diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 4dd19bb058fe2f8fbd623d672c15cf5d4e374fb3..7e9dca6003c8fa9a899861de9c7c765f4af74493 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -77,7 +77,7 @@
- name: install synapse
pip:
name:
- - 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.47.1'
+ - 'matrix-synapse[postgres,systemd,url_preview,redis,oidc]==1.48.0'
state: latest
extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv
diff --git a/roles/matrix/templates/homeserver.yaml.j2 b/roles/matrix/templates/homeserver.yaml.j2
index 11bff65a7fe64760d6256e0464c276e5616c3f34..ffe0d8ed577d2d9c352dcb52f4fb418781c099a8 100644
--- a/roles/matrix/templates/homeserver.yaml.j2
+++ b/roles/matrix/templates/homeserver.yaml.j2
@@ -658,8 +658,8 @@ retention:
#
#federation_certificate_verification_whitelist:
# - lon.example.com
-# - *.domain.com
-# - *.onion
+# - "*.domain.com"
+# - "*.onion"
# List of custom certificate authorities for federation traffic.
#
@@ -2082,6 +2082,12 @@ sso:
#
#algorithm: "provided-by-your-issuer"
+ # Name of the claim containing a unique identifier for the user.
+ #
+ # Optional, defaults to `sub`.
+ #
+ #subject_claim: "sub"
+
# The issuer to validate the "iss" claim against.
#
# Optional, if provided the "iss" claim will be required and
@@ -2403,8 +2409,8 @@ user_directory:
# indexes were (re)built was before Synapse 1.44, you'll have to
# rebuild the indexes in order to search through all known users.
# These indexes are built the first time Synapse starts; admins can
- # manually trigger a rebuild following the instructions at
- # https://matrix-org.github.io/synapse/latest/user_directory.html
+ # manually trigger a rebuild via API following the instructions at
+ # https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
#
# Uncomment to return search results containing all known users, even if that
# user does not share a room with the requester.