chore: Linkify pull requests in CHANGELOG.md

chore: Bump cargo lock
chore: Bump version
2026-04-25 10:12:10 +00:00 · 2026-02-08 17:49:53 +00:00 · 2026-02-08 17:45:51 +00:00 · 2026-02-08 17:41:53 +00:00 · 2026-02-08 17:41:30 +00:00 · 2026-02-08 17:25:09 +00:00
55 changed files with 1692 additions and 2203 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,4 +1,4 @@
-github: [JadedBlueEyes, nexy7574]
+github: [JadedBlueEyes, nexy7574, gingershaped]
 custom:
  - https://ko-fi.com/nexy7574
  - https://ko-fi.com/JadedBlueEyes
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,7 +23,7 @@ repos:
        - id: check-added-large-files

  - repo: https://github.com/crate-ci/typos
-    rev: v1.41.0
+    rev: v1.43.2
    hooks:
      - id: typos
      - id: typos
--- a/.typos.toml
+++ b/.typos.toml
@@ -6,14 +6,13 @@ extend-exclude = ["*.csr", "*.lock", "pnpm-lock.yaml"]
 extend-ignore-re = [
    "(?Rm)^.*(#|//|<!--)\\s*spellchecker:disable-line(\\s*-->)$", # Ignore a line by making it trail with a `spellchecker:disable-line` comment
    "^[0-9a-f]{7,}$", # Commit hashes
-
+    "4BA7",
    # some heuristics for base64 strings
    "[A-Za-z0-9+=]{72,}",
    "([A-Za-z0-9+=]|\\\\\\s\\*){72,}",
    "[0-9+][A-Za-z0-9+]{30,}[a-z0-9+]",
    "\\$[A-Z0-9+][A-Za-z0-9+]{6,}[a-z0-9+]",
    "\\b[a-z0-9+/=][A-Za-z0-9+/=]{7,}[a-z0-9+/=][A-Z]\\b",
-
    # In the renovate config
    ".ontainer"
 ]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,58 +1,98 @@
+# Continuwuity v0.5.4 (2026-02-08)
+
+## Features
+
+- The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other
+  misc improvements. Contributed by @Jade ([#1288](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1288))
+- Drastically improved the performance and reliability of account deactivations. Contributed by @nex ([#1314](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1314))
+- Refuse to process requests for and events in rooms that we no longer have any local users in (reduces state resets
+  and improves performance). Contributed by @nex ([#1316](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1316))
+- Added server-specific admin API routes to ban and unban rooms, for use with moderation bots. Contributed by @nex
+  ([#1301](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1301))
+
+## Bugfixes
+
+- Fix the generated configuration containing uncommented optional sections. Contributed by @Jade ([#1290](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1290))
+- Fixed specification non-compliance when handling remote media errors. Contributed by @nex ([#1298](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1298))
+- UIAA requests which check for out-of-band success (sent by matrix-js-sdk) will no longer create unhelpful errors in
+  the logs. Contributed by @ginger ([#1305](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1305))
+- Use exists instead of contains to save writing to a buffer in `src/service/users/mod.rs`: `is_login_disabled`.
+  Contributed
+  by @aprilgrimoire. ([#1340](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1340))
+- Fixed backtraces being swallowed during panics. Contributed by @jade ([#1337](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1337))
+- Fixed a potential vulnerability that could allow an evil remote server to return malicious events during the room join
+  and knock process. Contributed by @nex, reported by violet & [mat](https://matdoes.dev).
+- Fixed a race condition that could result in outlier PDUs being incorrectly marked as visible to a remote server.
+  Contributed by @nex, reported by violet & [mat](https://matdoes.dev).
+- ACLs are no longer case-sensitive. Contributed by @nex, reported by [vel](matrix:u/vel:nhjkl.com?action=chat).
+
+## Docs
+
+- Fixed Fedora install instructions. Contributed by @julian45 ([#1342](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1342))
+
 # Continuwuity 0.5.3 (2026-01-12)

 ## Features

- Improve the display of nested configuration with the `!admin server show-config` command. Contributed by @Jade (#1279)
+- Improve the display of nested configuration with the `!admin server show-config` command. Contributed by @Jade ([#1279](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1279))

 ## Bugfixes

- Fixed `M_BAD_JSON` error when sending invites to other servers or when providing joins. Contributed by @nex (#1286)
-
+- Fixed `M_BAD_JSON` error when sending invites to other servers or when providing joins. Contributed by @nex ([#1286](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1286))

 ## Docs

- Improve admin command documentation generation. Contributed by @ginger (#1280)
-
+- Improve admin command documentation generation. Contributed by @ginger ([#1280](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1280))

 ## Misc

- Improve timeout-related code for federation and URL previews. Contributed by @Jade (#1278)
-
+- Improve timeout-related code for federation and URL previews. Contributed by @Jade ([#1278](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1278))

 # Continuwuity 0.5.2 (2026-01-09)

 ## Features

- Added support for issuing additional registration tokens, stored in the database, which supplement the existing registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration tokens. Contributed by @ginger (#783).
- Implemented a configuration defined admin list independent of the admin room. Contributed by @Terryiscool160. (#1253)
- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam. Contributed by @nex. (#1263)
- Implemented account locking functionality, to complement user suspension. Contributed by @nex. (#1266)
- Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex. (#1271)
- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (#1272)
- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs. Contributed by @nex. (#1277)
- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server console. Contributed by @ginger.
+- Added support for issuing additional registration tokens, stored in the database, which supplement the existing
+  registration token hardcoded in the config file. These tokens may optionally expire after a certain number of uses or
+  after a certain amount of time has passed. Additionally, the `registration_token_file` configuration option is
+  superseded by this feature and **has been removed**. Use the new `!admin token` command family to manage registration
+  tokens. Contributed by @ginger (#783).
+- Implemented a configuration defined admin list independent of the admin room. Contributed by @Terryiscool160. ([#1253](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1253))
+- Added support for invite and join anti-spam via Draupnir and Meowlnir, similar to that of synapse-http-antispam.
+  Contributed by @nex. ([#1263](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1263))
+- Implemented account locking functionality, to complement user suspension. Contributed by @nex. ([#1266](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1266))
+- Added admin command to forcefully log out all of a user's existing sessions. Contributed by @nex. ([#1271](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1271))
+- Implemented toggling the ability for an account to log in without mutating any of its data. Contributed by @nex. (
+  [#1272](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1272))
+- Add support for custom room create event timestamps, to allow generating custom prefixes in hashed room IDs.
+  Contributed by @nex. ([#1277](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1277))
+- Certain potentially dangerous admin commands are now restricted to only be usable in the admin room and server
+  console. Contributed by @ginger.

 ## Bugfixes

- Fixed unreliable room summary fetching and improved error messages. Contributed by @nex. (#1257)
- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now also concurrent. Contributed by @nex. (#1261)
- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by @nex. (#1276)
+- Fixed unreliable room summary fetching and improved error messages. Contributed by @nex. ([#1257](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1257))
+- Client requested timeout parameter is now applied to e2ee key lookups and claims. Related federation requests are now
+  also concurrent. Contributed by @nex. ([#1261](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1261))
+- Fixed the whoami endpoint returning HTTP 404 instead of HTTP 403, which confused some appservices. Contributed by
+  @nex. ([#1276](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1276))

 ## Misc

- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`. Contributed by @ginger.
+- The `console` feature is now enabled by default, allowing the server console to be used for running admin commands
+  directly. To automatically open the console on startup, set the `admin_console_automatic` config option to `true`.
+  Contributed by @ginger.
 - We now (finally) document our container image mirrors. Contributed by @Jade

-
 # Continuwuity 0.5.0 (2025-12-30)

 **This release contains a CRITICAL vulnerability patch, and you must update as soon as possible**

 ## Features

- Enabled the OTLP exporter in default builds, and allow configuring the exporter protocol. (@Jade). (#1251)
+- Enabled the OTLP exporter in default builds, and allow configuring the exporter protocol. (@Jade). ([#1251](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1251))

 ## Bug Fixes

- Don't allow admin room upgrades, as this can break the admin room (@timedout) (#1245)
- Fix invalid creators in power levels during upgrade to v12 (@timedout) (#1245)
+- Don't allow admin room upgrades, as this can break the admin room (@timedout) ([#1245](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1245))
+- Fix invalid creators in power levels during upgrade to v12 (@timedout) ([#1245](https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1245))
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.3"
+version = "0.5.4"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -158,7 +158,7 @@ features = ["raw_value"]

 # Used for appservice registration files
 [workspace.dependencies.serde-saphyr]
-version = "0.0.14"
+version = "0.0.17"

 # Used to load forbidden room/user regex from config
 [workspace.dependencies.serde_regex]
@@ -342,7 +342,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-rev = "85d00fb5746cba23904234b4fd3c838dcf141541"
+rev = "458d52bdc7f9a07c497be94a1420ebd3d87d7b2b"
 features = [
    "compat",
    "rand",
--- a/README.md
+++ b/README.md
@@ -57,9 +57,10 @@ ### What are the project's goals?

 ### Can I try it out?

-Check out the [documentation](https://continuwuity.org) for installation instructions.
+Check out the [documentation](https://continuwuity.org) for installation instructions, or join one of these vetted public homeservers running Continuwuity to get a feel for things!

-There are currently no open registration Continuwuity instances available.
+- https://continuwuity.rocks -- A public demo server operated by the Continuwuity Team.
+- https://federated.nexus -- Federated Nexus is a community resource hosting multiple FOSS (especially federated) services, including Matrix and Forgejo.

 ### What are we working on?

--- a/bin/complement
+++ b/bin/complement
@@ -2,11 +2,7 @@

 set -euo pipefail

-# Path to Complement's source code
-#
-# The `COMPLEMENT_SRC` environment variable is set in the Nix dev shell, which
-# points to a store path containing the Complement source code. It's likely you
-# want to just pass that as the first argument to use it here.
+# The root path where complement is available.
 COMPLEMENT_SRC="${COMPLEMENT_SRC:-$1}"

 # A `.jsonl` file to write test logs to
@@ -15,7 +11,10 @@ LOG_FILE="${2:-complement_test_logs.jsonl}"
 # A `.jsonl` file to write test results to
 RESULTS_FILE="${3:-complement_test_results.jsonl}"

-COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-complement-conduwuit:main}"
+# The base docker image to use for complement tests
+# You can build the default with `docker build -t continuwuity:complement -f ./docker/complement.Dockerfile .`
+# after running `cargo build`. Only the debug binary is used.
+COMPLEMENT_BASE_IMAGE="${COMPLEMENT_BASE_IMAGE:-continuwuity:complement}"

 # Complement tests that are skipped due to flakiness/reliability issues or we don't implement such features and won't for a long time
 SKIPPED_COMPLEMENT_TESTS='TestPartialStateJoin.*|TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_when_m.*|TestRoomDeleteAlias/Parallel/Can_delete_canonical_alias|TestUnbanViaInvite.*|TestRoomState/Parallel/GET_/publicRooms_lists.*"|TestRoomDeleteAlias/Parallel/Users_with_sufficient_power-level_can_delete_other.*'
@@ -34,25 +33,6 @@ toplevel="$(git rev-parse --show-toplevel)"

 pushd "$toplevel" > /dev/null

-if [ ! -f "complement_oci_image.tar.gz" ]; then
-    echo "building complement conduwuit image"
-
-    # if using macOS, use linux-complement
-    #bin/nix-build-and-cache just .#linux-complement
-    bin/nix-build-and-cache just .#complement
-    #nix build -L .#complement
-
-    echo "complement conduwuit image tar.gz built at \"result\""
-
-    echo "loading into docker"
-    docker load < result
-    popd > /dev/null
-else
-    echo "skipping building a complement conduwuit image as complement_oci_image.tar.gz was already found, loading this"
-
-    docker load < complement_oci_image.tar.gz
-    popd > /dev/null
-fi

 echo ""
 echo "running go test with:"
@@ -72,24 +52,16 @@ env \
 set -o pipefail

 # Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results
-cat "$LOG_FILE" | jq -s -c 'sort_by(.Test)[]' | jq -c '
+jq -s -c 'sort_by(.Test)[]' < "$LOG_FILE" | jq -c '
    select(
        (.Action == "pass" or .Action == "fail" or .Action == "skip")
        and .Test != null
    ) | {Action: .Action, Test: .Test}
    ' > "$RESULTS_FILE"

-#if command -v gotestfmt &> /dev/null; then
-#    echo "using gotestfmt on $LOG_FILE"
-#    grep '{"Time":' "$LOG_FILE" | gotestfmt > "complement_test_logs_gotestfmt.log"
-#fi
-
 echo ""
 echo ""
 echo "complement logs saved at $LOG_FILE"
 echo "complement results saved at $RESULTS_FILE"
-#if command -v gotestfmt &> /dev/null; then
-#    echo "complement logs in gotestfmt pretty format outputted at complement_test_logs_gotestfmt.log (use an editor/terminal/pager that interprets ANSI colours and UTF-8 emojis)"
-#fi
 echo ""
 echo ""
--- a/changelog.d/1288.feature.md
+++ b/changelog.d/1288.feature.md
@@ -1 +0,0 @@
-The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other misc improvements. Contributed by @Jade
--- a/changelog.d/1290.bugfix.md
+++ b/changelog.d/1290.bugfix.md
@@ -1 +0,0 @@
-Fix the generated configuration containing uncommented optional sections. Contributed by @Jade
--- a/changelog.d/1298.bugfix
+++ b/changelog.d/1298.bugfix
@@ -1 +0,0 @@
-Fixed specification non-compliance when handling remote media errors. Contributed by @nex.
--- a/changelog.d/1302.bugfix.md
+++ b/changelog.d/1302.bugfix.md
@@ -1 +0,0 @@
-UIAA requests which check for out-of-band success (sent by matrix-js-sdk)  will no longer create unhelpful errors in the logs.
--- a/complement/complement-entrypoint.sh
+++ b/complement/complement-entrypoint.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+set -xe
+# If we have no $SERVER_NAME set, abort
+if [ -z "$SERVER_NAME" ]; then
+  echo "SERVER_NAME is not set, aborting"
+  exit 1
+fi
+
+# If /complement/ca/ca.crt or /complement/ca/ca.key are missing, abort
+if [ ! -f /complement/ca/ca.crt ] || [ ! -f /complement/ca/ca.key ]; then
+  echo "/complement/ca/ca.crt or /complement/ca/ca.key is missing, aborting"
+  exit 1
+fi
+
+# Add the root cert to the local trust store
+echo 'Installing Complement CA certificate to local trust store'
+cp /complement/ca/ca.crt /usr/local/share/ca-certificates/complement-ca.crt
+update-ca-certificates
+
+# Sign a certificate for our $SERVER_NAME
+echo "Generating and signing certificate for $SERVER_NAME"
+openssl genrsa -out "/$SERVER_NAME.key" 2048
+
+echo "Generating CSR for $SERVER_NAME"
+openssl req -new -sha256 \
+  -key "/$SERVER_NAME.key" \
+  -out "/$SERVER_NAME.csr" \
+  -subj "/C=US/ST=CA/O=Continuwuity, Inc./CN=$SERVER_NAME"\
+  -addext "subjectAltName=DNS:$SERVER_NAME"
+openssl req -in "$SERVER_NAME.csr" -noout -text
+
+echo "Signing certificate for $SERVER_NAME with Complement CA"
+cat <<EOF > ./cert.ext
+authorityKeyIdentifier=keyid,issuer
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment, dataEncipherment, nonRepudiation
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = *.docker.internal
+DNS.2 = hs1
+DNS.3 = hs2
+DNS.4 = hs3
+DNS.5 = hs4
+DNS.6 = $SERVER_NAME
+IP.1 = 127.0.0.1
+EOF
+openssl x509 \
+  -req \
+  -in "/$SERVER_NAME.csr" \
+  -CA /complement/ca/ca.crt \
+  -CAkey /complement/ca/ca.key \
+  -CAcreateserial \
+  -out "/$SERVER_NAME.crt" \
+  -days 1 \
+  -sha256 \
+  -extfile ./cert.ext
+
+# Tell continuwuity where to find the certs
+export CONTINUWUITY_TLS__KEY="/$SERVER_NAME.key"
+export CONTINUWUITY_TLS__CERTS="/$SERVER_NAME.crt"
+# And who it is
+export CONTINUWUITY_SERVER_NAME="$SERVER_NAME"
+
+echo "Starting Continuwuity with SERVER_NAME=$SERVER_NAME"
+# Start continuwuity
+/usr/local/bin/conduwuit --config /etc/continuwuity/config.toml
--- a/complement/complement.config.toml
+++ b/complement/complement.config.toml
@@ -0,0 +1,53 @@
+# ============================================= #
+# Complement pre-filled configuration file      #
+#
+# DANGER: THIS FILE FORCES INSECURE VALUES.     #
+# DO NOT USE OUTSIDE THE TEST SUITE ENV!        #
+# ============================================= #
+[global]
+address = "0.0.0.0"
+allow_device_name_federation = true
+allow_guest_registration = true
+allow_public_room_directory_over_federation = true
+allow_public_room_directory_without_auth = true
+allow_registration = true
+database_path = "/database"
+log = "trace,h2=debug,hyper=debug"
+port = [8008, 8448]
+trusted_servers = []
+only_query_trusted_key_servers = false
+query_trusted_key_servers_first = false
+query_trusted_key_servers_first_on_join = false
+yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
+ip_range_denylist = []
+url_preview_domain_contains_allowlist = ["*"]
+url_preview_domain_explicit_denylist = ["*"]
+media_compat_file_link = false
+media_startup_check = true
+prune_missing_media = true
+log_colors = true
+admin_room_notices = false
+allow_check_for_updates = false
+intentionally_unknown_config_option_for_testing = true
+rocksdb_log_level = "info"
+rocksdb_max_log_files = 1
+rocksdb_recovery_mode = 0
+rocksdb_paranoid_file_checks = true
+log_guest_registrations = false
+allow_legacy_media = true
+startup_netburst = true
+startup_netburst_keep = -1
+allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
+dns_timeout = 60
+dns_attempts = 20
+request_conn_timeout = 60
+request_timeout = 120
+well_known_conn_timeout = 60
+well_known_timeout = 60
+federation_idle_timeout = 300
+sender_timeout = 300
+sender_idle_timeout = 300
+sender_retry_backoff_limit = 300
+
+[global.tls]
+dual_protocol = true
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -48,7 +48,7 @@ EOF

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.7
+ENV BINSTALL_VERSION=1.17.4
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
--- a/docker/complement.Dockerfile
+++ b/docker/complement.Dockerfile
@@ -0,0 +1,11 @@
+FROM ubuntu:latest
+EXPOSE 8008
+EXPOSE 8448
+RUN apt-get update && apt-get install -y ca-certificates liburing2 && rm -rf /var/lib/apt/lists/*
+RUN mkdir -p /etc/continuwuity /var/lib/continuwuity
+COPY docker/complement-entrypoint.sh /usr/local/bin/complement-entrypoint.sh
+COPY docker/complement.config.toml /etc/continuwuity/config.toml
+COPY target/debug/conduwuit /usr/local/bin/conduwuit
+RUN chmod +x /usr/local/bin/conduwuit /usr/local/bin/complement-entrypoint.sh
+#HEALTHCHECK --interval=30s --timeout=5s CMD curl --fail http://localhost:8008/_continuwuity/server_version || exit 1
+ENTRYPOINT ["/usr/local/bin/complement-entrypoint.sh"]
--- a/docker/musl.Dockerfile
+++ b/docker/musl.Dockerfile
@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.16.7
+ENV BINSTALL_VERSION=1.17.4
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
--- a/docs/deploying/fedora.mdx
+++ b/docs/deploying/fedora.mdx
@@ -1,17 +1,18 @@
 # RPM Installation Guide

-Continuwuity is available as RPM packages for Fedora, RHEL, and compatible distributions.
+Continuwuity is available as RPM packages for Fedora and compatible distributions.
+We do not currently have infrastructure to build RPMs for RHEL and compatible distributions, but this is a work in progress.

 The RPM packaging files are maintained in the `fedora/` directory:
 - `continuwuity.spec.rpkg` - RPM spec file using rpkg macros for building from git
 - `continuwuity.service` - Systemd service file for the server
 - `RPM-GPG-KEY-continuwuity.asc` - GPG public key for verifying signed packages

-RPM packages built by CI are signed with our GPG key (Ed25519, ID: `5E0FF73F411AAFCA`).
+RPM packages built by CI are signed with our GPG key (RSA, ID: `6595 E8DB 9191 D39A 46D6 A514 4BA7 F590 DF0B AA1D`). # spellchecker:disable-line

 ```bash
 # Import the signing key
-sudo rpm --import https://forgejo.ellis.link/continuwuation/continuwuity/raw/branch/main/fedora/RPM-GPG-KEY-continuwuity.asc
+sudo rpm --import https://forgejo.ellis.link/api/packages/continuwuation/rpm/repository.key

 # Verify a downloaded package
 rpm --checksig continuwuity-*.rpm
@@ -23,7 +24,7 @@ ## Installation methods

 ```bash
 # Add the repository and install
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable/continuwuation.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable.repo
 sudo dnf install continuwuity
 ```

@@ -31,7 +32,7 @@ # Add the repository and install

 ```bash
 # Add the dev repository and install
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev/continuwuation.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev.repo
 sudo dnf install continuwuity
 ```

@@ -39,23 +40,10 @@ # Add the dev repository and install

 ```bash
 # Branch names are sanitized (slashes become hyphens, lowercase only)
-sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/tom-new-feature/continuwuation.repo
+sudo dnf config-manager addrepo --from-repofile=https://forgejo.ellis.link/api/packages/continuwuation/rpm/tom-new-feature.repo
 sudo dnf install continuwuity
 ```

-**Direct installation** without adding repository
-
-```bash
-# Latest stable release
-sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable/continuwuity
-
-# Latest development build
-sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/dev/continuwuity
-
-# Specific feature branch
-sudo dnf install https://forgejo.ellis.link/api/packages/continuwuation/rpm/branch-name/continuwuity
-```
-
 **Manual repository configuration** (alternative method)

 ```bash
@@ -65,7 +53,7 @@ # Specific feature branch
 baseurl=https://forgejo.ellis.link/api/packages/continuwuation/rpm/stable
 enabled=1
 gpgcheck=1
-gpgkey=https://forgejo.ellis.link/continuwuation/continuwuity/raw/branch/main/fedora/RPM-GPG-KEY-continuwuity.asc
+gpgkey=https://forgejo.ellis.link/api/packages/continuwuation/rpm/repository.key
 EOF

 sudo dnf install continuwuity
--- a/docs/troubleshooting.mdx
+++ b/docs/troubleshooting.mdx
@@ -139,7 +139,7 @@ ### Database corruption

 ## Debugging

-Note that users should not really be debugging things. If you find yourself
+Note that users should not really need to debug things. If you find yourself
 debugging and find the issue, please let us know and/or how we can fix it.
 Various debug commands can be found in `!admin debug`.

@@ -178,6 +178,31 @@ ### Pinging servers
 and simply fetches a string on a static JSON endpoint. It is very low cost both
 bandwidth and computationally.

+### Enabling backtraces for errors
+
+Continuwuity can capture backtraces (stack traces) for errors to help diagnose
+issues. Backtraces show the exact sequence of function calls that led to an
+error, which is invaluable for debugging.
+
+To enable backtraces, set the `RUST_BACKTRACE` environment variable before starting Continuwuity:
+
+```bash
+# For both panics and errors
+RUST_BACKTRACE=1 ./conduwuit
+
+```
+
+For systemd deployments, add this to your service file:
+
+```ini
+[Service]
+Environment="RUST_BACKTRACE=1"
+```
+
+Backtrace capture has a performance cost. Avoid leaving it on.
+You can also enable it only for panics by setting
+`RUST_BACKTRACE=1` and `RUST_LIB_BACKTRACE=0`.
+
 ### Allocator memory stats

 When using jemalloc with jemallocator's `stats` feature (`--enable-stats`), you
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -22,10 +22,9 @@
  "license": "ISC",
  "type": "commonjs",
  "devDependencies": {
-    "@rspress/core": "^2.0.0-rc.1",
-    "@rspress/plugin-client-redirects": "^2.0.0-alpha.12",
-    "@rspress/plugin-preview": "^2.0.0-beta.35",
-    "@rspress/plugin-sitemap": "^2.0.0-beta.23",
+    "@rspress/core": "^2.0.0",
+    "@rspress/plugin-client-redirects": "^2.0.0",
+    "@rspress/plugin-sitemap": "^2.0.0",
    "typescript": "^5.9.3"
  }
 }
--- a/rspress.config.ts
+++ b/rspress.config.ts
@@ -1,5 +1,4 @@
 import { defineConfig } from '@rspress/core';
-import { pluginPreview } from '@rspress/plugin-preview';
 import { pluginSitemap } from '@rspress/plugin-sitemap';
 import { pluginClientRedirects } from '@rspress/plugin-client-redirects';

@@ -41,7 +40,7 @@ export default defineConfig({
        },
    },

-    plugins: [pluginPreview(), pluginSitemap({
+    plugins: [pluginSitemap({
        siteUrl: 'https://continuwuity.org', // TODO: Set automatically in build pipeline
    }),
    pluginClientRedirects({
--- a/src/admin/user/commands.rs
+++ b/src/admin/user/commands.rs
@@ -3,10 +3,7 @@
 	fmt::Write as _,
 };

-use api::client::{
-	full_user_deactivate, join_room_by_id_helper, leave_all_rooms, leave_room, remote_leave_room,
-	update_avatar_url, update_displayname,
-};
+use api::client::{full_user_deactivate, join_room_by_id_helper, leave_room, remote_leave_room};
 use conduwuit::{
 	Err, Result, debug, debug_warn, error, info, is_equal_to,
 	matrix::{Event, pdu::PduBuilder},
@@ -227,9 +224,6 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->
 		full_user_deactivate(self.services, &user_id, &all_joined_rooms)
 			.boxed()
 			.await?;
-		update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
-		update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms).await;
-		leave_all_rooms(self.services, &user_id).await;
 	}

 	self.write_str(&format!("User {user_id} has been deactivated"))
@@ -406,10 +400,6 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 					full_user_deactivate(self.services, &user_id, &all_joined_rooms)
 						.boxed()
 						.await?;
-					update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
-					update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms)
-						.await;
-					leave_all_rooms(self.services, &user_id).await;
 				}
 			},
 		}
--- a/src/api/client/account.rs
+++ b/src/api/client/account.rs
@@ -26,6 +26,7 @@
 	events::{
 		GlobalAccountDataEventType, StateEventType,
 		room::{
+			member::{MembershipState, RoomMemberEventContent},
 			message::RoomMessageEventContent,
 			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
 		},
@@ -815,9 +816,6 @@ pub(crate) async fn deactivate_route(
 		.collect()
 		.await;

-	super::update_displayname(&services, sender_user, None, &all_joined_rooms).await;
-	super::update_avatar_url(&services, sender_user, None, None, &all_joined_rooms).await;
-
 	full_user_deactivate(&services, sender_user, &all_joined_rooms)
 		.boxed()
 		.await?;
@@ -907,9 +905,6 @@ pub async fn full_user_deactivate(
 ) -> Result<()> {
 	services.users.deactivate_account(user_id).await.ok();

-	super::update_displayname(services, user_id, None, all_joined_rooms).await;
-	super::update_avatar_url(services, user_id, None, None, all_joined_rooms).await;
-
 	services
 		.users
 		.all_profile_keys(user_id)
@@ -918,9 +913,11 @@ pub async fn full_user_deactivate(
 		})
 		.await;

-	for room_id in all_joined_rooms {
-		let state_lock = services.rooms.state.mutex.lock(room_id).await;
+	// TODO: Rescind all user invites

+	let mut pdu_queue: Vec<(PduBuilder, &OwnedRoomId)> = Vec::new();
+
+	for room_id in all_joined_rooms {
 		let room_power_levels = services
 			.rooms
 			.state_accessor
@@ -948,30 +945,33 @@ pub async fn full_user_deactivate(
 		if user_can_demote_self {
 			let mut power_levels_content = room_power_levels.unwrap_or_default();
 			power_levels_content.users.remove(user_id);
-
-			// ignore errors so deactivation doesn't fail
-			match services
-				.rooms
-				.timeline
-				.build_and_append_pdu(
-					PduBuilder::state(String::new(), &power_levels_content),
-					user_id,
-					Some(room_id),
-					&state_lock,
-				)
-				.await
-			{
-				| Err(e) => {
-					warn!(%room_id, %user_id, "Failed to demote user's own power level: {e}");
-				},
-				| _ => {
-					info!("Demoted {user_id} in {room_id} as part of account deactivation");
-				},
-			}
+			let pl_evt = PduBuilder::state(String::new(), &power_levels_content);
+			pdu_queue.push((pl_evt, room_id));
 		}
+
+		// Leave the room
+		pdu_queue.push((
+			PduBuilder::state(user_id.to_string(), &RoomMemberEventContent {
+				avatar_url: None,
+				blurhash: None,
+				membership: MembershipState::Leave,
+				displayname: None,
+				join_authorized_via_users_server: None,
+				reason: None,
+				is_direct: None,
+				third_party_invite: None,
+				redact_events: None,
+			}),
+			room_id,
+		));
+
+		// TODO: Redact all messages sent by the user in the room
 	}

-	super::leave_all_rooms(services, user_id).boxed().await;
+	super::update_all_rooms(services, pdu_queue, user_id).await;
+	for room_id in all_joined_rooms {
+		services.rooms.state_cache.forget(room_id, user_id);
+	}

 	Ok(())
 }
--- a/src/api/client/membership/join.rs
+++ b/src/api/client/membership/join.rs
@@ -15,6 +15,7 @@
 	utils::{
 		self, shuffle,
 		stream::{IterStream, ReadyExt},
+		to_canonical_object,
 	},
 	warn,
 };
@@ -657,6 +658,7 @@ async fn join_room_by_id_helper_remote(
 	let auth_check = state_res::event_auth::auth_check(
 		&state_res::RoomVersion::new(&room_version_id)?,
 		&parsed_join_pdu,
+		None, // TODO: third party invite
 		|k, s| state_fetch(k.clone(), s.into()),
 		&state_fetch(StateEventType::RoomCreate, "".into())
 			.await
@@ -1011,40 +1013,55 @@ async fn make_join_request(
 		trace!("make_join response: {:?}", make_join_response);
 		make_join_counter = make_join_counter.saturating_add(1);

-		if let Err(ref e) = make_join_response {
-			if matches!(
-				e.kind(),
-				ErrorKind::IncompatibleRoomVersion { .. } | ErrorKind::UnsupportedRoomVersion
-			) {
-				incompatible_room_version_count =
-					incompatible_room_version_count.saturating_add(1);
-			}
+		match make_join_response {
+			| Ok(response) => {
+				info!("Received make_join response from {remote_server}");
+				if let Err(e) = validate_remote_member_event_stub(
+					&MembershipState::Join,
+					sender_user,
+					room_id,
+					&to_canonical_object(&response.event)?,
+				) {
+					warn!("make_join response from {remote_server} failed validation: {e}");
+					continue;
+				}
+				make_join_response_and_server = Ok((response, remote_server.clone()));
+				break;
+			},
+			| Err(e) => {
+				info!("make_join request to {remote_server} failed: {e}");
+				if matches!(
+					e.kind(),
+					ErrorKind::IncompatibleRoomVersion { .. } | ErrorKind::UnsupportedRoomVersion
+				) {
+					incompatible_room_version_count =
+						incompatible_room_version_count.saturating_add(1);
+				}

-			if incompatible_room_version_count > 15 {
-				info!(
-					"15 servers have responded with M_INCOMPATIBLE_ROOM_VERSION or \
-					 M_UNSUPPORTED_ROOM_VERSION, assuming that conduwuit does not support the \
-					 room version {room_id}: {e}"
-				);
-				make_join_response_and_server =
-					Err!(BadServerResponse("Room version is not supported by Conduwuit"));
-				return make_join_response_and_server;
-			}
+				if incompatible_room_version_count > 15 {
+					info!(
+						"15 servers have responded with M_INCOMPATIBLE_ROOM_VERSION or \
+						 M_UNSUPPORTED_ROOM_VERSION, assuming that conduwuit does not support \
+						 the room version {room_id}: {e}"
+					);
+					make_join_response_and_server =
+						Err!(BadServerResponse("Room version is not supported by Conduwuit"));
+					return make_join_response_and_server;
+				}

-			if make_join_counter > 40 {
-				warn!(
-					"40 servers failed to provide valid make_join response, assuming no server \
-					 can assist in joining."
-				);
-				make_join_response_and_server =
-					Err!(BadServerResponse("No server available to assist in joining."));
+				if make_join_counter > 40 {
+					warn!(
+						"40 servers failed to provide valid make_join response, assuming no \
+						 server can assist in joining."
+					);
+					make_join_response_and_server =
+						Err!(BadServerResponse("No server available to assist in joining."));

-				return make_join_response_and_server;
-			}
+					return make_join_response_and_server;
+				}
+			},
 		}

-		make_join_response_and_server = make_join_response.map(|r| (r, remote_server.clone()));
-
 		if make_join_response_and_server.is_ok() {
 			break;
 		}
--- a/src/api/client/membership/knock.rs
+++ b/src/api/client/membership/knock.rs
@@ -10,7 +10,7 @@
 	},
 	result::FlatOk,
 	trace,
-	utils::{self, shuffle, stream::IterStream},
+	utils::{self, shuffle, stream::IterStream, to_canonical_object},
 	warn,
 };
 use futures::{FutureExt, StreamExt};
@@ -741,6 +741,17 @@ async fn make_knock_request(

 		trace!("make_knock response: {make_knock_response:?}");
 		make_knock_counter = make_knock_counter.saturating_add(1);
+		if let Ok(r) = &make_knock_response {
+			if let Err(e) = validate_remote_member_event_stub(
+				&MembershipState::Knock,
+				sender_user,
+				room_id,
+				&to_canonical_object(&r.event)?,
+			) {
+				warn!("make_knock response from {remote_server} failed validation: {e}");
+				continue;
+			}
+		}

 		make_knock_response_and_server = make_knock_response.map(|r| (r, remote_server.clone()));

--- a/src/api/client/membership/mod.rs
+++ b/src/api/client/membership/mod.rs
@@ -231,7 +231,7 @@ pub(crate) fn validate_remote_member_event_stub(
 	};
 	if event_membership != &membership.as_str() {
 		return Err!(BadServerResponse(
-			"Remote server returned member event with incorrect room_id"
+			"Remote server returned member event with incorrect membership type"
 		));
 	}

--- a/src/api/server/backfill.rs
+++ b/src/api/server/backfill.rs
@@ -2,7 +2,7 @@

 use axum::extract::State;
 use conduwuit::{
-	Event, PduCount, Result,
+	Err, Event, PduCount, Result, info,
 	result::LogErr,
 	utils::{IterStream, ReadyExt, stream::TryTools},
 };
@@ -34,6 +34,18 @@ pub(crate) async fn get_backfill_route(
 	}
 	.check()
 	.await?;
+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve backfill for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}

 	let limit = body
 		.limit
--- a/src/api/server/event.rs
+++ b/src/api/server/event.rs
@@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Result, err};
+use conduwuit::{Err, Result, err, info};
 use ruma::{MilliSecondsSinceUnixEpoch, RoomId, api::federation::event::get_event};

 use super::AccessCheck;
@@ -38,6 +38,19 @@ pub(crate) async fn get_event_route(
 	.check()
 	.await?;

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	Ok(get_event::v1::Response {
 		origin: services.globals.server_name().to_owned(),
 		origin_server_ts: MilliSecondsSinceUnixEpoch::now(),
--- a/src/api/server/event_auth.rs
+++ b/src/api/server/event_auth.rs
@@ -1,7 +1,7 @@
 use std::{borrow::Borrow, iter::once};

 use axum::extract::State;
-use conduwuit::{Error, Result, utils::stream::ReadyExt};
+use conduwuit::{Err, Error, Result, info, utils::stream::ReadyExt};
 use futures::StreamExt;
 use ruma::{
 	RoomId,
@@ -29,6 +29,19 @@ pub(crate) async fn get_event_authorization_route(
 	.check()
 	.await?;

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let event = services
 		.rooms
 		.timeline
--- a/src/api/server/get_missing_events.rs
+++ b/src/api/server/get_missing_events.rs
@@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Result, debug, debug_error, utils::to_canonical_object};
+use conduwuit::{Err, Result, debug, debug_error, info, utils::to_canonical_object};
 use ruma::api::federation::event::get_missing_events;

 use super::AccessCheck;
@@ -26,6 +26,19 @@ pub(crate) async fn get_missing_events_route(
 	.check()
 	.await?;

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let limit = body
 		.limit
 		.try_into()
@@ -66,12 +79,12 @@ pub(crate) async fn get_missing_events_route(
 			continue;
 		}

+		i = i.saturating_add(1);
 		let Ok(event) = to_canonical_object(&pdu) else {
 			debug_error!(
 				body.origin = body.origin.as_ref().map(tracing::field::display),
 				"Failed to convert PDU in database to canonical JSON: {pdu:?}"
 			);
-			i = i.saturating_add(1);
 			continue;
 		};

--- a/src/api/server/hierarchy.rs
+++ b/src/api/server/hierarchy.rs
@@ -1,6 +1,6 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result,
+	Err, Result, info,
 	utils::stream::{BroadbandExt, IterStream},
 };
 use conduwuit_service::rooms::spaces::{
@@ -23,6 +23,19 @@ pub(crate) async fn get_hierarchy_route(
 		return Err!(Request(NotFound("Room does not exist.")));
 	}

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let room_id = &body.room_id;
 	let suggested_only = body.suggested_only;
 	let ref identifier = Identifier::ServerName(body.origin());
--- a/src/api/server/make_join.rs
+++ b/src/api/server/make_join.rs
@@ -30,6 +30,18 @@ pub(crate) async fn create_join_event_template_route(
 	if !services.rooms.metadata.exists(&body.room_id).await {
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}
+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve make_join for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}

 	if body.user_id.server_name() != body.origin() {
 		return Err!(Request(BadJson("Not allowed to join on behalf of another server/user.")));
--- a/src/api/server/make_knock.rs
+++ b/src/api/server/make_knock.rs
@@ -1,6 +1,6 @@
 use RoomVersionId::*;
 use axum::extract::State;
-use conduwuit::{Err, Error, Result, debug_warn, matrix::pdu::PduBuilder, warn};
+use conduwuit::{Err, Error, Result, debug_warn, info, matrix::pdu::PduBuilder, warn};
 use ruma::{
 	RoomVersionId,
 	api::{client::error::ErrorKind, federation::knock::create_knock_event_template},
@@ -20,6 +20,18 @@ pub(crate) async fn create_knock_event_template_route(
 	if !services.rooms.metadata.exists(&body.room_id).await {
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}
+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve make_knock for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}

 	if body.user_id.server_name() != body.origin() {
 		return Err!(Request(BadJson("Not allowed to knock on behalf of another server/user.")));
--- a/src/api/server/make_leave.rs
+++ b/src/api/server/make_leave.rs
@@ -1,5 +1,5 @@
 use axum::extract::State;
-use conduwuit::{Err, Result, matrix::pdu::PduBuilder};
+use conduwuit::{Err, Result, info, matrix::pdu::PduBuilder};
 use ruma::{
 	api::federation::membership::prepare_leave_event,
 	events::room::member::{MembershipState, RoomMemberEventContent},
@@ -20,6 +20,19 @@ pub(crate) async fn create_leave_event_template_route(
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve make_leave for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	if body.user_id.server_name() != body.origin() {
 		return Err!(Request(Forbidden(
 			"Not allowed to leave on behalf of another server/user."
--- a/src/api/server/send_join.rs
+++ b/src/api/server/send_join.rs
@@ -36,6 +36,18 @@ async fn create_join_event(
 	if !services.rooms.metadata.exists(room_id).await {
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}
+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.await
+	{
+		info!(
+			origin = origin.as_str(),
+			"Refusing to serve send_join for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}

 	// ACL check origin server
 	services
--- a/src/api/server/send_knock.rs
+++ b/src/api/server/send_knock.rs
@@ -1,6 +1,6 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Result, err,
+	Err, Result, err, info,
 	matrix::{event::gen_event_id_canonical_json, pdu::PduEvent},
 	warn,
 };
@@ -54,6 +54,19 @@ pub(crate) async fn create_knock_event_v1_route(
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve send_knock for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	// ACL check origin server
 	services
 		.rooms
--- a/src/api/server/send_leave.rs
+++ b/src/api/server/send_leave.rs
@@ -1,7 +1,7 @@
 #![allow(deprecated)]

 use axum::extract::State;
-use conduwuit::{Err, Result, err, matrix::event::gen_event_id_canonical_json};
+use conduwuit::{Err, Result, err, info, matrix::event::gen_event_id_canonical_json};
 use conduwuit_service::Services;
 use futures::FutureExt;
 use ruma::{
@@ -50,6 +50,19 @@ async fn create_leave_event(
 		return Err!(Request(NotFound("Room is unknown to this server.")));
 	}

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), room_id)
+		.await
+	{
+		info!(
+			origin = origin.as_str(),
+			"Refusing to serve backfill for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	// ACL check origin
 	services
 		.rooms
--- a/src/api/server/state.rs
+++ b/src/api/server/state.rs
@@ -1,7 +1,7 @@
 use std::{borrow::Borrow, iter::once};

 use axum::extract::State;
-use conduwuit::{Result, at, err, utils::IterStream};
+use conduwuit::{Err, Result, at, err, info, utils::IterStream};
 use futures::{FutureExt, StreamExt, TryStreamExt};
 use ruma::{OwnedEventId, api::federation::event::get_room_state};

@@ -24,6 +24,19 @@ pub(crate) async fn get_room_state_route(
 	.check()
 	.await?;

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let shortstatehash = services
 		.rooms
 		.state_accessor
--- a/src/api/server/state_ids.rs
+++ b/src/api/server/state_ids.rs
@@ -1,7 +1,7 @@
 use std::{borrow::Borrow, iter::once};

 use axum::extract::State;
-use conduwuit::{Result, at, err};
+use conduwuit::{Err, Result, at, err, info};
 use futures::{StreamExt, TryStreamExt};
 use ruma::{OwnedEventId, api::federation::event::get_room_state_ids};

@@ -25,6 +25,19 @@ pub(crate) async fn get_room_state_ids_route(
 	.check()
 	.await?;

+	if !services
+		.rooms
+		.state_cache
+		.server_in_room(services.globals.server_name(), &body.room_id)
+		.await
+	{
+		info!(
+			origin = body.origin().as_str(),
+			"Refusing to serve state for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let shortstatehash = services
 		.rooms
 		.state_accessor
--- a/src/api/server/utils.rs
+++ b/src/api/server/utils.rs
@@ -1,6 +1,6 @@
 use conduwuit::{Err, Result, implement, is_false};
 use conduwuit_service::Services;
-use futures::{FutureExt, StreamExt, future::OptionFuture, join};
+use futures::{FutureExt, future::OptionFuture, join};
 use ruma::{EventId, RoomId, ServerName};

 pub(super) struct AccessCheck<'a> {
@@ -31,15 +31,6 @@ pub(super) async fn check(&self) -> Result {
 		.state_cache
 		.server_in_room(self.origin, self.room_id);

-	// if any user on our homeserver is trying to knock this room, we'll need to
-	// acknowledge bans or leaves
-	let user_is_knocking = self
-		.services
-		.rooms
-		.state_cache
-		.room_members_knocked(self.room_id)
-		.count();
-
 	let server_can_see: OptionFuture<_> = self
 		.event_id
 		.map(|event_id| {
@@ -51,14 +42,14 @@ pub(super) async fn check(&self) -> Result {
 		})
 		.into();

-	let (world_readable, server_in_room, server_can_see, acl_check, user_is_knocking) =
-		join!(world_readable, server_in_room, server_can_see, acl_check, user_is_knocking);
+	let (world_readable, server_in_room, server_can_see, acl_check) =
+		join!(world_readable, server_in_room, server_can_see, acl_check);

 	if !acl_check {
 		return Err!(Request(Forbidden("Server access denied.")));
 	}

-	if !world_readable && !server_in_room && user_is_knocking == 0 {
+	if !world_readable && !server_in_room {
 		return Err!(Request(Forbidden("Server is not in room.")));
 	}

--- a/src/core/Cargo.toml
+++ b/src/core/Cargo.toml
@@ -10,31 +10,31 @@ version.workspace = true
 [lib]
 path = "mod.rs"
 crate-type = [
-    "rlib",
-    #	"dylib",
+	"rlib",
+#	"dylib",
 ]

 [features]
 brotli_compression = [
-    "reqwest/brotli",
+	"reqwest/brotli",
 ]
 conduwuit_mods = [
    "dep:libloading"
 ]
 gzip_compression = [
-    "reqwest/gzip",
+	"reqwest/gzip",
 ]
 hardened_malloc = [
-    "dep:hardened_malloc-rs"
+	"dep:hardened_malloc-rs"
 ]
 jemalloc = [
-    "dep:tikv-jemalloc-sys",
-    "dep:tikv-jemalloc-ctl",
-    "dep:tikv-jemallocator",
+	"dep:tikv-jemalloc-sys",
+	"dep:tikv-jemalloc-ctl",
+	"dep:tikv-jemallocator",
 ]
 jemalloc_conf = []
 jemalloc_prof = [
-    "tikv-jemalloc-sys/profiling",
+	"tikv-jemalloc-sys/profiling",
 ]
 jemalloc_stats = [
    "tikv-jemalloc-sys/stats",
@@ -43,10 +43,10 @@ jemalloc_stats = [
 ]
 perf_measurements = []
 release_max_log_level = [
-    "tracing/max_level_trace",
-    "tracing/release_max_level_info",
-    "log/max_level_trace",
-    "log/release_max_level_info",
+	"tracing/max_level_trace",
+	"tracing/release_max_level_info",
+	"log/max_level_trace",
+	"log/release_max_level_info",
 ]
 sentry_telemetry = []
 zstd_compression = [
@@ -110,7 +110,6 @@ tracing.workspace = true
 url.workspace = true
 parking_lot.workspace = true
 lock_api.workspace = true
-ed25519-dalek = "~2"

 [target.'cfg(unix)'.dependencies]
 nix.workspace = true
--- a/src/core/error/response.rs
+++ b/src/core/error/response.rs
@@ -14,6 +14,25 @@

 impl axum::response::IntoResponse for Error {
 	fn into_response(self) -> axum::response::Response {
+		let status = self.status_code();
+		if status.is_server_error() {
+			error!(
+				error = %self,
+				error_debug = ?self,
+				kind = ?self.kind(),
+				status = %status,
+				"Server error"
+			);
+		} else if status.is_client_error() {
+			use crate::debug_error;
+			debug_error!(
+				error = %self,
+				kind = ?self.kind(),
+				status = %status,
+				"Client error"
+			);
+		}
+
 		let response: UiaaResponse = self.into();
 		response
 			.try_into_http_response::<BytesMut>()
--- a/src/core/matrix/state_res/event_auth.rs
+++ b/src/core/matrix/state_res/event_auth.rs
@@ -1,36 +1,26 @@
 use std::{borrow::Borrow, collections::BTreeSet};

-use ed25519_dalek::{Verifier, VerifyingKey};
 use futures::{
 	Future,
 	future::{OptionFuture, join, join3},
 };
-use itertools::Itertools;
 use ruma::{
-	CanonicalJsonObject, Int, OwnedUserId, RoomVersionId, UserId,
-	canonical_json::to_canonical_value,
+	Int, OwnedUserId, RoomVersionId, UserId,
 	events::room::{
 		create::RoomCreateEventContent,
 		join_rules::{JoinRule, RoomJoinRulesEventContent},
 		member::{MembershipState, ThirdPartyInvite},
 		power_levels::RoomPowerLevelsEventContent,
-		third_party_invite::{PublicKey, RoomThirdPartyInviteEventContent},
+		third_party_invite::RoomThirdPartyInviteEventContent,
 	},
 	int,
-	serde::{
-		Base64, Base64DecodeError, Raw,
-		base64::{Standard, UrlSafe},
-	},
-	signatures::{ParseError, VerificationError},
+	serde::{Base64, Raw},
 };
 use serde::{
 	Deserialize,
 	de::{Error as _, IgnoredAny},
 };
-use serde_json::{
-	from_str as from_json_str, to_value,
-	value::{RawValue as RawJsonValue, to_raw_value},
-};
+use serde_json::{from_str as from_json_str, value::RawValue as RawJsonValue};

 use super::{
 	Error, Event, Result, StateEventType, StateKey, TimelineEventType,
@@ -40,7 +30,7 @@
 	},
 	room_version::RoomVersion,
 };
-use crate::{debug, error, trace, utils::to_canonical_object, warn};
+use crate::{debug, error, trace, warn};

 // FIXME: field extracting could be bundled for `content`
 #[derive(Deserialize)]
@@ -167,14 +157,15 @@ struct RoomMemberContentFields {
 pub async fn auth_check<E, F, Fut>(
 	room_version: &RoomVersion,
 	incoming_event: &E,
+	current_third_party_invite: Option<&E>,
 	fetch_state: F,
 	create_event: &E,
 ) -> Result<bool, Error>
 where
-	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
+	F: Fn(&StateEventType, &str) -> Fut + Send,
 	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	for<'a> &'a E: Event + Send + Sync,
+	for<'a> &'a E: Event + Send,
 {
 	debug!(
 		event_id = %incoming_event.event_id(),
@@ -424,15 +415,13 @@ pub async fn auth_check<E, F, Fut>(
 			sender,
 			sender_member_event.as_ref(),
 			incoming_event,
+			current_third_party_invite,
 			power_levels_event.as_ref(),
 			join_rules_event.as_ref(),
 			user_for_join_auth.as_deref(),
 			&user_for_join_auth_membership,
 			&room_create_event,
-			&fetch_state,
-		)
-		.await?
-		{
+		)? {
 			return Ok(false);
 		}

@@ -669,25 +658,23 @@ fn is_creator<EV>(
 /// event and the current State.
 #[allow(clippy::too_many_arguments)]
 #[allow(clippy::cognitive_complexity)]
-async fn valid_membership_change<F, Fut, E>(
+fn valid_membership_change<E>(
 	room_version: &RoomVersion,
 	target_user: &UserId,
 	target_user_membership_event: Option<&E>,
 	sender: &UserId,
 	sender_membership_event: Option<&E>,
 	current_event: &E,
+	current_third_party_invite: Option<&E>,
 	power_levels_event: Option<&E>,
 	join_rules_event: Option<&E>,
 	user_for_join_auth: Option<&UserId>,
 	user_for_join_auth_membership: &MembershipState,
 	create_room: &E,
-	fetch_state: &F,
 ) -> Result<bool>
 where
-	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
-	Fut: Future<Output = Option<E>> + Send,
 	E: Event + Send + Sync,
-	for<'a> &'a E: Event + Send + Sync,
+	for<'a> &'a E: Event + Send,
 {
 	#[derive(Deserialize)]
 	struct GetThirdPartyInvite {
@@ -963,62 +950,68 @@ struct GetThirdPartyInvite {
 		| MembershipState::Invite => {
 			// If content has third_party_invite key
 			trace!("starting target_membership=invite check");
-			if let Some(third_party_invite) = third_party_invite {
-				let allow = verify_third_party_invite(
-					target_user_current_membership,
-					&serde_json::to_value(third_party_invite)?,
-					target_user,
-					current_event,
-					fetch_state,
-				)
-				.await;
-				if !allow {
-					warn!("Third party invite invalid");
-				}
-				return Ok(allow);
+			match third_party_invite.and_then(|i| i.deserialize().ok()) {
+				| Some(tp_id) =>
+					if target_user_current_membership == MembershipState::Ban {
+						warn!(?target_user_membership_event_id, "Can't invite banned user");
+						false
+					} else {
+						let allow = verify_third_party_invite(
+							Some(target_user),
+							sender,
+							&tp_id,
+							current_third_party_invite,
+						);
+						if !allow {
+							warn!("Third party invite invalid");
+						}
+						allow
+					},
+				| _ =>
+					if !sender_is_joined {
+						warn!(
+							%sender,
+							?sender_membership_event_id,
+							?sender_membership,
+							"sender cannot produce an invite without being joined to the room",
+						);
+						false
+					} else if matches!(
+						target_user_current_membership,
+						MembershipState::Join | MembershipState::Ban
+					) {
+						warn!(
+							?target_user_membership_event_id,
+							?target_user_current_membership,
+							"cannot invite a user who is banned or already joined",
+						);
+						false
+					} else {
+						let allow = sender_creator
+							|| sender_power
+								.filter(|&p| p >= &power_levels.invite)
+								.is_some();
+						if !allow {
+							warn!(
+								%sender,
+								has=?sender_power,
+								required=?power_levels.invite,
+								"sender does not have enough power to produce invites",
+							);
+						}
+						trace!(
+							%sender,
+							?sender_membership_event_id,
+							?sender_membership,
+							?target_user_membership_event_id,
+							?target_user_current_membership,
+							sender_pl=?sender_power,
+							required_pl=?power_levels.invite,
+							"allowing invite"
+						);
+						allow
+					},
 			}
-			if !sender_is_joined {
-				warn!(
-					%sender,
-					?sender_membership_event_id,
-					?sender_membership,
-					"sender cannot produce an invite without being joined to the room",
-				);
-				return Ok(false);
-			} else if matches!(
-				target_user_current_membership,
-				MembershipState::Join | MembershipState::Ban
-			) {
-				warn!(
-					?target_user_membership_event_id,
-					?target_user_current_membership,
-					"cannot invite a user who is banned or already joined",
-				);
-				return Ok(false);
-			}
-			let allow = sender_creator
-				|| sender_power
-					.filter(|&p| p >= &power_levels.invite)
-					.is_some();
-			if !allow {
-				warn!(
-					%sender,
-					has=?sender_power,
-					required=?power_levels.invite,
-					"sender does not have enough power to produce invites",
-				);
-			}
-			trace!(
-				%sender,
-				?sender_membership_event_id,
-				?sender_membership,
-				?target_user_membership_event_id,
-				?target_user_current_membership,
-				sender_pl=?sender_power,
-				required_pl=?power_levels.invite,
-				"allowing invite"
-			);
-			return Ok(allow);
 		},
 		| MembershipState::Leave => {
 			let can_unban = if target_user_current_membership == MembershipState::Ban {
@@ -1506,187 +1499,399 @@ fn get_send_level(
 		.unwrap_or_else(|| if state_key.is_some() { int!(50) } else { int!(0) })
 }

-fn verify_payload(pk: &[u8], sig: &[u8], c: &[u8]) -> Result<(), ruma::signatures::Error> {
-	VerifyingKey::from_bytes(
-		pk.try_into()
-			.map_err(|_| ParseError::PublicKey(ed25519_dalek::SignatureError::new()))?,
-	)
-	.map_err(ParseError::PublicKey)?
-	.verify(c, &sig.try_into().map_err(ParseError::Signature)?)
-	.map_err(VerificationError::Signature)
-	.map_err(ruma::signatures::Error::from)
-}
+fn verify_third_party_invite(
+	target_user: Option<&UserId>,
+	sender: &UserId,
+	tp_id: &ThirdPartyInvite,
+	current_third_party_invite: Option<&impl Event>,
+) -> bool {
+	// 1. Check for user being banned happens before this is called
+	// checking for mxid and token keys is done by ruma when deserializing

-/// Decodes a base64 string as either URL-safe or standard base64, as per the
-/// spec. It attempts to decode urlsafe first.
-fn decode_base64(content: &str) -> Result<Vec<u8>, Base64DecodeError> {
-	if let Ok(decoded) = Base64::<UrlSafe>::parse(content) {
-		Ok(decoded.as_bytes().to_vec())
-	} else {
-		Base64::<Standard>::parse(content).map(|v| v.as_bytes().to_vec())
+	// The state key must match the invitee
+	if target_user != Some(&tp_id.signed.mxid) {
+		return false;
 	}
-}

-fn get_public_keys(event: &CanonicalJsonObject) -> Vec<Vec<u8>> {
-	let mut public_keys = Vec::new();
-	if let Some(public_key) = event.get("public_key").and_then(|v| v.as_str()) {
-		if let Ok(v) = decode_base64(public_key) {
-			trace!(
-				encoded = public_key,
-				decoded = ?v,
-				"found public key in public_key property of m.room.third_party_invite event",
-			);
-			public_keys.push(v);
-		} else {
-			warn!("m.room.third_party_invite event has invalid public_key");
-		}
-	}
-	if let Some(keys) = event.get("public_keys").and_then(|v| v.as_array()) {
-		for key in keys {
-			if let Some(key_obj) = key.as_object() {
-				if let Some(public_key) = key_obj.get("public_key").and_then(|v| v.as_str()) {
-					if let Ok(v) = decode_base64(public_key) {
-						trace!(
-							encoded = public_key,
-							decoded = ?v,
-							"found public key in public_keys list of m.room.third_party_invite \
-							 event",
-						);
-						public_keys.push(v);
-					} else {
-						warn!(
-							"m.room.third_party_invite event has invalid public_key in \
-							 public_keys list"
-						);
-					}
-				} else {
-					warn!(
-						"m.room.third_party_invite event has entry in public_keys list missing \
-						 public_key property"
-					);
-				}
-			} else {
-				warn!(
-					"m.room.third_party_invite event has invalid entry in public_keys list, \
-					 expected object"
-				);
-			}
-		}
-	}
-	public_keys
-}
-
-/// Checks a third-party invite is valid.
-async fn verify_third_party_invite<F, Fut, E>(
-	target_current_membership: MembershipState,
-	raw_third_party_invite: &serde_json::Value,
-	target: &UserId,
-	event: &E,
-	fetch_state: &F,
-) -> bool
-where
-	F: Fn(&StateEventType, &str) -> Fut + Send + Sync,
-	Fut: Future<Output = Option<E>> + Send,
-	E: Event + Send + Sync,
-	for<'a> &'a E: Event + Send + Sync,
-{
-	// 4.1.1: If target user is banned, reject.
-	if target_current_membership == MembershipState::Ban {
-		warn!("invite target is banned");
-		return false;
-	}
-	// 4.1.2: If content.third_party_invite does not have a signed property, reject.
-	let Some(signed) = raw_third_party_invite.get("signed") else {
-		warn!("invite event third_party_invite missing signed property");
-		return false;
-	};
-	// 4.2.3: If signed does not have mxid and token properties, reject.
-	let Some(mxid) = signed.get("mxid").and_then(|v| v.as_str()) else {
-		warn!("invite event third_party_invite signed missing/invalid mxid property");
-		return false;
-	};
-	let Some(token) = signed.get("token").and_then(|v| v.as_str()) else {
-		warn!("invite event third_party_invite signed missing token property");
-		return false;
-	};
-	// 4.2.4: If mxid does not match state_key, reject.
-	if mxid != target.as_str() {
-		warn!("invite event third_party_invite signed mxid does not match state_key");
-		return false;
-	}
-	// 4.2.5: If there is no m.room.third_party_invite event in the room
-	// state matching the token, reject.
-	let Some(third_party_invite_event) =
-		fetch_state(&StateEventType::RoomThirdPartyInvite, token).await
-	else {
-		warn!("invite event third_party_invite token has no matching m.room.third_party_invite");
-		return false;
-	};
-	// 4.2.6: If sender does not match sender of the m.room.third_party_invite,
-	// reject.
-	if third_party_invite_event.sender() != event.sender() {
-		warn!("invite event sender does not match m.room.third_party_invite sender");
-		return false;
-	}
-	// 4.2.7: If any signature in signed matches any public key in the
-	// m.room.third_party_invite event, allow. The public keys are in
-	// content of m.room.third_party_invite as:
-	//   1. A single public key in the public_key property.
-	//   2. A list of public keys in the public_keys property.
-	debug!(
-		"Fetching signatures in third-party-invite event {}",
-		third_party_invite_event.event_id()
-	);
-	trace!("third-party-invite event content: {}", third_party_invite_event.content().get());
-
-	let Some(signatures) = signed.get("signatures").and_then(|v| v.as_object()) else {
-		warn!("invite event third_party_invite signed missing/invalid signatures");
-		return false;
+	// If there is no m.room.third_party_invite event in the current room state with
+	// state_key matching token, reject
+	#[allow(clippy::manual_let_else)]
+	let current_tpid = match current_third_party_invite {
+		| Some(id) => id,
+		| None => return false,
 	};

-	for pk in get_public_keys(
-		&to_canonical_object(third_party_invite_event.content())
-			.expect("m.room.third_party_invite event content is not a JSON object"),
-	) {
-		// signatures -> { server_name: { ed25519:N: signature } }
-		for (server_name, server_sigs) in signatures {
-			trace!("Searching for signatures from {}", server_name);
-			if let Some(server_sigs) = server_sigs.as_object() {
-				for (key_id, signature_value) in server_sigs {
-					trace!("Checking signature with key id {}", key_id);
-					if let Some(signature_str) = signature_value.as_str() {
-						if let Ok(signature) = decode_base64(signature_str) {
-							debug!(
-								%server_name,
-								%key_id,
-								"verifying third-party invite signature",
-							);
-							match verify_payload(
-								&pk,
-								&signature,
-								serde_json::to_string(&to_canonical_value(signed).unwrap())
-									.unwrap()
-									.as_bytes(),
-							) {
-								| Ok(()) => {
-									debug!("valid third-party invite signature found");
-									return true;
-								},
-								| Err(e) => {
-									warn!(
-										%server_name,
-										%key_id,
-										"invalid third-party invite signature: {e}",
-									);
-								},
-							}
-						}
-					}
-				}
-			}
+	if current_tpid.state_key() != Some(&tp_id.signed.token) {
+		return false;
+	}
+
+	if sender != current_tpid.sender() {
+		return false;
+	}
+
+	// If any signature in signed matches any public key in the
+	// m.room.third_party_invite event, allow
+	#[allow(clippy::manual_let_else)]
+	let tpid_ev =
+		match from_json_str::<RoomThirdPartyInviteEventContent>(current_tpid.content().get()) {
+			| Ok(ev) => ev,
+			| Err(_) => return false,
+		};
+
+	#[allow(clippy::manual_let_else)]
+	let decoded_invite_token = match Base64::parse(&tp_id.signed.token) {
+		| Ok(tok) => tok,
+		// FIXME: Log a warning?
+		| Err(_) => return false,
+	};
+
+	// A list of public keys in the public_keys field
+	for key in tpid_ev.public_keys.unwrap_or_default() {
+		if key.public_key == decoded_invite_token {
+			return true;
 		}
 	}

-	warn!("no valid signature found for third-party invite");
-	false
+	// A single public key in the public_key field
+	tpid_ev.public_key == decoded_invite_token
+}
+
+#[cfg(test)]
+mod tests {
+	use ruma::events::{
+		StateEventType, TimelineEventType,
+		room::{
+			join_rules::{
+				AllowRule, JoinRule, Restricted, RoomJoinRulesEventContent, RoomMembership,
+			},
+			member::{MembershipState, RoomMemberEventContent},
+		},
+	};
+	use serde_json::value::to_raw_value as to_raw_json_value;
+
+	use crate::{
+		matrix::{Event, EventTypeExt, Pdu as PduEvent},
+		state_res::{
+			RoomVersion, StateMap,
+			event_auth::valid_membership_change,
+			test_utils::{
+				INITIAL_EVENTS, INITIAL_EVENTS_CREATE_ROOM, alice, charlie, ella, event_id,
+				member_content_ban, member_content_join, room_id, to_pdu_event,
+			},
+		},
+	};
+
+	#[test]
+	fn test_ban_pass() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let events = INITIAL_EVENTS();
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			alice(),
+			TimelineEventType::RoomMember,
+			Some(charlie().as_str()),
+			member_content_ban(),
+			&[],
+			&["IMC"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = charlie();
+		let sender = alice();
+
+		assert!(
+			valid_membership_change(
+				&RoomVersion::V6,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				None,
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
+
+	#[test]
+	fn test_join_non_creator() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let events = INITIAL_EVENTS_CREATE_ROOM();
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			charlie(),
+			TimelineEventType::RoomMember,
+			Some(charlie().as_str()),
+			member_content_join(),
+			&["CREATE"],
+			&["CREATE"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = charlie();
+		let sender = charlie();
+
+		assert!(
+			!valid_membership_change(
+				&RoomVersion::V6,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				None,
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
+
+	#[test]
+	fn test_join_creator() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let events = INITIAL_EVENTS_CREATE_ROOM();
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			alice(),
+			TimelineEventType::RoomMember,
+			Some(alice().as_str()),
+			member_content_join(),
+			&["CREATE"],
+			&["CREATE"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = alice();
+		let sender = alice();
+
+		assert!(
+			valid_membership_change(
+				&RoomVersion::V6,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				None,
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
+
+	#[test]
+	fn test_ban_fail() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let events = INITIAL_EVENTS();
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			charlie(),
+			TimelineEventType::RoomMember,
+			Some(alice().as_str()),
+			member_content_ban(),
+			&[],
+			&["IMC"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = alice();
+		let sender = charlie();
+
+		assert!(
+			!valid_membership_change(
+				&RoomVersion::V6,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				None,
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
+
+	#[test]
+	fn test_restricted_join_rule() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let mut events = INITIAL_EVENTS();
+		*events.get_mut(&event_id("IJR")).unwrap() = to_pdu_event(
+			"IJR",
+			alice(),
+			TimelineEventType::RoomJoinRules,
+			Some(""),
+			to_raw_json_value(&RoomJoinRulesEventContent::new(JoinRule::Restricted(
+				Restricted::new(vec![AllowRule::RoomMembership(RoomMembership::new(
+					room_id().to_owned(),
+				))]),
+			)))
+			.unwrap(),
+			&["CREATE", "IMA", "IPOWER"],
+			&["IPOWER"],
+		);
+
+		let mut member = RoomMemberEventContent::new(MembershipState::Join);
+		member.join_authorized_via_users_server = Some(alice().to_owned());
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			ella(),
+			TimelineEventType::RoomMember,
+			Some(ella().as_str()),
+			to_raw_json_value(&RoomMemberEventContent::new(MembershipState::Join)).unwrap(),
+			&["CREATE", "IJR", "IPOWER", "new"],
+			&["new"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = ella();
+		let sender = ella();
+
+		assert!(
+			valid_membership_change(
+				&RoomVersion::V9,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				Some(alice()),
+				&MembershipState::Join,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+
+		assert!(
+			!valid_membership_change(
+				&RoomVersion::V9,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				Some(ella()),
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
+
+	#[test]
+	fn test_knock() {
+		let _ = tracing::subscriber::set_default(
+			tracing_subscriber::fmt().with_test_writer().finish(),
+		);
+		let mut events = INITIAL_EVENTS();
+		*events.get_mut(&event_id("IJR")).unwrap() = to_pdu_event(
+			"IJR",
+			alice(),
+			TimelineEventType::RoomJoinRules,
+			Some(""),
+			to_raw_json_value(&RoomJoinRulesEventContent::new(JoinRule::Knock)).unwrap(),
+			&["CREATE", "IMA", "IPOWER"],
+			&["IPOWER"],
+		);
+
+		let auth_events = events
+			.values()
+			.map(|ev| (ev.event_type().with_state_key(ev.state_key().unwrap()), ev.clone()))
+			.collect::<StateMap<_>>();
+
+		let requester = to_pdu_event(
+			"HELLO",
+			ella(),
+			TimelineEventType::RoomMember,
+			Some(ella().as_str()),
+			to_raw_json_value(&RoomMemberEventContent::new(MembershipState::Knock)).unwrap(),
+			&[],
+			&["IMC"],
+		);
+
+		let fetch_state = |ty, key| auth_events.get(&(ty, key)).cloned();
+		let target_user = ella();
+		let sender = ella();
+
+		assert!(
+			valid_membership_change(
+				&RoomVersion::V7,
+				target_user,
+				fetch_state(StateEventType::RoomMember, target_user.as_str().into()).as_ref(),
+				sender,
+				fetch_state(StateEventType::RoomMember, sender.as_str().into()).as_ref(),
+				&requester,
+				None::<&PduEvent>,
+				fetch_state(StateEventType::RoomPowerLevels, "".into()).as_ref(),
+				fetch_state(StateEventType::RoomJoinRules, "".into()).as_ref(),
+				None,
+				&MembershipState::Leave,
+				&fetch_state(StateEventType::RoomCreate, "".into()).unwrap(),
+			)
+			.unwrap()
+		);
+	}
 }
--- a/src/core/matrix/state_res/mod.rs
+++ b/src/core/matrix/state_res/mod.rs
@@ -717,6 +717,9 @@ async fn iterative_auth_check<'a, E, F, Fut, S>(

 		// The key for this is (eventType + a state_key of the signed token not sender)
 		// so search for it
+		let current_third_party = auth_state.iter().find_map(|(_, pdu)| {
+			(*pdu.event_type() == TimelineEventType::RoomThirdPartyInvite).then_some(pdu)
+		});

 		let fetch_state = |ty: &StateEventType, key: &str| {
 			future::ready(
@@ -729,6 +732,7 @@ async fn iterative_auth_check<'a, E, F, Fut, S>(
 		let auth_result = auth_check(
 			room_version,
 			&event,
+			current_third_party,
 			fetch_state,
 			&fetch_state(&StateEventType::RoomCreate, "")
 				.await
--- a/src/main/mod.rs
+++ b/src/main/mod.rs
@@ -7,6 +7,7 @@
 mod clap;
 mod logging;
 mod mods;
+mod panic;
 mod restart;
 mod runtime;
 mod sentry;
@@ -19,6 +20,8 @@
 pub use crate::clap::Args;

 pub fn run() -> Result<()> {
+	panic::init();
+
 	let args = clap::parse();
 	run_with_args(&args)
 }
--- a/src/main/panic.rs
+++ b/src/main/panic.rs
@@ -0,0 +1,34 @@
+use std::{backtrace::Backtrace, panic};
+
+/// Initialize the panic hook to capture backtraces at the point of panic.
+/// This is needed to capture the backtrace before the unwind destroys it.
+pub(crate) fn init() {
+	let default_hook = panic::take_hook();
+
+	panic::set_hook(Box::new(move |info| {
+		let backtrace = Backtrace::force_capture();
+
+		let location_str = info.location().map_or_else(String::new, |loc| {
+			format!(" at {}:{}:{}", loc.file(), loc.line(), loc.column())
+		});
+
+		let message = if let Some(s) = info.payload().downcast_ref::<&str>() {
+			(*s).to_owned()
+		} else if let Some(s) = info.payload().downcast_ref::<String>() {
+			s.clone()
+		} else {
+			"Box<dyn Any>".to_owned()
+		};
+
+		let thread_name = std::thread::current()
+			.name()
+			.map_or_else(|| "<unnamed>".to_owned(), ToOwned::to_owned);
+
+		eprintln!(
+			"\nthread '{thread_name}' panicked{location_str}: \
+			 {message}\n\nBacktrace:\n{backtrace}"
+		);
+
+		default_hook(info);
+	}));
+}
--- a/src/service/rooms/event_handler/handle_incoming_pdu.rs
+++ b/src/service/rooms/event_handler/handle_incoming_pdu.rs
@@ -4,8 +4,8 @@
 };

 use conduwuit::{
-	Err, Event, Result, debug::INFO_SPAN_LEVEL, defer, err, implement, utils::stream::IterStream,
-	warn,
+	Err, Event, Result, debug::INFO_SPAN_LEVEL, defer, err, implement, info,
+	utils::stream::IterStream, warn,
 };
 use futures::{
 	FutureExt, TryFutureExt, TryStreamExt,
@@ -70,7 +70,7 @@ pub async fn handle_incoming_pdu<'a>(
 		return Err!(Request(TooLarge("PDU is too large")));
 	}

-	// 1.1 Check the server is in the room
+	// 1.1 Check we even know about the room
 	let meta_exists = self.services.metadata.exists(room_id).map(Ok);

 	// 1.2 Check if the room is disabled
@@ -114,6 +114,19 @@ pub async fn handle_incoming_pdu<'a>(
 		return Err!(Request(Forbidden("Federation of this room is disabled by this server.")));
 	}

+	if !self
+		.services
+		.state_cache
+		.server_in_room(self.services.globals.server_name(), room_id)
+		.await
+	{
+		info!(
+			%origin,
+			"Dropping inbound PDU for room we aren't participating in"
+		);
+		return Err!(Request(NotFound("This server is not participating in that room.")));
+	}
+
 	let (incoming_pdu, val) = self
 		.handle_outlier_pdu(origin, create_event, event_id, room_id, value, false)
 		.await?;
--- a/src/service/rooms/event_handler/handle_outlier_pdu.rs
+++ b/src/service/rooms/event_handler/handle_outlier_pdu.rs
@@ -184,6 +184,7 @@ pub(super) async fn handle_outlier_pdu<'a, Pdu>(
 	let auth_check = state_res::event_auth::auth_check(
 		&to_room_version(&room_version_id),
 		&pdu_event,
+		None, // TODO: third party invite
 		state_fetch,
 		create_event.as_pdu(),
 	)
--- a/src/service/rooms/event_handler/upgrade_outlier_pdu.rs
+++ b/src/service/rooms/event_handler/upgrade_outlier_pdu.rs
@@ -100,6 +100,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu<Pdu>(
 	let auth_check = state_res::event_auth::auth_check(
 		&room_version,
 		&incoming_pdu,
+		None, // TODO: third party invite
 		|ty, sk| state_fetch(ty.clone(), sk.into()),
 		create_event.as_pdu(),
 	)
@@ -139,6 +140,7 @@ pub(super) async fn upgrade_outlier_to_timeline_pdu<Pdu>(
 	let auth_check = state_res::event_auth::auth_check(
 		&room_version,
 		&incoming_pdu,
+		None, // third-party invite
 		state_fetch,
 		create_event.as_pdu(),
 	)
--- a/src/service/rooms/state_accessor/server_can.rs
+++ b/src/service/rooms/state_accessor/server_can.rs
@@ -1,4 +1,4 @@
-use conduwuit::{implement, utils::stream::ReadyExt};
+use conduwuit::{implement, utils::stream::ReadyExt, warn};
 use futures::StreamExt;
 use ruma::{
 	EventId, RoomId, ServerName,
@@ -19,7 +19,12 @@ pub async fn server_can_see_event(
 	event_id: &EventId,
 ) -> bool {
 	let Ok(shortstatehash) = self.pdu_shortstatehash(event_id).await else {
-		return true;
+		warn!(
+			"Unable to visibility check event {} in room {} for server {}: shortstatehash not \
+			 found",
+			event_id, room_id, origin
+		);
+		return false;
 	};

 	let history_visibility = self
--- a/src/service/rooms/timeline/create.rs
+++ b/src/service/rooms/timeline/create.rs
@@ -236,9 +236,15 @@ fn from_evt(
 		| _ => create_pdu.as_ref().unwrap().as_pdu(),
 	};

-	let auth_check = state_res::auth_check(&room_version, &pdu, auth_fetch, create_event)
-		.await
-		.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;
+	let auth_check = state_res::auth_check(
+		&room_version,
+		&pdu,
+		None, // TODO: third_party_invite
+		auth_fetch,
+		create_event,
+	)
+	.await
+	.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;

 	if !auth_check {
 		return Err!(Request(Forbidden("Event is not authorized.")));
--- a/src/service/users/mod.rs
+++ b/src/service/users/mod.rs
@@ -304,7 +304,11 @@ pub fn disable_login(&self, user_id: &UserId) {
 	pub fn enable_login(&self, user_id: &UserId) { self.db.userid_logindisabled.remove(user_id); }

 	pub async fn is_login_disabled(&self, user_id: &UserId) -> bool {
-		self.db.userid_logindisabled.contains(user_id).await
+		self.db
+			.userid_logindisabled
+			.exists(user_id.as_str())
+			.await
+			.is_ok()
 	}

 	/// Check if account is active, infallible
--- a/theme/css.d.ts
+++ b/theme/css.d.ts
@@ -0,0 +1 @@
+declare module "*.css"
--- a/theme/index.tsx
+++ b/theme/index.tsx
@@ -1,4 +1,4 @@
-import { HomeLayout as BasicHomeLayout, DocContent } from "@rspress/core/theme";
+import { HomeLayout as BasicHomeLayout, DocContent } from "@rspress/core/theme-original";

 import { useFrontmatter } from '@rspress/core/runtime';
 interface HomeLayoutProps {
@@ -25,5 +25,5 @@ function HomeLayout(props: HomeLayoutProps) {
    );
 }
 export { HomeLayout };
-export * from "@rspress/core/theme";
+export * from "@rspress/core/theme-original";
 import "./index.css";
Author	SHA1	Message	Date
timedout	19146166c0	chore: Linkify pull requests in CHANGELOG.md	2026-02-08 17:49:53 +00:00
timedout	f47027006f	chore: Bump cargo lock	2026-02-08 17:45:51 +00:00
timedout	b7a8f71e14	chore: Bump version	2026-02-08 17:41:53 +00:00
timedout	c7378d15ab	chore: Update changelog	2026-02-08 17:41:30 +00:00
timedout	7beeab270e	fix: Add failing spell check string to typos This isn't the proper fix but whatever it makes CI pass	2026-02-08 17:25:09 +00:00
Julian Anderson	6a812b7776	chore: Add news fragment	2026-02-08 17:25:09 +00:00
Julian Anderson	b1f4bbe89e	docs(deploying/fedora): Remove seemingly nonexistent/impossible Fedora install method	2026-02-08 17:25:09 +00:00
Julian Anderson	6701f88bf9	docs(deploying/fedora): Fix URLs for known working install methods, add EL caveat, correct GPG key info	2026-02-08 17:25:09 +00:00
Jade Ellis	62b9e8227b	docs: Explain enabling backtraces at runtime	2026-02-08 17:23:09 +00:00
Jade Ellis	7369b58d91	feat: Try log original server error	2026-02-08 17:23:09 +00:00
Jade Ellis	f6df44b13f	feat: Try log panics before unwinds to catch backtraces	2026-02-08 17:23:09 +00:00
timedout	f243b383cb	style: Fix typo in validate_remote_member_event_stub	2026-02-08 15:37:40 +00:00
timedout	e0b7d03018	fix: Perform additional membership validation on remote knocks too	2026-02-08 15:34:07 +00:00
timedout	184ae2ebb9	fix: Apply validation to make_join process	2026-02-06 18:15:39 +00:00
timedout	0ea0d09b97	fix: Don't fail open when a PDU doesn't have a short state hash	2026-02-06 18:09:09 +00:00
timedout	6763952ce4	chore: Bump ruwuma	2026-02-06 17:52:48 +00:00
Renovate Bot	e2da8301df	chore(deps): update pre-commit hook crate-ci/typos to v1.43.2	2026-02-06 16:49:57 +00:00
April Grimoire	296a4b92d6	fix: Resolve unnecessary serialization issue Fixes #1335	2026-02-06 07:52:19 +00:00
timedout	00c054d356	fix: Get_missing_events returns the same event N times	2026-02-05 21:28:21 +00:00
Renovate Bot	2558ec0c2a	chore(deps): update rust-patch-updates	2026-02-05 14:06:42 +00:00
timedout	56bc3c184e	feat: Enable running complement manually	2026-02-04 18:06:53 +00:00
Renovate Bot	5c1b90b463	chore(deps): update dependency cargo-bins/cargo-binstall to v1.17.4	2026-02-04 16:05:32 +00:00
Renovate Bot	0dbb774559	chore(deps): update dependency @rspress/plugin-sitemap to v2.0.2	2026-02-04 16:04:56 +00:00
Renovate Bot	16e0566c84	chore(deps): update dependency @rspress/plugin-client-redirects to v2.0.2	2026-02-04 16:02:09 +00:00
Renovate Bot	489b6e4ecb	chore(deps): update pre-commit hook crate-ci/typos to v1.43.1	2026-02-04 15:58:34 +00:00
Renovate Bot	e71f75a58c	chore(deps): update dependency @rspress/core to v2.0.2	2026-02-04 05:04:11 +00:00
timedout	082ed5b70c	feat: Use info level logs for residency check failures	2026-02-03 20:09:41 +00:00
timedout	76fe8c4cdc	chore: Add news fragment	2026-02-03 20:09:41 +00:00
timedout	c4a9f7a6d1	perf: Don't handle expensive requests for rooms we aren't in Mostly borrowed from dendrite: https://github.com/element-hq/dendrite/blob/a042861/federationapi/routing/routing.go#L601	2026-02-03 20:09:41 +00:00
timedout	a047199fb4	perf: Don't handle PDUs for rooms we aren't in	2026-02-03 20:09:41 +00:00
Renovate Bot	411c9da743	chore(deps): update rust-patch-updates	2026-02-02 01:34:58 +00:00
Renovate Bot	fb54f2058c	chore(deps): update dependency @rspress/plugin-client-redirects to v2.0.1	2026-02-01 05:03:41 +00:00
ginger	358273226c	chore: Update FUNDING.yml	2026-01-31 01:13:15 +00:00
timedout	fd9bbb08ed	fix: Restore admin room announcement for deactivations	2026-01-30 05:11:30 +00:00
timedout	53184cd2fc	chore: Add news fragment	2026-01-30 05:11:30 +00:00
timedout	25f7d80a8c	fix: Clippy lint	2026-01-30 05:11:30 +00:00
timedout	02fa0ba0b8	perf: Optimise account deactivation process	2026-01-30 05:11:30 +00:00
ginger	572b228f40	Update homeserver list	2026-01-29 23:35:07 +00:00
Renovate Bot	b0a61e38da	chore(deps): update pre-commit hook crate-ci/typos to v1.42.3	2026-01-29 15:49:54 +00:00
Renovate Bot	401dff20eb	chore(deps): update dependency cargo-bins/cargo-binstall to v1.17.3	2026-01-29 15:49:32 +00:00
Ginger	f2a50e8f62	fix(docs): Remove rspress-plugin-preview	2026-01-29 10:41:46 -05:00
Ginger	36e80b0af4	fix(docs): Add stub type definition for docs CSS	2026-01-29 10:36:44 -05:00
Ginger	c9a4c546e2	chore(deps): Update to rspress 2.0.0	2026-01-29 10:35:24 -05:00
				`@@ -1 +0,0 @@`
				`The announcement checker will now announce errors it encounters in the first run to the admin room, plus a few other misc improvements. Contributed by @Jade`
				`@@ -1 +0,0 @@`
				`Fix the generated configuration containing uncommented optional sections. Contributed by @Jade`
				`@@ -1 +0,0 @@`
				`Fixed specification non-compliance when handling remote media errors. Contributed by @nex.`
				`@@ -1 +0,0 @@`
				`UIAA requests which check for out-of-band success (sent by matrix-js-sdk) will no longer create unhelpful errors in the logs.`