WIP don't pull out left rooms

Fast-path for have_completed_background_updates
Short-circuit have_finished_sliding_sync_background_jobs
2025-12-09 01:30:18 +00:00 · 2024-09-10 15:38:44 +01:00 · 2024-09-10 14:07:50 +01:00 · 2024-09-10 14:04:03 +01:00
1007 changed files with 27359 additions and 87008 deletions
--- a/.ci/before_build_wheel.sh
+++ b/.ci/before_build_wheel.sh
@@ -1,10 +0,0 @@
-#!/bin/sh
-set -xeu
-
-# On 32-bit Linux platforms, we need libatomic1 to use rustup
-if command -v yum &> /dev/null; then
-   yum install -y libatomic
-fi
-
-# Install a Rust toolchain
-curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.82.0 -y --profile minimal
--- a/.ci/scripts/calculate_jobs.py
+++ b/.ci/scripts/calculate_jobs.py
@@ -36,11 +36,11 @@ IS_PR = os.environ["GITHUB_REF"].startswith("refs/pull/")
 # First calculate the various trial jobs.
 #
 # For PRs, we only run each type of test with the oldest Python version supported (which
-# is Python 3.10 right now)
+# is Python 3.8 right now)

 trial_sqlite_tests = [
    {
-        "python-version": "3.10",
+        "python-version": "3.8",
        "database": "sqlite",
        "extras": "all",
    }
@@ -53,14 +53,14 @@ if not IS_PR:
            "database": "sqlite",
            "extras": "all",
        }
-        for version in ("3.11", "3.12", "3.13", "3.14")
+        for version in ("3.9", "3.10", "3.11", "3.12")
    )

 trial_postgres_tests = [
    {
-        "python-version": "3.10",
+        "python-version": "3.8",
        "database": "postgres",
-        "postgres-version": "13",
+        "postgres-version": "11",
        "extras": "all",
    }
 ]
@@ -68,16 +68,16 @@ trial_postgres_tests = [
 if not IS_PR:
    trial_postgres_tests.append(
        {
-            "python-version": "3.14",
+            "python-version": "3.12",
            "database": "postgres",
-            "postgres-version": "17",
+            "postgres-version": "16",
            "extras": "all",
        }
    )

 trial_no_extra_tests = [
    {
-        "python-version": "3.10",
+        "python-version": "3.8",
        "database": "sqlite",
        "extras": "",
    }
@@ -99,24 +99,24 @@ set_output("trial_test_matrix", test_matrix)

 # First calculate the various sytest jobs.
 #
-# For each type of test we only run on bookworm on PRs
+# For each type of test we only run on focal on PRs


 sytest_tests = [
    {
-        "sytest-tag": "bookworm",
+        "sytest-tag": "focal",
    },
    {
-        "sytest-tag": "bookworm",
+        "sytest-tag": "focal",
        "postgres": "postgres",
    },
    {
-        "sytest-tag": "bookworm",
+        "sytest-tag": "focal",
        "postgres": "multi-postgres",
        "workers": "workers",
    },
    {
-        "sytest-tag": "bookworm",
+        "sytest-tag": "focal",
        "postgres": "multi-postgres",
        "workers": "workers",
        "reactor": "asyncio",
@@ -127,11 +127,11 @@ if not IS_PR:
    sytest_tests.extend(
        [
            {
-                "sytest-tag": "bookworm",
+                "sytest-tag": "focal",
                "reactor": "asyncio",
            },
            {
-                "sytest-tag": "bookworm",
+                "sytest-tag": "focal",
                "postgres": "postgres",
                "reactor": "asyncio",
            },
--- a/.ci/scripts/check_lockfile.py
+++ b/.ci/scripts/check_lockfile.py
@@ -11,12 +11,12 @@ with open("poetry.lock", "rb") as f:

 try:
    lock_version = lockfile["metadata"]["lock-version"]
-    assert lock_version == "2.1"
+    assert lock_version == "2.0"
 except Exception:
    print(
        """\
-    Lockfile is not version 2.1. You probably need to upgrade poetry on your local box
-    and re-run `poetry lock`. See the Poetry cheat sheet at
+    Lockfile is not version 2.0. You probably need to upgrade poetry on your local box
+    and re-run `poetry lock --no-update`. See the Poetry cheat sheet at
    https://element-hq.github.io/synapse/develop/development/dependencies.html
    """
    )
--- a/.ci/scripts/prepare_old_deps.sh
+++ b/.ci/scripts/prepare_old_deps.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# this script is run by GitHub Actions in a plain `jammy` container; it
+# this script is run by GitHub Actions in a plain `focal` container; it
 # - installs the minimal system requirements, and poetry;
 # - patches the project definition file to refer to old versions only;
 # - creates a venv with these old versions using poetry; and finally
--- a/.ci/scripts/test_synapse_port_db.sh
+++ b/.ci/scripts/test_synapse_port_db.sh
@@ -61,7 +61,7 @@ poetry run update_synapse_database --database-config .ci/postgres-config-unporte
 echo "+++ Comparing ported schema with unported schema"
 # Ignore the tables that portdb creates. (Should it tidy them up when the porting is completed?)
 psql synapse -c "DROP TABLE port_from_sqlite3;"
-pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner --restrict-key=TESTING synapse_unported > unported.sql
-pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner --restrict-key=TESTING synapse          >   ported.sql
+pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner synapse_unported > unported.sql
+pg_dump --format=plain --schema-only --no-tablespaces --no-acl --no-owner synapse          >   ported.sql
 # By default, `diff` returns zero if there are no changes and nonzero otherwise
-diff -u unported.sql ported.sql | tee schema_diff
+diff -u unported.sql ported.sql | tee schema_diff
--- a/.ci/scripts/triage_labelled_issue.sh
+++ b/.ci/scripts/triage_labelled_issue.sh
@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# 1) Resolve project ID.
-PROJECT_ID=$(gh project view "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json | jq -r '.id')
-
-# 2) Find existing item (project card) for this issue.
-ITEM_ID=$(
-  gh project item-list "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json \
-  | jq -r --arg url "$ISSUE_URL" '.items[] | select(.content.url==$url) | .id' | head -n1
-)
-
-# 3) If one doesn't exist, add this issue to the project.
-if [ -z "${ITEM_ID:-}" ]; then
-  ITEM_ID=$(gh project item-add "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --url "$ISSUE_URL" --format json | jq -r '.id')
-fi
-
-# 4) Get Status field id + the option id for TARGET_STATUS.
-FIELDS_JSON=$(gh project field-list "$PROJECT_NUMBER" --owner "$PROJECT_OWNER" --format json)
-STATUS_FIELD=$(echo "$FIELDS_JSON" | jq -r '.fields[] | select(.name=="Status")')
-STATUS_FIELD_ID=$(echo "$STATUS_FIELD" | jq -r '.id')
-OPTION_ID=$(echo "$STATUS_FIELD" | jq -r --arg name "$TARGET_STATUS" '.options[] | select(.name==$name) | .id')
-
-if [ -z "${OPTION_ID:-}" ]; then
-  echo "No Status option named \"$TARGET_STATUS\" found"; exit 1
-fi
-
-# 5) Set Status (moves item to the matching column in the board view).
-gh project item-edit --id "$ITEM_ID" --project-id "$PROJECT_ID" --field-id "$STATUS_FIELD_ID" --single-select-option-id "$OPTION_ID"
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -9,4 +9,5 @@
  - End with either a period (.) or an exclamation mark (!).
  - Start with a capital letter.
  - Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
-* [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
+* [ ] [Code style](https://element-hq.github.io/synapse/latest/code_style.html) is correct
+  (run the [linters](https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-linters))
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -5,7 +5,7 @@ name: Build docker images
 on:
  push:
    tags: ["v*"]
-    branches: [master, main, develop]
+    branches: [ master, main, develop ]
  workflow_dispatch:

 permissions:
@@ -14,24 +14,26 @@ permissions:
  id-token: write # needed for signing the images with GitHub OIDC Token
 jobs:
  build:
-    name: Build and push image for ${{ matrix.platform }}
-    runs-on: ${{ matrix.runs_on }}
-    strategy:
-      matrix:
-        include:
-          - platform: linux/amd64
-            runs_on: ubuntu-24.04
-            suffix: linux-amd64
-          - platform: linux/arm64
-            runs_on: ubuntu-24.04-arm
-            suffix: linux-arm64
+    runs-on: ubuntu-latest
    steps:
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: arm64
+
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@v3
+
+      - name: Inspect builder
+        run: docker buildx inspect
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.6.0

      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4

      - name: Extract version from pyproject.toml
        # Note: explicitly requesting bash will mean bash is invoked with `-eo pipefail`, see
@@ -41,91 +43,25 @@ jobs:
          echo "SYNAPSE_VERSION=$(grep "^version" pyproject.toml | sed -E 's/version\s*=\s*["]([^"]*)["]/\1/')" >> $GITHUB_ENV

      - name: Log in to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Log in to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
-        with:
-          push: true
-          labels: |
-            gitsha1=${{ github.sha }}
-            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
-          tags: |
-            docker.io/matrixdotorg/synapse
-            ghcr.io/element-hq/synapse
-          file: "docker/Dockerfile"
-          platforms: ${{ matrix.platform }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
-
-      - name: Export digest
-        run: |
-          mkdir -p ${{ runner.temp }}/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
-
-      - name: Upload digest
-        uses: actions/upload-artifact@v5
-        with:
-          name: digests-${{ matrix.suffix }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    name: Push merged images to ${{ matrix.repository }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        repository:
-          - docker.io/matrixdotorg/synapse
-          - ghcr.io/element-hq/synapse
-
-    needs:
-      - build
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
-        with:
-          path: ${{ runner.temp }}/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - name: Log in to DockerHub
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        if: ${{ startsWith(matrix.repository, 'docker.io') }}
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
-        if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
-
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
-
      - name: Calculate docker image tag
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        id: set-tag
+        uses: docker/metadata-action@master
        with:
-          images: ${{ matrix.repository }}
+          images: |
+            docker.io/matrixdotorg/synapse
+            ghcr.io/element-hq/synapse
          flavor: |
            latest=false
          tags: |
@@ -133,23 +69,31 @@ jobs:
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
            type=pep440,pattern={{raw}}
-            type=sha

-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        env:
-          REPOSITORY: ${{ matrix.repository }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf "$REPOSITORY@sha256:%s " *)
+      - name: Build and push all platforms
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          labels: |
+            gitsha1=${{ github.sha }}
+            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
+          tags: "${{ steps.set-tag.outputs.tags }}"
+          file: "docker/Dockerfile"
+          platforms: linux/amd64,linux/arm64

-      - name: Sign each manifest
+          # arm64 builds OOM without the git fetch setting. c.f.
+          # https://github.com/rust-lang/cargo/issues/10583
+          build-args: |
+            CARGO_NET_GIT_FETCH_WITH_CLI=true
+
+      - name: Sign the images with GitHub OIDC Token
        env:
-          REPOSITORY: ${{ matrix.repository }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.set-tag.outputs.tags }}
        run: |
-          DIGESTS=""
-          for TAG in $(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[]'); do
-            DIGEST="$(docker buildx imagetools inspect $TAG --format '{{json .Manifest}}' | jq -r '.digest')"
-            DIGESTS="$DIGESTS $REPOSITORY@$DIGEST"
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
          done
-          cosign sign --yes $DIGESTS
+          cosign sign --yes ${images}
--- a/.github/workflows/docs-pr-netlify.yaml
+++ b/.github/workflows/docs-pr-netlify.yaml
@@ -14,7 +14,7 @@ jobs:
      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
      - name: 📥 Download artifact
-        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6
        with:
          workflow: docs-pr.yaml
          run_id: ${{ github.event.workflow_run.id }}
@@ -22,7 +22,7 @@ jobs:
          path: book

      - name: 📤 Deploy to Netlify
-        uses: matrix-org/netlify-pr-preview@9805cd123fc9a7e421e35340a05e1ebc5dee46b5 # v3
+        uses: matrix-org/netlify-pr-preview@v3
        with:
          path: book
          owner: ${{ github.event.workflow_run.head_repository.owner.login }}
--- a/.github/workflows/docs-pr.yaml
+++ b/.github/workflows/docs-pr.yaml
@@ -13,7 +13,7 @@ jobs:
    name: GitHub Pages
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
        with:
          # Fetch all history so that the schema_versions script works.
          fetch-depth: 0
@@ -24,7 +24,7 @@ jobs:
          mdbook-version: '0.4.17'

      - name: Setup python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"

@@ -39,7 +39,7 @@ jobs:
          cp book/welcome_and_overview.html book/index.html

      - name: Upload Artifact
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        with:
          name: book
          path: book
@@ -50,7 +50,7 @@ jobs:
    name: Check links in documentation
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Setup mdbook
        uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -50,7 +50,7 @@ jobs:
    needs:
      - pre
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
        with:
          # Fetch all history so that the schema_versions script works.
          fetch-depth: 0
@@ -64,7 +64,7 @@ jobs:
        run: echo 'window.SYNAPSE_VERSION = "${{ needs.pre.outputs.branch-version }}";' > ./docs/website_files/version.js

      - name: Setup python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@v5
        with:
          python-version: "3.x"

@@ -78,18 +78,6 @@ jobs:
          mdbook build
          cp book/welcome_and_overview.html book/index.html

-      - name: Prepare and publish schema files
-        run: |
-          sudo apt-get update && sudo apt-get install -y yq
-          mkdir -p book/schema
-          # Remove developer notice before publishing.
-          rm schema/v*/Do\ not\ edit\ files\ in\ this\ folder
-          # Copy schema files that are independent from current Synapse version.
-          cp -r -t book/schema schema/v*/
-          # Convert config schema from YAML source file to JSON.
-          yq < schema/synapse-config.schema.yaml \
-            > book/schema/synapse-config.schema.json
-
      # Deploy to the target directory.
      - name: Deploy to gh pages
        uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
--- a/.github/workflows/fix_lint.yaml
+++ b/.github/workflows/fix_lint.yaml
@@ -6,11 +6,6 @@ name: Attempt to automatically fix linting errors
 on:
  workflow_dispatch:

-env:
-  # We use nightly so that `fmt` correctly groups together imports, and
-  # clippy correctly fixes up the benchmarks.
-  RUST_VERSION: nightly-2025-06-24
-
 jobs:
  fixup:
    name: Fix up
@@ -18,20 +13,21 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@master
        with:
-          toolchain: ${{ env.RUST_VERSION }}
-          components: clippy, rustfmt
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+          # We use nightly so that `fmt` correctly groups together imports, and
+          # clippy correctly fixes up the benchmarks.
+          toolchain: nightly-2022-12-01
+          components: rustfmt
+      - uses: Swatinem/rust-cache@v2

      - name: Setup Poetry
-        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        uses: matrix-org/setup-python-poetry@v1
        with:
          install-project: "false"
-          poetry-version: "2.1.1"

      - name: Run ruff check
        continue-on-error: true
@@ -47,6 +43,6 @@ jobs:
      - run: cargo fmt
        continue-on-error: true

-      - uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
+      - uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "Attempt to fix linting"
--- a/.github/workflows/latest_deps.yml
+++ b/.github/workflows/latest_deps.yml
@@ -21,9 +21,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  check_repo:
    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -42,25 +39,23 @@ jobs:
    if: needs.check_repo.outputs.should_run_workflow == 'true'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

      # The dev dependencies aren't exposed in the wheel metadata (at least with current
      # poetry-core versions), so we install with poetry.
-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: "3.x"
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: "all"
      # Dump installed versions for debugging.
      - run: poetry run pip list > before.txt
      # Upgrade all runtime dependencies only. This is intended to mimic a fresh
      # `pip install matrix-synapse[all]` as closely as possible.
-      - run: poetry update --without dev
+      - run: poetry update --no-dev
      - run: poetry run pip list > after.txt && (diff -u before.txt after.txt || true)
      - name: Remove unhelpful options from mypy config
        run: sed -e '/warn_unused_ignores = True/d' -e '/warn_redundant_casts = True/d' -i mypy.ini
@@ -77,13 +72,11 @@ jobs:
            postgres-version: "14"

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

      - run: sudo apt-get -qq install xmlsec1
      - name: Set up PostgreSQL ${{ matrix.postgres-version }}
@@ -93,7 +86,7 @@ jobs:
            -e POSTGRES_PASSWORD=postgres \
            -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
            postgres:${{ matrix.postgres-version }}
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - run: pip install .[all,test]
@@ -139,9 +132,9 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - sytest-tag: bookworm
+          - sytest-tag: focal

-          - sytest-tag: bookworm
+          - sytest-tag: focal
            postgres: postgres
            workers: workers
            redis: redis
@@ -152,13 +145,11 @@ jobs:
      BLACKLIST: ${{ matrix.workers && 'synapse-blacklist-with-workers' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

      - name: Ensure sytest runs `pip install`
        # Delete the lockfile so sytest will `pip install` rather than `poetry install`
@@ -173,7 +164,7 @@ jobs:
        if: ${{ always() }}
        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
      - name: Upload SyTest logs
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        if: ${{ always() }}
        with:
          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.*, ', ') }})
@@ -201,15 +192,15 @@ jobs:
            database: Postgres

    steps:
-      - name: Check out synapse codebase
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Run actions/checkout@v4 for synapse
+        uses: actions/checkout@v4
        with:
          path: synapse

      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@v5
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -234,7 +225,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/poetry_lockfile.yaml
+++ b/.github/workflows/poetry_lockfile.yaml
@@ -16,8 +16,8 @@ jobs:
    name: "Check locked dependencies have sdists"
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'
      - run: pip install tomli
--- a/.github/workflows/push_complement_image.yml
+++ b/.github/workflows/push_complement_image.yml
@@ -33,29 +33,29 @@ jobs:
      packages: write
    steps:
      - name: Checkout specific branch (debug build)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4
        if: github.event_name == 'workflow_dispatch'
        with:
          ref: ${{ inputs.branch }}
      - name: Checkout clean copy of develop (scheduled build)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4
        if: github.event_name == 'schedule'
        with:
          ref: develop
      - name: Checkout clean copy of master (on-push)
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4
        if: github.event_name == 'push'
        with:
          ref: master
      - name: Login to registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Work out labels for complement image
        id: meta
-        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0
+        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/${{ github.repository }}/complement-synapse
          tags: |
--- a/.github/workflows/release-artifacts.yml
+++ b/.github/workflows/release-artifacts.yml
@@ -27,10 +27,10 @@ jobs:
    name: "Calculate list of debian distros"
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
-          python-version: "3.x"
+          python-version: '3.x'
      - id: set-distros
        run: |
          # if we're running from a tag, get the full list of distros; otherwise just use debian:sid
@@ -55,18 +55,18 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4
        with:
          path: src

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@v3
        with:
          install: true

      - name: Set up docker layer caching
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -74,9 +74,9 @@ jobs:
            ${{ runner.os }}-buildx-

      - name: Set up python
-        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+        uses: actions/setup-python@v5
        with:
-          python-version: "3.x"
+          python-version: '3.x'

      - name: Build the packages
        # see https://github.com/docker/build-push-action/issues/252
@@ -91,31 +91,19 @@ jobs:
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

-      - name: Artifact name
-        id: artifact-name
-        # We can't have colons in the upload name of the artifact, so we convert
-        # e.g. `debian:sid` to `sid`.
-        env:
-          DISTRO: ${{ matrix.distro }}
-        run: |
-          echo "ARTIFACT_NAME=${DISTRO#*:}" >> "$GITHUB_OUTPUT"
-
      - name: Upload debs as artifacts
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v3 # Don't upgrade to v4; broken: https://github.com/actions/upload-artifact#breaking-changes
        with:
-          name: debs-${{ steps.artifact-name.outputs.ARTIFACT_NAME }}
+          name: debs
          path: debs/*

  build-wheels:
-    name: Build wheels on ${{ matrix.os }}
+    name: Build wheels on ${{ matrix.os }} for ${{ matrix.arch }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        os:
-          - ubuntu-24.04
-          - ubuntu-24.04-arm
-          - macos-14 # This uses arm64
-          - macos-15-intel # This uses x86-64
+        os: [ubuntu-20.04, macos-12]
+        arch: [x86_64, aarch64]
        # is_pr is a flag used to exclude certain jobs from the matrix on PRs.
        # It is not read by the rest of the workflow.
        is_pr:
@@ -124,28 +112,39 @@ jobs:
        exclude:
          # Don't build macos wheels on PR CI.
          - is_pr: true
-            os: "macos-15-intel"
-          - is_pr: true
-            os: "macos-14"
+            os: "macos-12"
+          # Don't build aarch64 wheels on mac.
+          - os: "macos-12"
+            arch: aarch64
          # Don't build aarch64 wheels on PR CI.
          - is_pr: true
-            os: "ubuntu-24.04-arm"
+            arch: aarch64

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@v5
        with:
          # setup-python@v4 doesn't impose a default python version. Need to use 3.x
          # here, because `python` on osx points to Python 2.7.
          python-version: "3.x"

      - name: Install cibuildwheel
-        run: python -m pip install cibuildwheel==3.0.0
+        run: python -m pip install cibuildwheel==2.19.1
+
+      - name: Set up QEMU to emulate aarch64
+        if: matrix.arch == 'aarch64'
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: arm64
+
+      - name: Build aarch64 wheels
+        if: matrix.arch == 'aarch64'
+        run: echo 'CIBW_ARCHS_LINUX=aarch64' >> $GITHUB_ENV

      - name: Only build a single wheel on PR
        if: startsWith(github.ref, 'refs/pull/')
-        run: echo "CIBW_BUILD="cp310-manylinux_*"" >> $GITHUB_ENV
+        run: echo "CIBW_BUILD="cp38-manylinux_${{ matrix.arch }}"" >> $GITHUB_ENV

      - name: Build wheels
        run: python -m cibuildwheel --output-dir wheelhouse
@@ -153,10 +152,13 @@ jobs:
          # Skip testing for platforms which various libraries don't have wheels
          # for, and so need extra build deps.
          CIBW_TEST_SKIP: pp3*-* *i686* *musl*
+          # Fix Rust OOM errors on emulated aarch64: https://github.com/rust-lang/cargo/issues/10583
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+          CIBW_ENVIRONMENT_PASS_LINUX: CARGO_NET_GIT_FETCH_WITH_CLI

-      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - uses: actions/upload-artifact@v3 # Don't upgrade to v4; broken: https://github.com/actions/upload-artifact#breaking-changes
        with:
-          name: Wheel-${{ matrix.os }}
+          name: Wheel
          path: ./wheelhouse/*.whl

  build-sdist:
@@ -165,21 +167,22 @@ jobs:
    if: ${{ !startsWith(github.ref, 'refs/pull/') }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
-          python-version: "3.10"
+          python-version: '3.10'

      - run: pip install build

      - name: Build sdist
        run: python -m build --sdist

-      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      - uses: actions/upload-artifact@v3 # Don't upgrade to v4; broken: https://github.com/actions/upload-artifact#breaking-changes
        with:
          name: Sdist
          path: dist/*.tar.gz

+
  # if it's a tag, create a release and attach the artifacts to it
  attach-assets:
    name: "Attach assets to release"
@@ -191,20 +194,19 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all workflow run artifacts
-        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        uses: actions/download-artifact@v3 # Don't upgrade to v4, it should match upload-artifact
      - name: Build a tarball for the debs
-        # We need to merge all the debs uploads into one folder, then compress
-        # that.
-        run: |
-          mkdir debs
-          mv debs*/* debs/
-          tar -cvJf debs.tar.xz debs
+        run: tar -cvJf debs.tar.xz debs
      - name: Attach to release
+        uses: softprops/action-gh-release@a929a66f232c1b11af63782948aa2210f981808a  # PR#109
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release upload "${{ github.ref_name }}" \
-            Sdist/* \
-            Wheel*/* \
-            debs.tar.xz \
-            --repo ${{ github.repository }}
+        with:
+          files: |
+            Sdist/*
+            Wheel/*
+            debs.tar.xz
+          # if it's not already published, keep the release as a draft.
+          draft: true
+          # mark it as a prerelease if the tag contains 'rc'.
+          prerelease: ${{ contains(github.ref, 'rc') }}
--- a/.github/workflows/schema.yaml
+++ b/.github/workflows/schema.yaml
@@ -1,57 +0,0 @@
-name: Schema
-
-on:
-  pull_request:
-    paths:
-      - schema/**
-      - docs/usage/configuration/config_documentation.md
-  push:
-    branches: ["develop", "release-*"]
-  workflow_dispatch:
-
-jobs:
-  validate-schema:
-    name: Ensure Synapse config schema is valid
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: "3.x"
-      - name: Install check-jsonschema
-        run: pip install check-jsonschema==0.33.0
-
-      - name: Validate meta schema
-        run: check-jsonschema --check-metaschema schema/v*/meta.schema.json
-      - name: Validate schema
-        run: |-
-          # Please bump on introduction of a new meta schema.
-          LATEST_META_SCHEMA_VERSION=v1
-          check-jsonschema \
-            --schemafile="schema/$LATEST_META_SCHEMA_VERSION/meta.schema.json" \
-            schema/synapse-config.schema.yaml
-      - name: Validate default config
-      # Populates the empty instance with default values and checks against the schema.
-        run: |-
-          echo "{}" | check-jsonschema \
-            --fill-defaults --schemafile=schema/synapse-config.schema.yaml -
-
-  check-doc-generation:
-    name: Ensure generated documentation is up-to-date
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-        with:
-          python-version: "3.x"
-      - name: Install PyYAML
-        run: pip install PyYAML==6.0.2
-
-      - name: Regenerate config documentation
-        run: |
-          scripts-dev/gen_config_documentation.py \
-            schema/synapse-config.schema.yaml \
-          > docs/usage/configuration/config_documentation.md
-      - name: Error in case of any differences
-      # Errors if there are now any modified files (untracked files are ignored).
-        run: 'git diff --exit-code'
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,9 +11,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  # Job to detect what has changed so we don't run e.g. Rust checks on PRs that
  # don't modify Rust code.
@@ -26,7 +23,7 @@ jobs:
      linting: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.linting }}
      linting_readme: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.linting_readme }}
    steps:
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+    - uses: dorny/paths-filter@v3
      id: filter
      # We only check on PRs
      if: startsWith(github.ref, 'refs/pull/')
@@ -86,16 +83,14 @@ jobs:
    if: ${{ needs.changes.outputs.linting == 'true' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: "3.x"
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: "all"
      - run: poetry run scripts-dev/generate_sample_config.sh --check
      - run: poetry run scripts-dev/config-lint.sh
@@ -106,8 +101,8 @@ jobs:
    if: ${{ needs.changes.outputs.linting == 'true' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - run: "pip install 'click==8.1.1' 'GitPython>=3.1.20'"
@@ -116,8 +111,8 @@ jobs:
  check-lockfile:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - run: .ci/scripts/check_lockfile.py
@@ -129,12 +124,11 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4

      - name: Setup Poetry
-        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        uses: matrix-org/setup-python-poetry@v1
        with:
-          poetry-version: "2.1.1"
          install-project: "false"

      - name: Run ruff check
@@ -151,16 +145,14 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

      - name: Setup Poetry
-        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        uses: matrix-org/setup-python-poetry@v1
        with:
          # We want to make use of type hints in optional dependencies too.
          extras: all
@@ -169,12 +161,11 @@ jobs:
          # https://github.com/matrix-org/synapse/pull/15376#issuecomment-1498983775
          # To make CI green, err towards caution and install the project.
          install-project: "true"
-          poetry-version: "2.1.1"

      # Cribbed from
      # https://github.com/AustinScola/mypy-cache-github-action/blob/85ea4f2972abed39b33bd02c36e341b28ca59213/src/restore.ts#L10-L17
      - name: Restore/persist mypy's cache
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        uses: actions/cache@v4
        with:
          path: |
            .mypy_cache
@@ -187,7 +178,7 @@ jobs:
  lint-crlf:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Check line endings
        run: scripts-dev/check_line_terminators.sh

@@ -195,11 +186,11 @@ jobs:
    if: ${{ (github.base_ref == 'develop'  || contains(github.base_ref, 'release-')) && github.actor != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: 0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - run: "pip install 'towncrier>=18.6.0rc1'"
@@ -207,20 +198,37 @@ jobs:
        env:
          PULL_REQUEST_NUMBER: ${{ github.event.number }}

+  lint-pydantic:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.linting == 'true' }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2
+      - uses: matrix-org/setup-python-poetry@v1
+        with:
+          poetry-version: "1.3.2"
+          extras: "all"
+      - run: poetry run scripts-dev/check_pydantic_models.py
+
  lint-clippy:
    runs-on: ubuntu-latest
    needs: changes
    if: ${{ needs.changes.outputs.rust == 'true' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@1.66.0
        with:
            components: clippy
-            toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@v2

      - run: cargo clippy -- -D warnings

@@ -232,70 +240,32 @@ jobs:
    if: ${{ needs.changes.outputs.rust == 'true' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@master
        with:
-            toolchain: nightly-2025-04-23
+            toolchain: nightly-2022-12-01
            components: clippy
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@v2

      - run: cargo clippy --all-features -- -D warnings

-  lint-rust:
-    runs-on: ubuntu-latest
-    needs: changes
-    if: ${{ needs.changes.outputs.rust == 'true' }}
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-
-      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
-
-      - name: Setup Poetry
-        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
-        with:
-          # Install like a normal project from source with all optional dependencies
-          extras: all
-          install-project: "true"
-          poetry-version: "2.1.1"
-
-      - name: Ensure `Cargo.lock` is up to date (no stray changes after install)
-        # The `::error::` syntax is using GitHub Actions' error annotations, see
-        # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions
-        run: |
-          if git diff --quiet Cargo.lock; then
-            echo "Cargo.lock is up to date"
-          else
-            echo "::error::Cargo.lock has uncommitted changes after install. Please run 'poetry install --extras all' and commit the Cargo.lock changes."
-            git diff --exit-code Cargo.lock
-            exit 1
-          fi
-
-  # This job is split from `lint-rust` because it requires a nightly Rust toolchain
-  # for some of the unstable options we use in `.rustfmt.toml`.
  lint-rustfmt:
    runs-on: ubuntu-latest
    needs: changes
    if: ${{ needs.changes.outputs.rust == 'true' }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@master
        with:
-          # We use nightly so that we can use some unstable options that we use in
-          # `.rustfmt.toml`.
-          toolchain: nightly-2025-04-23
+          # We use nightly so that it correctly groups together imports
+          toolchain: nightly-2022-12-01
          components: rustfmt
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@v2

      - run: cargo fmt --check

@@ -306,8 +276,8 @@ jobs:
    needs: changes
    if: ${{ needs.changes.outputs.linting_readme == 'true' }}
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - run: "pip install rstcheck"
@@ -321,17 +291,17 @@ jobs:
      - lint-mypy
      - lint-crlf
      - lint-newsfile
+      - lint-pydantic
      - check-sampleconfig
      - check-schema-delta
      - check-lockfile
      - lint-clippy
      - lint-clippy-nightly
-      - lint-rust
      - lint-rustfmt
      - lint-readme
    runs-on: ubuntu-latest
    steps:
-      - uses: matrix-org/done-action@3409aa904e8a2aaf2220f09bc954d3d0b0a2ee67 # v3
+      - uses: matrix-org/done-action@v3
        with:
          needs: ${{ toJSON(needs) }}

@@ -342,9 +312,9 @@ jobs:
            lint
            lint-mypy
            lint-newsfile
+            lint-pydantic
            lint-clippy
            lint-clippy-nightly
-            lint-rust
            lint-rustfmt
            lint-readme

@@ -354,8 +324,8 @@ jobs:
    needs: linting-done
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
        with:
          python-version: "3.x"
      - id: get-matrix
@@ -375,7 +345,7 @@ jobs:
        job:  ${{ fromJson(needs.calculate-test-jobs.outputs.trial_test_matrix) }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - run: sudo apt-get -qq install xmlsec1
      - name: Set up PostgreSQL ${{ matrix.job.postgres-version }}
        if: ${{ matrix.job.postgres-version }}
@@ -390,15 +360,13 @@ jobs:
            postgres:${{ matrix.job.postgres-version }}

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: ${{ matrix.job.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: ${{ matrix.job.extras }}
      - name: Await PostgreSQL
        if: ${{ matrix.job.postgres-version }}
@@ -429,26 +397,24 @@ jobs:
    needs:
      - linting-done
      - changes
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-20.04
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

      # There aren't wheels for some of the older deps, so we need to install
      # their build dependencies
      - run: |
          sudo apt-get -qq update
-          sudo apt-get -qq install build-essential libffi-dev python3-dev \
+          sudo apt-get -qq install build-essential libffi-dev python-dev \
            libxml2-dev libxslt-dev xmlsec1 zlib1g-dev libjpeg-dev libwebp-dev

-      - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
+      - uses: actions/setup-python@v5
        with:
-          python-version: '3.10'
+          python-version: '3.8'

      - name: Prepare old deps
        if: steps.cache-poetry-old-deps.outputs.cache-hit != 'true'
@@ -492,17 +458,17 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["pypy-3.10"]
+        python-version: ["pypy-3.8"]
        extras: ["all"]

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      # Install libs necessary for PyPy to build binary wheels for dependencies
      - run: sudo apt-get -qq install xmlsec1 libxml2-dev libxslt-dev
-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: ${{ matrix.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: ${{ matrix.extras }}
      - run: poetry run trial --jobs=2 tests
      - name: Dump logs
@@ -546,15 +512,13 @@ jobs:
        job: ${{ fromJson(needs.calculate-test-jobs.outputs.sytest_test_matrix) }}

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Prepare test blacklist
        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

      - name: Run SyTest
        run: /bootstrap.sh synapse
@@ -563,7 +527,7 @@ jobs:
        if: ${{ always() }}
        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
      - name: Upload SyTest logs
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        if: ${{ always() }}
        with:
          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.job.*, ', ') }})
@@ -593,11 +557,11 @@ jobs:
          --health-retries 5

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - run: sudo apt-get -qq install xmlsec1 postgresql-client
-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: "postgres"
      - run: .ci/scripts/test_export_data_command.sh
        env:
@@ -616,11 +580,11 @@ jobs:
    strategy:
      matrix:
        include:
-          - python-version: "3.10"
-            postgres-version: "13"
+          - python-version: "3.8"
+            postgres-version: "11"

-          - python-version: "3.14"
-            postgres-version: "17"
+          - python-version: "3.11"
+            postgres-version: "15"

    services:
      postgres:
@@ -637,7 +601,7 @@ jobs:
          --health-retries 5

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - name: Add PostgreSQL apt repository
        # We need a version of pg_dump that can handle the version of
        # PostgreSQL being tested against. The Ubuntu package repository lags
@@ -648,10 +612,10 @@ jobs:
          wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
          sudo apt-get update
      - run: sudo apt-get -qq install xmlsec1 postgresql-client
-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: ${{ matrix.python-version }}
-          poetry-version: "2.1.1"
+          poetry-version: "1.3.2"
          extras: "postgres"
      - run: .ci/scripts/test_synapse_port_db.sh
        id: run_tester_script
@@ -661,7 +625,7 @@ jobs:
          PGPASSWORD: postgres
          PGDATABASE: postgres
      - name: "Upload schema differences"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        if: ${{ failure() && !cancelled() && steps.run_tester_script.outcome == 'failure' }}
        with:
          name: Schema dumps
@@ -691,21 +655,19 @@ jobs:
            database: Postgres

    steps:
-      - name: Checkout synapse codebase
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Run actions/checkout@v4 for synapse
+        uses: actions/checkout@v4
        with:
          path: synapse

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@v5
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -728,13 +690,11 @@ jobs:
      - changes

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@1.66.0
+      - uses: Swatinem/rust-cache@v2

      - run: cargo test

@@ -748,13 +708,13 @@ jobs:
      - changes

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        uses: dtolnay/rust-toolchain@master
        with:
            toolchain: nightly-2022-12-01
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+      - uses: Swatinem/rust-cache@v2

      - run: cargo bench --no-run

@@ -773,7 +733,7 @@ jobs:
      - linting-done
    runs-on: ubuntu-latest
    steps:
-      - uses: matrix-org/done-action@3409aa904e8a2aaf2220f09bc954d3d0b0a2ee67 # v3
+      - uses: matrix-org/done-action@v3
        with:
          needs: ${{ toJSON(needs) }}

--- a/.github/workflows/triage-incoming.yml
+++ b/.github/workflows/triage-incoming.yml
@@ -6,7 +6,7 @@ on:

 jobs:
  triage:
-    uses: matrix-org/backend-meta/.github/workflows/triage-incoming.yml@18beaf3c8e536108bd04d18e6c3dc40ba3931e28 # v2.0.3
+    uses: matrix-org/backend-meta/.github/workflows/triage-incoming.yml@v2
    with:
      project_id: 'PVT_kwDOAIB0Bs4AFDdZ'
      content_id: ${{ github.event.issue.node_id }}
--- a/.github/workflows/triage_labelled.yml
+++ b/.github/workflows/triage_labelled.yml
@@ -6,26 +6,39 @@ on:

 jobs:
  move_needs_info:
+    name: Move X-Needs-Info on the triage board
    runs-on: ubuntu-latest
    if: >
      contains(github.event.issue.labels.*.name, 'X-Needs-Info')
-    permissions:
-      contents: read
-    env:
-      # This token must have the following scopes: ["repo:public_repo", "admin:org->read:org", "user->read:user", "project"]
-      GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
-      PROJECT_OWNER: matrix-org
-      # Backend issue triage board.
-      # https://github.com/orgs/matrix-org/projects/67/views/1
-      PROJECT_NUMBER: 67
-      ISSUE_URL: ${{ github.event.issue.html_url }}
-      # This field is case-sensitive.
-      TARGET_STATUS: Needs info
    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/add-to-project@main
+        id: add_project
        with:
-          # Only clone the script file we care about, instead of the whole repo.
-          sparse-checkout: .ci/scripts/triage_labelled_issue.sh
-
-      - name: Ensure issue exists on the board, then set Status
-        run: .ci/scripts/triage_labelled_issue.sh
+          project-url: "https://github.com/orgs/matrix-org/projects/67"
+          github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+      - name: Set status
+        env:
+          GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
+        run: |
+          gh api graphql -f query='
+          mutation(
+              $project: ID!
+              $item: ID!
+              $fieldid: ID!
+              $columnid: String!
+            )  {
+            updateProjectV2ItemFieldValue(
+              input: {
+               projectId: $project
+                itemId: $item
+                fieldId: $fieldid
+                value: { 
+                  singleSelectOptionId: $columnid
+                  }
+              }
+            ) {
+              projectV2Item {
+                id
+              }
+            }
+          }' -f project="PVT_kwDOAIB0Bs4AFDdZ" -f item=${{ steps.add_project.outputs.itemId }} -f fieldid="PVTSSF_lADOAIB0Bs4AFDdZzgC6ZA4" -f columnid=ba22e43c --silent
--- a/.github/workflows/twisted_trunk.yml
+++ b/.github/workflows/twisted_trunk.yml
@@ -20,9 +20,6 @@ concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

-env:
-  RUST_VERSION: 1.87.0
-
 jobs:
  check_repo:
    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
@@ -43,19 +40,16 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: "3.x"
          extras: "all"
-          poetry-version: "2.1.1"
      - run: |
          poetry remove twisted
          poetry add --extras tls git+https://github.com/twisted/twisted.git#${{ inputs.twisted_ref || 'trunk' }}
@@ -70,20 +64,17 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - run: sudo apt-get -qq install xmlsec1

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

-      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+      - uses: matrix-org/setup-python-poetry@v1
        with:
          python-version: "3.x"
          extras: "all test"
-          poetry-version: "2.1.1"
      - run: |
          poetry remove twisted
          poetry add --extras tls git+https://github.com/twisted/twisted.git#trunk
@@ -108,22 +99,20 @@ jobs:
    if: needs.check_repo.outputs.should_run_workflow == 'true'
    runs-on: ubuntu-latest
    container:
-      # We're using bookworm because that's what Debian oldstable is at the time of writing.
+      # We're using ubuntu:focal because it uses Python 3.8 which is our minimum supported Python version.
      # This job is a canary to warn us about unreleased twisted changes that would cause problems for us if
      # they were to be released immediately. For simplicity's sake (and to save CI runners) we use the oldest
      # version, assuming that any incompatibilities on newer versions would also be present on the oldest.
-      image: matrixdotorg/sytest-synapse:bookworm
+      image: matrixdotorg/sytest-synapse:focal
      volumes:
        - ${{ github.workspace }}:/src

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
-        with:
-          toolchain: ${{ env.RUST_VERSION }}
-      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2

      - name: Patch dependencies
        # Note: The poetry commands want to create a virtualenv in /src/.venv/,
@@ -147,7 +136,7 @@ jobs:
        if: ${{ always() }}
        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
      - name: Upload SyTest logs
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@v4
        if: ${{ always() }}
        with:
          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.*, ', ') }})
@@ -175,14 +164,14 @@ jobs:

    steps:
      - name: Run actions/checkout@v4 for synapse
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@v4
        with:
          path: synapse

      - name: Prepare Complement's Prerequisites
        run: synapse/.ci/scripts/setup_complement_prerequisites.sh

-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
+      - uses: actions/setup-go@v5
        with:
          cache-dependency-path: complement/go.sum
          go-version-file: complement/go.mod
@@ -192,11 +181,11 @@ jobs:
        run: |
          set -x
          DEBIAN_FRONTEND=noninteractive sudo apt-get install -yqq python3 pipx
-          pipx install poetry==2.1.1
+          pipx install poetry==1.3.2

          poetry remove -n twisted
          poetry add -n --extras tls git+https://github.com/twisted/twisted.git#trunk
-          poetry lock
+          poetry lock --no-update
        working-directory: synapse

      - run: |
@@ -217,7 +206,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@v4
      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -47,7 +47,6 @@ __pycache__/
 /.idea/
 /.ropeproject/
 /.vscode/
-/.zed/

 # build products
 !/.coveragerc
--- a/.rustfmt.toml
+++ b/.rustfmt.toml
@@ -1,6 +1 @@
-# Unstable options are only available on a nightly toolchain and must be opted into
-unstable_features = true
-
-# `group_imports` is an unstable option that requires nightly Rust toolchain. Tracked by
-# https://github.com/rust-lang/rustfmt/issues/5083
 group_imports = "StdExternalCrate"
--- a/CHANGES.md
+++ b/CHANGES.md
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/LICENSE-AGPL-3.0
+++ b/LICENSE-AGPL-3.0
--- a/6
+++ b/6
@@ -1,6 +0,0 @@
-Licensees holding a valid commercial license with Element may use this
-software in accordance with the terms contained in a written agreement
-between you and Element.
-
-To purchase a commercial license please contact our sales team at
-licensing@element.io
--- a/README.rst
+++ b/README.rst
@@ -8,28 +8,27 @@
 Synapse is an open source `Matrix <https://matrix.org>`__ homeserver
 implementation, written and maintained by `Element <https://element.io>`_.
 `Matrix <https://github.com/matrix-org>`__ is the open standard for
-secure and interoperable real-time communications. You can directly run
+secure and interoperable real time communications. You can directly run
 and manage the source code in this repository, available under an AGPL
-license (or alternatively under a commercial license from Element).
-There is no support provided by Element unless you have a
-subscription from Element.
+license. There is no support provided from Element unless you have a
+subscription.

-Subscription
-============
+Subscription alternative
+========================

-For those that need an enterprise-ready solution, Element
-Server Suite (ESS) is `available via subscription <https://element.io/pricing>`_.
+Alternatively, for those that need an enterprise-ready solution, Element
+Server Suite (ESS) is `available as a subscription <https://element.io/pricing>`_.
 ESS builds on Synapse to offer a complete Matrix-based backend including the full
 `Admin Console product <https://element.io/enterprise-functionality/admin-console>`_,
 giving admins the power to easily manage an organization-wide
 deployment. It includes advanced identity management, auditing,
-moderation and data retention options as well as Long-Term Support and
-SLAs. ESS supports any Matrix-compatible client.
+moderation and data retention options as well as Long Term Support and
+SLAs. ESS can be used to support any Matrix-based frontend client.

 .. contents::

-🛠️ Installation and configuration
-==================================
+🛠️ Installing and configuration
+===============================

 The Synapse documentation describes `how to install Synapse <https://element-hq.github.io/synapse/latest/setup/installation.html>`_. We recommend using
 `Docker images <https://element-hq.github.io/synapse/latest/setup/installation.html#docker-images-and-ansible-playbooks>`_ or `Debian packages from Matrix.org
@@ -133,7 +132,7 @@ connect from a client: see
 An easy way to get started is to login or register via Element at
 https://app.element.io/#/login or https://app.element.io/#/register respectively.
 You will need to change the server you are logging into from ``matrix.org``
-and instead specify a homeserver URL of ``https://<server_name>:8448``
+and instead specify a Homeserver URL of ``https://<server_name>:8448``
 (or just ``https://<server_name>`` if you are using a reverse proxy).
 If you prefer to use another client, refer to our
 `client breakdown <https://matrix.org/ecosystem/clients/>`_.
@@ -159,18 +158,19 @@ it:

 We **strongly** recommend using a CAPTCHA, particularly if your homeserver is exposed to
 the public internet. Without it, anyone can freely register accounts on your homeserver.
-This can be exploited by attackers to create spambots targeting the rest of the Matrix
+This can be exploited by attackers to create spambots targetting the rest of the Matrix
 federation.

-Your new Matrix ID will be formed partly from the ``server_name``, and partly
-from a localpart you specify when you create the account in the form of::
+Your new user name will be formed partly from the ``server_name``, and partly
+from a localpart you specify when you create the account. Your name will take
+the form of::

    @localpart:my.domain.name

 (pronounced "at localpart on my dot domain dot name").

 As when logging in, you will need to specify a "Custom server".  Specify your
-desired ``localpart`` in the 'Username' box.
+desired ``localpart`` in the 'User name' box.

 🎯 Troubleshooting and support
 ==============================
@@ -208,10 +208,10 @@ Identity servers have the job of mapping email addresses and other 3rd Party
 IDs (3PIDs) to Matrix user IDs, as well as verifying the ownership of 3PIDs
 before creating that mapping.

-**Identity servers do not store accounts or credentials - these are stored and managed on homeservers.
-Identity Servers are just for mapping 3rd Party IDs to Matrix IDs.**
+**They are not where accounts or credentials are stored - these live on home
+servers. Identity Servers are just for mapping 3rd party IDs to matrix IDs.**

-This process is highly security-sensitive, as there is an obvious risk of spam if it
+This process is very security-sensitive, as there is obvious risk of spam if it
 is too easy to sign up for Matrix accounts or harvest 3PID data. In the longer
 term, we hope to create a decentralised system to manage it (`matrix-doc #712
 <https://github.com/matrix-org/matrix-doc/issues/712>`_), but in the meantime,
@@ -237,9 +237,9 @@ email address.
 We welcome contributions to Synapse from the community!
 The best place to get started is our
 `guide for contributors <https://element-hq.github.io/synapse/latest/development/contributing_guide.html>`_.
-This is part of our broader `documentation <https://element-hq.github.io/synapse/latest>`_, which includes
-information for Synapse developers as well as Synapse administrators.
+This is part of our larger `documentation <https://element-hq.github.io/synapse/latest>`_, which includes

+information for Synapse developers as well as Synapse administrators.
 Developers might be particularly interested in:

 * `Synapse's database schema <https://element-hq.github.io/synapse/latest/development/database_schema.html>`_,
@@ -249,24 +249,6 @@ Developers might be particularly interested in:
 Alongside all that, join our developer community on Matrix:
 `#synapse-dev:matrix.org <https://matrix.to/#/#synapse-dev:matrix.org>`_, featuring real humans!

-Copyright and Licensing
-=======================
-
-| Copyright 2014-2017 OpenMarket Ltd
-| Copyright 2017 Vector Creations Ltd
-| Copyright 2017-2025 New Vector Ltd
-|
-
-This software is dual-licensed by New Vector Ltd (Element). It can be used either:
-
-(1) for free under the terms of the GNU Affero General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version); OR
-
-(2) under the terms of a paid-for Element Commercial License agreement between you and Element (the terms of which may vary depending on what you and Element have agreed to).
-
-Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.
-
-Please contact `licensing@element.io <mailto:licensing@element.io>`_ to purchase an Element commercial license for this software.
-

 .. |support| image:: https://img.shields.io/badge/matrix-community%20support-success
  :alt: (get community support in #synapse:matrix.org)
--- a/build_rust.py
+++ b/build_rust.py
@@ -1,14 +1,12 @@
 # A build script for poetry that adds the rust extension.

-import itertools
 import os
-from typing import Any
+from typing import Any, Dict

-from packaging.specifiers import SpecifierSet
 from setuptools_rust import Binding, RustExtension


-def build(setup_kwargs: dict[str, Any]) -> None:
+def build(setup_kwargs: Dict[str, Any]) -> None:
    original_project_dir = os.path.dirname(os.path.realpath(__file__))
    cargo_toml_path = os.path.join(original_project_dir, "rust", "Cargo.toml")

@@ -16,27 +14,10 @@ def build(setup_kwargs: dict[str, Any]) -> None:
        target="synapse.synapse_rust",
        path=cargo_toml_path,
        binding=Binding.PyO3,
-        # This flag is a no-op in the latest versions. Instead, we need to
-        # specify this in the `bdist_wheel` config below.
        py_limited_api=True,
-        # We always build in release mode, as we can't distinguish
-        # between using `poetry` in development vs production.
+        # We force always building in release mode, as we can't tell the
+        # difference between using `poetry` in development vs production.
        debug=False,
    )
    setup_kwargs.setdefault("rust_extensions", []).append(extension)
    setup_kwargs["zip_safe"] = False
-
-    # We look up the minimum supported Python version with
-    # `python_requires` (e.g. ">=3.10.0,<4.0.0") and finding the first Python
-    # version that matches. We then convert that into the `py_limited_api` form,
-    # e.g. cp310 for Python 3.10.
-    py_limited_api: str
-    python_bounds = SpecifierSet(setup_kwargs["python_requires"])
-    for minor_version in itertools.count(start=10):
-        if f"3.{minor_version}.0" in python_bounds:
-            py_limited_api = f"cp3{minor_version}"
-            break
-
-    setup_kwargs.setdefault("options", {}).setdefault("bdist_wheel", {})[
-        "py_limited_api"
-    ] = py_limited_api
--- a/changelog.d/17407.misc
+++ b/changelog.d/17407.misc
@@ -0,0 +1 @@
+MSC3861: load the issuer and account management URLs from OIDC discovery.
--- a/changelog.d/17509.feature
+++ b/changelog.d/17509.feature
@@ -0,0 +1 @@
+Improve cross-signing upload when using [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) to use a custom UIA flow stage, with web fallback support.
--- a/changelog.d/17512.misc
+++ b/changelog.d/17512.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17590.doc
+++ b/changelog.d/17590.doc
@@ -0,0 +1 @@
+Clarify that the admin api resource is only loaded on the main process and not workers.
--- a/changelog.d/17594.doc
+++ b/changelog.d/17594.doc
@@ -0,0 +1 @@
+Fixed typo in `saml2_config` config [example](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#saml2_config).
--- a/changelog.d/17599.misc
+++ b/changelog.d/17599.misc
@@ -0,0 +1 @@
+Store sliding sync per-connection state in the database.
--- a/changelog.d/17600.misc
+++ b/changelog.d/17600.misc
@@ -0,0 +1 @@
+Make the sliding sync `PerConnectionState` class immutable.
--- a/changelog.d/17607.bugfix
+++ b/changelog.d/17607.bugfix
@@ -0,0 +1 @@
+Return `400 M_BAD_JSON` upon attempting to complete various room actions with a non-local user ID and unknown room ID, rather than an internal server error.
--- a/changelog.d/17620.misc
+++ b/changelog.d/17620.misc
@@ -0,0 +1 @@
+Replace `isort` and `black with `ruff`.
--- a/changelog.d/17626.bugfix
+++ b/changelog.d/17626.bugfix
@@ -0,0 +1 @@
+Fix authenticated media responses using a wrong limit when following redirects over federation.
--- a/changelog.d/17629.misc
+++ b/changelog.d/17629.misc
@@ -0,0 +1 @@
+Sliding Sync: Split up `get_room_membership_for_user_at_to_token`.
--- a/changelog.d/17630.misc
+++ b/changelog.d/17630.misc
@@ -0,0 +1 @@
+Use new database tables for sliding sync.
--- a/changelog.d/17631.misc
+++ b/changelog.d/17631.misc
@@ -0,0 +1 @@
+Store sliding sync per-connection state in the database.
--- a/changelog.d/17632.misc
+++ b/changelog.d/17632.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17633.misc
+++ b/changelog.d/17633.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17634.misc
+++ b/changelog.d/17634.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17635.misc
+++ b/changelog.d/17635.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17636.misc
+++ b/changelog.d/17636.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17641.misc
+++ b/changelog.d/17641.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17643.misc
+++ b/changelog.d/17643.misc
@@ -0,0 +1 @@
+Replace `isort` and `black with `ruff`.
--- a/changelog.d/17649.misc
+++ b/changelog.d/17649.misc
@@ -0,0 +1 @@
+Use new database tables for sliding sync.
--- a/changelog.d/17650.removal
+++ b/changelog.d/17650.removal
@@ -0,0 +1 @@
+Stabilise [MSC4156](https://github.com/matrix-org/matrix-spec-proposals/pull/4156) by removing the `msc4156_enabled` config setting and defaulting it to `true`.
--- a/changelog.d/17654.misc
+++ b/changelog.d/17654.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17655.misc
+++ b/changelog.d/17655.misc
@@ -0,0 +1 @@
+Prevent duplicate tags being added to Sliding Sync traces.
--- a/changelog.d/17658.misc
+++ b/changelog.d/17658.misc
@@ -0,0 +1 @@
+Get `bump_stamp` from [new sliding sync tables](https://github.com/element-hq/synapse/pull/17512) which should be faster.
--- a/changelog.d/17665.misc
+++ b/changelog.d/17665.misc
@@ -0,0 +1 @@
+Speed up incremental Sliding Sync requests by avoiding extra work.
--- a/changelog.d/17666.misc
+++ b/changelog.d/17666.misc
@@ -0,0 +1 @@
+Small performance improvement in speeding up sliding sync.
--- a/changelog.d/17670.misc
+++ b/changelog.d/17670.misc
@@ -0,0 +1 @@
+Small performance improvement in speeding up sliding sync.
--- a/changelog.d/17672.misc
+++ b/changelog.d/17672.misc
@@ -0,0 +1 @@
+Small performance improvement in speeding up sliding sync.
--- a/changelog.d/17673.misc
+++ b/changelog.d/17673.misc
@@ -0,0 +1 @@
+Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
--- a/changelog.d/17674.bugfix
+++ b/changelog.d/17674.bugfix
@@ -0,0 +1 @@
+Fix bug where we returned the wrong `bump_stamp` for invites in sliding sync response, causing incorrect ordering of invites in the room list.
--- a/changelog.d/17684.misc
+++ b/changelog.d/17684.misc
@@ -0,0 +1 @@
+Speed up sliding sync by reducing number of database calls.
--- a/changelog.d/17688.misc
+++ b/changelog.d/17688.misc
@@ -0,0 +1 @@
+Speed up sync by pulling out fewer events from the database.
--- a/changelog.d/19020.misc
+++ b/changelog.d/19020.misc
@@ -1 +0,0 @@
-Fix CI linter for schema delta files to correctly handle all types of `CREATE TABLE` syntax.
--- a/changelog.d/19021.feature
+++ b/changelog.d/19021.feature
@@ -1,2 +0,0 @@
-Add an [Admin API](https://element-hq.github.io/synapse/latest/usage/administration/admin_api/index.html)
-to allow an admin to fetch the space/room hierarchy for a given space.
--- a/changelog.d/19046.misc
+++ b/changelog.d/19046.misc
@@ -1 +0,0 @@
-Use type hinting generics in standard collections, as per PEP 585, added in Python 3.9.
--- a/changelog.d/19047.doc
+++ b/changelog.d/19047.doc
@@ -1 +0,0 @@
-Update the link to the Debian oldstable package for SQLite.
--- a/changelog.d/19047.misc
+++ b/changelog.d/19047.misc
@@ -1 +0,0 @@
-Always treat `RETURNING` as supported by SQL engines, now that the minimum-supported versions of both SQLite and PostgreSQL support it.
--- a/changelog.d/19047.removal
+++ b/changelog.d/19047.removal
@@ -1 +0,0 @@
-Remove support for SQLite < 3.37.2.
--- a/changelog.d/19055.misc
+++ b/changelog.d/19055.misc
@@ -1 +0,0 @@
-Add support for Python 3.14.
--- a/changelog.d/19056.misc
+++ b/changelog.d/19056.misc
@@ -1 +0,0 @@
-Move `oidc.load_metadata()` startup into `_base.start()`.
--- a/changelog.d/19058.misc
+++ b/changelog.d/19058.misc
@@ -1 +0,0 @@
-Remove logcontext problems caused by awaiting raw `deferLater(...)`.
--- a/changelog.d/19062.bugfix
+++ b/changelog.d/19062.bugfix
@@ -1 +0,0 @@
-Fix a bug introduced in 1.111.0 where failed attempts to download authenticated remote media would not be handled correctly.
--- a/changelog.d/19067.misc
+++ b/changelog.d/19067.misc
@@ -1 +0,0 @@
-Prevent duplicate logging setup when running multiple Synapse instances.
--- a/changelog.d/19068.misc
+++ b/changelog.d/19068.misc
@@ -1 +0,0 @@
-Be mindful of other logging context filters in 3rd-party code and avoid overwriting log record fields unless we know the log record is relevant to Synapse.
--- a/changelog.d/19071.misc
+++ b/changelog.d/19071.misc
@@ -1 +0,0 @@
-Update pydantic to v2.
--- a/changelog.d/19073.doc
+++ b/changelog.d/19073.doc
@@ -1 +0,0 @@
-Point out additional Redis configuration options available in the worker docs. Contributed by @servisbryce.
--- a/changelog.d/19079.bugfix
+++ b/changelog.d/19079.bugfix
@@ -1 +0,0 @@
-Fix the `oidc_session_no_samesite` cookie to have the `Secure` attribute, so the only difference between it and the paired `oidc_session` cookie, is the configuration of the `SameSite` attribute as described in the comments / cookie names. Contributed by @kieranlane.
--- a/changelog.d/19080.misc
+++ b/changelog.d/19080.misc
@@ -1 +0,0 @@
-Update deprecated code in the release script to prevent a warning message from being printed.
--- a/changelog.d/19081.misc
+++ b/changelog.d/19081.misc
@@ -1 +0,0 @@
-Update the deprecated poetry development dependencies group name in `pyproject.toml`.
--- a/changelog.d/19085.misc
+++ b/changelog.d/19085.misc
@@ -1 +0,0 @@
-Remove `pp38*` skip selector from cibuildwheel to silence warning.
--- a/changelog.d/19088.misc
+++ b/changelog.d/19088.misc
@@ -1 +0,0 @@
-Don't immediately exit the release script if the checkout is dirty. Instead, allow the user to clear the dirty changes and retry.
--- a/changelog.d/19089.misc
+++ b/changelog.d/19089.misc
@@ -1 +0,0 @@
-Update the release script's generated announcement text to include a title and extra text for RC's.
--- a/changelog.d/19090.bugfix
+++ b/changelog.d/19090.bugfix
@@ -1 +0,0 @@
-Fix lost logcontext warnings from timeouts in sync and requests made by Synapse itself.
--- a/changelog.d/19092.misc
+++ b/changelog.d/19092.misc
@@ -1 +0,0 @@
-Fix lints on main branch.
--- a/changelog.d/19094.misc
+++ b/changelog.d/19094.misc
@@ -1 +0,0 @@
-Use cheaper random string function in logcontext utilities.
--- a/changelog.d/19095.misc
+++ b/changelog.d/19095.misc
@@ -1 +0,0 @@
-Avoid clobbering other `SIGHUP` handlers in 3rd-party code.
--- a/changelog.d/19096.misc
+++ b/changelog.d/19096.misc
@@ -1 +0,0 @@
-Prevent duplicate GitHub draft releases being created during the Synapse release process.
--- a/changelog.d/19098.misc
+++ b/changelog.d/19098.misc
@@ -1 +0,0 @@
-Use Pillow's `Image.getexif` method instead of the experimental `Image._getexif`.
--- a/changelog.d/19099.removal
+++ b/changelog.d/19099.removal
@@ -1 +0,0 @@
-Drop support for Python 3.9.
--- a/changelog.d/19100.doc
+++ b/changelog.d/19100.doc
@@ -1 +0,0 @@
-Update the list of Debian releases that the downstream Debian package is maintained for.
--- a/changelog.d/19107.misc
+++ b/changelog.d/19107.misc
@@ -1 +0,0 @@
-Prevent uv `/usr/local/.lock` file from appearing in built Synapse docker images.
--- a/changelog.d/19108.bugfix
+++ b/changelog.d/19108.bugfix
@@ -1 +0,0 @@
-Fix lost logcontext when using `HomeServer.shutdown()`.
--- a/changelog.d/19109.doc
+++ b/changelog.d/19109.doc
@@ -1 +0,0 @@
-Add [a page](https://element-hq.github.io/synapse/latest/development/internal_documentation/release_notes_review_checklist.html) to the documentation describing the steps the Synapse team takes to review the release notes before publishing them.
--- a/changelog.d/19110.misc
+++ b/changelog.d/19110.misc
@@ -1 +0,0 @@
-Allow Synapse's runtime dependency checking code to take packaging markers (i.e. `python <= 3.14`) into account when checking dependencies.
--- a/changelog.d/19116.misc
+++ b/changelog.d/19116.misc
@@ -1 +0,0 @@
-Move exception handling up the stack (avoid `exit(1)` in our composable functions).
--- a/changelog.d/19118.misc
+++ b/changelog.d/19118.misc
@@ -1 +0,0 @@
-Fix a lint error related to lifetimes in Rust 1.90.
--- a/changelog.d/19121.misc
+++ b/changelog.d/19121.misc
@@ -1 +0,0 @@
-Refactor and align app entrypoints (avoid `exit(1)` in our composable functions).
--- a/changelog.d/19131.misc
+++ b/changelog.d/19131.misc
@@ -1 +0,0 @@
-Refactor and align app entrypoints (avoid `exit(1)` in our composable functions).
--- a/changelog.d/19138.misc
+++ b/changelog.d/19138.misc
@@ -1 +0,0 @@
-Minor speed up of processing of inbound replication.
--- a/contrib/cmdclient/console.py
+++ b/contrib/cmdclient/console.py
@@ -245,7 +245,7 @@ class SynapseCmd(cmd.Cmd):

        if "flows" not in json_res:
            print("Failed to find any login flows.")
-            return False
+            defer.returnValue(False)

        flow = json_res["flows"][0]  # assume first is the one we want.
        if "type" not in flow or "m.login.password" != flow["type"] or "stages" in flow:
@@ -254,8 +254,8 @@ class SynapseCmd(cmd.Cmd):
                "Unable to login via the command line client. Please visit "
                "%s to login." % fallback_url
            )
-            return False
-        return True
+            defer.returnValue(False)
+        defer.returnValue(True)

    def do_emailrequest(self, line):
        """Requests the association of a third party identifier
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Erik Johnston	4cf2966797	WIP don't pull out left rooms	2024-09-10 15:38:44 +01:00
Erik Johnston	d99dd4c1e4	Fast-path for have_completed_background_updates	2024-09-10 14:07:50 +01:00
Erik Johnston	864cbcd86f	Short-circuit have_finished_sliding_sync_background_jobs We only need to check this if returned bump stamp is `None`, which is rare.	2024-09-10 14:04:03 +01:00
				`@@ -0,0 +1 @@`
				`MSC3861: load the issuer and account management URLs from OIDC discovery.`
				`@@ -0,0 +1 @@`
				`Improve cross-signing upload when using [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) to use a custom UIA flow stage, with web fallback support.`
				`@@ -0,0 +1 @@`
				Pre-populate room data used in experimental [MSC3575](https://github.com/matrix-org/matrix-spec-proposals/pull/3575) Sliding Sync `/sync` endpoint for quick filtering/sorting.
				`@@ -0,0 +1 @@`
				`Clarify that the admin api resource is only loaded on the main process and not workers.`
				`@@ -0,0 +1 @@`
				Fixed typo in `saml2_config` config [example](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#saml2_config).
				`@@ -0,0 +1 @@`
				`Store sliding sync per-connection state in the database.`
				`@@ -0,0 +1 @@`
				Make the sliding sync `PerConnectionState` class immutable.
				`@@ -0,0 +1 @@`
				Return `400 M_BAD_JSON` upon attempting to complete various room actions with a non-local user ID and unknown room ID, rather than an internal server error.
				`@@ -0,0 +1 @@`
				`Fix authenticated media responses using a wrong limit when following redirects over federation.`