diff --git a/latest/usage/configuration/config_documentation.html b/latest/usage/configuration/config_documentation.html
index d022ce3f99..250c4fec81 100644
--- a/latest/usage/configuration/config_documentation.html
+++ b/latest/usage/configuration/config_documentation.html
@@ -1669,6 +1669,24 @@ See <a href="../../reverse_proxy.html">here</a> for more on using a reverse prox
<pre><code class="language-yaml">max_image_pixels: 35M
</code></pre>
<hr />
+<h3 id="prevent_media_downloads_from"><a class="header" href="#prevent_media_downloads_from"><code>prevent_media_downloads_from</code></a></h3>
+<p>A list of domains to never download media from. Media from these
+domains that is already downloaded will not be deleted, but will be
+inaccessible to users. This option does not affect admin APIs trying
+to download/operate on media.</p>
+<p>This will not prevent the listed domains from accessing media themselves.
+It simply prevents users on this server from downloading media originating
+from the listed servers.</p>
+<p>This will have no effect on media originating from the local server.
+This only affects media downloaded from other Matrix servers, to
+block domains from URL previews see <a href="#url_preview_url_blacklist"><code>url_preview_url_blacklist</code></a>.</p>
+<p>Defaults to an empty list (nothing blocked).</p>
+<p>Example configuration:</p>
+<pre><code class="language-yaml">prevent_media_downloads_from:
+ - evil.example.org
+ - evil2.example.org
+</code></pre>
+<hr />
<h3 id="dynamic_thumbnails"><a class="header" href="#dynamic_thumbnails"><code>dynamic_thumbnails</code></a></h3>
<p>Whether to generate new thumbnails on the fly to precisely match
the resolution requested by the client. If true then whenever
@@ -3098,12 +3116,16 @@ This number can either be calculated as the number of unread messages for the u
user has unread messages in. Defaults to true, meaning push clients will see the number of
rooms with unread messages in them. Set to false to instead send the number
of unread messages.</li>
+<li><code>jitter_delay</code>: Delays push notifications by a random amount up to the given
+duration. Useful for mitigating timing attacks. Optional, defaults to no
+delay. <em>Added in Synapse 1.84.0.</em></li>
</ul>
<p>Example configuration:</p>
<pre><code class="language-yaml">push:
enabled: true
include_content: false
group_unread_count_by_room: false
+ jitter_delay: "10s"
</code></pre>
<hr />
<h2 id="rooms"><a class="header" href="#rooms">Rooms</a></h2>
@@ -3327,6 +3349,13 @@ except <code>com.example.foo</code>.</p>
public_chat: null
</code></pre>
<hr />
+<h3 id="forget_rooms_on_leave"><a class="header" href="#forget_rooms_on_leave"><code>forget_rooms_on_leave</code></a></h3>
+<p>Set to true to automatically forget rooms for users when they leave them, either
+normally or via a kick or ban. Defaults to false.</p>
+<p>Example configuration:</p>
+<pre><code class="language-yaml">forget_rooms_on_leave: false
+</code></pre>
+<hr />
<h2 id="opentracing"><a class="header" href="#opentracing">Opentracing</a></h2>
<p>Configuration options related to Opentracing support.</p>
<hr />
@@ -3448,13 +3477,17 @@ events may be dropped).</p>
<hr />
<h3 id="instance_map"><a class="header" href="#instance_map"><code>instance_map</code></a></h3>
<p>When using workers this should be a map from <a href="#worker_name"><code>worker_name</code></a> to the
-HTTP replication listener of the worker, if configured.
+HTTP replication listener of the worker, if configured, and to the main process.
Each worker declared under <a href="../../workers.html#stream-writers"><code>stream_writers</code></a> needs
a HTTP replication listener, and that listener should be included in the <code>instance_map</code>.
-(The main process also needs an HTTP replication listener, but it should not be
-listed in the <code>instance_map</code>.)</p>
+The main process also needs an entry on the <code>instance_map</code>, and it should be listed under
+<code>main</code> <strong>if even one other worker exists</strong>. Ensure the port matches with what is declared
+inside the <code>listener</code> block for a <code>replication</code> listener.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">instance_map:
+ main:
+ host: localhost
+ port: 8030
worker1:
host: localhost
port: 8034
@@ -3523,7 +3556,23 @@ localhost and 6379</p>
</li>
<li>
<p><code>dbid</code>: Optional redis dbid if needs to connect to specific redis logical db.</p>
+</li>
+<li>
+<p><code>use_tls</code>: Whether to use tls connection. Defaults to false.</p>
+</li>
+<li>
+<p><code>certificate_file</code>: Optional path to the certificate file</p>
+</li>
+<li>
+<p><code>private_key_file</code>: Optional path to the private key file</p>
+</li>
+<li>
+<p><code>ca_file</code>: Optional path to the CA certificate file. Use this one or:</p>
+</li>
+<li>
+<p><code>ca_path</code>: Optional path to the folder containing the CA certificate file</p>
<p><em>Added in Synapse 1.78.0.</em></p>
+<p><em>Changed in Synapse 1.84.0: Added use_tls, certificate_file, private_key_file, ca_file and ca_path attributes</em></p>
</li>
</ul>
<p>Example configuration:</p>
@@ -3533,6 +3582,10 @@ localhost and 6379</p>
port: 6379
password: <secret_password>
dbid: <dbid>
+ #use_tls: True
+ #certificate_file: <path_to_the_certificate_file>
+ #private_key_file: <path_to_the_private_key_file>
+ #ca_file: <path_to_the_ca_certificate_file>
</code></pre>
<hr />
<h2 id="individual-worker-configuration"><a class="header" href="#individual-worker-configuration">Individual worker configuration</a></h2>
@@ -3560,6 +3613,7 @@ giving each worker a unique <code>worker_name</code>.</p>
</code></pre>
<hr />
<h3 id="worker_replication_host"><a class="header" href="#worker_replication_host"><code>worker_replication_host</code></a></h3>
+<p><em>Deprecated as of version 1.84.0. Place <code>host</code> under <code>main</code> entry on the <a href="#instance_map"><code>instance_map</code></a> in your shared yaml configuration instead.</em></p>
<p>The HTTP replication endpoint that it should talk to on the main Synapse process.
The main Synapse process defines this with a <code>replication</code> resource in
<a href="#listeners"><code>listeners</code> option</a>.</p>
@@ -3568,6 +3622,7 @@ The main Synapse process defines this with a <code>replication</code> resource i
</code></pre>
<hr />
<h3 id="worker_replication_http_port"><a class="header" href="#worker_replication_http_port"><code>worker_replication_http_port</code></a></h3>
+<p><em>Deprecated as of version 1.84.0. Place <code>port</code> under <code>main</code> entry on the <a href="#instance_map"><code>instance_map</code></a> in your shared yaml configuration instead.</em></p>
<p>The HTTP replication port that it should talk to on the main Synapse process.
The main Synapse process defines this with a <code>replication</code> resource in
<a href="#listeners"><code>listeners</code> option</a>.</p>
@@ -3576,6 +3631,7 @@ The main Synapse process defines this with a <code>replication</code> resource i
</code></pre>
<hr />
<h3 id="worker_replication_http_tls"><a class="header" href="#worker_replication_http_tls"><code>worker_replication_http_tls</code></a></h3>
+<p><em>Deprecated as of version 1.84.0. Place <code>tls</code> under <code>main</code> entry on the <a href="#instance_map"><code>instance_map</code></a> in your shared yaml configuration instead.</em></p>
<p>Whether TLS should be used for talking to the HTTP replication port on the main
Synapse process.
The main Synapse process defines this with the <code>tls</code> option on its <a href="#listeners">listener</a> that
@@ -3593,9 +3649,9 @@ See <a href="#worker_replication_secret"><code>worker_replication_secret</code><
<p>A worker can handle HTTP requests. To do so, a <code>worker_listeners</code> option
must be declared, in the same way as the <a href="#listeners"><code>listeners</code> option</a>
in the shared config.</p>
-<p>Workers declared in <a href="#stream_writers"><code>stream_writers</code></a> will need to include a
-<code>replication</code> listener here, in order to accept internal HTTP requests from
-other workers.</p>
+<p>Workers declared in <a href="#stream_writers"><code>stream_writers</code></a> and <a href="#instance_map"><code>instance_map</code></a>
+will need to include a <code>replication</code> listener here, in order to accept internal HTTP
+requests from other workers.</p>
<p>Example configuration:</p>
<pre><code class="language-yaml">worker_listeners:
- type: http
|
