diff --git a/Cargo.lock b/Cargo.lock
index ea84fc09..30d951a7 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1158,6 +1158,15 @@ dependencies = [
  "itoa",
 ]
 
+[[package]]
+name = "http-auth"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "643c9bbf6a4ea8a656d6b4cd53d34f79e3f841ad5203c1a55fb7d761923bc255"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "http-body"
 version = "0.4.6"
@@ -2223,7 +2232,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "assign",
  "js_int",
@@ -2244,7 +2253,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2256,7 +2265,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "as_variant",
  "assign",
@@ -2279,7 +2288,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -2309,7 +2318,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "as_variant",
  "indexmap 2.2.6",
@@ -2331,7 +2340,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2343,7 +2352,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "js_int",
  "thiserror",
@@ -2352,7 +2361,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2362,7 +2371,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "once_cell",
  "proc-macro-crate",
@@ -2377,7 +2386,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2389,18 +2398,20 @@ dependencies = [
 [[package]]
 name = "ruma-server-util"
 version = "0.3.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "headers",
+ "http 1.1.0",
+ "http-auth",
  "ruma-common",
+ "thiserror",
  "tracing",
- "yap",
 ]
 
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -2416,7 +2427,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.11.0"
-source = "git+https://github.com/ruma/ruma#ef40b184b7410a93e933b4ad719a72aea1bdd20e"
+source = "git+https://github.com/ruma/ruma#fec2152d879a6c6c2bccce984d4b8f424f460cb2"
 dependencies = [
  "itertools",
  "js_int",
@@ -3757,12 +3768,6 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cfe53a6657fd280eaa890a3bc59152892ffa3e30101319d168b781ed6529b049"
 
-[[package]]
-name = "yap"
-version = "0.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfe269e7b803a5e8e20cbd97860e136529cd83bf2c9c6d37b142467e7e1f051f"
-
 [[package]]
 name = "zerocopy"
 version = "0.7.34"
diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index 36640b54..47ccdc83 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -315,7 +315,11 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
 pub async fn change_password_route(
     body: Ruma<change_password::v3::Request>,
 ) -> Result<change_password::v3::Response> {
-    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+    let sender_user = body
+        .sender_user
+        .as_ref()
+        // In the future password changes could be performed with UIA with 3PIDs, but we don't support that currently
+        .ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
     let sender_device = body.sender_device.as_ref().expect("user is authenticated");
 
     let mut uiaainfo = UiaaInfo {
@@ -402,7 +406,11 @@ pub async fn whoami_route(body: Ruma<whoami::v3::Request>) -> Result<whoami::v3:
 pub async fn deactivate_route(
     body: Ruma<deactivate::v3::Request>,
 ) -> Result<deactivate::v3::Response> {
-    let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+    let sender_user = body
+        .sender_user
+        .as_ref()
+        // In the future password changes could be performed with UIA with SSO, but we don't support that currently
+        .ok_or_else(|| Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))?;
     let sender_device = body.sender_device.as_ref().expect("user is authenticated");
 
     let mut uiaainfo = UiaaInfo {
diff --git a/src/api/client_server/media.rs b/src/api/client_server/media.rs
index 5cd2b2f9..10890f93 100644
--- a/src/api/client_server/media.rs
+++ b/src/api/client_server/media.rs
@@ -1,3 +1,6 @@
+// Unauthenticated media is deprecated
+#![allow(deprecated)]
+
 use std::time::Duration;
 
 use crate::{service::media::FileMeta, services, utils, Error, Result, Ruma};
@@ -190,7 +193,7 @@ pub async fn get_content_thumbnail_route(
             content_type,
             cross_origin_resource_policy: Some("cross-origin".to_owned()),
         })
-    } else if &*body.server_name != services().globals.server_name() && body.allow_remote {
+    } else if body.server_name != services().globals.server_name() && body.allow_remote {
         let get_thumbnail_response = services()
             .sending
             .send_federation_request(
@@ -204,6 +207,7 @@ pub async fn get_content_thumbnail_route(
                     media_id: body.media_id.clone(),
                     timeout_ms: Duration::from_secs(20),
                     allow_redirect: false,
+                    animated: body.animated,
                 },
             )
             .await?;
diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs
index aaabb1c6..2c5da21b 100644
--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@@ -189,7 +189,7 @@ where
 
                     let origin_signatures = BTreeMap::from_iter([(
                         x_matrix.key.clone(),
-                        CanonicalJsonValue::String(x_matrix.sig),
+                        CanonicalJsonValue::String(x_matrix.sig.to_string()),
                     )]);
 
                     let signatures = BTreeMap::from_iter([(
diff --git a/src/api/server_server.rs b/src/api/server_server.rs
index 605a4672..9d632899 100644
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@@ -6,8 +6,9 @@ use crate::{
     services, utils, Error, PduEvent, Result, Ruma,
 };
 use axum::{response::IntoResponse, Json};
+use axum_extra::headers::authorization::Credentials;
 use get_profile_information::v1::ProfileField;
-use http::header::{HeaderValue, AUTHORIZATION};
+use http::header::AUTHORIZATION;
 
 use ruma::{
     api::{
@@ -44,6 +45,7 @@ use ruma::{
         StateEventType, TimelineEventType,
     },
     serde::{Base64, JsonObject, Raw},
+    server_util::authorization::XMatrix,
     to_device::DeviceIdOrAllDevices,
     uint, user_id, CanonicalJsonObject, CanonicalJsonValue, EventId, MilliSecondsSinceUnixEpoch,
     OwnedEventId, OwnedRoomId, OwnedServerName, OwnedServerSigningKeyId, OwnedUserId, RoomId,
@@ -226,14 +228,15 @@ where
         for s in signature_server {
             http_request.headers_mut().insert(
                 AUTHORIZATION,
-                HeaderValue::from_str(&format!(
+                XMatrix::parse(&format!(
                     "X-Matrix origin=\"{}\",destination=\"{}\",key=\"{}\",sig=\"{}\"",
                     services().globals.server_name(),
                     destination,
                     s.0,
                     s.1
                 ))
-                .unwrap(),
+                .expect("When Ruma signs JSON, it produces a valid base64 signature. All other types are valid ServerNames or OwnedKeyId")
+                .encode(),
             );
         }
     }