diff --git a/docs/prerequisites.md b/docs/prerequisites.md
index 9fcadd275..e60464949 100644
--- a/docs/prerequisites.md
+++ b/docs/prerequisites.md
@@ -35,12 +35,12 @@ If your distro runs within an [LXC container](https://linuxcontainers.org/), you
 - Some TCP/UDP ports open. This playbook (actually [Docker itself](https://docs.docker.com/network/iptables/)) configures the server's internal firewall for you. In most cases, you don't need to do anything special. But **if your server is running behind another firewall**, you'd need to open these ports:
 
   - `80/tcp`: HTTP webserver
-  - `443/tcp`: HTTPS webserver
+  - `443/tcp` and `443/udp`: HTTPS webserver
   - `3478/tcp`: TURN over TCP (used by Coturn)
   - `3478/udp`: TURN over UDP (used by Coturn)
   - `5349/tcp`: TURN over TCP (used by Coturn)
   - `5349/udp`: TURN over UDP (used by Coturn)
-  - `8448/tcp`: Matrix Federation API HTTPS webserver. In some cases, this **may necessary even with federation disabled**. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
+  - `8448/tcp` and `8448/udp`: Matrix Federation API HTTPS webserver. In some cases, this **may necessary even with federation disabled**. Integration Servers (like Dimension) and Identity Servers (like ma1sd) may need to access `openid` APIs on the federation port.
   - the range `49152-49172/udp`: TURN over UDP
   - potentially some other ports, depending on the additional (non-default) services that you enable in the **configuring the playbook** step (later on). Consult each service's documentation page in `docs/` for that.
 
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index b5add2445..1ccaacf1d 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -2802,7 +2802,11 @@ matrix_bot_draupnir_container_network: "{{ matrix_addons_container_network }}"
 
 matrix_bot_draupnir_container_additional_networks_auto: |-
   {{
-    ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+    (
+      ([] if matrix_addons_homeserver_container_network == '' else [matrix_addons_homeserver_container_network])
+      +
+      ([matrix_pantalaimon_container_network] if (matrix_bot_draupnir_pantalaimon_use and matrix_pantalaimon_container_network != matrix_bot_draupnir_container_network) else [])
+    ) | unique
   }}
 
 matrix_bot_draupnir_homeserver_url: "{{ 'http://matrix-pantalaimon:8009' if matrix_bot_draupnir_pantalaimon_use else matrix_addons_homeserver_client_api_url }}"
@@ -4851,6 +4855,9 @@ grafana_provisioning_datasources: |
       'type': 'prometheus',
       'access': 'proxy',
       'url': ('http://' + prometheus_identifier + ':9090'),
+      'jsonData': {
+        'timeInterval': prometheus_config_global_scrape_interval,
+      }
     }] if prometheus_enabled else [])
   }}
 
diff --git a/requirements.yml b/requirements.yml
index 03bccac33..5930cf21f 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -70,8 +70,8 @@
   version: v1.0.0-0
   name: timesync
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik.git
-  version: v3.0.4-1
+  version: v3.1.0-0
   name: traefik
 - src: git+https://github.com/devture/com.devture.ansible.role.traefik_certs_dumper.git
-  version: v2.8.3-2
+  version: v2.8.3-4
   name: traefik_certs_dumper
diff --git a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
index 28a1d84bd..12527ce3c 100644
--- a/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-discord/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_discord_container_image_self_build_repo: "https://mau.dev/mautrix
 matrix_mautrix_discord_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_discord_version == 'latest' else matrix_mautrix_discord_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/discord
-matrix_mautrix_discord_version: v0.6.5
+matrix_mautrix_discord_version: v0.7.0
 
 # See: https://mau.dev/mautrix/discord/container_registry
 matrix_mautrix_discord_docker_image: "{{ matrix_mautrix_discord_docker_image_name_prefix }}mautrix/discord:{{ matrix_mautrix_discord_version }}"
diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
index 8bed67c8f..fc72e8a10 100644
--- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_gmessages_container_image_self_build_repo: "https://github.com/ma
 matrix_mautrix_gmessages_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_gmessages_version == 'latest' else matrix_mautrix_gmessages_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/gmessages
-matrix_mautrix_gmessages_version: v0.4.2
+matrix_mautrix_gmessages_version: v0.4.3
 
 # See: https://mau.dev/mautrix/gmessages/container_registry
 matrix_mautrix_gmessages_docker_image: "{{ matrix_mautrix_gmessages_docker_image_name_prefix }}mautrix/gmessages:{{ matrix_mautrix_gmessages_version }}"
diff --git a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
index 8d793405c..1ecf09dab 100644
--- a/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-googlechat/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_googlechat_container_image_self_build_repo: "https://github.com/m
 matrix_mautrix_googlechat_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_googlechat_version == 'latest' else matrix_mautrix_googlechat_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/googlechat
-matrix_mautrix_googlechat_version: v0.5.1
+matrix_mautrix_googlechat_version: v0.5.2
 # See: https://mau.dev/mautrix/googlechat/container_registry
 matrix_mautrix_googlechat_docker_image: "{{ matrix_mautrix_googlechat_docker_image_name_prefix }}mautrix/googlechat:{{ matrix_mautrix_googlechat_version }}"
 matrix_mautrix_googlechat_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_googlechat_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
index fe2509909..5969e80a0 100644
--- a/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-instagram/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_mautrix_meta_instagram_enabled: true
 matrix_mautrix_meta_instagram_identifier: matrix-mautrix-meta-instagram
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_instagram_version: v0.3.1
+matrix_mautrix_meta_instagram_version: v0.3.2
 
 matrix_mautrix_meta_instagram_base_path: "{{ matrix_base_data_path }}/mautrix-meta-instagram"
 matrix_mautrix_meta_instagram_config_path: "{{ matrix_mautrix_meta_instagram_base_path }}/config"
diff --git a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
index ce31d21aa..433dac9f8 100644
--- a/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-meta-messenger/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_mautrix_meta_messenger_enabled: true
 matrix_mautrix_meta_messenger_identifier: matrix-mautrix-meta-messenger
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/meta
-matrix_mautrix_meta_messenger_version: v0.3.1
+matrix_mautrix_meta_messenger_version: v0.3.2
 
 matrix_mautrix_meta_messenger_base_path: "{{ matrix_base_data_path }}/mautrix-meta-messenger"
 matrix_mautrix_meta_messenger_config_path: "{{ matrix_mautrix_meta_messenger_base_path }}/config"
diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
index 8f944c909..53a74423b 100644
--- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_signal_container_image_self_build_repo: "https://mau.dev/mautrix/
 matrix_mautrix_signal_container_image_self_build_branch: "{{ 'main' if matrix_mautrix_signal_version == 'latest' else matrix_mautrix_signal_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/signal
-matrix_mautrix_signal_version: v0.6.2
+matrix_mautrix_signal_version: v0.6.3
 
 # See: https://mau.dev/mautrix/signal/container_registry
 matrix_mautrix_signal_docker_image: "{{ matrix_mautrix_signal_docker_image_name_prefix }}mautrix/signal:{{ matrix_mautrix_signal_docker_image_tag }}"
diff --git a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
index 742ccc847..8e9ebb82e 100644
--- a/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-telegram/defaults/main.yml
@@ -28,7 +28,7 @@ matrix_mautrix_telegram_docker_repo_version: "{{ 'master' if matrix_mautrix_tele
 matrix_mautrix_telegram_docker_src_files_path: "{{ matrix_base_data_path }}/mautrix-telegram/docker-src"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/telegram
-matrix_mautrix_telegram_version: v0.15.1
+matrix_mautrix_telegram_version: v0.15.2
 # See: https://mau.dev/mautrix/telegram/container_registry
 matrix_mautrix_telegram_docker_image: "{{ matrix_mautrix_telegram_docker_image_name_prefix }}mautrix/telegram:{{ matrix_mautrix_telegram_version }}"
 matrix_mautrix_telegram_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_telegram_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
index dba30e2ce..e3d82624d 100644
--- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_twitter_container_image_self_build_repo: "https://github.com/maut
 matrix_mautrix_twitter_container_image_self_build_repo_version: "{{ 'master' if matrix_mautrix_twitter_version == 'latest' else matrix_mautrix_twitter_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/twitter
-matrix_mautrix_twitter_version: v0.1.7
+matrix_mautrix_twitter_version: v0.1.8
 # See: https://mau.dev/tulir/mautrix-twitter/container_registry
 matrix_mautrix_twitter_docker_image: "{{ matrix_mautrix_twitter_docker_image_name_prefix }}mautrix/twitter:{{ matrix_mautrix_twitter_version }}"
 matrix_mautrix_twitter_docker_image_name_prefix: "{{ 'localhost/' if matrix_mautrix_twitter_container_image_self_build else 'dock.mau.dev/' }}"
diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
index d3ebe5c76..e3d3476a3 100644
--- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
+++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml
@@ -9,7 +9,7 @@ matrix_mautrix_whatsapp_container_image_self_build_repo: "https://mau.dev/mautri
 matrix_mautrix_whatsapp_container_image_self_build_branch: "{{ 'master' if matrix_mautrix_whatsapp_version == 'latest' else matrix_mautrix_whatsapp_version }}"
 
 # renovate: datasource=docker depName=dock.mau.dev/mautrix/whatsapp
-matrix_mautrix_whatsapp_version: v0.10.8
+matrix_mautrix_whatsapp_version: v0.10.9
 
 # See: https://mau.dev/mautrix/whatsapp/container_registry
 matrix_mautrix_whatsapp_docker_image: "{{ matrix_mautrix_whatsapp_docker_image_name_prefix }}mautrix/whatsapp:{{ matrix_mautrix_whatsapp_version }}"
diff --git a/roles/custom/matrix-cactus-comments-client/defaults/main.yml b/roles/custom/matrix-cactus-comments-client/defaults/main.yml
index b366f4386..1bcb3bbbb 100644
--- a/roles/custom/matrix-cactus-comments-client/defaults/main.yml
+++ b/roles/custom/matrix-cactus-comments-client/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_cactus_comments_client_public_path: "{{ matrix_cactus_comments_client_bas
 matrix_cactus_comments_client_public_path_file_permissions: "0644"
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_cactus_comments_client_version: 2.32.0
+matrix_cactus_comments_client_version: 2.32.1
 
 matrix_cactus_comments_client_container_image: "{{ matrix_container_global_registry_prefix }}joseluisq/static-web-server:{{ matrix_cactus_comments_client_container_image_tag }}"
 matrix_cactus_comments_client_container_image_tag: "{{ 'latest' if matrix_cactus_comments_client_version == 'latest' else (matrix_cactus_comments_client_version + '-alpine') }}"
diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml
index b650d0cac..b297a1c6e 100644
--- a/roles/custom/matrix-client-element/defaults/main.yml
+++ b/roles/custom/matrix-client-element/defaults/main.yml
@@ -11,7 +11,7 @@ matrix_client_element_container_image_self_build_repo: "https://github.com/eleme
 matrix_client_element_container_image_self_build_low_memory_system_patch_enabled: "{{ ansible_memtotal_mb < 4096 }}"
 
 # renovate: datasource=docker depName=vectorim/element-web
-matrix_client_element_version: v1.11.70
+matrix_client_element_version: v1.11.71
 
 matrix_client_element_docker_image: "{{ matrix_client_element_docker_image_name_prefix }}vectorim/element-web:{{ matrix_client_element_version }}"
 matrix_client_element_docker_image_name_prefix: "{{ 'localhost/' if matrix_client_element_container_image_self_build else matrix_container_global_registry_prefix }}"
diff --git a/roles/custom/matrix-ma1sd/defaults/main.yml b/roles/custom/matrix-ma1sd/defaults/main.yml
index 6b593b67a..52aff183f 100644
--- a/roles/custom/matrix-ma1sd/defaults/main.yml
+++ b/roles/custom/matrix-ma1sd/defaults/main.yml
@@ -78,8 +78,8 @@ matrix_ma1sd_container_labels_matrix_identity_traefik_tls_certResolver: "{{ matr
 # Controls whether labels will be added that expose ma1sd's /_matrix/client/VERSION/user_directory/search endpoint
 matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled: "{{ matrix_ma1sd_container_labels_traefik_enabled }}"
 matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname: "{{ matrix_ma1sd_hostname }}"
-matrix_ma1sd_container_labels_matrix_client_user_directory_search_path: "/_matrix/client/{version:(r0|v3)}/user_directory/search"
-matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname }}`) && Path(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_path }}`)"
+matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp: "/_matrix/client/(?P<version>(r0|v3))/user_directory/search"
+matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname }}`) && PathRegexp(`{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp }}`)"
 matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_priority: 0
 matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_entrypoints: "{{ matrix_ma1sd_container_labels_traefik_entrypoints }}"
 matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_tls: "{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_entrypoints != 'web' }}"
@@ -90,8 +90,8 @@ matrix_ma1sd_container_labels_matrix_client_user_directory_search_traefik_tls_ce
 # To learn more, see: https://github.com/ma1uta/ma1sd/blob/master/docs/features/registration.md
 matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled: false
 matrix_ma1sd_container_labels_matrix_client_3pid_registration_hostname: "{{ matrix_ma1sd_hostname }}"
-matrix_ma1sd_container_labels_matrix_client_3pid_registration_path: "/_matrix/client/{version:(r0|v3)}/register/{type:(email|msisdn)}/requestToken"
-matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_hostname }}`) && Path(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_path }}`)"
+matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp: "/_matrix/client/(?P<version>(r0|v3))/register/(?P<type>(email|msisdn))/requestToken"
+matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_rule: "Host(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_hostname }}`) && PathRegexp(`{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp }}`)"
 matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_priority: 0
 matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_entrypoints: "{{ matrix_ma1sd_container_labels_traefik_entrypoints }}"
 matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_tls: "{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_traefik_entrypoints != 'web' }}"
diff --git a/roles/custom/matrix-ma1sd/tasks/validate_config.yml b/roles/custom/matrix-ma1sd/tasks/validate_config.yml
index e65fd4e56..8e4787507 100644
--- a/roles/custom/matrix-ma1sd/tasks/validate_config.yml
+++ b/roles/custom/matrix-ma1sd/tasks/validate_config.yml
@@ -53,18 +53,21 @@
     - {'name': 'matrix_ma1sd_container_labels_matrix_identity_hostname', when: "{{ matrix_ma1sd_container_labels_matrix_identity_enabled }}"}
     - {'name': 'matrix_ma1sd_container_labels_matrix_identity_path_prefix', when: "{{ matrix_ma1sd_container_labels_matrix_identity_enabled }}"}
     - {'name': 'matrix_ma1sd_container_labels_matrix_client_user_directory_search_hostname', when: "{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled }}"}
-    - {'name': 'matrix_ma1sd_container_labels_matrix_client_user_directory_search_path', when: "{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled }}"}
+    - {'name': 'matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp', when: "{{ matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled }}"}
+    - {'name': 'matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp', when: "{{ matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled }}"}
 
 - name: (Deprecation) Catch and report renamed ma1sd variables
   ansible.builtin.fail:
     msg: >-
       Your configuration contains a variable, which now has a different name.
       Please change your configuration to rename the variable (`{{ item.old }}` -> `{{ item.new }}`).
-  when: "vars | dict2items | selectattr('key', 'match', item.old) | list | items2dict"
+  when: "item.old in vars"
   with_items:
     - {'old': 'matrix_ma1sd_container_expose_port', 'new': '<superseded by matrix_ma1sd_container_http_host_bind_port>'}
     - {'old': 'matrix_ma1sd_threepid_medium_email_custom_unbind_fraudulent_template', 'new': 'matrix_ma1sd_threepid_medium_email_custom_session_unbind_notification_template'}
     - {'old': 'matrix_ma1sd_default_port', 'new': 'matrix_ma1sd_container_port'}
+    - {'old': 'matrix_ma1sd_container_labels_matrix_client_user_directory_search_path', 'new': 'matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp'}
+    - {'old': 'matrix_ma1sd_container_labels_matrix_client_3pid_registration_path', 'new': 'matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp'}
 
 - name: (Deprecation) Catch and report mxisd variables
   ansible.builtin.fail:
diff --git a/roles/custom/matrix-static-files/defaults/main.yml b/roles/custom/matrix-static-files/defaults/main.yml
index 9e867df16..d2b338d40 100644
--- a/roles/custom/matrix-static-files/defaults/main.yml
+++ b/roles/custom/matrix-static-files/defaults/main.yml
@@ -8,7 +8,7 @@ matrix_static_files_enabled: true
 matrix_static_files_identifier: matrix-static-files
 
 # renovate: datasource=docker depName=joseluisq/static-web-server
-matrix_static_files_version: 2.32.0
+matrix_static_files_version: 2.32.1
 
 matrix_static_files_base_path: "{{ matrix_base_data_path }}/{{ 'static-files' if matrix_static_files_identifier == 'matrix-static-files' else matrix_static_files_identifier }}"
 matrix_static_files_config_path: "{{ matrix_static_files_base_path }}/config"
diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml
index bcdfad264..2c978601b 100644
--- a/roles/custom/matrix-synapse-admin/defaults/main.yml
+++ b/roles/custom/matrix-synapse-admin/defaults/main.yml
@@ -13,7 +13,7 @@ matrix_synapse_admin_container_image_self_build: false
 matrix_synapse_admin_container_image_self_build_repo: "https://github.com/Awesome-Technologies/synapse-admin.git"
 
 # renovate: datasource=docker depName=awesometechnologies/synapse-admin
-matrix_synapse_admin_version: 0.10.2
+matrix_synapse_admin_version: 0.10.3
 matrix_synapse_admin_docker_image: "{{ matrix_synapse_admin_docker_image_name_prefix }}awesometechnologies/synapse-admin:{{ matrix_synapse_admin_version }}"
 matrix_synapse_admin_docker_image_name_prefix: "{{ 'localhost/' if matrix_synapse_admin_container_image_self_build else matrix_container_global_registry_prefix }}"
 matrix_synapse_admin_docker_image_force_pull: "{{ matrix_synapse_admin_docker_image.endswith(':latest') }}"
diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml
index 61a3aca94..03c6bd2ca 100644
--- a/roles/custom/matrix-synapse/defaults/main.yml
+++ b/roles/custom/matrix-synapse/defaults/main.yml
@@ -16,7 +16,7 @@ matrix_synapse_enabled: true
 matrix_synapse_github_org_and_repo: element-hq/synapse
 
 # renovate: datasource=docker depName=ghcr.io/element-hq/synapse
-matrix_synapse_version: v1.110.0
+matrix_synapse_version: v1.111.0
 
 matrix_synapse_username: ''
 matrix_synapse_uid: ''
diff --git a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
index 738f0fa33..7995ce3dd 100644
--- a/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
+++ b/roles/custom/matrix-synapse/templates/synapse/worker.yaml.j2
@@ -28,7 +28,11 @@ worker_log_config: /data/{{ matrix_server_fqn_matrix }}.log.config
   {% set http_resources = http_resources + ['client'] %}
 {% endif %}
 {% if matrix_synapse_worker_details.type == 'media_repository' %}
-  {% set http_resources = http_resources + ['media'] %}
+  {#
+    Handling authenticated media endpoints (`/_matrix/client/VERSION/media/` and `/_matrix/federation/VERSION/media/`)
+    requires serving the client and federation resources.
+  #}
+  {% set http_resources = http_resources + ['media', 'client', 'federation'] %}
 {% endif %}
 
 {% set replication_http_resources = [] %}
diff --git a/roles/custom/matrix-synapse/vars/main.yml b/roles/custom/matrix-synapse/vars/main.yml
index 3bc77d019..c25f30fe7 100644
--- a/roles/custom/matrix-synapse/vars/main.yml
+++ b/roles/custom/matrix-synapse/vars/main.yml
@@ -243,6 +243,8 @@ matrix_synapse_workers_media_repository_endpoints:
   # Handles the media repository. It can handle all endpoints starting with:
 
   - ^/_matrix/media/
+  - ^/_matrix/client/v1/media/
+  - ^/_matrix/federation/v1/media/
 
   # ... and the following regular expressions matching media-specific administration APIs:
 
diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
index d8958fdd1..85d12d1dd 100644
--- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
+++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml
@@ -271,11 +271,11 @@
         - {'old': 'matrix_nginx_proxy_proxy_matrix_user_directory_search_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_traefik_enabled and matrix_ma1sd_container_labels_matrix_client_user_directory_search_enabled>'}
         - {'old': 'matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_with_container', 'new': '<removed>'}
         - {'old': 'matrix_nginx_proxy_proxy_matrix_user_directory_search_addr_sans_container', 'new': '<removed>'}
-        - {'old': 'matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_matrix_client_user_directory_search_path>'}
+        - {'old': 'matrix_nginx_proxy_proxy_matrix_user_directory_search_v3_to_r0_redirect_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_matrix_client_user_directory_search_path_regexp>'}
         - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_enabled', 'new': 'matrix_ma1sd_container_labels_matrix_client_3pid_registration_enabled'}
         - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_with_container', 'new': '<removed>'}
         - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_addr_sans_container', 'new': '<removed>'}
-        - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_matrix_client_3pid_registration_path>'}
+        - {'old': 'matrix_nginx_proxy_proxy_matrix_3pid_registration_v3_to_r0_redirect_enabled', 'new': '<superseded by matrix_ma1sd_container_labels_matrix_client_3pid_registration_path_regexp>'}
         - {'old': 'matrix_nginx_proxy_proxy_conduit_enabled', 'new': 'matrix_conduit_container_labels_traefik_enabled'}
         - {'old': 'matrix_nginx_proxy_proxy_conduit_block_federation_api_on_client_port', 'new': '<not supported anymore - the /_matrix/federation endpoints are now also being served on the Client-Server API port>'}
         - {'old': 'matrix_nginx_proxy_proxy_conduit_federation_api_enabled', 'new': 'matrix_conduit_container_labels_public_federation_api_enabled'}