEMiKAQ"
            }
        },
        "type": "m.room.message",
        "unsigned": {
            "age_ts": 799
        }
    }
 }
 ```
@@ -39,40 +39,6 @@ the use of the
 [List media uploaded by a user](user_admin_api.md#list-media-uploaded-by-a-user)
 Admin API.
 ## Query a piece of media by ID
 This API returns information about a piece of local or cached remote media given the origin server name and media id. If
 information is requested for remote media which is not cached the endpoint will return 404. 
 Request:
 ```http
 GET /_synapse/admin/v1/media/<origin>/<media_id>
 ```
 The API returns a JSON body with media info like the following:
 Response:
 ```json
 {
  "media_info": {
    "media_origin": "remote.com",
    "user_id": null,
    "media_id": "sdginwegWEG",
    "media_type": "img/png",
    "media_length": 67,
    "upload_name":  "test.png",
    "created_ts":  300,
    "filesystem_id":  "wgeweg",
    "url_cache": null,
    "last_access_ts": 400,
    "quarantined_by":  null,
    "authenticated":  false,
    "safe_from_quarantine": null,
    "sha256": "ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a"
  }
 }
 ```
 # Quarantine media
 Quarantining media means that it is marked as inaccessible by users. It applies
@@ -1227,7 +1227,7 @@ See also the
 ## Controlling whether a user is shadow-banned
-Shadow-banning is a useful tool for moderating malicious or egregiously abusive users. 
+Shadow-banning is a useful tool for moderating malicious or egregiously abusive users.
 A shadow-banned users receives successful responses to their client-server API requests,
 but the events are not propagated into rooms. This can be an effective tool as it
 (hopefully) takes longer for the user to realise they are being moderated before
@@ -1464,11 +1464,8 @@ _Added in Synapse 1.72.0._
 ## Redact all the events of a user
-This endpoint allows an admin to redact the events of a given user. There are no restrictions on
+This endpoint allows an admin to redact the events of a given user. There are no restrictions on redactions for a 
-redactions for a local user. By default, we puppet the user who sent the message to redact it themselves.
+local user. By default, we puppet the user who sent the message to redact it themselves. Redactions for non-local users are issued using the admin user, and will fail in rooms where the admin user is not admin/does not have the specified power level to issue redactions. 
 Redactions for non-local users are issued using the admin user, and will fail in rooms where the
 admin user is not admin/does not have the specified power level to issue redactions. An option
 is provided to override the default and allow the admin to issue the redactions in all cases.  
 The API is 
 ```
@@ -1478,7 +1475,7 @@ POST /_synapse/admin/v1/user/$user_id/redact
  "rooms": ["!roomid1", "!roomid2"]
 }
 ```
-If an empty list is provided as the key for `rooms`, all events in all the rooms the user is member of will be redacted,
+If an empty list is provided as the key for `rooms`, all events in all the rooms the user is member of will be redacted, 
 otherwise all the events in the rooms provided in the request will be redacted. 
 The API starts redaction process running, and returns immediately with a JSON body with
@@ -1504,10 +1501,7 @@ The following JSON body parameter must be provided:
 The following JSON body parameters are optional:
 - `reason` - Reason the redaction is being requested, ie "spam", "abuse", etc. This will be included in each redaction event, and be visible to users.
- `limit` - a limit on the number of the user's events to search for ones that can be redacted (events are redacted newest to oldest) in each room, defaults to 1000 if not provided.
+- `limit` - a limit on the number of the user's events to search for ones that can be redacted (events are redacted newest to oldest) in each room, defaults to 1000 if not provided
 - `use_admin` - If set to `true`, the admin user is used to issue the redactions, rather than puppeting the user. Useful
 when the admin is also the moderator of the rooms that require redactions. Note that the redactions will fail in rooms
 where the admin does not have the sufficient power level to issue the redactions.  
 _Added in Synapse 1.116.0._
@@ -1,11 +1,13 @@
-# Deprecation Policy
+Deprecation Policy for Platform Dependencies
 ============================================
-Synapse has a number of **platform dependencies** (Python, Rust, PostgreSQL, and SQLite)
+Synapse has a number of platform dependencies, including Python, Rust, 
-and **application dependencies** (Python and Rust packages). This document outlines the
+PostgreSQL and SQLite. This document outlines the policy towards which versions 
-policy towards which versions we support, and when we drop support for versions in the
+we support, and when we drop support for versions in the future.
 future.
-## Platform Dependencies
+
 Policy
 ------
 Synapse follows the upstream support life cycles for Python and PostgreSQL,
 i.e. when a version reaches End of Life Synapse will withdraw support for that
@@ -24,8 +26,8 @@ The oldest supported version of SQLite is the version
 [provided](https://packages.debian.org/bullseye/libsqlite3-0) by
 [Debian oldstable](https://wiki.debian.org/DebianOldStable).
-
+Context
-### Context
+-------
 It is important for system admins to have a clear understanding of the platform
 requirements of Synapse and its deprecation policies so that they can
@@ -48,42 +50,4 @@ the ecosystem.
 On a similar note, SQLite does not generally have a concept of "supported 
 release"; bugfixes are published for the latest minor release only. We chose to
 track Debian's oldstable as this is relatively conservative, predictably updated
-and is consistent with the `.deb` packages released by Matrix.org.
+and is consistent with the `.deb` packages released by Matrix.org.
 ## Application dependencies
 For application-level Python dependencies, we often specify loose version constraints
 (ex. `>=X.Y.Z`) to be forwards compatible with any new versions. Upper bounds (`<A.B.C`)
 are only added when necessary to prevent known incompatibilities.
 When selecting a minimum version, while we are mindful of the impact on downstream
 package maintainers, our primary focus is on the maintainability and progress of Synapse
 itself.
 For developers, a Python dependency version can be considered a "no-brainer" upgrade once it is
 available in both the latest [Debian Stable](https://packages.debian.org/stable/) and
 [Ubuntu LTS](https://launchpad.net/ubuntu) repositories. No need to burden yourself with
 extra scrutiny or consideration at this point.
 We aggressively update Rust dependencies. Since these are statically linked and managed
 entirely by `cargo` during build, they *can* pose no ongoing maintenance burden on others.
 This allows us to freely upgrade to leverage the latest ecosystem advancements assuming
 they don't have their own system-level dependencies.
 ### Context
 Because Python dependencies can easily be managed in a virtual environment, we are less
 concerned about the criteria for selecting minimum versions. The only thing of concern
 is making sure we're not making it unnecessarily difficult for downstream package
 maintainers. Generally, this just means avoiding the bleeding edge for a few months.
 The situation for Rust dependencies is fundamentally different. For packagers, the
 concerns around Python dependency versions do not apply. The `cargo` tool handles
 downloading and building all libraries to satisfy dependencies, and these libraries are
 statically linked into the final binary. This means that from a packager's perspective,
 the Rust dependency versions are an internal build detail, not a runtime dependency to
 be managed on the target system. Consequently, we have even greater flexibility to
 upgrade Rust dependencies as needed for the project. Some distros (e.g. Fedora) do
 package Rust libraries, but this appears to be the outlier rather than the norm.
@@ -59,28 +59,6 @@ def do_request_handling():
    logger.debug("phew")
 ```
 ### The `sentinel` context
 The default logcontext is `synapse.logging.context.SENTINEL_CONTEXT`, which is an empty
 sentinel value to represent the root logcontext. This is what is used when there is no
 other logcontext set. The phrase "clear/reset the logcontext" means to set the current
 logcontext to the `sentinel` logcontext.
 No CPU/database usage metrics are recorded against the `sentinel` logcontext.
 Ideally, nothing from the Synapse homeserver would be logged against the `sentinel`
 logcontext as we want to know which server the logs came from. In practice, this is not
 always the case yet especially outside of request handling.
 Global things outside of Synapse (e.g. Twisted reactor code) should run in the
 `sentinel` logcontext. It's only when it calls into application code that a logcontext
 gets activated. This means the reactor should be started in the `sentinel` logcontext,
 and any time an awaitable yields control back to the reactor, it should reset the
 logcontext to be the `sentinel` logcontext. This is important to avoid leaking the
 current logcontext to the reactor (which would then get picked up and associated with
 the next thing the reactor does).
 ## Using logcontexts with awaitables
 Awaitables break the linear flow of code so that there is no longer a single entry point
@@ -143,7 +121,8 @@ cares about.
 The following sections describe pitfalls and helpful patterns when
 implementing these rules.
-## Always await your awaitables
+Always await your awaitables
 ----------------------------
 Whenever you get an awaitable back from a function, you should `await` on
 it as soon as possible. Do not pass go; do not do any logging; do not
@@ -202,171 +181,6 @@ async def sleep(seconds):
    return await context.make_deferred_yieldable(get_sleep_deferred(seconds))
 ```
 ## Deferred callbacks
 When a deferred callback is called, it inherits the current logcontext. The deferred
 callback chain can resume a coroutine, which if following our logcontext rules, will
 restore its own logcontext, then run:
 - until it yields control back to the reactor, setting the sentinel logcontext
 - or until it finishes, restoring the logcontext it was started with (calling context)
 This behavior creates two specific issues:
 **Issue 1:** The first issue is that the callback may have reset the logcontext to the
 sentinel before returning. This means our calling function will continue with the
 sentinel logcontext instead of the logcontext it was started with (bad).
 **Issue 2:** The second issue is that the current logcontext that called the deferred
 callback could finish before the callback finishes (bad).
 In the following example, the deferred callback is called with the "main" logcontext and
 runs until we yield control back to the reactor in the `await` inside `clock.sleep(0)`.
 Since `clock.sleep(0)` follows our logcontext rules, it sets the logcontext to the
 sentinel before yielding control back to the reactor. Our `main` function continues with
 the sentinel logcontext (first bad thing) instead of the "main" logcontext. Then the
 `with LoggingContext("main")` block exits, finishing the "main" logcontext and yielding
 control back to the reactor again. Finally, later on when `clock.sleep(0)` completes,
 our `with LoggingContext("competing")` block exits, and restores the previous "main"
 logcontext which has already finished, resulting in `WARNING: Re-starting finished log
 context main` and leaking the `main` logcontext into the reactor which will then
 erronously be associated with the next task the reactor picks up.
 ```python
 async def competing_callback():
    # Since this is run with the "main" logcontext, when the "competing"
    # logcontext exits, it will restore the previous "main" logcontext which has
    # already finished and results in "WARNING: Re-starting finished log context main"
    # and leaking the `main` logcontext into the reactor.
    with LoggingContext("competing"):
        await clock.sleep(0)
 def main():
    with LoggingContext("main"):
        d = defer.Deferred()
        d.addCallback(lambda _: defer.ensureDeferred(competing_callback()))
        # Call the callback within the "main" logcontext.
        d.callback(None)
        # Bad: This will be logged against sentinel logcontext
        logger.debug("ugh")
 main()
 ```
 **Solution 1:** We could of course fix this by following the general rule of "always
 await your awaitables":
 ```python
 async def main():
    with LoggingContext("main"):
        d = defer.Deferred()
        d.addCallback(lambda _: defer.ensureDeferred(competing_callback()))
        d.callback(None)
        # Wait for `d` to finish before continuing so the "main" logcontext is
        # still active. This works because `d` already follows our logcontext
        # rules. If not, we would also have to use `make_deferred_yieldable(d)`.
        await d
        # Good: This will be logged against the "main" logcontext
        logger.debug("phew")
 ``` 
 **Solution 2:** We could also fix this by surrounding the call to `d.callback` with a
 `PreserveLoggingContext`, which will reset the logcontext to the sentinel before calling
 the callback, and restore the "main" logcontext afterwards before continuing the `main`
 function. This solves the problem because when the "competing" logcontext exits, it will
 restore the sentinel logcontext which is never finished by its nature, so there is no
 warning and no leakage into the reactor.
 ```python
 async def main():
    with LoggingContext("main"):
        d = defer.Deferred()
        d.addCallback(lambda _: defer.ensureDeferred(competing_callback()))
        d.callback(None)
        with PreserveLoggingContext():
            # Call the callback with the sentinel logcontext.
            d.callback(None)
        # Good: This will be logged against the "main" logcontext
        logger.debug("phew")
 ```
 **Solution 3:** But let's say you *do* want to run (fire-and-forget) the deferred
 callback in the current context without running into issues:
 We can solve the first issue by using `run_in_background(...)` to run the callback in
 the current logcontext and it handles the magic behind the scenes of a) restoring the
 calling logcontext before returning to the caller and b) resetting the logcontext to the
 sentinel after the deferred completes and we yield control back to the reactor to avoid
 leaking the logcontext into the reactor.
 To solve the second issue, we can extend the lifetime of the "main" logcontext by
 avoiding the `LoggingContext`'s context manager lifetime methods
 (`__enter__`/`__exit__`). We can still set "main" as the current logcontext by using
 `PreserveLoggingContext` and passing in the "main" logcontext.
 ```python
 async def main():
    main_context = LoggingContext("main")
    with PreserveLoggingContext(main_context):
        d = defer.Deferred()
        d.addCallback(lambda _: defer.ensureDeferred(competing_callback()))
        # The whole lambda will be run in the "main" logcontext. But we're using
        # a trick to return the deferred `d` itself so that `run_in_background`
        # will wait on that to complete and reset the logcontext to the sentinel
        # when it does to avoid leaking the "main" logcontext into the reactor.
        run_in_background(lambda: (d.callback(None), d)[1])
        # Good: This will be logged against the "main" logcontext
        logger.debug("phew")
 ...
 # Wherever possible, it's best to finish the logcontext by calling `__exit__` at some
 # point. This allows us to catch bugs if we later try to erroneously restart a finished
 # logcontext.
 #
 # Since the "main" logcontext stores the `LoggingContext.previous_context` when it is
 # created, we can wrap this call in `PreserveLoggingContext()` to restore the correct
 # previous logcontext. Our goal is to have the calling context remain unchanged after
 # finishing the "main" logcontext.
 with PreserveLoggingContext():
    # Finish the "main" logcontext
    with main_context:
        # Empty block - We're just trying to call `__exit__` on the "main" context
        # manager to finish it. We can't call `__exit__` directly as the code expects us
        # to `__enter__` before calling `__exit__` to `start`/`stop` things
        # appropriately. And in any case, it's probably best not to call the internal
        # methods directly.
        pass
 ```
 The same thing applies if you have some deferreds stored somewhere which you want to
 callback in the current logcontext.
 ### Deferred errbacks and cancellations
 The same care should be taken when calling errbacks on deferreds. An errback and
 callback act the same in this regard (see section above).
 ```python
 d = defer.Deferred()
 d.addErrback(some_other_function)
 d.errback(failure)
 ```
 Additionally, cancellation is the same as directly calling the errback with a
 `twisted.internet.defer.CancelledError`:
 ```python
 d = defer.Deferred()
 d.addErrback(some_other_function)
 d.cancel()
 ```
 ## Fire-and-forget
 Sometimes you want to fire off a chain of execution, but not wait for
@@ -548,19 +362,3 @@ chain are dropped. Dropping the the reference to an awaitable you're
 supposed to be awaiting is bad practice, so this doesn't
 actually happen too much. Unfortunately, when it does happen, it will
 lead to leaked logcontexts which are incredibly hard to track down.
 ## Debugging logcontext issues
 Debugging logcontext issues can be tricky as leaking or losing a logcontext will surface
 downstream and can point to an unrelated part of the codebase. It's best to enable debug
 logging for `synapse.logging.context.debug` (needs to be explicitly configured) and go
 backwards in the logs from the point where the issue is observed to find the root cause.
 `log.config.yaml`
 ```yaml
 loggers:
    # Unlike other loggers, this one needs to be explicitly configured to see debug logs.
    synapse.logging.context.debug:
        level: DEBUG
 ```
@@ -64,68 +64,3 @@ If multiple modules implement this callback, they will be considered in order. I
 returns `True`, Synapse falls through to the next one. The value of the first callback that
 returns `False` will be used. If this happens, Synapse will not call any of the subsequent
 implementations of this callback.
 ### `get_media_upload_limits_for_user`
 _First introduced in Synapse v1.139.0_
 ```python
 async def get_media_upload_limits_for_user(user_id: str, size: int) -> Optional[List[synapse.module_api.MediaUploadLimit]]
 ```
 **<span style="color:red">
 Caution: This callback is currently experimental. The method signature or behaviour
 may change without notice.
 </span>**
 Called when processing a request to store content in the media repository. This can be used to dynamically override
 the [media upload limits configuration](../usage/configuration/config_documentation.html#media_upload_limits).
 The arguments passed to this callback are:
 * `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
 If the callback returns a list then it will be used as the limits instead of those in the configuration (if any).
 If an empty list is returned then no limits are applied (**warning:** users will be able
 to upload as much data as they desire).
 If multiple modules implement this callback, they will be considered in order. If a
 callback returns `None`, Synapse falls through to the next one. The value of the first
 callback that does not return `None` will be used. If this happens, Synapse will not call
 any of the subsequent implementations of this callback.
 If there are no registered modules, or if all modules return `None`, then
 the default
 [media upload limits configuration](../usage/configuration/config_documentation.html#media_upload_limits)
 will be used.
 ### `on_media_upload_limit_exceeded`
 _First introduced in Synapse v1.139.0_
 ```python
 async def on_media_upload_limit_exceeded(user_id: str, limit: synapse.module_api.MediaUploadLimit, sent_bytes: int, attempted_bytes: int) -> None
 ```
 **<span style="color:red">
 Caution: This callback is currently experimental. The method signature or behaviour
 may change without notice.
 </span>**
 Called when a user attempts to upload media that would exceed a
 [configured media upload limit](../usage/configuration/config_documentation.html#media_upload_limits).
 This callback will only be called on workers which handle
 [POST /_matrix/media/v3/upload](https://spec.matrix.org/v1.15/client-server-api/#post_matrixmediav3upload)
 requests.
 This could be used to inform the user that they have reached a media upload limit through
 some external method.
 The arguments passed to this callback are:
 * `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`) making the request.
 * `limit`: The `synapse.module_api.MediaUploadLimit` representing the limit that was reached.
 * `sent_bytes`: The number of bytes already sent during the period of the limit.
 * `attempted_bytes`: The number of bytes that the user attempted to send.
@@ -195,15 +195,12 @@ _Changed in Synapse v1.132.0: Added the `room_config` argument. Callbacks that o
 async def user_may_create_room(user_id: str, room_config: synapse.module_api.JsonDict) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes", bool]
 ```
-Called when processing a room creation or room upgrade request.
+Called when processing a room creation request.
 The arguments passed to this callback are:
 * `user_id`: The Matrix user ID of the user (e.g. `@alice:example.com`).
-* `room_config`: The contents of the body of the [`/createRoom` request](https://spec.matrix.org/v1.15/client-server-api/#post_matrixclientv3createroom) as a dictionary.
+* `room_config`: The contents of the body of a [/createRoom request](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3createroom) as a dictionary.
  For a [room upgrade request](https://spec.matrix.org/v1.15/client-server-api/#post_matrixclientv3roomsroomidupgrade) it is a synthesised subset of what an equivalent
  `/createRoom` request would have looked like. Specifically, it contains the `creation_content` (linking to the previous room) and `initial_state` (containing a
  subset of the state of the previous room).
 The callback must return one of:
  - `synapse.module_api.NOT_SPAM`, to allow the operation. Other callbacks may still 
@@ -186,7 +186,6 @@ oidc_providers:
 4. Note the slug of your application, Client ID and Client Secret.
 Note: RSA keys must be used for signing for Authentik, ECC keys do not work.
 Note: The provider must have a signing key set and must not use an encryption key.
 Synapse config:
 ```yaml
@@ -205,12 +204,6 @@ oidc_providers:
      config:
        localpart_template: "{{ user.preferred_username }}"
        display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 [...]
 jwt_config:
    enabled: true
    secret: "your client secret" # TO BE FILLED (same as `client_secret` above)
    algorithm: "RS256"
    # (...other fields)
 ```
 ### Dex
@@ -7,23 +7,8 @@ proxy is supported, not SOCKS proxy or anything else.
 ## Configure
-The proxy settings can be configured in the homeserver configuration file via
+The `http_proxy`, `https_proxy`, `no_proxy` environment variables are used to
-[`http_proxy`](../usage/configuration/config_documentation.md#http_proxy),
+specify proxy settings. The environment variable is not case sensitive.
 [`https_proxy`](../usage/configuration/config_documentation.md#https_proxy), and
 [`no_proxy_hosts`](../usage/configuration/config_documentation.md#no_proxy_hosts).
 `homeserver.yaml` example:
 ```yaml
 http_proxy: http://USERNAME:PASSWORD@10.0.1.1:8080/
 https_proxy: http://USERNAME:PASSWORD@proxy.example.com:8080/
 no_proxy_hosts:
  - master.hostname.example.com
  - 10.1.0.0/16
  - 172.30.0.0/16
 ```
 The proxy settings can also be configured via the `http_proxy`, `https_proxy`,
 `no_proxy` environment variables. The environment variable is not case sensitive.
 - `http_proxy`: Proxy server to use for HTTP requests.
 - `https_proxy`: Proxy server to use for HTTPS requests.
 - `no_proxy`: Comma-separated list of hosts, IP addresses, or IP ranges in CIDR
@@ -59,7 +44,7 @@ The proxy will be **used** for:
 - phone-home stats
 - recaptcha validation
 - CAS auth validation
- OpenID Connect (OIDC)
+- OpenID Connect
 - Outbound federation
 - Federation (checking public key revocation)
 - Fetching public keys of other servers
@@ -68,7 +53,7 @@ The proxy will be **used** for:
 It will **not be used** for:
 - Application Services
- Matrix Identity servers
+- Identity servers
 - In worker configurations
  - connections between workers
  - connections from workers to Redis
@@ -88,8 +88,7 @@ This will install and start a systemd service called `coturn`.
    denied-peer-ip=172.16.0.0-172.31.255.255
    # recommended additional local peers to block, to mitigate external access to internal services.
-    # https://www.enablesecurity.com/blog/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
+    # https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
    # https://www.enablesecurity.com/blog/cve-2020-26262-bypass-of-coturns-access-control-protection/#further-concerns-what-else
    no-multicast-peers
    denied-peer-ip=0.0.0.0-0.255.255.255
    denied-peer-ip=100.64.0.0-100.127.255.255
@@ -102,14 +101,6 @@ This will install and start a systemd service called `coturn`.
    denied-peer-ip=198.51.100.0-198.51.100.255
    denied-peer-ip=203.0.113.0-203.0.113.255
    denied-peer-ip=240.0.0.0-255.255.255.255
    denied-peer-ip=::1
    denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
    denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
    denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
    denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
    denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    # special case the turn server itself so that client->TURN->TURN->client flows work
    # this should be one of the turn server's listening IPs
@@ -35,7 +35,7 @@ handlers:
 loggers:
    synapse:
        level: INFO
-        handlers: [file]
+        handlers: [remote]
    synapse.storage.SQL:
        level: WARNING
 ```
@@ -117,114 +117,6 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).
 # Upgrading to v1.140.0
 ## Users of `synapse-s3-storage-provider` must update the module to `v1.6.0`
 Deployments that make use of the
 [synapse-s3-storage-provider](https://github.com/matrix-org/synapse-s3-storage-provider/)
 module must update it to
 [v1.6.0](https://github.com/matrix-org/synapse-s3-storage-provider/releases/tag/v1.6.0),
 otherwise users will be unable to upload or download media.
 # Upgrading to v1.139.0
 ## `/register` requests from old application service implementations may break when using MAS
 Application Services that do not set `inhibit_login=true` when calling `POST
 /_matrix/client/v3/register` will receive the error
 `IO.ELEMENT.MSC4190.M_APPSERVICE_LOGIN_UNSUPPORTED` in response. This is a
 result of [MSC4190: Device management for application
 services](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) which
 adds new endpoints for application services to create encryption-ready devices
 with other than `/login` or `/register` without `inhibit_login=true`.
 If an application service you use starts to fail with the mentioned error,
 ensure it is up to date. If it is, then kindly let the author know that they
 need to update their implementation to call `/register` with
 `inhibit_login=true`.
 # Upgrading to v1.138.2
 ## Drop support for Ubuntu 24.10 Oracular Oriole, and add support for Ubuntu 25.04 Plucky Puffin
 Ubuntu 24.10 Oracular Oriole [has been end-of-life since 10 Jul
 2025](https://endoflife.date/ubuntu). This release drops support for Ubuntu
 24.10, and in its place adds support for Ubuntu 25.04 Plucky Puffin.
 This notice also applies to the v1.139.0 release.
 # Upgrading to v1.136.0
 ## Deprecate `run_as_background_process` exported as part of the module API interface in favor of `ModuleApi.run_as_background_process`
 The `run_as_background_process` function is now a method of the `ModuleApi` class. If
 you were using the function directly from the module API, it will continue to work fine
 but the background process metrics will not include an accurate `server_name` label.
 This kind of metric labeling isn't relevant for many use cases and is used to
 differentiate Synapse instances running in the same Python process (relevant to Synapse
 Pro: Small Hosts). We recommend updating your usage to use the new
 `ModuleApi.run_as_background_process` method to stay on top of future changes.
 <details>
 <summary>Example <code>run_as_background_process</code> upgrade</summary>
 Before:
 ```python
 class MyModule:
    def __init__(self, module_api: ModuleApi) -> None:
        run_as_background_process(__name__ + ":setup_database", self.setup_database)
 ```
 After:
 ```python
 class MyModule:
    def __init__(self, module_api: ModuleApi) -> None:
        module_api.run_as_background_process(__name__ + ":setup_database", self.setup_database)
 ```
 </details>
 ## Metric labels have changed on `synapse_federation_last_received_pdu_time` and `synapse_federation_last_sent_pdu_time`
 Previously, the `synapse_federation_last_received_pdu_time` and
 `synapse_federation_last_sent_pdu_time` metrics both used the `server_name` label to
 differentiate between different servers that we send and receive events from.
 Since we're now using the `server_name` label to differentiate between different Synapse
 homeserver instances running in the same process, these metrics have been changed as follows:
 - `synapse_federation_last_received_pdu_time` now uses the `origin_server_name` label
 - `synapse_federation_last_sent_pdu_time` now uses the `destination_server_name` label
 The Grafana dashboard JSON in `contrib/grafana/synapse.json` has been updated to reflect
 this change but you will need to manually update your own existing Grafana dashboards
 using these metrics.
 ## Stable integration with Matrix Authentication Service
 Support for [Matrix Authentication Service (MAS)](https://github.com/element-hq/matrix-authentication-service) is now stable, with a simplified configuration.
 This stable integration requires MAS 0.20.0 or later.
 The existing `experimental_features.msc3861` configuration option is now deprecated and will be removed in Synapse v1.137.0.
 Synapse deployments already using MAS should now use the new configuration options:
 ```yaml
 matrix_authentication_service:
  # Enable the MAS integration
  enabled: true
  # The base URL where Synapse will contact MAS
  endpoint: http://localhost:8080
  # The shared secret used to authenticate MAS requests, must be the same as `matrix.secret` in the MAS configuration
  # See https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#matrix
  secret: "asecurerandomsecretstring"
 ```
 They must remove the `experimental_features.msc3861` configuration option from their configuration.
 They can also remove the client previously used by Synapse [in the MAS configuration](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#clients) as it is no longer in use.
 # Upgrading to v1.135.0
 ## `on_user_registration` module API callback may now run on any worker
@@ -245,10 +137,10 @@ native ICU library on your system is no longer required.
 ## Documented endpoint which can be delegated to a federation worker
 The endpoint `^/_matrix/federation/v1/version$` can be delegated to a federation
-worker. This is not new behaviour, but had not been documented yet. The
+worker. This is not new behaviour, but had not been documented yet. The 
-[list of delegatable endpoints](workers.md#synapseappgeneric_worker) has
+[list of delegatable endpoints](workers.md#synapseappgeneric_worker) has 
 been updated to include it. Make sure to check your reverse proxy rules if you
-are using workers.
+are using workers. 
 # Upgrading to v1.126.0
@@ -610,61 +610,6 @@ manhole_settings:
  ssh_pub_key_path: CONFDIR/id_rsa.pub
 ```
 ---
 ### `http_proxy`
 *(string|null)* Proxy server to use for HTTP requests.
 For more details, see the [forward proxy documentation](../../setup/forward_proxy.md). There is no default for this option.
 Example configuration:
 ```yaml
 http_proxy: http://USERNAME:PASSWORD@10.0.1.1:8080/
 ```
 ---
 ### `https_proxy`
 *(string|null)* Proxy server to use for HTTPS requests.
 For more details, see the [forward proxy documentation](../../setup/forward_proxy.md). There is no default for this option.
 Example configuration:
 ```yaml
 https_proxy: http://USERNAME:PASSWORD@proxy.example.com:8080/
 ```
 ---
 ### `no_proxy_hosts`
 *(array)* List of hosts, IP addresses, or IP ranges in CIDR format which should not use the proxy. Synapse will directly connect to these hosts.
 For more details, see the [forward proxy documentation](../../setup/forward_proxy.md). There is no default for this option.
 Example configuration:
 ```yaml
 no_proxy_hosts:
 - master.hostname.example.com
 - 10.1.0.0/16
 - 172.30.0.0/16
 ```
 ---
 ### `matrix_authentication_service`
 *(object)* The `matrix_authentication_service` setting configures integration with [Matrix Authentication Service (MAS)](https://github.com/element-hq/matrix-authentication-service).
 This setting has the following sub-options:
 * `enabled` (boolean): Whether or not to enable the MAS integration. If this is set to `false`, Synapse will use its legacy internal authentication API. Defaults to `false`.
 * `endpoint` (string): The URL where Synapse can reach MAS. This *must* have the `discovery` and `oauth` resources mounted. Defaults to `"http://localhost:8080"`.
 * `secret` (string|null): A shared secret that will be used to authenticate requests from and to MAS.
 * `secret_path` (string|null): Alternative to `secret`, reading the shared secret from a file. The file should be a plain text file, containing only the secret. Synapse reads the secret from the given file once at startup.
 Example configuration:
 ```yaml
 matrix_authentication_service:
  enabled: true
  secret: someverysecuresecret
  endpoint: http://localhost:8080
 ```
 ---
 ### `dummy_events_threshold`
 *(integer)* Forward extremities can build up in a room due to networking delays between homeservers. Once this happens in a large room, calculation of the state of that room can become quite expensive. To mitigate this, once the number of forward extremities reaches a given threshold, Synapse will send an `org.matrix.dummy_event` event, which will reduce the forward extremities in the room.
@@ -1980,8 +1925,9 @@ This setting has the following sub-options:
 Default configuration:
 ```yaml
 rc_delayed_event_mgmt:
-  per_second: 1.0
+  per_user:
-  burst_count: 5.0
+    per_second: 1.0
    burst_count: 5.0
 ```
 Example configuration:
@@ -2006,8 +1952,9 @@ This setting has the following sub-options:
 Default configuration:
 ```yaml
 rc_reports:
-  per_second: 1.0
+  per_user:
-  burst_count: 5.0
+    per_second: 1.0
    burst_count: 5.0
 ```
 Example configuration:
@@ -2017,30 +1964,6 @@ rc_reports:
  burst_count: 20.0
 ```
 ---
 ### `rc_room_creation`
 *(object)* Sets rate limits for how often users are able to create rooms.
 This setting has the following sub-options:
 * `per_second` (number): Maximum number of requests a client can send per second.
 * `burst_count` (number): Maximum number of requests a client can send before being throttled.
 Default configuration:
 ```yaml
 rc_room_creation:
  per_second: 0.016
  burst_count: 10.0
 ```
 Example configuration:
 ```yaml
 rc_room_creation:
  per_second: 1.0
  burst_count: 5.0
 ```
 ---
 ### `federation_rr_transactions_per_room_per_second`
 *(integer)* Sets outgoing federation transaction frequency for sending read-receipts, per-room.
@@ -2166,12 +2089,9 @@ max_upload_size: 60M
 ### `media_upload_limits`
 *(array)* A list of media upload limits defining how much data a given user can upload in a given time period.
 These limits are applied in addition to the `max_upload_size` limit above (which applies to individual uploads).
 An empty list means no limits are applied.
 These settings can be overridden using the `get_media_upload_limits_for_user` module API [callback](../../modules/media_repository_callbacks.md#get_media_upload_limits_for_user).
 Defaults to `[]`.
 Example configuration:
@@ -2573,28 +2493,6 @@ Example configuration:
 turn_allow_guests: false
 ```
 ---
 ### `matrix_rtc`
 *(object)* Options related to MatrixRTC. Defaults to `{}`.
 This setting has the following sub-options:
 * `transports` (array): A list of transport types and arguments to use for MatrixRTC connections. Defaults to `[]`.
  Options for each entry include:
  * `type` (string): The type of transport to use to connect to the selective forwarding unit (SFU).
  * `livekit_service_url` (string): The base URL of the LiveKit service. Should only be used with LiveKit-based transports.
 Example configuration:
 ```yaml
 matrix_rtc:
  transports:
  - type: livekit
    livekit_service_url: https://matrix-rtc.example.com/livekit/jwt
 ```
 ---
 ## Registration
 Registration can be rate-limited using the parameters in the [Ratelimiting](#ratelimiting) section of this manual.
@@ -4197,7 +4095,7 @@ The default power levels for each preset are:
 "m.room.history_visibility": 100
 "m.room.canonical_alias": 50
 "m.room.avatar": 50
-"m.room.tombstone": 100 (150 if MSC4289 is used)
+"m.room.tombstone": 100
 "m.room.server_acl": 100
 "m.room.encryption": 100
 ```
@@ -4444,8 +4342,6 @@ This setting has the following sub-options:
 * `push_rules` (string): Name of a worker assigned to the `push_rules` stream.
 * `device_lists` (string): Name of a worker assigned to the `device_lists` stream.
 Example configuration:
 ```yaml
 stream_writers:
@@ -238,9 +238,7 @@ information.
    ^/_matrix/client/unstable/im.nheko.summary/summary/.*$
    ^/_matrix/client/(r0|v3|unstable)/account/3pid$
    ^/_matrix/client/(r0|v3|unstable)/account/whoami$
-    ^/_matrix/client/(r0|v3|unstable)/account/deactivate$
+    ^/_matrix/client/(r0|v3|unstable)/devices$
    ^/_matrix/client/(r0|v3)/delete_devices$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$)
    ^/_matrix/client/versions$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/
@@ -252,16 +250,14 @@ information.
    ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$
    ^/_matrix/client/(r0|v3|unstable)/capabilities$
    ^/_matrix/client/(r0|v3|unstable)/notifications$
-    ^/_synapse/admin/v1/rooms/[^/]+$
+    ^/_synapse/admin/v1/rooms/
    # Encryption requests
    ^/_matrix/client/(r0|v3|unstable)/keys/query$
    ^/_matrix/client/(r0|v3|unstable)/keys/changes$
    ^/_matrix/client/(r0|v3|unstable)/keys/claim$
    ^/_matrix/client/(r0|v3|unstable)/room_keys/
-    ^/_matrix/client/(r0|v3|unstable)/keys/upload
+    ^/_matrix/client/(r0|v3|unstable)/keys/upload$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
    # Registration/login requests
    ^/_matrix/client/(api/v1|r0|v3|unstable)/login$
@@ -286,6 +282,7 @@ Additionally, the following REST endpoints can be handled for GET requests:
    ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
    ^/_matrix/client/unstable/org.matrix.msc4140/delayed_events
    ^/_matrix/client/(api/v1|r0|v3|unstable)/devices/
    # Account data requests
    ^/_matrix/client/(r0|v3|unstable)/.*/tags
@@ -332,6 +329,7 @@ set to `true`), the following endpoints can be handled by the worker:
    ^/_synapse/admin/v2/users/[^/]+$
    ^/_synapse/admin/v1/username_available$
    ^/_synapse/admin/v1/users/[^/]+/_allow_cross_signing_replacement_without_uia$
    # Only the GET method:
    ^/_synapse/admin/v1/users/[^/]+/devices$
 Note that a [HTTP listener](usage/configuration/config_documentation.md#listeners)
@@ -532,9 +530,8 @@ the stream writer for the `account_data` stream:
 ##### The `receipts` stream
-The `receipts` stream supports multiple writers. The following endpoints
+The following endpoints should be routed directly to the worker configured as
-can be handled by any worker, but should be routed directly to one of the workers
+the stream writer for the `receipts` stream:
 configured as stream writer for the `receipts` stream:
    ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt
    ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers
@@ -553,18 +550,6 @@ the stream writer for the `push_rules` stream:
    ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/
 ##### The `device_lists` stream
 The `device_lists` stream supports multiple writers. The following endpoints
 can be handled by any worker, but should be routed directly to one of the workers
 configured as stream writer for the `device_lists` stream:
    ^/_matrix/client/(r0|v3)/delete_devices$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/devices(/|$)
    ^/_matrix/client/(r0|v3|unstable)/keys/upload
    ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/device_signing/upload$
    ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/signatures/upload$
 #### Restrict outbound federation traffic to a specific set of workers
 The
@@ -1,17 +1,6 @@
 [mypy]
 namespace_packages = True
-# Our custom mypy plugin should remain first in this list.
+plugins = pydantic.mypy, mypy_zope:plugin, scripts-dev/mypy_synapse_plugin.py
 #
 # mypy has a limitation where it only chooses the first plugin that returns a non-None
 # value for each hook (known-limitation, c.f.
 # https://github.com/python/mypy/issues/19524). We workaround this by putting our custom
 # plugin first in the plugin order and then manually calling any other conflicting
 # plugin hooks in our own plugin followed by our own checks.
 #
 # If you add a new plugin, make sure to check whether the hooks being used conflict with
 # our custom plugin hooks and if so, manually call the other plugin's hooks in our
 # custom plugin. (also applies to if the plugin is updated in the future)
 plugins = scripts-dev/mypy_synapse_plugin.py, pydantic.mypy, mypy_zope:plugin
 follow_imports = normal
 show_error_codes = True
 show_traceback = True
@@ -110,6 +99,3 @@ ignore_missing_imports = True
 [mypy-multipart.*]
 ignore_missing_imports = True
 [mypy-mypy_zope.*]
 ignore_missing_imports = True
@@ -101,10 +101,10 @@ module-name = "synapse.synapse_rust"
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.140.0"
+version = "1.134.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
-license = "AGPL-3.0-or-later OR LicenseRef-Element-Commercial"
+license = "AGPL-3.0-or-later"
 readme = "README.rst"
 repository = "https://github.com/element-hq/synapse"
 packages = [
@@ -159,7 +159,13 @@ synapse_review_recent_signups = "synapse._scripts.review_recent_signups:main"
 update_synapse_database = "synapse._scripts.update_synapse_database:main"
 [tool.poetry.dependencies]
-python = "^3.9.0"
+# We aim to support all versions of Python currently supported upstream as per
 # our dependency deprecation policy:
 # https://element-hq.github.io/synapse/latest/deprecation_policy.html#policy
 #
 # 3.9.12 is currently the minimum version due to Twisted requiring it:
 # https://github.com/twisted/twisted/commit/27674f64d8a553ad5e68913bfb1c936e6fdeb46a
 python = "^3.9.12"
 # Mandatory Dependencies
 # ----------------------
@@ -178,13 +184,8 @@ signedjson = "^1.1.0"
 service-identity = ">=18.1.0"
 # Twisted 18.9 introduces some logger improvements that the structured
 # logger utilises
-# Twisted 19.7.0 moves test helpers to a new module and deprecates the old location.
+Twisted = {extras = ["tls"], version = ">=18.9.0"}
-# Twisted 21.2.0 introduces contextvar support.
+treq = ">=15.1"
 # We could likely bump this to 22.1 without making distro packagers'
 # lives hard (as of 2025-07, distro support is Ubuntu LTS: 22.1, Debian stable: 22.4,
 # RHEL 9: 22.10)
 Twisted = {extras = ["tls"], version = ">=21.2.0"}
 treq = ">=21.5.0"
 # Twisted has required pyopenssl 16.0 since about Twisted 16.6.
 pyOpenSSL = ">=16.0.0"
 PyYAML = ">=5.3"
@@ -200,9 +201,7 @@ pymacaroons = ">=0.13.0"
 msgpack = ">=0.5.2"
 phonenumbers = ">=8.2.0"
 # we use GaugeHistogramMetric, which was added in prom-client 0.4.0.
-# `prometheus_client.metrics` was added in 0.5.0, so we require that too.
+prometheus-client = ">=0.4.0"
 # We chose 0.6.0 as that is the current version in Debian Buster (oldstable).
 prometheus-client = ">=0.6.0"
 # we use `order`, which arrived in attrs 19.2.0.
 # Note: 21.1.0 broke `/sync`, see https://github.com/matrix-org/synapse/issues/9936
 attrs = ">=19.2.0,!=21.1.0"
@@ -324,7 +323,7 @@ all = [
 # failing on new releases. Keeping lower bounds loose here means that dependabot
 # can bump versions without having to update the content-hash in the lockfile.
 # This helps prevents merge conflicts when running a batch of dependabot updates.
-ruff = "0.12.10"
+ruff = "0.12.2"
 # Type checking only works with the pydantic.v1 compat module from pydantic v2
 pydantic = "^2"
@@ -7,7 +7,7 @@ name = "synapse"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.82.0"
+rust-version = "1.81.0"
 [lib]
 name = "synapse"
@@ -23,7 +23,7 @@ name = "synapse.synapse_rust"
 [dependencies]
 anyhow = "1.0.63"
-base64 = "0.22.1"
+base64 = "0.21.7"
 bytes = "1.6.0"
 headers = "0.4.0"
 http = "1.1.0"
@@ -52,7 +52,6 @@ reqwest = { version = "0.12.15", default-features = false, features = [
 http-body-util = "0.1.3"
 futures = "0.3.31"
 tokio = { version = "1.44.2", features = ["rt", "rt-multi-thread"] }
 once_cell = "1.18.0"
 [features]
 extension-module = ["pyo3/extension-module"]
@@ -61,7 +61,6 @@ fn bench_match_exact(b: &mut Bencher) {
        vec![],
        false,
        false,
        false,
    )
    .unwrap();
@@ -72,10 +71,10 @@ fn bench_match_exact(b: &mut Bencher) {
        },
    ));
-    let matched = eval.match_condition(&condition, None, None, None).unwrap();
+    let matched = eval.match_condition(&condition, None, None).unwrap();
    assert!(matched, "Didn't match");
-    b.iter(|| eval.match_condition(&condition, None, None, None).unwrap());
+    b.iter(|| eval.match_condition(&condition, None, None).unwrap());
 }
 #[bench]
@@ -108,7 +107,6 @@ fn bench_match_word(b: &mut Bencher) {
        vec![],
        false,
        false,
        false,
    )
    .unwrap();
@@ -119,10 +117,10 @@ fn bench_match_word(b: &mut Bencher) {
        },
    ));
-    let matched = eval.match_condition(&condition, None, None, None).unwrap();
+    let matched = eval.match_condition(&condition, None, None).unwrap();
    assert!(matched, "Didn't match");
-    b.iter(|| eval.match_condition(&condition, None, None, None).unwrap());
+    b.iter(|| eval.match_condition(&condition, None, None).unwrap());
 }
 #[bench]
@@ -155,7 +153,6 @@ fn bench_match_word_miss(b: &mut Bencher) {
        vec![],
        false,
        false,
        false,
    )
    .unwrap();
@@ -166,10 +163,10 @@ fn bench_match_word_miss(b: &mut Bencher) {
        },
    ));
-    let matched = eval.match_condition(&condition, None, None, None).unwrap();
+    let matched = eval.match_condition(&condition, None, None).unwrap();
    assert!(!matched, "Didn't match");
-    b.iter(|| eval.match_condition(&condition, None, None, None).unwrap());
+    b.iter(|| eval.match_condition(&condition, None, None).unwrap());
 }
 #[bench]
@@ -202,7 +199,6 @@ fn bench_eval_message(b: &mut Bencher) {
        vec![],
        false,
        false,
        false,
    )
    .unwrap();
@@ -214,8 +210,7 @@ fn bench_eval_message(b: &mut Bencher) {
        false,
        false,
        false,
        false,
    );
-    b.iter(|| eval.run(&rules, Some("bob"), Some("person"), None));
+    b.iter(|| eval.run(&rules, Some("bob"), Some("person")));
 }
@@ -54,7 +54,6 @@ enum EventInternalMetadataData {
    RecheckRedaction(bool),
    SoftFailed(bool),
    ProactivelySend(bool),
    PolicyServerSpammy(bool),
    Redacted(bool),
    TxnId(Box<str>),
    TokenId(i64),
@@ -97,13 +96,6 @@ impl EventInternalMetadataData {
                    .to_owned()
                    .into_any(),
            ),
            EventInternalMetadataData::PolicyServerSpammy(o) => (
                pyo3::intern!(py, "policy_server_spammy"),
                o.into_pyobject(py)
                    .unwrap_infallible()
                    .to_owned()
                    .into_any(),
            ),
            EventInternalMetadataData::Redacted(o) => (
                pyo3::intern!(py, "redacted"),
                o.into_pyobject(py)
@@ -163,11 +155,6 @@ impl EventInternalMetadataData {
                    .extract()
                    .with_context(|| format!("'{key_str}' has invalid type"))?,
            ),
            "policy_server_spammy" => EventInternalMetadataData::PolicyServerSpammy(
                value
                    .extract()
                    .with_context(|| format!("'{key_str}' has invalid type"))?,
            ),
            "redacted" => EventInternalMetadataData::Redacted(
                value
                    .extract()
@@ -440,17 +427,6 @@ impl EventInternalMetadata {
        set_property!(self, ProactivelySend, obj);
    }
    #[getter]
    fn get_policy_server_spammy(&self) -> PyResult<bool> {
        Ok(get_property_opt!(self, PolicyServerSpammy)
            .copied()
            .unwrap_or(false))
    }
    #[setter]
    fn set_policy_server_spammy(&mut self, obj: bool) {
        set_property!(self, PolicyServerSpammy, obj);
    }
    #[getter]
    fn get_redacted(&self) -> PyResult<bool> {
        let bool = get_property!(self, Redacted)?;
@@ -12,149 +12,58 @@
 * <https://www.gnu.org/licenses/agpl-3.0.html>.
 */
-use std::{collections::HashMap, future::Future, sync::OnceLock};
+use std::{collections::HashMap, future::Future, panic::AssertUnwindSafe, sync::LazyLock};
 use anyhow::Context;
-use futures::TryStreamExt;
+use futures::{FutureExt, TryStreamExt};
-use once_cell::sync::OnceCell;
+use pyo3::{exceptions::PyException, prelude::*, types::PyString};
 use pyo3::{create_exception, exceptions::PyException, prelude::*};
 use reqwest::RequestBuilder;
 use tokio::runtime::Runtime;
 use crate::errors::HttpResponseException;
-create_exception!(
+/// The tokio runtime that we're using to run async Rust libs.
-    synapse.synapse_rust.http_client,
+static RUNTIME: LazyLock<Runtime> = LazyLock::new(|| {
-    RustPanicError,
+    tokio::runtime::Builder::new_multi_thread()
-    PyException,
+        .worker_threads(4)
-    "A panic which happened in a Rust future"
+        .enable_all()
-);
+        .build()
        .unwrap()
 });
-impl RustPanicError {
+/// A reference to the `Deferred` python class.
-    fn from_panic(panic_err: &(dyn std::any::Any + Send + 'static)) -> PyErr {
+static DEFERRED_CLASS: LazyLock<PyObject> = LazyLock::new(|| {
-        // Apparently this is how you extract the panic message from a panic
+    Python::with_gil(|py| {
-        let panic_message = if let Some(str_slice) = panic_err.downcast_ref::<&str>() {
+        py.import("twisted.internet.defer")
-            str_slice
+            .expect("module 'twisted.internet.defer' should be importable")
-        } else if let Some(string) = panic_err.downcast_ref::<String>() {
+            .getattr("Deferred")
-            string
+            .expect("module 'twisted.internet.defer' should have a 'Deferred' class")
-        } else {
+            .unbind()
-            "unknown error"
+    })
-        };
+});
        Self::new_err(panic_message.to_owned())
    }
 }
-/// This is the name of the attribute where we store the runtime on the reactor
+/// A reference to the twisted `reactor`.
-static TOKIO_RUNTIME_ATTR: &str = "__synapse_rust_tokio_runtime";
+static TWISTED_REACTOR: LazyLock<Py<PyModule>> = LazyLock::new(|| {
-
+    Python::with_gil(|py| {
-/// A Python wrapper around a Tokio runtime.
+        py.import("twisted.internet.reactor")
-///
+            .expect("module 'twisted.internet.reactor' should be importable")
-/// This allows us to 'store' the runtime on the reactor instance, starting it
+            .unbind()
-/// when the reactor starts, and stopping it when the reactor shuts down.
+    })
-#[pyclass]
+});
 struct PyTokioRuntime {
    runtime: Option<Runtime>,
 }
 #[pymethods]
 impl PyTokioRuntime {
    fn start(&mut self) -> PyResult<()> {
        // TODO: allow customization of the runtime like the number of threads
        let runtime = tokio::runtime::Builder::new_multi_thread()
            .worker_threads(4)
            .enable_all()
            .build()?;
        self.runtime = Some(runtime);
        Ok(())
    }
    fn shutdown(&mut self) -> PyResult<()> {
        let runtime = self
            .runtime
            .take()
            .context("Runtime was already shutdown")?;
        // Dropping the runtime will shut it down
        drop(runtime);
        Ok(())
    }
 }
 impl PyTokioRuntime {
    /// Get the handle to the Tokio runtime, if it is running.
    fn handle(&self) -> PyResult<&tokio::runtime::Handle> {
        let handle = self
            .runtime
            .as_ref()
            .context("Tokio runtime is not running")?
            .handle();
        Ok(handle)
    }
 }
 /// Get a handle to the Tokio runtime stored on the reactor instance, or create
 /// a new one.
 fn runtime<'a>(reactor: &Bound<'a, PyAny>) -> PyResult<PyRef<'a, PyTokioRuntime>> {
    if !reactor.hasattr(TOKIO_RUNTIME_ATTR)? {
        install_runtime(reactor)?;
    }
    get_runtime(reactor)
 }
 /// Install a new Tokio runtime on the reactor instance.
 fn install_runtime(reactor: &Bound<PyAny>) -> PyResult<()> {
    let py = reactor.py();
    let runtime = PyTokioRuntime { runtime: None };
    let runtime = runtime.into_pyobject(py)?;
    // Attach the runtime to the reactor, starting it when the reactor is
    // running, stopping it when the reactor is shutting down
    reactor.call_method1("callWhenRunning", (runtime.getattr("start")?,))?;
    reactor.call_method1(
        "addSystemEventTrigger",
        ("after", "shutdown", runtime.getattr("shutdown")?),
    )?;
    reactor.setattr(TOKIO_RUNTIME_ATTR, runtime)?;
    Ok(())
 }
 /// Get a reference to a Tokio runtime handle stored on the reactor instance.
 fn get_runtime<'a>(reactor: &Bound<'a, PyAny>) -> PyResult<PyRef<'a, PyTokioRuntime>> {
    // This will raise if `TOKIO_RUNTIME_ATTR` is not set or if it is
    // not a `Runtime`. Careful that this could happen if the user sets it
    // manually, or if multiple versions of `pyo3-twisted` are used!
    let runtime: Bound<PyTokioRuntime> = reactor.getattr(TOKIO_RUNTIME_ATTR)?.extract()?;
    Ok(runtime.borrow())
 }
 /// A reference to the `twisted.internet.defer` module.
 static DEFER: OnceCell<PyObject> = OnceCell::new();
 /// Access to the `twisted.internet.defer` module.
 fn defer(py: Python<'_>) -> PyResult<&Bound<PyAny>> {
    Ok(DEFER
        .get_or_try_init(|| py.import("twisted.internet.defer").map(Into::into))?
        .bind(py))
 }
 /// Called when registering modules with python.
 pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
    let child_module: Bound<'_, PyModule> = PyModule::new(py, "http_client")?;
    child_module.add_class::<HttpClient>()?;
-    // Make sure we fail early if we can't load some modules
+    // Make sure we fail early if we can't build the lazy statics.
-    defer(py)?;
+    LazyLock::force(&RUNTIME);
    LazyLock::force(&DEFERRED_CLASS);
    m.add_submodule(&child_module)?;
    // We need to manually add the module to sys.modules to make `from
-    // synapse.synapse_rust import http_client` work.
+    // synapse.synapse_rust import acl` work.
    py.import("sys")?
        .getattr("modules")?
        .set_item("synapse.synapse_rust.http_client", child_module)?;
@@ -163,24 +72,26 @@ pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()>
 }
 #[pyclass]
 #[derive(Clone)]
 struct HttpClient {
    client: reqwest::Client,
    reactor: PyObject,
 }
 #[pymethods]
 impl HttpClient {
    #[new]
-    pub fn py_new(reactor: Bound<PyAny>, user_agent: &str) -> PyResult<HttpClient> {
+    pub fn py_new(user_agent: &str) -> PyResult<HttpClient> {
-        // Make sure the runtime gets installed
+        // The twisted reactor can only be imported after Synapse has been
-        let _ = runtime(&reactor)?;
+        // imported, to allow Synapse to change the twisted reactor. If we try
        // and import the reactor too early twisted installs a default reactor,
        // which can't be replaced.
        LazyLock::force(&TWISTED_REACTOR);
        Ok(HttpClient {
            client: reqwest::Client::builder()
                .user_agent(user_agent)
                .build()
                .context("building reqwest client")?,
            reactor: reactor.unbind(),
        })
    }
@@ -218,7 +129,7 @@ impl HttpClient {
        builder: RequestBuilder,
        response_limit: usize,
    ) -> PyResult<Bound<'a, PyAny>> {
-        create_deferred(py, self.reactor.bind(py), async move {
+        create_deferred(py, async move {
            let response = builder.send().await.context("sending request")?;
            let status = response.status();
@@ -248,73 +159,60 @@ impl HttpClient {
 /// tokio runtime.
 ///
 /// Does not handle deferred cancellation or contextvars.
-fn create_deferred<'py, F, O>(
+fn create_deferred<F, O>(py: Python, fut: F) -> PyResult<Bound<'_, PyAny>>
    py: Python<'py>,
    reactor: &Bound<'py, PyAny>,
    fut: F,
 ) -> PyResult<Bound<'py, PyAny>>
 where
    F: Future<Output = PyResult<O>> + Send + 'static,
-    for<'a> O: IntoPyObject<'a> + Send + 'static,
+    for<'a> O: IntoPyObject<'a>,
 {
-    let deferred = defer(py)?.call_method0("Deferred")?;
+    let deferred = DEFERRED_CLASS.bind(py).call0()?;
    let deferred_callback = deferred.getattr("callback")?.unbind();
    let deferred_errback = deferred.getattr("errback")?.unbind();
-    let rt = runtime(reactor)?;
+    RUNTIME.spawn(async move {
-    let handle = rt.handle()?;
+        // TODO: Is it safe to assert unwind safety here? I think so, as we
-    let task = handle.spawn(fut);
+        // don't use anything that could be tainted by the panic afterwards.
-
+        // Note that `.spawn(..)` asserts unwind safety on the future too.
-    // Unbind the reactor so that we can pass it to the task
+        let res = AssertUnwindSafe(fut).catch_unwind().await;
    let reactor = reactor.clone().unbind();
    handle.spawn(async move {
        let res = task.await;
        Python::with_gil(move |py| {
            // Flatten the panic into standard python error
            let res = match res {
                Ok(r) => r,
-                Err(join_err) => match join_err.try_into_panic() {
+                Err(panic_err) => {
-                    Ok(panic_err) => Err(RustPanicError::from_panic(&panic_err)),
+                    let panic_message = get_panic_message(&panic_err);
-                    Err(err) => Err(PyException::new_err(format!("Task cancelled: {err}"))),
+                    Err(PyException::new_err(
-                },
+                        PyString::new(py, panic_message).unbind(),
                    ))
                }
            };
            // Re-bind the reactor
            let reactor = reactor.bind(py);
            // Send the result to the deferred, via `.callback(..)` or `.errback(..)`
            match res {
                Ok(obj) => {
-                    reactor
+                    TWISTED_REACTOR
-                        .call_method("callFromThread", (deferred_callback, obj), None)
+                        .call_method(py, "callFromThread", (deferred_callback, obj), None)
                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
                }
                Err(err) => {
-                    reactor
+                    TWISTED_REACTOR
-                        .call_method("callFromThread", (deferred_errback, err), None)
+                        .call_method(py, "callFromThread", (deferred_errback, err), None)
                        .expect("callFromThread should not fail"); // There's nothing we can really do with errors here
                }
            }
        });
    });
-    // Make the deferred follow the Synapse logcontext rules
+    Ok(deferred)
    make_deferred_yieldable(py, &deferred)
 }
-static MAKE_DEFERRED_YIELDABLE: OnceLock<pyo3::Py<pyo3::PyAny>> = OnceLock::new();
+/// Try and get the panic message out of the panic
-
+fn get_panic_message<'a>(panic_err: &'a (dyn std::any::Any + Send + 'static)) -> &'a str {
-/// Given a deferred, make it follow the Synapse logcontext rules
+    // Apparently this is how you extract the panic message from a panic
-fn make_deferred_yieldable<'py>(
+    if let Some(str_slice) = panic_err.downcast_ref::<&str>() {
-    py: Python<'py>,
+        str_slice
-    deferred: &Bound<'py, PyAny>,
+    } else if let Some(string) = panic_err.downcast_ref::<String>() {
-) -> PyResult<Bound<'py, PyAny>> {
+        string
-    let make_deferred_yieldable = MAKE_DEFERRED_YIELDABLE.get_or_init(|| {
+    } else {
-        let sys = PyModule::import(py, "synapse.logging.context").unwrap();
+        "unknown error"
-        let func = sys.getattr("make_deferred_yieldable").unwrap().unbind();
+    }
        func
    });
    make_deferred_yieldable.call1(py, (deferred,))?.extract(py)
 }
@@ -289,29 +289,6 @@ pub const BASE_APPEND_CONTENT_RULES: &[PushRule] = &[PushRule {
    default_enabled: true,
 }];
 pub const BASE_APPEND_POSTCONTENT_RULES: &[PushRule] = &[
    PushRule {
        rule_id: Cow::Borrowed("global/postcontent/.io.element.msc4306.rule.unsubscribed_thread"),
        priority_class: 6,
        conditions: Cow::Borrowed(&[Condition::Known(
            KnownCondition::Msc4306ThreadSubscription { subscribed: false },
        )]),
        actions: Cow::Borrowed(&[]),
        default: true,
        default_enabled: true,
    },
    PushRule {
        rule_id: Cow::Borrowed("global/postcontent/.io.element.msc4306.rule.subscribed_thread"),
        priority_class: 6,
        conditions: Cow::Borrowed(&[Condition::Known(
            KnownCondition::Msc4306ThreadSubscription { subscribed: true },
        )]),
        actions: Cow::Borrowed(&[Action::Notify, SOUND_ACTION]),
        default: true,
        default_enabled: true,
    },
 ];
 pub const BASE_APPEND_UNDERRIDE_RULES: &[PushRule] = &[
    PushRule {
        rule_id: Cow::Borrowed("global/underride/.m.rule.call"),
@@ -729,7 +706,6 @@ lazy_static! {
            .iter()
            .chain(BASE_APPEND_OVERRIDE_RULES.iter())
            .chain(BASE_APPEND_CONTENT_RULES.iter())
            .chain(BASE_APPEND_POSTCONTENT_RULES.iter())
            .chain(BASE_APPEND_UNDERRIDE_RULES.iter())
            .map(|rule| { (&*rule.rule_id, rule) })
            .collect();
@@ -106,11 +106,8 @@ pub struct PushRuleEvaluator {
    /// flag as MSC1767 (extensible events core).
    msc3931_enabled: bool,
-    /// If MSC4210 (remove legacy mentions) is enabled.
+    // If MSC4210 (remove legacy mentions) is enabled.
    msc4210_enabled: bool,
    /// If MSC4306 (thread subscriptions) is enabled.
    msc4306_enabled: bool,
 }
 #[pymethods]
@@ -129,7 +126,6 @@ impl PushRuleEvaluator {
        room_version_feature_flags,
        msc3931_enabled,
        msc4210_enabled,
        msc4306_enabled,
    ))]
    pub fn py_new(
        flattened_keys: BTreeMap<String, JsonValue>,
@@ -142,7 +138,6 @@ impl PushRuleEvaluator {
        room_version_feature_flags: Vec<String>,
        msc3931_enabled: bool,
        msc4210_enabled: bool,
        msc4306_enabled: bool,
    ) -> Result<Self, Error> {
        let body = match flattened_keys.get("content.body") {
            Some(JsonValue::Value(SimpleJsonValue::Str(s))) => s.clone().into_owned(),
@@ -161,7 +156,6 @@ impl PushRuleEvaluator {
            room_version_feature_flags,
            msc3931_enabled,
            msc4210_enabled,
            msc4306_enabled,
        })
    }
@@ -173,19 +167,12 @@ impl PushRuleEvaluator {
    ///
    /// Returns the set of actions, if any, that match (filtering out any
    /// `dont_notify` and `coalesce` actions).
-    ///
+    #[pyo3(signature = (push_rules, user_id=None, display_name=None))]
    /// msc4306_thread_subscription_state: (Only populated if MSC4306 is enabled)
    /// The thread subscription state corresponding to the thread containing this event.
    /// - `None` if the event is not in a thread, or if MSC4306 is disabled.
    /// - `Some(true)` if the event is in a thread and the user has a subscription for that thread
    /// - `Some(false)` if the event is in a thread and the user does NOT have a subscription for that thread
    #[pyo3(signature = (push_rules, user_id=None, display_name=None, msc4306_thread_subscription_state=None))]
    pub fn run(
        &self,
        push_rules: &FilteredPushRules,
        user_id: Option<&str>,
        display_name: Option<&str>,
        msc4306_thread_subscription_state: Option<bool>,
    ) -> Vec<Action> {
        'outer: for (push_rule, enabled) in push_rules.iter() {
            if !enabled {
@@ -217,12 +204,7 @@ impl PushRuleEvaluator {
                    Condition::Known(KnownCondition::RoomVersionSupports { feature: _ }),
                );
-                match self.match_condition(
+                match self.match_condition(condition, user_id, display_name) {
                    condition,
                    user_id,
                    display_name,
                    msc4306_thread_subscription_state,
                ) {
                    Ok(true) => {}
                    Ok(false) => continue 'outer,
                    Err(err) => {
@@ -255,20 +237,14 @@ impl PushRuleEvaluator {
    }
    /// Check if the given condition matches.
-    #[pyo3(signature = (condition, user_id=None, display_name=None, msc4306_thread_subscription_state=None))]
+    #[pyo3(signature = (condition, user_id=None, display_name=None))]
    fn matches(
        &self,
        condition: Condition,
        user_id: Option<&str>,
        display_name: Option<&str>,
        msc4306_thread_subscription_state: Option<bool>,
    ) -> bool {
-        match self.match_condition(
+        match self.match_condition(&condition, user_id, display_name) {
            &condition,
            user_id,
            display_name,
            msc4306_thread_subscription_state,
        ) {
            Ok(true) => true,
            Ok(false) => false,
            Err(err) => {
@@ -286,7 +262,6 @@ impl PushRuleEvaluator {
        condition: &Condition,
        user_id: Option<&str>,
        display_name: Option<&str>,
        msc4306_thread_subscription_state: Option<bool>,
    ) -> Result<bool, Error> {
        let known_condition = match condition {
            Condition::Known(known) => known,
@@ -418,13 +393,6 @@ impl PushRuleEvaluator {
                        && self.room_version_feature_flags.contains(&flag)
                }
            }
            KnownCondition::Msc4306ThreadSubscription { subscribed } => {
                if !self.msc4306_enabled {
                    false
                } else {
                    msc4306_thread_subscription_state == Some(*subscribed)
                }
            }
        };
        Ok(result)
@@ -568,11 +536,10 @@ fn push_rule_evaluator() {
        vec![],
        true,
        false,
        false,
    )
    .unwrap();
-    let result = evaluator.run(&FilteredPushRules::default(), None, Some("bob"), None);
+    let result = evaluator.run(&FilteredPushRules::default(), None, Some("bob"));
    assert_eq!(result.len(), 3);
 }
@@ -599,7 +566,6 @@ fn test_requires_room_version_supports_condition() {
        flags,
        true,
        false,
        false,
    )
    .unwrap();
@@ -609,7 +575,6 @@ fn test_requires_room_version_supports_condition() {
        &FilteredPushRules::default(),
        Some("@bob:example.org"),
        None,
        None,
    );
    assert_eq!(result.len(), 3);
@@ -628,17 +593,7 @@ fn test_requires_room_version_supports_condition() {
    };
    let rules = PushRules::new(vec![custom_rule]);
    result = evaluator.run(
-        &FilteredPushRules::py_new(
+        &FilteredPushRules::py_new(rules, BTreeMap::new(), true, false, true, false, false),
            rules,
            BTreeMap::new(),
            true,
            false,
            true,
            false,
            false,
            false,
        ),
        None,
        None,
        None,
    );
@@ -369,10 +369,6 @@ pub enum KnownCondition {
    RoomVersionSupports {
        feature: Cow<'static, str>,
    },
    #[serde(rename = "io.element.msc4306.thread_subscription")]
    Msc4306ThreadSubscription {
        subscribed: bool,
    },
 }
 impl<'source> IntoPyObject<'source> for Condition {
@@ -527,7 +523,6 @@ impl PushRules {
            .chain(base_rules::BASE_APPEND_OVERRIDE_RULES.iter())
            .chain(self.content.iter())
            .chain(base_rules::BASE_APPEND_CONTENT_RULES.iter())
            .chain(base_rules::BASE_APPEND_POSTCONTENT_RULES.iter())
            .chain(self.room.iter())
            .chain(self.sender.iter())
            .chain(self.underride.iter())
@@ -552,13 +547,11 @@ pub struct FilteredPushRules {
    msc3664_enabled: bool,
    msc4028_push_encrypted_events: bool,
    msc4210_enabled: bool,
    msc4306_enabled: bool,
 }
 #[pymethods]
 impl FilteredPushRules {
    #[new]
    #[allow(clippy::too_many_arguments)]
    pub fn py_new(
        push_rules: PushRules,
        enabled_map: BTreeMap<String, bool>,
@@ -567,7 +560,6 @@ impl FilteredPushRules {
        msc3664_enabled: bool,
        msc4028_push_encrypted_events: bool,
        msc4210_enabled: bool,
        msc4306_enabled: bool,
    ) -> Self {
        Self {
            push_rules,
@@ -577,7 +569,6 @@ impl FilteredPushRules {
            msc3664_enabled,
            msc4028_push_encrypted_events,
            msc4210_enabled,
            msc4306_enabled,
        }
    }
@@ -628,10 +619,6 @@ impl FilteredPushRules {
                    return false;
                }
                if !self.msc4306_enabled && rule.rule_id.contains("/.io.element.msc4306.rule.") {
                    return false;
                }
                true
            })
            .map(|r| {
@@ -1,5 +1,5 @@
 $schema: https://element-hq.github.io/synapse/latest/schema/v1/meta.schema.json
-$id: https://element-hq.github.io/synapse/schema/synapse/v1.140/synapse-config.schema.json
+$id: https://element-hq.github.io/synapse/schema/synapse/v1.134/synapse-config.schema.json
 type: object
 properties:
  modules:
@@ -629,70 +629,6 @@ properties:
        password: mypassword
        ssh_priv_key_path: CONFDIR/id_rsa
        ssh_pub_key_path: CONFDIR/id_rsa.pub
  http_proxy:
    type: ["string", "null"]
    description: >-
      Proxy server to use for HTTP requests.
      For more details, see the [forward proxy documentation](../../setup/forward_proxy.md).
    examples:
      - "http://USERNAME:PASSWORD@10.0.1.1:8080/"
  https_proxy:
    type: ["string", "null"]
    description: >-
      Proxy server to use for HTTPS requests.
      For more details, see the [forward proxy documentation](../../setup/forward_proxy.md).
    examples:
      - "http://USERNAME:PASSWORD@proxy.example.com:8080/"
  no_proxy_hosts:
    type: array
    description: >-
      List of hosts, IP addresses, or IP ranges in CIDR format which should not use the
      proxy. Synapse will directly connect to these hosts.
      For more details, see the [forward proxy documentation](../../setup/forward_proxy.md).
    examples:
      - - master.hostname.example.com
        - 10.1.0.0/16
        - 172.30.0.0/16
  matrix_authentication_service:
    type: object
    description: >-
      The `matrix_authentication_service` setting configures integration with
      [Matrix Authentication Service (MAS)](https://github.com/element-hq/matrix-authentication-service).
    properties:
      enabled:
        type: boolean
        description: >-
          Whether or not to enable the MAS integration. If this is set to
          `false`, Synapse will use its legacy internal authentication API.
        default: false
      endpoint:
        type: string
        format: uri
        description: >-
          The URL where Synapse can reach MAS. This *must* have the `discovery`
          and `oauth` resources mounted.
        default: http://localhost:8080
      secret:
        type: ["string", "null"]
        description: >-
          A shared secret that will be used to authenticate requests from and to MAS.
      secret_path:
        type: ["string", "null"]
        description: >-
          Alternative to `secret`, reading the shared secret from a file.
          The file should be a plain text file, containing only the secret.
          Synapse reads the secret from the given file once at startup.
    examples:
      - enabled: true
        secret: someverysecuresecret
        endpoint: http://localhost:8080
  dummy_events_threshold:
    type: integer
    description: >-
@@ -2243,8 +2179,9 @@ properties:
      with a short timeout, or restarting several different delayed events all
      at once) without the risk of being ratelimited.
    default:
-      per_second: 1.0
+      per_user:
-      burst_count: 5.0
+        per_second: 1.0
        burst_count: 5.0
    examples:
      - per_second: 2.0
        burst_count: 20.0
@@ -2259,21 +2196,12 @@ properties:
      Setting this to a high value allows users to report content quickly, possibly in
      duplicate. This can result in higher database usage.
    default:
-      per_second: 1.0
+      per_user:
-      burst_count: 5.0
+        per_second: 1.0
        burst_count: 5.0
    examples:
      - per_second: 2.0
        burst_count: 20.0
  rc_room_creation:
    $ref: "#/$defs/rc"
    description: >-
      Sets rate limits for how often users are able to create rooms.
    default:
      per_second: 0.016
      burst_count: 10.0
    examples:
      - per_second: 1.0
        burst_count: 5.0
  federation_rr_transactions_per_room_per_second:
    type: integer
    description: >-
@@ -2413,15 +2341,8 @@ properties:
      A list of media upload limits defining how much data a given user can
      upload in a given time period.
      These limits are applied in addition to the `max_upload_size` limit above
      (which applies to individual uploads).
      An empty list means no limits are applied.
      These settings can be overridden using the `get_media_upload_limits_for_user`
      module API [callback](../../modules/media_repository_callbacks.md#get_media_upload_limits_for_user).
    default: []
    items:
      time_period:
@@ -2884,35 +2805,6 @@ properties:
    default: true
    examples:
      - false
  matrix_rtc:
    type: object 
    description: >-
      Options related to MatrixRTC.
    properties:
      transports:
        type: array
        items:
          type: object
          required:
            - type
          properties:
            type:
              type: string
              description: The type of transport to use to connect to the selective forwarding unit (SFU).
              example: livekit
            livekit_service_url:
              type: string
              description: >-
                The base URL of the LiveKit service. Should only be used with LiveKit-based transports.
              example: https://matrix-rtc.example.com/livekit/jwt
        description:
          A list of transport types and arguments to use for MatrixRTC connections.
        default: []
    default: {}
    examples:
      - transports:
        - type: livekit
          livekit_service_url: https://matrix-rtc.example.com/livekit/jwt
  enable_registration:
    type: boolean
    description: >-
@@ -5218,7 +5110,7 @@ properties:
      "m.room.avatar": 50
-      "m.room.tombstone": 100 (150 if MSC4289 is used)
+      "m.room.tombstone": 100
      "m.room.server_acl": 100
@@ -5492,9 +5384,6 @@ properties:
      push_rules:
        type: string
        description: Name of a worker assigned to the `push_rules` stream.
      device_lists:
        type: string
        description: Name of a worker assigned to the `device_lists` stream.
    default: {}
    examples:
      - events: worker1
@@ -32,7 +32,7 @@ DISTS = (
    "debian:sid",  # (rolling distro, no EOL)
    "ubuntu:jammy",  # 22.04 LTS (EOL 2027-04) (our EOL forced by Python 3.10 is 2026-10-04)
    "ubuntu:noble",  # 24.04 LTS (EOL 2029-06)
-    "ubuntu:plucky",  # 25.04 (EOL 2026-01)
+    "ubuntu:oracular",  # 24.10 (EOL 2025-07)
    "debian:trixie",  # (EOL not specified yet)
 )
@@ -230,7 +230,6 @@ test_packages=(
    ./tests/msc3967
    ./tests/msc4140
    ./tests/msc4155
    ./tests/msc4306
 )
 # Enable dirty runs, so tests will reuse the same container where possible.
@@ -473,10 +473,6 @@ def section(prop: str, values: dict) -> str:
 def main() -> None:
    # For Windows: reconfigure the terminal to be UTF-8 for `print()` calls.
    if sys.platform == "win32":
        sys.stdout.reconfigure(encoding="utf-8")
    def usage(err_msg: str) -> int:
        script_name = (sys.argv[:1] or ["__main__.py"])[0]
        print(err_msg, file=sys.stderr)
@@ -489,10 +485,7 @@ def main() -> None:
            exit(usage("Too many arguments."))
        if not (filepath := (sys.argv[1:] or [""])[0]):
            exit(usage("No schema file provided."))
-        with open(filepath, "r", encoding="utf-8") as f:
+        with open(filepath) as f:
            # Note: Windows requires that we specify the encoding otherwise it uses
            # things like CP-1251, which can cause explosions.
            # See https://github.com/yaml/pyyaml/issues/123 for more info.
            return yaml.safe_load(f)
    schema = read_json_file_arg()
@@ -23,243 +23,28 @@
 can crop up, e.g the cache descriptors.
 """
-import enum
+from typing import Callable, Optional, Tuple, Type, Union
 from typing import Callable, Mapping, Optional, Tuple, Type, Union
 import attr
 import mypy.types
 from mypy.erasetype import remove_instance_last_known_values
 from mypy.errorcodes import ErrorCode
-from mypy.nodes import ARG_NAMED_OPT, ListExpr, NameExpr, TempNode, TupleExpr, Var
+from mypy.nodes import ARG_NAMED_OPT, TempNode, Var
-from mypy.plugin import (
+from mypy.plugin import FunctionSigContext, MethodSigContext, Plugin
    ClassDefContext,
    Context,
    FunctionLike,
    FunctionSigContext,
    MethodSigContext,
    MypyFile,
    Plugin,
 )
 from mypy.typeops import bind_self
 from mypy.types import (
    AnyType,
    CallableType,
    Instance,
    NoneType,
    Options,
    TupleType,
    TypeAliasType,
    TypeVarType,
    UninhabitedType,
    UnionType,
 )
 from mypy_zope import plugin as mypy_zope_plugin
 from pydantic.mypy import plugin as mypy_pydantic_plugin
 PROMETHEUS_METRIC_MISSING_SERVER_NAME_LABEL = ErrorCode(
    "missing-server-name-label",
    "`SERVER_NAME_LABEL` required in metric",
    category="per-homeserver-tenant-metrics",
 )
 PROMETHEUS_METRIC_MISSING_FROM_LIST_TO_CHECK = ErrorCode(
    "metric-type-missing-from-list",
    "Every Prometheus metric type must be included in the `prometheus_metric_fullname_to_label_arg_map`.",
    category="per-homeserver-tenant-metrics",
 )
 PREFER_SYNAPSE_CLOCK_CALL_LATER = ErrorCode(
    "call-later-not-tracked",
    "Prefer using `synapse.util.Clock.call_later` instead of `reactor.callLater`",
    category="synapse-reactor-clock",
 )
 PREFER_SYNAPSE_CLOCK_LOOPING_CALL = ErrorCode(
    "prefer-synapse-clock-looping-call",
    "Prefer using `synapse.util.Clock.looping_call` instead of `task.LoopingCall`",
    category="synapse-reactor-clock",
 )
 PREFER_SYNAPSE_CLOCK_CALL_WHEN_RUNNING = ErrorCode(
    "prefer-synapse-clock-call-when-running",
    "Prefer using `synapse.util.Clock.call_when_running` instead of `reactor.callWhenRunning`",
    category="synapse-reactor-clock",
 )
 PREFER_SYNAPSE_CLOCK_ADD_SYSTEM_EVENT_TRIGGER = ErrorCode(
    "prefer-synapse-clock-add-system-event-trigger",
    "Prefer using `synapse.util.Clock.add_system_event_trigger` instead of `reactor.addSystemEventTrigger`",
    category="synapse-reactor-clock",
 )
 MULTIPLE_INTERNAL_CLOCKS_CREATED = ErrorCode(
    "multiple-internal-clocks",
    "Only one instance of `clock.Clock` should be created",
    category="synapse-reactor-clock",
 )
 UNTRACKED_BACKGROUND_PROCESS = ErrorCode(
    "untracked-background-process",
    "Prefer using `HomeServer.run_as_background_process` method over the bare `run_as_background_process`",
    category="synapse-tracked-calls",
 )
 class Sentinel(enum.Enum):
    # defining a sentinel in this way allows mypy to correctly handle the
    # type of a dictionary lookup and subsequent type narrowing.
    UNSET_SENTINEL = object()
@attr.s(auto_attribs=True)
 class ArgLocation:
    keyword_name: str
    """
    The keyword argument name for this argument
    """
    position: int
    """
    The 0-based positional index of this argument
    """
 prometheus_metric_fullname_to_label_arg_map: Mapping[str, Optional[ArgLocation]] = {
    # `Collector` subclasses:
    "prometheus_client.metrics.MetricWrapperBase": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Counter": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Histogram": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Gauge": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Summary": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Info": ArgLocation("labelnames", 2),
    "prometheus_client.metrics.Enum": ArgLocation("labelnames", 2),
    "synapse.metrics.LaterGauge": ArgLocation("labelnames", 2),
    "synapse.metrics.InFlightGauge": ArgLocation("labels", 2),
    "synapse.metrics.GaugeBucketCollector": ArgLocation("labelnames", 2),
    "prometheus_client.registry.Collector": None,
    "prometheus_client.registry._EmptyCollector": None,
    "prometheus_client.registry.CollectorRegistry": None,
    "prometheus_client.process_collector.ProcessCollector": None,
    "prometheus_client.platform_collector.PlatformCollector": None,
    "prometheus_client.gc_collector.GCCollector": None,
    "synapse.metrics._gc.GCCounts": None,
    "synapse.metrics._gc.PyPyGCStats": None,
    "synapse.metrics._reactor_metrics.ReactorLastSeenMetric": None,
    "synapse.metrics.CPUMetrics": None,
    "synapse.metrics.jemalloc.JemallocCollector": None,
    "synapse.util.metrics.DynamicCollectorRegistry": None,
    "synapse.metrics.background_process_metrics._Collector": None,
    #
    # `Metric` subclasses:
    "prometheus_client.metrics_core.Metric": None,
    "prometheus_client.metrics_core.UnknownMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.CounterMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.GaugeMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.SummaryMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.InfoMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.HistogramMetricFamily": ArgLocation("labels", 3),
    "prometheus_client.metrics_core.GaugeHistogramMetricFamily": ArgLocation(
        "labels", 4
    ),
    "prometheus_client.metrics_core.StateSetMetricFamily": ArgLocation("labels", 3),
    "synapse.metrics.GaugeHistogramMetricFamilyWithLabels": ArgLocation(
        "labelnames", 4
    ),
 }
 """
 Map from the fullname of the Prometheus `Metric`/`Collector` classes to the keyword
 argument name and positional index of the label names. This map is useful because
 different metrics have different signatures for passing in label names and we just need
 to know where to look.
 This map should include any metrics that we collect with Prometheus. Which corresponds
 to anything that inherits from `prometheus_client.registry.Collector`
 (`synapse.metrics._types.Collector`) or `prometheus_client.metrics_core.Metric`. The
 exhaustiveness of this list is enforced by `analyze_prometheus_metric_classes`.
 The entries with `None` always fail the lint because they don't have a `labelnames`
 argument (therefore, no `SERVER_NAME_LABEL`), but we include them here so that people
 can notice and manually allow via a type ignore comment as the source of truth
 should be in the source code.
 """
 # Unbound at this point because we don't know the mypy version yet.
 # This is set in the `plugin(...)` function below.
 MypyPydanticPluginClass: Type[Plugin]
 MypyZopePluginClass: Type[Plugin]
 class SynapsePlugin(Plugin):
    def __init__(self, options: Options):
        super().__init__(options)
        self.mypy_pydantic_plugin = MypyPydanticPluginClass(options)
        self.mypy_zope_plugin = MypyZopePluginClass(options)
    def set_modules(self, modules: dict[str, MypyFile]) -> None:
        """
        This is called by mypy internals. We have to override this to ensure it's also
        called for any other plugins that we're manually handling.
        Here is how mypy describes it:
        > [`self._modules`] can't be set in `__init__` because it is executed too soon
        > in `build.py`. Therefore, `build.py` *must* set it later before graph processing
        > starts by calling `set_modules()`.
        """
        super().set_modules(modules)
        self.mypy_pydantic_plugin.set_modules(modules)
        self.mypy_zope_plugin.set_modules(modules)
    def get_base_class_hook(
        self, fullname: str
    ) -> Optional[Callable[[ClassDefContext], None]]:
        def _get_base_class_hook(ctx: ClassDefContext) -> None:
            # Run any `get_base_class_hook` checks from other plugins first.
            #
            # Unfortunately, because mypy only chooses the first plugin that returns a
            # non-None value (known-limitation, c.f.
            # https://github.com/python/mypy/issues/19524), we workaround this by
            # putting our custom plugin first in the plugin order and then calling the
            # other plugin's hook manually followed by our own checks.
            if callback := self.mypy_pydantic_plugin.get_base_class_hook(fullname):
                callback(ctx)
            if callback := self.mypy_zope_plugin.get_base_class_hook(fullname):
                callback(ctx)
            # Now run our own checks
            analyze_prometheus_metric_classes(ctx)
        return _get_base_class_hook
    def get_function_signature_hook(
        self, fullname: str
    ) -> Optional[Callable[[FunctionSigContext], FunctionLike]]:
        # Strip off the unique identifier for classes that are dynamically created inside
        # functions. ex. `synapse.metrics.jemalloc.JemallocCollector@185` (this is the line
        # number)
        if "@" in fullname:
            fullname = fullname.split("@", 1)[0]
        # Look for any Prometheus metrics to make sure they have the `SERVER_NAME_LABEL`
        # label.
        if fullname in prometheus_metric_fullname_to_label_arg_map.keys():
            # Because it's difficult to determine the `fullname` of the function in the
            # callback, let's just pass it in while we have it.
            return lambda ctx: check_prometheus_metric_instantiation(ctx, fullname)
        if fullname == "twisted.internet.task.LoopingCall":
            return check_looping_call
        if fullname == "synapse.util.clock.Clock":
            return check_clock_creation
        if (
            fullname
            == "synapse.metrics.background_process_metrics.run_as_background_process"
        ):
            return check_background_process
        return None
    def get_method_signature_hook(
        self, fullname: str
    ) -> Optional[Callable[[MethodSigContext], CallableType]]:
@@ -277,328 +62,9 @@ class SynapsePlugin(Plugin):
        ):
            return check_is_cacheable_wrapper
        if fullname in (
            "twisted.internet.interfaces.IReactorTime.callLater",
            "synapse.types.ISynapseThreadlessReactor.callLater",
            "synapse.types.ISynapseReactor.callLater",
        ):
            return check_call_later
        if fullname in (
            "twisted.internet.interfaces.IReactorCore.callWhenRunning",
            "synapse.types.ISynapseThreadlessReactor.callWhenRunning",
            "synapse.types.ISynapseReactor.callWhenRunning",
        ):
            return check_call_when_running
        if fullname in (
            "twisted.internet.interfaces.IReactorCore.addSystemEventTrigger",
            "synapse.types.ISynapseThreadlessReactor.addSystemEventTrigger",
            "synapse.types.ISynapseReactor.addSystemEventTrigger",
        ):
            return check_add_system_event_trigger
        return None
 def check_clock_creation(ctx: FunctionSigContext) -> CallableType:
    """
    Ensure that the only `clock.Clock` instance is the one used by the `HomeServer`.
    This is so that the `HomeServer` can cancel any tracked delayed or looping calls
    during server shutdown.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        "Expected the only `clock.Clock` instance to be the one used by the `HomeServer`. "
        "This is so that the `HomeServer` can cancel any tracked delayed or looping calls "
        "during server shutdown",
        ctx.context,
        code=MULTIPLE_INTERNAL_CLOCKS_CREATED,
    )
    return signature
 def check_call_later(ctx: MethodSigContext) -> CallableType:
    """
    Ensure that the `reactor.callLater` callsites aren't used.
    `synapse.util.Clock.call_later` should always be used instead of `reactor.callLater`.
    This is because the `synapse.util.Clock` tracks delayed calls in order to cancel any
    outstanding calls during server shutdown. Delayed calls which are either short lived
    (<~60s) or frequently called and can be tracked via other means could be candidates for
    using `synapse.util.Clock.call_later` with `call_later_cancel_on_shutdown` set to
    `False`. There shouldn't be a need to use `reactor.callLater` outside of tests or the
    `Clock` class itself. If a need arises, you can use a type ignore comment to disable the
    check, e.g. `# type: ignore[call-later-not-tracked]`.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        "Expected all `reactor.callLater` calls to use `synapse.util.Clock.call_later` "
        "instead. This is so that long lived calls can be tracked for cancellation during "
        "server shutdown",
        ctx.context,
        code=PREFER_SYNAPSE_CLOCK_CALL_LATER,
    )
    return signature
 def check_looping_call(ctx: FunctionSigContext) -> CallableType:
    """
    Ensure that the `task.LoopingCall` callsites aren't used.
    `synapse.util.Clock.looping_call` should always be used instead of `task.LoopingCall`.
    `synapse.util.Clock` tracks looping calls in order to cancel any outstanding calls
    during server shutdown.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        "Expected all `task.LoopingCall` instances to use `synapse.util.Clock.looping_call` "
        "instead. This is so that long lived calls can be tracked for cancellation during "
        "server shutdown",
        ctx.context,
        code=PREFER_SYNAPSE_CLOCK_LOOPING_CALL,
    )
    return signature
 def check_call_when_running(ctx: MethodSigContext) -> CallableType:
    """
    Ensure that the `reactor.callWhenRunning` callsites aren't used.
    `synapse.util.Clock.call_when_running` should always be used instead of
    `reactor.callWhenRunning`.
    Since `reactor.callWhenRunning` is a reactor callback, the callback will start out
    with the sentinel logcontext. `synapse.util.Clock` starts a default logcontext as we
    want to know which server the logs came from.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        (
            "Expected all `reactor.callWhenRunning` calls to use `synapse.util.Clock.call_when_running` instead. "
            "This is so all Synapse code runs with a logcontext as we want to know which server the logs came from."
        ),
        ctx.context,
        code=PREFER_SYNAPSE_CLOCK_CALL_WHEN_RUNNING,
    )
    return signature
 def check_add_system_event_trigger(ctx: MethodSigContext) -> CallableType:
    """
    Ensure that the `reactor.addSystemEventTrigger` callsites aren't used.
    `synapse.util.Clock.add_system_event_trigger` should always be used instead of
    `reactor.addSystemEventTrigger`.
    Since `reactor.addSystemEventTrigger` is a reactor callback, the callback will start out
    with the sentinel logcontext. `synapse.util.Clock` starts a default logcontext as we
    want to know which server the logs came from.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        (
            "Expected all `reactor.addSystemEventTrigger` calls to use `synapse.util.Clock.add_system_event_trigger` instead. "
            "This is so all Synapse code runs with a logcontext as we want to know which server the logs came from."
        ),
        ctx.context,
        code=PREFER_SYNAPSE_CLOCK_ADD_SYSTEM_EVENT_TRIGGER,
    )
    return signature
 def check_background_process(ctx: FunctionSigContext) -> CallableType:
    """
    Ensure that calls to `run_as_background_process` use the `HomeServer` method.
    This is so that the `HomeServer` can cancel any running background processes during
    server shutdown.
    Args:
        ctx: The `FunctionSigContext` from mypy.
    """
    signature: CallableType = ctx.default_signature
    ctx.api.fail(
        "Prefer using `HomeServer.run_as_background_process` method over the bare "
        "`run_as_background_process`. This is so that the `HomeServer` can cancel "
        "any background processes during server shutdown",
        ctx.context,
        code=UNTRACKED_BACKGROUND_PROCESS,
    )
    return signature
 def analyze_prometheus_metric_classes(ctx: ClassDefContext) -> None:
    """
    Cross-check the list of Prometheus metric classes against the
    `prometheus_metric_fullname_to_label_arg_map` to ensure the list is exhaustive and
    up-to-date.
    """
    fullname = ctx.cls.fullname
    # Strip off the unique identifier for classes that are dynamically created inside
    # functions. ex. `synapse.metrics.jemalloc.JemallocCollector@185` (this is the line
    # number)
    if "@" in fullname:
        fullname = fullname.split("@", 1)[0]
    if any(
        ancestor_type.fullname
        in (
            # All of the Prometheus metric classes inherit from the `Collector`.
            "prometheus_client.registry.Collector",
            "synapse.metrics._types.Collector",
            # And custom metrics that inherit from `Metric`.
            "prometheus_client.metrics_core.Metric",
        )
        for ancestor_type in ctx.cls.info.mro
    ):
        if fullname not in prometheus_metric_fullname_to_label_arg_map:
            ctx.api.fail(
                f"Expected {fullname} to be in `prometheus_metric_fullname_to_label_arg_map`, "
                f"but it was not found. This is a problem with our custom mypy plugin. "
                f"Please add it to the map.",
                Context(),
                code=PROMETHEUS_METRIC_MISSING_FROM_LIST_TO_CHECK,
            )
 def check_prometheus_metric_instantiation(
    ctx: FunctionSigContext, fullname: str
 ) -> CallableType:
    """
    Ensure that the `prometheus_client` metrics include the `SERVER_NAME_LABEL` label
    when instantiated.
    This is important because we support multiple Synapse instances running in the same
    process, where all metrics share a single global `REGISTRY`. The `server_name` label
    ensures metrics are correctly separated by homeserver.
    There are also some metrics that apply at the process level, such as CPU usage,
    Python garbage collection, and Twisted reactor tick time, which shouldn't have the
    `SERVER_NAME_LABEL`. In those cases, use a type ignore comment to disable the
    check, e.g. `# type: ignore[missing-server-name-label]`.
    Args:
        ctx: The `FunctionSigContext` from mypy.
        fullname: The fully qualified name of the function being called,
            e.g. `"prometheus_client.metrics.Counter"`
    """
    # The true signature, this isn't being modified so this is what will be returned.
    signature = ctx.default_signature
    # Find where the label names argument is in the function signature.
    arg_location = prometheus_metric_fullname_to_label_arg_map.get(
        fullname, Sentinel.UNSET_SENTINEL
    )
    assert arg_location is not Sentinel.UNSET_SENTINEL, (
        f"Expected to find {fullname} in `prometheus_metric_fullname_to_label_arg_map`, "
        f"but it was not found. This is a problem with our custom mypy plugin. "
        f"Please add it to the map. Context: {ctx.context}"
    )
    # People should be using `# type: ignore[missing-server-name-label]` for
    # process-level metrics that should not have the `SERVER_NAME_LABEL`.
    if arg_location is None:
        ctx.api.fail(
            f"{signature.name} does not have a `labelnames`/`labels` argument "
            "(if this is untrue, update `prometheus_metric_fullname_to_label_arg_map` "
            "in our custom mypy plugin) and should probably have a type ignore comment, "
            "e.g. `# type: ignore[missing-server-name-label]`. The reason we don't "
            "automatically ignore this is the source of truth should be in the source code.",
            ctx.context,
            code=PROMETHEUS_METRIC_MISSING_SERVER_NAME_LABEL,
        )
        return signature
    # Sanity check the arguments are still as expected in this version of
    # `prometheus_client`. ex. `Counter(name, documentation, labelnames, ...)`
    #
    # `signature.arg_names` should be: ["name", "documentation", "labelnames", ...]
    if (
        len(signature.arg_names) < (arg_location.position + 1)
        or signature.arg_names[arg_location.position] != arg_location.keyword_name
    ):
        ctx.api.fail(
            f"Expected argument number {arg_location.position + 1} of {signature.name} to be `labelnames`/`labels`, "
            f"but got {signature.arg_names[arg_location.position]}",
            ctx.context,
        )
        return signature
    # Ensure mypy is passing the correct number of arguments because we are doing some
    # dirty indexing into `ctx.args` later on.
    assert len(ctx.args) == len(signature.arg_names), (
        f"Expected the list of arguments in the {signature.name} signature ({len(signature.arg_names)})"
        f"to match the number of arguments from the function signature context ({len(ctx.args)})"
    )
    # Check if the `labelnames` argument includes `SERVER_NAME_LABEL`
    #
    # `ctx.args` should look like this:
    # ```
    # [
    #     [StrExpr("name")],
    #     [StrExpr("documentation")],
    #     [ListExpr([StrExpr("label1"), StrExpr("label2")])]
    #     ...
    # ]
    # ```
    labelnames_arg_expression = (
        ctx.args[arg_location.position][0]
        if len(ctx.args[arg_location.position]) > 0
        else None
    )
    if isinstance(labelnames_arg_expression, (ListExpr, TupleExpr)):
        # Check if the `labelnames` argument includes the `server_name` label (`SERVER_NAME_LABEL`).
        for labelname_expression in labelnames_arg_expression.items:
            if (
                isinstance(labelname_expression, NameExpr)
                and labelname_expression.fullname == "synapse.metrics.SERVER_NAME_LABEL"
            ):
                # Found the `SERVER_NAME_LABEL`, all good!
                break
        else:
            ctx.api.fail(
                f"Expected {signature.name} to include `SERVER_NAME_LABEL` in the list of labels. "
                "If this is a process-level metric (vs homeserver-level), use a type ignore comment "
                "to disable this check.",
                ctx.context,
                code=PROMETHEUS_METRIC_MISSING_SERVER_NAME_LABEL,
            )
    else:
        ctx.api.fail(
            f"Expected the `labelnames` argument of {signature.name} to be a list of label names "
            f"(including `SERVER_NAME_LABEL`), but got {labelnames_arg_expression}. "
            "If this is a process-level metric (vs homeserver-level), use a type ignore comment "
            "to disable this check.",
            ctx.context,
            code=PROMETHEUS_METRIC_MISSING_SERVER_NAME_LABEL,
        )
        return signature
    return signature
 def _get_true_return_type(signature: CallableType) -> mypy.types.Type:
    """
    Get the "final" return type of a callable which might return an Awaitable/Deferred.
@@ -906,13 +372,10 @@ def is_cacheable(
 def plugin(version: str) -> Type[SynapsePlugin]:
    global MypyPydanticPluginClass, MypyZopePluginClass
    # This is the entry point of the plugin, and lets us deal with the fact
    # that the mypy plugin interface is *not* stable by looking at the version
    # string.
    #
    # However, since we pin the version of mypy Synapse uses in CI, we don't
    # really care.
    MypyPydanticPluginClass = mypy_pydantic_plugin(version)
    MypyZopePluginClass = mypy_zope_plugin(version)
    return SynapsePlugin
@@ -639,16 +639,7 @@ def _notify(message: str) -> None:
@cli.command()
-# Although this option is not used, allow it anyways. Otherwise the user will
+def merge_back() -> None:
 # receive an error when providing it, which is annoying as other commands accept
 # it.
@click.option(
    "--gh-token",
    "_gh_token",
    envvar=["GH_TOKEN", "GITHUB_TOKEN"],
    required=False,
 )
 def merge_back(_gh_token: Optional[str]) -> None:
    _merge_back()
@@ -696,16 +687,7 @@ def _merge_back() -> None:
@cli.command()
-# Although this option is not used, allow it anyways. Otherwise the user will
+def announce() -> None:
 # receive an error when providing it, which is annoying as other commands accept
 # it.
@click.option(
    "--gh-token",
    "_gh_token",
    envvar=["GH_TOKEN", "GITHUB_TOKEN"],
    required=False,
 )
 def announce(_gh_token: Optional[str]) -> None:
    _announce()
@@ -30,7 +30,7 @@ from signedjson.sign import sign_json
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
 from synapse.crypto.event_signing import add_hashes_and_signatures
-from synapse.util.json import json_encoder
+from synapse.util import json_encoder
 def main() -> None:
@@ -45,6 +45,16 @@ if py_version < (3, 9):
 # Allow using the asyncio reactor via env var.
 if strtobool(os.environ.get("SYNAPSE_ASYNC_IO_REACTOR", "0")):
    from incremental import Version
    import twisted
    # We need a bugfix that is included in Twisted 21.2.0:
    # https://twistedmatrix.com/trac/ticket/9787
    if twisted.version < Version("Twisted", 21, 2, 0):
        print("Using asyncio reactor requires Twisted>=21.2.0")
        sys.exit(1)
    import asyncio
    from twisted.internet import asyncioreactor
@@ -34,11 +34,9 @@ HAS_PYDANTIC_V2: bool = Version(pydantic_version).major == 2
 if TYPE_CHECKING or HAS_PYDANTIC_V2:
    from pydantic.v1 import (
        AnyHttpUrl,
        BaseModel,
        Extra,
        Field,
        FilePath,
        MissingError,
        PydanticValueError,
        StrictBool,
@@ -50,18 +48,15 @@ if TYPE_CHECKING or HAS_PYDANTIC_V2:
        conint,
        constr,
        parse_obj_as,
        root_validator,
        validator,
    )
    from pydantic.v1.error_wrappers import ErrorWrapper
    from pydantic.v1.typing import get_args
 else:
    from pydantic import (
        AnyHttpUrl,
        BaseModel,
        Extra,
        Field,
        FilePath,
        MissingError,
        PydanticValueError,
        StrictBool,
@@ -73,7 +68,6 @@ else:
        conint,
        constr,
        parse_obj_as,
        root_validator,
        validator,
    )
    from pydantic.error_wrappers import ErrorWrapper
@@ -81,7 +75,6 @@ else:
 __all__ = (
    "HAS_PYDANTIC_V2",
    "AnyHttpUrl",
    "BaseModel",
    "constr",
    "conbytes",
@@ -90,7 +83,6 @@ __all__ = (
    "ErrorWrapper",
    "Extra",
    "Field",
    "FilePath",
    "get_args",
    "MissingError",
    "parse_obj_as",
@@ -100,5 +92,4 @@ __all__ = (
    "StrictStr",
    "ValidationError",
    "validator",
    "root_validator",
 )
@@ -153,18 +153,9 @@ def get_registered_paths_for_default(
    """
    hs = MockHomeserver(base_config, worker_app)
    # TODO We only do this to avoid an error, but don't need the database etc
    hs.setup()
-    registered_paths = get_registered_paths_for_hs(hs)
+    return get_registered_paths_for_hs(hs)
    # NOTE: a more robust implementation would properly shutdown/cleanup each server
    # to avoid resource buildup.
    # However, the call to `shutdown` is `async` so it would require additional complexity here.
    # We are intentionally skipping this cleanup because this is a short-lived, one-off
    # utility script where the simpler approach is sufficient and we shouldn't run into
    # any resource buildup issues.
    return registered_paths
 def elide_http_methods_if_unconflicting(
@@ -30,7 +30,6 @@ from typing import Any, Callable, Dict, Optional
 import requests
 import yaml
 from typing_extensions import Never
 _CONFLICTING_SHARED_SECRET_OPTS_ERROR = """\
 Conflicting options 'registration_shared_secret' and 'registration_shared_secret_path'
@@ -41,10 +40,6 @@ _NO_SHARED_SECRET_OPTS_ERROR = """\
 No 'registration_shared_secret' or 'registration_shared_secret_path' defined in config.
 """
 _EMPTY_SHARED_SECRET_PATH_OPTS_ERROR = """\
 The secret given via `registration_shared_secret_path` must not be empty.
 """
 _DEFAULT_SERVER_URL = "http://localhost:8008"
@@ -175,12 +170,6 @@ def register_new_user(
    )
 def bail(err_msg: str) -> Never:
    """Prints the given message to stderr and exits."""
    print(err_msg, file=sys.stderr)
    sys.exit(1)
 def main() -> None:
    logging.captureWarnings(True)
@@ -273,20 +262,15 @@ def main() -> None:
        assert config is not None
        secret = config.get("registration_shared_secret")
        if not isinstance(secret, (str, type(None))):
            bail("registration_shared_secret is not a string.")
        secret_file = config.get("registration_shared_secret_path")
-        if not isinstance(secret_file, (str, type(None))):
+        if secret_file:
-            bail("registration_shared_secret_path is not a string.")
+            if secret:
-
+                print(_CONFLICTING_SHARED_SECRET_OPTS_ERROR, file=sys.stderr)
-        if not secret and not secret_file:
+                sys.exit(1)
            bail(_NO_SHARED_SECRET_OPTS_ERROR)
        elif secret and secret_file:
            bail(_CONFLICTING_SHARED_SECRET_OPTS_ERROR)
        elif not secret and secret_file:
            secret = _read_file(secret_file, "registration_shared_secret_path").strip()
-            if not secret:
+        if not secret:
-                bail(_EMPTY_SHARED_SECRET_PATH_OPTS_ERROR)
+            print(_NO_SHARED_SECRET_OPTS_ERROR, file=sys.stderr)
            sys.exit(1)
    if args.password_file:
        password = _read_file(args.password_file, "password-file").strip()
@@ -29,21 +29,19 @@ import attr
 from synapse.config._base import (
    Config,
    ConfigError,
    RootConfig,
    find_config_files,
    read_config_files,
 )
 from synapse.config.database import DatabaseConfig
 from synapse.config.server import ServerConfig
 from synapse.storage.database import DatabasePool, LoggingTransaction, make_conn
 from synapse.storage.engines import create_engine
 class ReviewConfig(RootConfig):
-    "A config class that just pulls out the server and database config"
+    "A config class that just pulls out the database config"
-    config_classes = [ServerConfig, DatabaseConfig]
+    config_classes = [DatabaseConfig]
@attr.s(auto_attribs=True)
@@ -150,10 +148,6 @@ def main() -> None:
    config_dict = read_config_files(config_files)
    config.parse_config_dict(config_dict, "", "")
    server_name = config.server.server_name
    if not isinstance(server_name, str):
        raise ConfigError("Must be a string", ("server_name",))
    since_ms = time.time() * 1000 - Config.parse_duration(config_args.since)
    exclude_users_with_email = config_args.exclude_emails
    exclude_users_with_appservice = config_args.exclude_app_service
@@ -165,12 +159,7 @@ def main() -> None:
    engine = create_engine(database_config.config)
-    with make_conn(
+    with make_conn(database_config, engine, "review_recent_signups") as db_conn:
        db_config=database_config,
        engine=engine,
        default_txn_name="review_recent_signups",
        server_name=server_name,
    ) as db_conn:
        # This generates a type of Cursor, not LoggingTransaction.
        user_infos = get_recent_users(
            db_conn.cursor(),
@@ -54,11 +54,11 @@ from twisted.internet import defer, reactor as reactor_
 from synapse.config.database import DatabaseConnectionConfig
 from synapse.config.homeserver import HomeServerConfig
 from synapse.logging.context import (
    LoggingContext,
    make_deferred_yieldable,
    run_in_background,
 )
-from synapse.server import HomeServer
+from synapse.notifier import ReplicationNotifier
 from synapse.storage import DataStore
 from synapse.storage.database import DatabasePool, LoggingTransaction, make_conn
 from synapse.storage.databases.main import FilteringWorkerStore
 from synapse.storage.databases.main.account_data import AccountDataWorkerStore
@@ -98,6 +98,7 @@ from synapse.storage.databases.state.bg_updates import StateBackgroundUpdateStor
 from synapse.storage.engines import create_engine
 from synapse.storage.prepare_database import prepare_database
 from synapse.types import ISynapseReactor
 from synapse.util import SYNAPSE_VERSION, Clock
 # Cast safety: Twisted does some naughty magic which replaces the
 # twisted.internet.reactor module with a Reactor instance at runtime.
@@ -135,7 +136,6 @@ BOOLEAN_COLUMNS = {
        "has_known_state",
        "is_encrypted",
    ],
    "thread_subscriptions": ["subscribed", "automatic"],
    "users": ["shadow_banned", "approved", "locked", "suspended"],
    "un_partial_stated_event_stream": ["rejection_status_changed"],
    "users_who_share_rooms": ["share_private"],
@@ -190,18 +190,13 @@ APPEND_ONLY_TABLES = [
    "users",
 ]
 # These tables declare their id column with "PRIMARY KEY AUTOINCREMENT" on sqlite side
 # and with "PRIMARY KEY GENERATED ALWAYS AS IDENTITY" on postgres side. This creates an
 # implicit sequence that needs its value to be migrated separately. Additionally,
 # inserting on postgres side needs to use the "OVERRIDING SYSTEM VALUE" modifier.
 AUTOINCREMENT_TABLES = {
    "sliding_sync_connections",
    "sliding_sync_connection_positions",
    "sliding_sync_connection_required_state",
    "state_groups_pending_deletion",
 }
 IGNORED_TABLES = {
    # Porting the auto generated sequence in this table is non-trivial.
    # None of the entries in this list are mandatory for Synapse to keep working.
    # If state group disk space is an issue after the port, the
    # `mark_unreferenced_state_groups_for_deletion_bg_update` background task can be run again.
    "state_groups_pending_deletion",
    # We don't port these tables, as they're a faff and we can regenerate
    # them anyway.
    "user_directory",
@@ -289,17 +284,11 @@ class Store(
        return self.db_pool.runInteraction("execute_sql", r)
    def insert_many_txn(
-        self,
+        self, txn: LoggingTransaction, table: str, headers: List[str], rows: List[Tuple]
        txn: LoggingTransaction,
        table: str,
        headers: List[str],
        rows: List[Tuple],
        override_system_value: bool = False,
    ) -> None:
-        sql = "INSERT INTO %s (%s) %s VALUES (%s)" % (
+        sql = "INSERT INTO %s (%s) VALUES (%s)" % (
            table,
            ", ".join(k for k in headers),
            "OVERRIDING SYSTEM VALUE" if override_system_value else "",
            ", ".join("%s" for _ in headers),
        )
@@ -316,15 +305,27 @@ class Store(
        )
-class MockHomeserver(HomeServer):
+class MockHomeserver:
    DATASTORE_CLASS = DataStore
    def __init__(self, config: HomeServerConfig):
-        super().__init__(
+        self.clock = Clock(reactor)
-            hostname=config.server.server_name,
+        self.config = config
-            config=config,
+        self.hostname = config.server.server_name
-            reactor=reactor,
+        self.version_string = SYNAPSE_VERSION
-        )
+
    def get_clock(self) -> Clock:
        return self.clock
    def get_reactor(self) -> ISynapseReactor:
        return reactor
    def get_instance_name(self) -> str:
        return "master"
    def should_send_federation(self) -> bool:
        return False
    def get_replication_notifier(self) -> ReplicationNotifier:
        return ReplicationNotifier()
 class Porter:
@@ -333,12 +334,12 @@ class Porter:
        sqlite_config: Dict[str, Any],
        progress: "Progress",
        batch_size: int,
-        hs: HomeServer,
+        hs_config: HomeServerConfig,
    ):
        self.sqlite_config = sqlite_config
        self.progress = progress
        self.batch_size = batch_size
-        self.hs = hs
+        self.hs_config = hs_config
    async def setup_table(self, table: str) -> Tuple[str, int, int, int, int]:
        if table in APPEND_ONLY_TABLES:
@@ -531,13 +532,7 @@ class Porter:
                def insert(txn: LoggingTransaction) -> None:
                    assert headers is not None
-                    self.postgres_store.insert_many_txn(
+                    self.postgres_store.insert_many_txn(txn, table, headers[1:], rows)
                        txn,
                        table,
                        headers[1:],
                        rows,
                        override_system_value=table in AUTOINCREMENT_TABLES,
                    )
                    self.postgres_store.db_pool.simple_update_one_txn(
                        txn,
@@ -658,28 +653,15 @@ class Porter:
        engine = create_engine(db_config.config)
-        server_name = self.hs.hostname
+        hs = MockHomeserver(self.hs_config)
-        with make_conn(
+        with make_conn(db_config, engine, "portdb") as db_conn:
            db_config=db_config,
            engine=engine,
            default_txn_name="portdb",
            server_name=server_name,
        ) as db_conn:
            engine.check_database(
                db_conn, allow_outdated_version=allow_outdated_version
            )
-            prepare_database(db_conn, engine, config=self.hs.config)
+            prepare_database(db_conn, engine, config=self.hs_config)
            # Type safety: ignore that we're using Mock homeservers here.
-            store = Store(
+            store = Store(DatabasePool(hs, db_config, engine), db_conn, hs)  # type: ignore[arg-type]
                DatabasePool(
                    self.hs,
                    db_config,
                    engine,
                ),
                db_conn,
                self.hs,
            )
            db_conn.commit()
        return store
@@ -776,7 +758,7 @@ class Porter:
                return
            self.postgres_store = self.build_db_store(
-                self.hs.config.database.get_single_database()
+                self.hs_config.database.get_single_database()
            )
            await self.remove_ignored_background_updates_from_database()
@@ -902,19 +884,6 @@ class Porter:
                ],
            )
            await self._setup_autoincrement_sequence(
                "sliding_sync_connection_positions", "connection_position"
            )
            await self._setup_autoincrement_sequence(
                "sliding_sync_connection_required_state", "required_state_id"
            )
            await self._setup_autoincrement_sequence(
                "sliding_sync_connections", "connection_key"
            )
            await self._setup_autoincrement_sequence(
                "state_groups_pending_deletion", "sequence_number"
            )
            # Step 3. Get tables.
            self.progress.set_state("Fetching tables")
            sqlite_tables = await self.sqlite_store.db_pool.simple_select_onecol(
@@ -1247,49 +1216,6 @@ class Porter:
            "_setup_%s" % (sequence_name,), r
        )
    async def _setup_autoincrement_sequence(
        self,
        sqlite_table_name: str,
        sqlite_id_column_name: str,
    ) -> None:
        """Set a sequence to the correct value. Use where id column was declared with PRIMARY KEY AUTOINCREMENT."""
        seq_name = await self._pg_get_serial_sequence(
            sqlite_table_name, sqlite_id_column_name
        )
        if seq_name is None:
            raise Exception(
                "implicit sequence not found for table " + sqlite_table_name
            )
        seq_value = await self.sqlite_store.db_pool.simple_select_one_onecol(
            table="sqlite_sequence",
            keyvalues={"name": sqlite_table_name},
            retcol="seq",
            allow_none=True,
        )
        if seq_value is None:
            return
        def r(txn: LoggingTransaction) -> None:
            sql = "ALTER SEQUENCE %s RESTART WITH" % (seq_name,)
            txn.execute(sql + " %s", (seq_value + 1,))
        await self.postgres_store.db_pool.runInteraction("_setup_%s" % (seq_name,), r)
    async def _pg_get_serial_sequence(self, table: str, column: str) -> Optional[str]:
        """Returns the name of the postgres sequence associated with a column, or NULL."""
        def r(txn: LoggingTransaction) -> Optional[str]:
            txn.execute("SELECT pg_get_serial_sequence('%s', '%s')" % (table, column))
            result = txn.fetchone()
            if not result:
                return None
            return result[0]
        return await self.postgres_store.db_pool.runInteraction(
            "_pg_get_serial_sequence", r
        )
    async def _setup_auth_chain_sequence(self) -> None:
        curr_chain_id: Optional[
            int
@@ -1565,8 +1491,6 @@ def main() -> None:
    config = HomeServerConfig()
    config.parse_config_dict(hs_config, "", "")
    hs = MockHomeserver(config)
    def start(stdscr: Optional["curses.window"] = None) -> None:
        progress: Progress
        if stdscr:
@@ -1578,14 +1502,15 @@ def main() -> None:
            sqlite_config=sqlite_config,
            progress=progress,
            batch_size=args.batch_size,
-            hs=hs,
+            hs_config=config,
        )
        @defer.inlineCallbacks
        def run() -> Generator["defer.Deferred[Any]", Any, None]:
-            yield defer.ensureDeferred(porter.run())
+            with LoggingContext("synapse_port_db_run"):
                yield defer.ensureDeferred(porter.run())
-        hs.get_clock().call_when_running(run)
+        reactor.callWhenRunning(run)
        reactor.run()
@@ -28,9 +28,11 @@ import yaml
 from twisted.internet import defer, reactor as reactor_
 from synapse.config.homeserver import HomeServerConfig
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.server import HomeServer
 from synapse.storage import DataStore
 from synapse.types import ISynapseReactor
 from synapse.util import SYNAPSE_VERSION
 # Cast safety: Twisted does some naughty magic which replaces the
 # twisted.internet.reactor module with a Reactor instance at runtime.
@@ -46,6 +48,7 @@ class MockHomeserver(HomeServer):
            hostname=config.server.server_name,
            config=config,
            reactor=reactor,
            version_string=f"Synapse/{SYNAPSE_VERSION}",
        )
@@ -63,13 +66,10 @@ def run_background_updates(hs: HomeServer) -> None:
    def run() -> None:
        # Apply all background updates on the database.
        defer.ensureDeferred(
-            hs.run_as_background_process(
+            run_as_background_process("background_updates", run_background_updates)
                "background_updates",
                run_background_updates,
            )
        )
-    hs.get_clock().call_when_running(run)
+    reactor.callWhenRunning(run)
    reactor.run()
@@ -115,13 +115,6 @@ def main() -> None:
    # DB.
    hs.setup()
    # This will cause all of the relevant storage classes to be instantiated and call
    # `register_background_update_handler(...)`,
    # `register_background_index_update(...)`,
    # `register_background_validate_constraint(...)`, etc so they are available to use
    # if we are asked to run those background updates.
    hs.get_storage_controllers()
    if args.run_background_updates:
        run_background_updates(hs)
@@ -20,13 +20,10 @@
 #
 from typing import TYPE_CHECKING, Optional, Protocol, Tuple
 from prometheus_client import Histogram
 from twisted.web.server import Request
 from synapse.appservice import ApplicationService
 from synapse.http.site import SynapseRequest
 from synapse.metrics import SERVER_NAME_LABEL
 from synapse.types import Requester
 if TYPE_CHECKING:
@@ -36,13 +33,6 @@ if TYPE_CHECKING:
 GUEST_DEVICE_ID = "guest_device"
 introspection_response_timer = Histogram(
    "synapse_api_auth_delegated_introspection_response",
    "Time taken to get a response for an introspection request",
    labelnames=["code", SERVER_NAME_LABEL],
 )
 class Auth(Protocol):
    """The interface that an auth provider must implement."""
@@ -172,7 +172,7 @@ class BaseAuth:
        """
        # It's ok if the app service is trying to use the sender from their registration
-        if app_service.sender.to_string() == user_id:
+        if app_service.sender == user_id:
            pass
        # Check to make sure the app service is allowed to control the user
        elif not app_service.is_interested_in_user(user_id):
@@ -354,10 +354,12 @@ class BaseAuth:
                effective_user_id, effective_device_id
            )
            if device_opt is None:
                # For now, use 400 M_EXCLUSIVE if the device doesn't exist.
                # This is an open thread of discussion on MSC3202 as of 2021-12-09.
                raise AuthError(
                    400,
                    f"Application service trying to use a device that doesn't exist ('{effective_device_id}' for {effective_user_id})",
-                    Codes.UNKNOWN_DEVICE,
+                    Codes.EXCLUSIVE,
                )
        return create_requester(
@@ -296,4 +296,4 @@ class InternalAuth(BaseAuth):
        Returns:
            True if the user is an admin
        """
-        return await self.store.is_server_admin(requester.user.to_string())
+        return await self.store.is_server_admin(requester.user)
@@ -1,436 +0,0 @@
 #
 # This file is licensed under the Affero General Public License (AGPL) version 3.
 #
 # Copyright (C) 2025 New Vector, Ltd
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
 # published by the Free Software Foundation, either version 3 of the
 # License, or (at your option) any later version.
 #
 # See the GNU Affero General Public License for more details:
 # <https://www.gnu.org/licenses/agpl-3.0.html>.
 #
 #
 import logging
 from typing import TYPE_CHECKING, Optional, Set
 from urllib.parse import urlencode
 from synapse._pydantic_compat import (
    BaseModel,
    Extra,
    StrictBool,
    StrictInt,
    StrictStr,
    ValidationError,
 )
 from synapse.api.auth.base import BaseAuth
 from synapse.api.errors import (
    AuthError,
    HttpResponseException,
    InvalidClientTokenError,
    SynapseError,
    UnrecognizedRequestError,
 )
 from synapse.http.site import SynapseRequest
 from synapse.logging.opentracing import (
    active_span,
    force_tracing,
    inject_request_headers,
    start_active_span,
 )
 from synapse.metrics import SERVER_NAME_LABEL
 from synapse.synapse_rust.http_client import HttpClient
 from synapse.types import JsonDict, Requester, UserID, create_requester
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
 from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
 from synapse.util.json import json_decoder
 from . import introspection_response_timer
 if TYPE_CHECKING:
    from synapse.rest.admin.experimental_features import ExperimentalFeature
    from synapse.server import HomeServer
 logger = logging.getLogger(__name__)
 # Scope as defined by MSC2967
 # https://github.com/matrix-org/matrix-spec-proposals/pull/2967
 UNSTABLE_SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
 UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:org.matrix.msc2967.client:device:"
 STABLE_SCOPE_MATRIX_API = "urn:matrix:client:api:*"
 STABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:client:device:"
 class ServerMetadata(BaseModel):
    class Config:
        extra = Extra.allow
    issuer: StrictStr
    account_management_uri: StrictStr
 class IntrospectionResponse(BaseModel):
    retrieved_at_ms: StrictInt
    active: StrictBool
    scope: Optional[StrictStr]
    username: Optional[StrictStr]
    sub: Optional[StrictStr]
    device_id: Optional[StrictStr]
    expires_in: Optional[StrictInt]
    class Config:
        extra = Extra.allow
    def get_scope_set(self) -> set[str]:
        if not self.scope:
            return set()
        return {token for token in self.scope.split(" ") if token}
    def is_active(self, now_ms: int) -> bool:
        if not self.active:
            return False
        # Compatibility tokens don't expire and don't have an 'expires_in' field
        if self.expires_in is None:
            return True
        absolute_expiry_ms = self.expires_in * 1000 + self.retrieved_at_ms
        return now_ms < absolute_expiry_ms
 class MasDelegatedAuth(BaseAuth):
    def __init__(self, hs: "HomeServer"):
        super().__init__(hs)
        self.server_name = hs.hostname
        self._clock = hs.get_clock()
        self._config = hs.config.mas
        self._http_client = hs.get_proxied_http_client()
        self._rust_http_client = HttpClient(
            reactor=hs.get_reactor(),
            user_agent=self._http_client.user_agent.decode("utf8"),
        )
        self._server_metadata = RetryOnExceptionCachedCall[ServerMetadata](
            self._load_metadata
        )
        self._force_tracing_for_users = hs.config.tracing.force_tracing_for_users
        # # Token Introspection Cache
        # This remembers what users/devices are represented by which access tokens,
        # in order to reduce overall system load:
        # - on Synapse (as requests are relatively expensive)
        # - on the network
        # - on MAS
        #
        # Since there is no invalidation mechanism currently,
        # the entries expire after 2 minutes.
        # This does mean tokens can be treated as valid by Synapse
        # for longer than reality.
        #
        # Ideally, tokens should logically be invalidated in the following circumstances:
        # - If a session logout happens.
        #   In this case, MAS will delete the device within Synapse
        #   anyway and this is good enough as an invalidation.
        # - If the client refreshes their token in MAS.
        #   In this case, the device still exists and it's not the end of the world for
        #   the old access token to continue working for a short time.
        self._introspection_cache: ResponseCache[str] = ResponseCache(
            clock=self._clock,
            name="mas_token_introspection",
            server_name=self.server_name,
            timeout_ms=120_000,
            # don't log because the keys are access tokens
            enable_logging=False,
        )
    @property
    def _metadata_url(self) -> str:
        return f"{self._config.endpoint.rstrip('/')}/.well-known/openid-configuration"
    @property
    def _introspection_endpoint(self) -> str:
        return f"{self._config.endpoint.rstrip('/')}/oauth2/introspect"
    async def _load_metadata(self) -> ServerMetadata:
        response = await self._http_client.get_json(self._metadata_url)
        metadata = ServerMetadata(**response)
        return metadata
    async def issuer(self) -> str:
        metadata = await self._server_metadata.get()
        return metadata.issuer
    async def account_management_url(self) -> str:
        metadata = await self._server_metadata.get()
        return metadata.account_management_uri
    async def auth_metadata(self) -> JsonDict:
        metadata = await self._server_metadata.get()
        return metadata.dict()
    def is_request_using_the_shared_secret(self, request: SynapseRequest) -> bool:
        """
        Check if the request is using the shared secret.
        Args:
            request: The request to check.
        Returns:
            True if the request is using the shared secret, False otherwise.
        """
        access_token = self.get_access_token_from_request(request)
        shared_secret = self._config.secret()
        if not shared_secret:
            return False
        return access_token == shared_secret
    async def _introspect_token(
        self, token: str, cache_context: ResponseCacheContext[str]
    ) -> IntrospectionResponse:
        """
        Send a token to the introspection endpoint and returns the introspection response
        Parameters:
            token: The token to introspect
        Raises:
            HttpResponseException: If the introspection endpoint returns a non-2xx response
            ValueError: If the introspection endpoint returns an invalid JSON response
            JSONDecodeError: If the introspection endpoint returns a non-JSON response
            Exception: If the HTTP request fails
        Returns:
            The introspection response
        """
        # By default, we shouldn't cache the result unless we know it's valid
        cache_context.should_cache = False
        raw_headers: dict[str, str] = {
            "Content-Type": "application/x-www-form-urlencoded",
            "Accept": "application/json",
            "Authorization": f"Bearer {self._config.secret()}",
            # Tell MAS that we support reading the device ID as an explicit
            # value, not encoded in the scope. This is supported by MAS 0.15+
            "X-MAS-Supports-Device-Id": "1",
        }
        args = {"token": token, "token_type_hint": "access_token"}
        body = urlencode(args, True)
        # Do the actual request
        logger.debug("Fetching token from MAS")
        start_time = self._clock.time()
        try:
            with start_active_span("mas-introspect-token"):
                inject_request_headers(raw_headers)
                resp_body = await self._rust_http_client.post(
                    url=self._introspection_endpoint,
                    response_limit=1 * 1024 * 1024,
                    headers=raw_headers,
                    request_body=body,
                )
        except HttpResponseException as e:
            end_time = self._clock.time()
            introspection_response_timer.labels(
                code=e.code, **{SERVER_NAME_LABEL: self.server_name}
            ).observe(end_time - start_time)
            raise
        except Exception:
            end_time = self._clock.time()
            introspection_response_timer.labels(
                code="ERR", **{SERVER_NAME_LABEL: self.server_name}
            ).observe(end_time - start_time)
            raise
        logger.debug("Fetched token from MAS")
        end_time = self._clock.time()
        introspection_response_timer.labels(
            code=200, **{SERVER_NAME_LABEL: self.server_name}
        ).observe(end_time - start_time)
        raw_response = json_decoder.decode(resp_body.decode("utf-8"))
        try:
            response = IntrospectionResponse(
                retrieved_at_ms=self._clock.time_msec(),
                **raw_response,
            )
        except ValidationError as e:
            raise ValueError(
                "The introspection endpoint returned an invalid JSON response"
            ) from e
        # We had a valid response, so we can cache it
        cache_context.should_cache = True
        return response
    async def is_server_admin(self, requester: Requester) -> bool:
        return "urn:synapse:admin:*" in requester.scope
    async def get_user_by_req(
        self,
        request: SynapseRequest,
        allow_guest: bool = False,
        allow_expired: bool = False,
        allow_locked: bool = False,
    ) -> Requester:
        parent_span = active_span()
        with start_active_span("get_user_by_req"):
            access_token = self.get_access_token_from_request(request)
            requester = await self.get_appservice_user(request, access_token)
            if not requester:
                requester = await self.get_user_by_access_token(
                    token=access_token,
                    allow_expired=allow_expired,
                )
            await self._record_request(request, requester)
            request.requester = requester
            if parent_span:
                if requester.authenticated_entity in self._force_tracing_for_users:
                    # request tracing is enabled for this user, so we need to force it
                    # tracing on for the parent span (which will be the servlet span).
                    #
                    # It's too late for the get_user_by_req span to inherit the setting,
                    # so we also force it on for that.
                    force_tracing()
                    force_tracing(parent_span)
                parent_span.set_tag(
                    "authenticated_entity", requester.authenticated_entity
                )
                parent_span.set_tag("user_id", requester.user.to_string())
                if requester.device_id is not None:
                    parent_span.set_tag("device_id", requester.device_id)
                if requester.app_service is not None:
                    parent_span.set_tag("appservice_id", requester.app_service.id)
            return requester
    async def get_user_by_access_token(
        self,
        token: str,
        allow_expired: bool = False,
    ) -> Requester:
        try:
            introspection_result = await self._introspection_cache.wrap(
                token, self._introspect_token, token, cache_context=True
            )
        except Exception:
            logger.exception("Failed to introspect token")
            raise SynapseError(503, "Unable to introspect the access token")
        logger.debug("Introspection result: %r", introspection_result)
        if not introspection_result.is_active(self._clock.time_msec()):
            raise InvalidClientTokenError("Token is not active")
        # Let's look at the scope
        scope = introspection_result.get_scope_set()
        # Determine type of user based on presence of particular scopes
        if (
            UNSTABLE_SCOPE_MATRIX_API not in scope
            and STABLE_SCOPE_MATRIX_API not in scope
        ):
            raise InvalidClientTokenError(
                "Token doesn't grant access to the Matrix C-S API"
            )
        if introspection_result.username is None:
            raise AuthError(
                500,
                "Invalid username claim in the introspection result",
            )
        user_id = UserID(
            localpart=introspection_result.username,
            domain=self.server_name,
        )
        # Try to find a user from the username claim
        user_info = await self.store.get_user_by_id(user_id=user_id.to_string())
        if user_info is None:
            raise AuthError(
                500,
                "User not found",
            )
        # MAS will give us the device ID as an explicit value for *compatibility* sessions
        # If present, we get it from here, if not we get it in the scope for next-gen sessions
        device_id = introspection_result.device_id
        if device_id is None:
            # Find device_ids in scope
            # We only allow a single device_id in the scope, so we find them all in the
            # scope list, and raise if there are more than one. The OIDC server should be
            # the one enforcing valid scopes, so we raise a 500 if we find an invalid scope.
            device_ids: Set[str] = set()
            for tok in scope:
                if tok.startswith(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX):
                    device_ids.add(tok[len(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
                elif tok.startswith(STABLE_SCOPE_MATRIX_DEVICE_PREFIX):
                    device_ids.add(tok[len(STABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
            if len(device_ids) > 1:
                raise AuthError(
                    500,
                    "Multiple device IDs in scope",
                )
            device_id = next(iter(device_ids), None)
        if device_id is not None:
            # Sanity check the device_id
            if len(device_id) > 255 or len(device_id) < 1:
                raise AuthError(
                    500,
                    "Invalid device ID in introspection result",
                )
            # Make sure the device exists. This helps with introspection cache
            # invalidation: if we log out, the device gets deleted by MAS
            device = await self.store.get_device(
                user_id=user_id.to_string(),
                device_id=device_id,
            )
            if device is None:
                # Invalidate the introspection cache, the device was deleted
                self._introspection_cache.unset(token)
                raise InvalidClientTokenError("Token is not active")
        return create_requester(
            user_id=user_id,
            device_id=device_id,
            scope=scope,
        )
    async def get_user_by_req_experimental_feature(
        self,
        request: SynapseRequest,
        feature: "ExperimentalFeature",
        allow_guest: bool = False,
        allow_expired: bool = False,
        allow_locked: bool = False,
    ) -> Requester:
        try:
            requester = await self.get_user_by_req(
                request,
                allow_guest=allow_guest,
                allow_expired=allow_expired,
                allow_locked=allow_locked,
            )
            if await self.store.is_feature_enabled(requester.user.to_string(), feature):
                return requester
            raise UnrecognizedRequestError(code=404)
        except (AuthError, InvalidClientTokenError):
            if feature.is_globally_enabled(self.hs.config):
                # If its globally enabled then return the auth error
                raise
            raise UnrecognizedRequestError(code=404)
@@ -20,7 +20,7 @@
 #
 import logging
 from dataclasses import dataclass
-from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional, Set
+from typing import TYPE_CHECKING, Any, Callable, Dict, List, Optional
 from urllib.parse import urlencode
 from authlib.oauth2 import ClientAuth
@@ -28,30 +28,30 @@ from authlib.oauth2.auth import encode_client_secret_basic, encode_client_secret
 from authlib.oauth2.rfc7523 import ClientSecretJWT, PrivateKeyJWT, private_key_jwt_sign
 from authlib.oauth2.rfc7662 import IntrospectionToken
 from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
 from prometheus_client import Histogram
 from synapse.api.auth.base import BaseAuth
 from synapse.api.errors import (
    AuthError,
    HttpResponseException,
    InvalidClientTokenError,
    OAuthInsufficientScopeError,
    SynapseError,
    UnrecognizedRequestError,
 )
 from synapse.http.site import SynapseRequest
 from synapse.logging.context import PreserveLoggingContext
 from synapse.logging.opentracing import (
    active_span,
    force_tracing,
    inject_request_headers,
    start_active_span,
 )
 from synapse.metrics import SERVER_NAME_LABEL
 from synapse.synapse_rust.http_client import HttpClient
 from synapse.types import Requester, UserID, create_requester
 from synapse.util import json_decoder
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
 from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
 from synapse.util.json import json_decoder
 from . import introspection_response_timer
 if TYPE_CHECKING:
    from synapse.rest.admin.experimental_features import ExperimentalFeature
@@ -59,12 +59,18 @@ if TYPE_CHECKING:
 logger = logging.getLogger(__name__)
 introspection_response_timer = Histogram(
    "synapse_api_auth_delegated_introspection_response",
    "Time taken to get a response for an introspection request",
    ["code"],
 )
 # Scope as defined by MSC2967
 # https://github.com/matrix-org/matrix-spec-proposals/pull/2967
-UNSTABLE_SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
+SCOPE_MATRIX_API = "urn:matrix:org.matrix.msc2967.client:api:*"
-UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:org.matrix.msc2967.client:device:"
+SCOPE_MATRIX_GUEST = "urn:matrix:org.matrix.msc2967.client:api:guest"
-STABLE_SCOPE_MATRIX_API = "urn:matrix:client:api:*"
+SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:org.matrix.msc2967.client:device:"
 STABLE_SCOPE_MATRIX_DEVICE_PREFIX = "urn:matrix:client:device:"
 # Scope which allows access to the Synapse admin API
 SCOPE_SYNAPSE_ADMIN = "urn:synapse:admin:*"
@@ -170,7 +176,6 @@ class MSC3861DelegatedAuth(BaseAuth):
        assert self._config.client_id, "No client_id provided"
        assert auth_method is not None, "Invalid client_auth_method provided"
        self.server_name = hs.hostname
        self._clock = hs.get_clock()
        self._http_client = hs.get_proxied_http_client()
        self._hostname = hs.hostname
@@ -178,8 +183,7 @@ class MSC3861DelegatedAuth(BaseAuth):
        self._force_tracing_for_users = hs.config.tracing.force_tracing_for_users
        self._rust_http_client = HttpClient(
-            reactor=hs.get_reactor(),
+            user_agent=self._http_client.user_agent.decode("utf8")
            user_agent=self._http_client.user_agent.decode("utf8"),
        )
        # # Token Introspection Cache
@@ -202,9 +206,8 @@ class MSC3861DelegatedAuth(BaseAuth):
        #   In this case, the device still exists and it's not the end of the world for
        #   the old access token to continue working for a short time.
        self._introspection_cache: ResponseCache[str] = ResponseCache(
-            clock=self._clock,
+            self._clock,
-            name="token_introspection",
+            "token_introspection",
            server_name=self.server_name,
            timeout_ms=120_000,
            # don't log because the keys are access tokens
            enable_logging=False,
@@ -326,31 +329,26 @@ class MSC3861DelegatedAuth(BaseAuth):
        try:
            with start_active_span("mas-introspect-token"):
                inject_request_headers(raw_headers)
-                resp_body = await self._rust_http_client.post(
+                with PreserveLoggingContext():
-                    url=uri,
+                    resp_body = await self._rust_http_client.post(
-                    response_limit=1 * 1024 * 1024,
+                        url=uri,
-                    headers=raw_headers,
+                        response_limit=1 * 1024 * 1024,
-                    request_body=body,
+                        headers=raw_headers,
-                )
+                        request_body=body,
                    )
        except HttpResponseException as e:
            end_time = self._clock.time()
-            introspection_response_timer.labels(
+            introspection_response_timer.labels(e.code).observe(end_time - start_time)
                code=e.code, **{SERVER_NAME_LABEL: self.server_name}
            ).observe(end_time - start_time)
            raise
        except Exception:
            end_time = self._clock.time()
-            introspection_response_timer.labels(
+            introspection_response_timer.labels("ERR").observe(end_time - start_time)
                code="ERR", **{SERVER_NAME_LABEL: self.server_name}
            ).observe(end_time - start_time)
            raise
        logger.debug("Fetched token from MAS")
        end_time = self._clock.time()
-        introspection_response_timer.labels(
+        introspection_response_timer.labels(200).observe(end_time - start_time)
            code=200, **{SERVER_NAME_LABEL: self.server_name}
        ).observe(end_time - start_time)
        resp = json_decoder.decode(resp_body.decode("utf-8"))
@@ -368,12 +366,6 @@ class MSC3861DelegatedAuth(BaseAuth):
    async def is_server_admin(self, requester: Requester) -> bool:
        return "urn:synapse:admin:*" in requester.scope
    def _is_access_token_the_admin_token(self, token: str) -> bool:
        admin_token = self._admin_token()
        if admin_token is None:
            return False
        return token == admin_token
    async def get_user_by_req(
        self,
        request: SynapseRequest,
@@ -439,9 +431,12 @@ class MSC3861DelegatedAuth(BaseAuth):
            requester = await self.get_user_by_access_token(access_token, allow_expired)
        # Do not record requests from MAS using the virtual `__oidc_admin` user.
-        if not self._is_access_token_the_admin_token(access_token):
+        if access_token != self._admin_token():
            await self._record_request(request, requester)
        if not allow_guest and requester.is_guest:
            raise OAuthInsufficientScopeError([SCOPE_MATRIX_API])
        request.requester = requester
        return requester
@@ -472,29 +467,17 @@ class MSC3861DelegatedAuth(BaseAuth):
            raise UnrecognizedRequestError(code=404)
    def is_request_using_the_admin_token(self, request: SynapseRequest) -> bool:
        """
        Check if the request is using the admin token.
        Args:
            request: The request to check.
        Returns:
            True if the request is using the admin token, False otherwise.
        """
        access_token = self.get_access_token_from_request(request)
        return self._is_access_token_the_admin_token(access_token)
    async def get_user_by_access_token(
        self,
        token: str,
        allow_expired: bool = False,
    ) -> Requester:
-        if self._is_access_token_the_admin_token(token):
+        admin_token = self._admin_token()
        if admin_token is not None and token == admin_token:
            # XXX: This is a temporary solution so that the admin API can be called by
            # the OIDC provider. This will be removed once we have OIDC client
            # credentials grant support in matrix-authentication-service.
-            logger.info("Admin token used")
+            logger.info("Admin toked used")
            # XXX: that user doesn't exist and won't be provisioned.
            # This is mostly fine for admin calls, but we should also think about doing
            # requesters without a user_id.
@@ -523,11 +506,10 @@ class MSC3861DelegatedAuth(BaseAuth):
        scope: List[str] = introspection_result.get_scope_list()
        # Determine type of user based on presence of particular scopes
-        has_user_scope = (
+        has_user_scope = SCOPE_MATRIX_API in scope
-            UNSTABLE_SCOPE_MATRIX_API in scope or STABLE_SCOPE_MATRIX_API in scope
+        has_guest_scope = SCOPE_MATRIX_GUEST in scope
        )
-        if not has_user_scope:
+        if not has_user_scope and not has_guest_scope:
            raise InvalidClientTokenError("No scope in token granting user rights")
        # Match via the sub claim
@@ -575,12 +557,11 @@ class MSC3861DelegatedAuth(BaseAuth):
            # We only allow a single device_id in the scope, so we find them all in the
            # scope list, and raise if there are more than one. The OIDC server should be
            # the one enforcing valid scopes, so we raise a 500 if we find an invalid scope.
-            device_ids: Set[str] = set()
+            device_ids = [
-            for tok in scope:
+                tok[len(SCOPE_MATRIX_DEVICE_PREFIX) :]
-                if tok.startswith(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX):
+                for tok in scope
-                    device_ids.add(tok[len(UNSTABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
+                if tok.startswith(SCOPE_MATRIX_DEVICE_PREFIX)
-                elif tok.startswith(STABLE_SCOPE_MATRIX_DEVICE_PREFIX):
+            ]
                    device_ids.add(tok[len(STABLE_SCOPE_MATRIX_DEVICE_PREFIX) :])
            if len(device_ids) > 1:
                raise AuthError(
@@ -588,7 +569,7 @@ class MSC3861DelegatedAuth(BaseAuth):
                    "Multiple device IDs in scope",
                )
-            device_id = next(iter(device_ids), None)
+            device_id = device_ids[0] if device_ids else None
        if device_id is not None:
            # Sanity check the device_id
@@ -614,4 +595,5 @@ class MSC3861DelegatedAuth(BaseAuth):
            user_id=user_id,
            device_id=device_id,
            scope=scope,
            is_guest=(has_guest_scope and not has_user_scope),
        )
@@ -46,9 +46,6 @@ MAX_USERID_LENGTH = 255
 # Constant value used for the pseudo-thread which is the main timeline.
 MAIN_TIMELINE: Final = "main"
 # MAX_INT + 1, so it always trumps any PL in canonical JSON.
 CREATOR_POWER_LEVEL = 2**53
 class Membership:
    """Represents the membership states of a user in a room."""
@@ -238,8 +235,6 @@ class EventContentFields:
    #
    # This is deprecated in MSC2175.
    ROOM_CREATOR: Final = "creator"
    # MSC4289
    ADDITIONAL_CREATORS: Final = "additional_creators"
    # The version of the room for `m.room.create` events.
    ROOM_VERSION: Final = "room_version"
@@ -30,7 +30,7 @@ from typing import Any, Dict, List, Optional, Union
 from twisted.web import http
-from synapse.util.json import json_decoder
+from synapse.util import json_decoder
 if typing.TYPE_CHECKING:
    from synapse.config.homeserver import HomeServerConfig
@@ -140,18 +140,6 @@ class Codes(str, Enum):
    # Part of MSC4155
    INVITE_BLOCKED = "ORG.MATRIX.MSC4155.M_INVITE_BLOCKED"
    # Part of MSC4190
    APPSERVICE_LOGIN_UNSUPPORTED = "IO.ELEMENT.MSC4190.M_APPSERVICE_LOGIN_UNSUPPORTED"
    # Part of MSC4306: Thread Subscriptions
    MSC4306_CONFLICTING_UNSUBSCRIPTION = (
        "IO.ELEMENT.MSC4306.M_CONFLICTING_UNSUBSCRIPTION"
    )
    MSC4306_NOT_IN_THREAD = "IO.ELEMENT.MSC4306.M_NOT_IN_THREAD"
    # Part of MSC4326
    UNKNOWN_DEVICE = "ORG.MATRIX.MSC4326.M_UNKNOWN_DEVICE"
 class CodeMessageException(RuntimeError):
    """An exception with integer code, a message string attributes and optional headers.
@@ -26,7 +26,7 @@ from synapse.api.errors import LimitExceededError
 from synapse.config.ratelimiting import RatelimitSettings
 from synapse.storage.databases.main import DataStore
 from synapse.types import Requester
-from synapse.util.clock import Clock
+from synapse.util import Clock
 if TYPE_CHECKING:
    # To avoid circular imports:
@@ -36,14 +36,12 @@ class EventFormatVersions:
    ROOM_V1_V2 = 1  # $id:server event id format: used for room v1 and v2
    ROOM_V3 = 2  # MSC1659-style $hash event id format: used for room v3
    ROOM_V4_PLUS = 3  # MSC1884-style $hash format: introduced for room v4
    ROOM_V11_HYDRA_PLUS = 4  # MSC4291 room IDs as hashes: introduced for room HydraV11
 KNOWN_EVENT_FORMAT_VERSIONS = {
    EventFormatVersions.ROOM_V1_V2,
    EventFormatVersions.ROOM_V3,
    EventFormatVersions.ROOM_V4_PLUS,
    EventFormatVersions.ROOM_V11_HYDRA_PLUS,
 }
@@ -52,7 +50,6 @@ class StateResolutionVersions:
    V1 = 1  # room v1 state res
    V2 = 2  # MSC1442 state res: room v2 and later
    V2_1 = 3  # MSC4297 state res
 class RoomDisposition:
@@ -112,10 +109,6 @@ class RoomVersion:
    msc3931_push_features: Tuple[str, ...]  # values from PushRuleRoomFlag
    # MSC3757: Restricting who can overwrite a state event
    msc3757_enabled: bool
    # MSC4289: Creator power enabled
    msc4289_creator_power_enabled: bool
    # MSC4291: Room IDs as hashes of the create event
    msc4291_room_ids_as_hashes: bool
 class RoomVersions:
@@ -138,8 +131,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V2 = RoomVersion(
        "2",
@@ -160,8 +151,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V3 = RoomVersion(
        "3",
@@ -182,8 +171,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V4 = RoomVersion(
        "4",
@@ -204,8 +191,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V5 = RoomVersion(
        "5",
@@ -226,8 +211,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V6 = RoomVersion(
        "6",
@@ -248,8 +231,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V7 = RoomVersion(
        "7",
@@ -270,8 +251,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V8 = RoomVersion(
        "8",
@@ -292,8 +271,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V9 = RoomVersion(
        "9",
@@ -314,8 +291,6 @@ class RoomVersions:
        enforce_int_power_levels=False,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V10 = RoomVersion(
        "10",
@@ -336,8 +311,6 @@ class RoomVersions:
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    MSC1767v10 = RoomVersion(
        # MSC1767 (Extensible Events) based on room version "10"
@@ -359,8 +332,6 @@ class RoomVersions:
        enforce_int_power_levels=True,
        msc3931_push_features=(PushRuleRoomFlag.EXTENSIBLE_EVENTS,),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    MSC3757v10 = RoomVersion(
        # MSC3757 (Restricting who can overwrite a state event) based on room version "10"
@@ -382,8 +353,6 @@ class RoomVersions:
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=True,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    V11 = RoomVersion(
        "11",
@@ -404,8 +373,6 @@ class RoomVersions:
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    MSC3757v11 = RoomVersion(
        # MSC3757 (Restricting who can overwrite a state event) based on room version "11"
@@ -427,52 +394,6 @@ class RoomVersions:
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=True,
        msc4289_creator_power_enabled=False,
        msc4291_room_ids_as_hashes=False,
    )
    HydraV11 = RoomVersion(
        "org.matrix.hydra.11",
        RoomDisposition.UNSTABLE,
        EventFormatVersions.ROOM_V11_HYDRA_PLUS,
        StateResolutionVersions.V2_1,  # Changed from v11
        enforce_key_validity=True,
        special_case_aliases_auth=False,
        strict_canonicaljson=True,
        limit_notifications_power_levels=True,
        implicit_room_creator=True,  # Used by MSC3820
        updated_redaction_rules=True,  # Used by MSC3820
        restricted_join_rule=True,
        restricted_join_rule_fix=True,
        knock_join_rule=True,
        msc3389_relation_redactions=False,
        knock_restricted_join_rule=True,
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=True,  # Changed from v11
        msc4291_room_ids_as_hashes=True,  # Changed from v11
    )
    V12 = RoomVersion(
        "12",
        RoomDisposition.STABLE,
        EventFormatVersions.ROOM_V11_HYDRA_PLUS,
        StateResolutionVersions.V2_1,  # Changed from v11
        enforce_key_validity=True,
        special_case_aliases_auth=False,
        strict_canonicaljson=True,
        limit_notifications_power_levels=True,
        implicit_room_creator=True,  # Used by MSC3820
        updated_redaction_rules=True,  # Used by MSC3820
        restricted_join_rule=True,
        restricted_join_rule_fix=True,
        knock_join_rule=True,
        msc3389_relation_redactions=False,
        knock_restricted_join_rule=True,
        enforce_int_power_levels=True,
        msc3931_push_features=(),
        msc3757_enabled=False,
        msc4289_creator_power_enabled=True,  # Changed from v11
        msc4291_room_ids_as_hashes=True,  # Changed from v11
    )
@@ -490,10 +411,8 @@ KNOWN_ROOM_VERSIONS: Dict[str, RoomVersion] = {
        RoomVersions.V9,
        RoomVersions.V10,
        RoomVersions.V11,
        RoomVersions.V12,
        RoomVersions.MSC3757v10,
        RoomVersions.MSC3757v11,
        RoomVersions.HydraV11,
    )
 }
@@ -22,7 +22,6 @@
 """Contains the URL paths to prefix various aspects of the server with."""
 import hmac
 import urllib.parse
 from hashlib import sha256
 from typing import Optional
 from urllib.parse import urlencode, urljoin
@@ -97,21 +96,11 @@ class LoginSSORedirectURIBuilder:
        serialized_query_parameters = urlencode({"redirectUrl": client_redirect_url})
        if idp_id:
            # Since this is a user-controlled string, make it safe to include in a URL path.
            url_encoded_idp_id = urllib.parse.quote(
                idp_id,
                # Since this defaults to `safe="/"`, we have to override it. We're
                # working with an individual URL path parameter so there shouldn't be
                # any slashes in it which could change the request path.
                safe="",
                encoding="utf8",
            )
            resultant_url = urljoin(
                # We have to add a trailing slash to the base URL to ensure that the
                # last path segment is not stripped away when joining with another path.
                f"{base_url}/",
-                f"{url_encoded_idp_id}?{serialized_query_parameters}",
+                f"{idp_id}?{serialized_query_parameters}",
            )
        else:
            resultant_url = f"{base_url}?{serialized_query_parameters}"
@@ -28,7 +28,6 @@ import sys
 import traceback
 import warnings
 from textwrap import indent
 from threading import Thread
 from typing import (
    TYPE_CHECKING,
    Any,
@@ -41,7 +40,6 @@ from typing import (
    Tuple,
    cast,
 )
 from wsgiref.simple_server import WSGIServer
 from cryptography.utils import CryptographyDeprecationWarning
 from typing_extensions import ParamSpec
@@ -74,9 +72,10 @@ from synapse.events.auto_accept_invites import InviteAutoAccepter
 from synapse.events.presence_router import load_legacy_presence_router
 from synapse.handlers.auth import load_legacy_password_auth_providers
 from synapse.http.site import SynapseSite
-from synapse.logging.context import LoggingContext, PreserveLoggingContext
+from synapse.logging.context import PreserveLoggingContext
 from synapse.logging.opentracing import init_tracer
 from synapse.metrics import install_gc_manager, register_threadpool
-from synapse.metrics.background_process_metrics import run_as_background_process
+from synapse.metrics.background_process_metrics import wrap_as_background_process
 from synapse.metrics.jemalloc import setup_jemalloc_stats
 from synapse.module_api.callbacks.spamchecker_callbacks import load_legacy_spam_checkers
 from synapse.module_api.callbacks.third_party_event_rules_callbacks import (
@@ -99,47 +98,22 @@ reactor = cast(ISynapseReactor, _reactor)
 logger = logging.getLogger(__name__)
-_instance_id_to_sighup_callbacks_map: Dict[
+# list of tuples of function, args list, kwargs dict
-    str, List[Tuple[Callable[..., None], Tuple[object, ...], Dict[str, object]]]
+_sighup_callbacks: List[
-] = {}
+    Tuple[Callable[..., None], Tuple[object, ...], Dict[str, object]]
-"""
+] = []
 Map from homeserver instance_id to a list of callbacks.
 We use `instance_id` instead of `server_name` because it's possible to have multiple
 workers running in the same process with the same `server_name`.
 """
 P = ParamSpec("P")
-def register_sighup(
+def register_sighup(func: Callable[P, None], *args: P.args, **kwargs: P.kwargs) -> None:
    homeserver_instance_id: str,
    func: Callable[P, None],
    *args: P.args,
    **kwargs: P.kwargs,
 ) -> None:
    """
    Register a function to be called when a SIGHUP occurs.
    Args:
        homeserver_instance_id: The unique ID for this Synapse process instance
            (`hs.get_instance_id()`) that this hook is associated with.
        func: Function to be called when sent a SIGHUP signal.
        *args, **kwargs: args and kwargs to be passed to the target function.
    """
-
+    _sighup_callbacks.append((func, args, kwargs))
    _instance_id_to_sighup_callbacks_map.setdefault(homeserver_instance_id, []).append(
        (func, args, kwargs)
    )
 def unregister_sighups(instance_id: str) -> None:
    """
    Unregister all sighup functions associated with this Synapse instance.
    Args:
        instance_id: Unique ID for this Synapse process instance.
    """
    _instance_id_to_sighup_callbacks_map.pop(instance_id, [])
 def start_worker_reactor(
@@ -209,23 +183,25 @@ def start_reactor(
        if gc_thresholds:
            gc.set_threshold(*gc_thresholds)
        install_gc_manager()
        run_command()
-        # Reset the logging context when we start the reactor (whenever we yield control
+    # make sure that we run the reactor with the sentinel log context,
-        # to the reactor, the `sentinel` logging context needs to be set so we don't
+    # otherwise other PreserveLoggingContext instances will get confused
-        # leak the current logging context and erroneously apply it to the next task the
+    # and complain when they see the logcontext arbitrarily swapping
-        # reactor event loop picks up)
+    # between the sentinel and `run` logcontexts.
-        with PreserveLoggingContext():
+    #
-            run_command()
+    # We also need to drop the logcontext before forking if we're daemonizing,
    # otherwise the cputime metrics get confused about the per-thread resource usage
    # appearing to go backwards.
    with PreserveLoggingContext():
        if daemonize:
            assert pid_file is not None
-    if daemonize:
+            if print_pidfile:
-        assert pid_file is not None
+                print(pid_file)
-        if print_pidfile:
+            daemonize_process(pid_file, logger)
-            print(pid_file)
+        run()
        daemonize_process(pid_file, logger)
    run()
 def quit_with_error(error_string: str) -> NoReturn:
@@ -267,7 +243,7 @@ def redirect_stdio_to_logs() -> None:
 def register_start(
-    hs: "HomeServer", cb: Callable[P, Awaitable], *args: P.args, **kwargs: P.kwargs
+    cb: Callable[P, Awaitable], *args: P.args, **kwargs: P.kwargs
 ) -> None:
    """Register a callback with the reactor, to be called once it is running
@@ -304,41 +280,43 @@ def register_start(
            # on as normal.
            os._exit(1)
-    clock = hs.get_clock()
+    reactor.callWhenRunning(lambda: defer.ensureDeferred(wrapper()))
    clock.call_when_running(lambda: defer.ensureDeferred(wrapper()))
-def listen_metrics(
+def listen_metrics(bind_addresses: StrCollection, port: int) -> None:
    bind_addresses: StrCollection, port: int
 ) -> List[Tuple[WSGIServer, Thread]]:
    """
    Start Prometheus metrics server.
    This method runs the metrics server on a different port, in a different thread to
    Synapse. This can make it more resilient to heavy load in Synapse causing metric
    requests to be slow or timeout.
    Even though `start_http_server_prometheus(...)` uses `threading.Thread` behind the
    scenes (where all threads share the GIL and only one thread can execute Python
    bytecode at a time), this still works because the metrics thread can preempt the
    Twisted reactor thread between bytecode boundaries and the metrics thread gets
    scheduled with roughly equal priority to the Twisted reactor thread.
    Returns:
        List of WSGIServer with the thread they are running on.
    """
    from prometheus_client import start_http_server as start_http_server_prometheus
    from synapse.metrics import RegistryProxy
    servers: List[Tuple[WSGIServer, Thread]] = []
    for host in bind_addresses:
        logger.info("Starting metrics listener on %s:%d", host, port)
-        server, thread = start_http_server_prometheus(
+        _set_prometheus_client_use_created_metrics(False)
-            port, addr=host, registry=RegistryProxy
+        start_http_server_prometheus(port, addr=host, registry=RegistryProxy)
 def _set_prometheus_client_use_created_metrics(new_value: bool) -> None:
    """
    Sets whether prometheus_client should expose `_created`-suffixed metrics for
    all gauges, histograms and summaries.
    There is no programmatic way to disable this without poking at internals;
    the proper way is to use an environment variable which prometheus_client
    loads at import time.
    The motivation for disabling these `_created` metrics is that they're
    a waste of space as they're not useful but they take up space in Prometheus.
    """
    import prometheus_client.metrics
    if hasattr(prometheus_client.metrics, "_use_created"):
        prometheus_client.metrics._use_created = new_value
    else:
        logger.error(
            "Can't disable `_created` metrics in prometheus_client (brittle hack broken?)"
        )
        servers.append((server, thread))
    return servers
 def listen_manhole(
@@ -346,7 +324,7 @@ def listen_manhole(
    port: int,
    manhole_settings: ManholeConfig,
    manhole_globals: dict,
-) -> List[Port]:
+) -> None:
    # twisted.conch.manhole 21.1.0 uses "int_from_bytes", which produces a confusing
    # warning. It's fixed by https://github.com/twisted/twisted/pull/1522), so
    # suppress the warning for now.
@@ -358,7 +336,7 @@ def listen_manhole(
    from synapse.util.manhole import manhole
-    return listen_tcp(
+    listen_tcp(
        bind_addresses,
        port,
        manhole(settings=manhole_settings, globals=manhole_globals),
@@ -421,26 +399,17 @@ def listen_http(
    context_factory: Optional[IOpenSSLContextFactory],
    reactor: ISynapseReactor = reactor,
 ) -> List[Port]:
    """
    Args:
        listener_config: TODO
        root_resource: TODO
        version_string: A string to present for the Server header
        max_request_body_size: TODO
        context_factory: TODO
        reactor: TODO
    """
    assert listener_config.http_options is not None
    site_tag = listener_config.get_site_tag()
    site = SynapseSite(
-        logger_name="synapse.access.%s.%s"
+        "synapse.access.%s.%s"
        % ("https" if listener_config.is_tls() else "http", site_tag),
-        site_tag=site_tag,
+        site_tag,
-        config=listener_config,
+        listener_config,
-        resource=root_resource,
+        root_resource,
-        server_version_string=version_string,
+        version_string,
        max_request_body_size=max_request_body_size,
        reactor=reactor,
        hs=hs,
@@ -544,7 +513,7 @@ def refresh_certificate(hs: "HomeServer") -> None:
        logger.info("Context factories updated.")
-async def start(hs: "HomeServer", freeze: bool = True) -> None:
+async def start(hs: "HomeServer") -> None:
    """
    Start a Synapse server or worker.
@@ -555,60 +524,35 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
    Args:
        hs: homeserver instance
        freeze: whether to freeze the homeserver base objects in the garbage collector.
            May improve garbage collection performance by marking objects with an effectively
            static lifetime as frozen so they don't need to be considered for cleanup.
            If you ever want to `shutdown` the homeserver, this needs to be
            False otherwise the homeserver cannot be garbage collected after `shutdown`.
    """
    server_name = hs.hostname
    reactor = hs.get_reactor()
    # We want to use a separate thread pool for the resolver so that large
    # numbers of DNS requests don't starve out other users of the threadpool.
    resolver_threadpool = ThreadPool(name="gai_resolver")
    resolver_threadpool.start()
-    hs.get_clock().add_system_event_trigger(
+    reactor.addSystemEventTrigger("during", "shutdown", resolver_threadpool.stop)
        "during", "shutdown", resolver_threadpool.stop
    )
    reactor.installNameResolver(
        GAIResolver(reactor, getThreadPool=lambda: resolver_threadpool)
    )
    # Register the threadpools with our metrics.
-    register_threadpool(
+    register_threadpool("default", reactor.getThreadPool())
-        name="default", server_name=server_name, threadpool=reactor.getThreadPool()
+    register_threadpool("gai_resolver", resolver_threadpool)
    )
    register_threadpool(
        name="gai_resolver", server_name=server_name, threadpool=resolver_threadpool
    )
    # Set up the SIGHUP machinery.
    if hasattr(signal, "SIGHUP"):
-        def handle_sighup(*args: Any, **kwargs: Any) -> "defer.Deferred[None]":
+        @wrap_as_background_process("sighup")
-            async def _handle_sighup(*args: Any, **kwargs: Any) -> None:
+        async def handle_sighup(*args: Any, **kwargs: Any) -> None:
-                # Tell systemd our state, if we're using it. This will silently fail if
+            # Tell systemd our state, if we're using it. This will silently fail if
-                # we're not using systemd.
+            # we're not using systemd.
-                sdnotify(b"RELOADING=1")
+            sdnotify(b"RELOADING=1")
-            for sighup_callbacks in _instance_id_to_sighup_callbacks_map.values():
+            for i, args, kwargs in _sighup_callbacks:
-                for func, args, kwargs in sighup_callbacks:
+                i(*args, **kwargs)
                    func(*args, **kwargs)
-                sdnotify(b"READY=1")
+            sdnotify(b"READY=1")
            # It's okay to ignore the linter error here and call
            # `run_as_background_process` directly because `_handle_sighup` operates
            # outside of the scope of a specific `HomeServer` instance and holds no
            # references to it which would prevent a clean shutdown.
            return run_as_background_process(  # type: ignore[untracked-background-process]
                "sighup",
                server_name,
                _handle_sighup,
                *args,
                **kwargs,
            )
        # We defer running the sighup handlers until next reactor tick. This
        # is so that we're in a sane state, e.g. flushing the logs may fail
@@ -620,8 +564,8 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
        signal.signal(signal.SIGHUP, run_sighup)
-        register_sighup(hs.get_instance_id(), refresh_certificate, hs)
+        register_sighup(refresh_certificate, hs)
-        register_sighup(hs.get_instance_id(), reload_cache_config, hs.config)
+        register_sighup(reload_cache_config, hs.config)
    # Apply the cache config.
    hs.config.caches.resize_all_caches()
@@ -629,6 +573,9 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
    # Load the certificate from disk.
    refresh_certificate(hs)
    # Start the tracer
    init_tracer(hs)  # noqa
    # Instantiate the modules so they can register their web resources to the module API
    # before we start the listeners.
    module_api = hs.get_module_api()
@@ -654,62 +601,32 @@ async def start(hs: "HomeServer", freeze: bool = True) -> None:
    hs.get_datastores().main.db_pool.start_profiling()
    hs.get_pusherpool().start()
    def log_shutdown() -> None:
        with LoggingContext(name="log_shutdown", server_name=server_name):
            logger.info("Shutting down...")
    # Log when we start the shut down process.
-    hs.register_sync_shutdown_handler(
+    hs.get_reactor().addSystemEventTrigger(
-        phase="before",
+        "before", "shutdown", logger.info, "Shutting down..."
        eventType="shutdown",
        shutdown_func=log_shutdown,
    )
    setup_sentry(hs)
    setup_sdnotify(hs)
-    # Register background tasks required by this server. This must be done
+    # If background tasks are running on the main process or this is the worker in
-    # somewhat manually due to the background tasks not being registered
+    # charge of them, start collecting the phone home stats and shared usage metrics.
    # unless handlers are instantiated.
    #
    # While we could "start" these before the reactor runs, nothing will happen until
    # the reactor is running, so we may as well do it here in `start`.
    #
    # Additionally, this means we also start them after we daemonize and fork the
    # process which means we can avoid any potential problems with cputime metrics
    # getting confused about the per-thread resource usage appearing to go backwards
    # because we're comparing the resource usage (`rusage`) from the original process to
    # the forked process.
    if hs.config.worker.run_background_tasks:
        hs.start_background_tasks()
        # TODO: This should be moved to same pattern we use for other background tasks:
        # Add to `REQUIRED_ON_BACKGROUND_TASK_STARTUP` and rely on
        # `start_background_tasks` to start it.
        await hs.get_common_usage_metrics_manager().setup()
        # TODO: This feels like another pattern that should refactored as one of the
        # `REQUIRED_ON_BACKGROUND_TASK_STARTUP`
        start_phone_stats_home(hs)
-    if freeze:
+    # We now freeze all allocated objects in the hopes that (almost)
-        # We now freeze all allocated objects in the hopes that (almost)
+    # everything currently allocated are things that will be used for the
-        # everything currently allocated are things that will be used for the
+    # rest of time. Doing so means less work each GC (hopefully).
-        # rest of time. Doing so means less work each GC (hopefully).
+    #
-        #
+    # PyPy does not (yet?) implement gc.freeze()
-        # Note that freezing the homeserver object means that it won't be able to be
+    if hasattr(gc, "freeze"):
-        # garbage collected in the case of attempting an in-memory `shutdown`. This only
+        gc.collect()
-        # needs to be considered if such a case is desirable. Exiting the entire Python
+        gc.freeze()
        # process will function expectedly either way.
        #
        # PyPy does not (yet?) implement gc.freeze()
        if hasattr(gc, "freeze"):
            gc.collect()
            gc.freeze()
-            # Speed up process exit by freezing all allocated objects. This moves everything
+        # Speed up shutdowns by freezing all allocated objects. This moves everything
-            # into the permanent generation and excludes them from the final GC.
+        # into the permanent generation and excludes them from the final GC.
-            atexit.register(gc.freeze)
+        atexit.register(gc.freeze)
 def reload_cache_config(config: HomeServerConfig) -> None:
@@ -784,7 +701,7 @@ def setup_sdnotify(hs: "HomeServer") -> None:
    # we're not using systemd.
    sdnotify(b"READY=1\nMAINPID=%i" % (os.getpid(),))
-    hs.get_clock().add_system_event_trigger(
+    hs.get_reactor().addSystemEventTrigger(
        "before", "shutdown", sdnotify, b"STOPPING=1"
    )
@@ -24,7 +24,7 @@ import logging
 import os
 import sys
 import tempfile
-from typing import List, Mapping, Optional, Sequence, Tuple
+from typing import List, Mapping, Optional, Sequence
 from twisted.internet import defer, task
@@ -65,6 +65,7 @@ from synapse.storage.databases.main.stream import StreamWorkerStore
 from synapse.storage.databases.main.tags import TagsWorkerStore
 from synapse.storage.databases.main.user_erasure_store import UserErasureWorkerStore
 from synapse.types import JsonMapping, StateMap
 from synapse.util import SYNAPSE_VERSION
 from synapse.util.logcontext import LoggingContext
 logger = logging.getLogger("synapse.app.admin_cmd")
@@ -255,7 +256,7 @@ class FileExfiltrationWriter(ExfiltrationWriter):
        return self.base_directory
-def load_config(argv_options: List[str]) -> Tuple[HomeServerConfig, argparse.Namespace]:
+def start(config_options: List[str]) -> None:
    parser = argparse.ArgumentParser(description="Synapse Admin Command")
    HomeServerConfig.add_arguments_to_parser(parser)
@@ -281,15 +282,11 @@ def load_config(argv_options: List[str]) -> Tuple[HomeServerConfig, argparse.Nam
    export_data_parser.set_defaults(func=export_data_command)
    try:
-        config, args = HomeServerConfig.load_config_with_parser(parser, argv_options)
+        config, args = HomeServerConfig.load_config_with_parser(parser, config_options)
    except ConfigError as e:
        sys.stderr.write("\n" + str(e) + "\n")
        sys.exit(1)
    return config, args
 def start(config: HomeServerConfig, args: argparse.Namespace) -> None:
    if config.worker.worker_app is not None:
        assert config.worker.worker_app == "synapse.app.admin_cmd"
@@ -315,6 +312,7 @@ def start(config: HomeServerConfig, args: argparse.Namespace) -> None:
    ss = AdminCmdServer(
        config.server.server_name,
        config=config,
        version_string=f"Synapse/{SYNAPSE_VERSION}",
    )
    setup_logging(ss, config, use_worker_options=True)
@@ -327,7 +325,7 @@ def start(config: HomeServerConfig, args: argparse.Namespace) -> None:
    # command.
    async def run() -> None:
-        with LoggingContext(name="command", server_name=config.server.server_name):
+        with LoggingContext("command"):
            await _base.start(ss)
            await args.func(ss, args)
@@ -339,6 +337,5 @@ def start(config: HomeServerConfig, args: argparse.Namespace) -> None:
 if __name__ == "__main__":
-    homeserver_config, args = load_config(sys.argv[1:])
+    with LoggingContext("main"):
-    with LoggingContext(name="main", server_name=homeserver_config.server.server_name):
+        start(sys.argv[1:])
        start(homeserver_config, args)
@@ -21,14 +21,13 @@
 import sys
-from synapse.app.generic_worker import load_config, start
+from synapse.app.generic_worker import start
 from synapse.util.logcontext import LoggingContext
 def main() -> None:
-    homeserver_config = load_config(sys.argv[1:])
+    with LoggingContext("main"):
-    with LoggingContext(name="main", server_name=homeserver_config.server.server_name):
+        start(sys.argv[1:])
        start(homeserver_config)
 if __name__ == "__main__":
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andrew Morgan	41e22d1e95	newsfile	2025-07-16 10:42:08 +01:00
Andrew Morgan	4f9c523cb5	Set minimum python version to 3.9.12 This matches Twisted's minimum required version. See twisted/twisted@27674f6	2025-07-16 10:41:58 +01:00
		`@@ -0,0 +1 @@`
							Add `recaptcha_private_key_path` and `recaptcha_public_key_path` config option.
		`@@ -0,0 +1 @@`
							`Add plain-text handling for rich-text topics as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765).`
		`@@ -0,0 +1 @@`
							`If enabled by the user, server admins will see [soft failed](https://spec.matrix.org/v1.13/server-server-api/#soft-failure) events over the Client-Server API.`
		`@@ -0,0 +1 @@`
							`Add experimental support for [MSC4277](https://github.com/matrix-org/matrix-spec-proposals/pull/4277).`
		`@@ -0,0 +1 @@`
							`Fix CPU and database spinning when retrying sending events to servers whilst at the same time purging those events.`
		`@@ -0,0 +1 @@`
							`Add ability to limit amount uploaded by a user in a given time period.`
		`@@ -0,0 +1 @@`
							`Document that some config options for the user directory are in violation of the Matrix spec.`
		`@@ -0,0 +1 @@`
							`Allow user registrations to be done on workers.`
		`@@ -0,0 +1 @@`
							Refactor `Measure` block metrics to be homeserver-scoped.