Synapse 1.152.1 (2026-05-07)

Security Fixes

• Prevent CPU starvation (Denial of Service) under worker lock contention, additionally capping the WorkerLock time out interval to a maximum of 60 seconds. Contributed by Famedly. (#19394, ELEMENTSEC-2026-1706, GHSA-8q93-326v-3m7g, CVE pending)
• Prevent pagination ending when a page is full of rejected events. (ELEMENTSEC-2025-1636, GHSA-6qf2-7x63-mm6v, CVE pending)