diff --git a/Cargo.lock b/Cargo.lock
index 95ab8d04..f7c7079f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3162,7 +3162,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "assign",
  "js_int",
@@ -3184,7 +3184,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3196,7 +3196,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "as_variant",
  "assign",
@@ -3219,7 +3219,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -3249,7 +3249,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "as_variant",
  "indexmap 2.7.0",
@@ -3273,7 +3273,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "bytes",
  "http",
@@ -3291,7 +3291,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "js_int",
  "thiserror 2.0.7",
@@ -3300,7 +3300,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3310,7 +3310,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "cfg-if",
  "proc-macro-crate",
@@ -3325,7 +3325,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3337,7 +3337,7 @@ dependencies = [
 [[package]]
 name = "ruma-server-util"
 version = "0.3.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "headers",
  "http",
@@ -3350,7 +3350,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -3366,7 +3366,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.11.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=08f58cd3236fdf175913b2bcaf8865359696d94d#08f58cd3236fdf175913b2bcaf8865359696d94d"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=5a826d31a32b6473671a5b9f813ad2e4b47676b4#5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 dependencies = [
  "futures-util",
  "js_int",
diff --git a/Cargo.toml b/Cargo.toml
index 2d99db02..ea9cfa3c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -334,7 +334,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "08f58cd3236fdf175913b2bcaf8865359696d94d"
+rev = "5a826d31a32b6473671a5b9f813ad2e4b47676b4"
 features = [
     "compat",
     "rand",
diff --git a/src/service/pusher/mod.rs b/src/service/pusher/mod.rs
index cea3ba35..43d60c08 100644
--- a/src/service/pusher/mod.rs
+++ b/src/service/pusher/mod.rs
@@ -92,6 +92,36 @@ impl Service {
 					)));
 				}
 
+				// add some validation to the pusher URL
+				let pusher_kind = &data.pusher.kind;
+				if let PusherKind::Http(http) = pusher_kind {
+					let url = &http.url;
+					let url = url::Url::parse(&http.url).map_err(|e| {
+						err!(Request(InvalidParam(
+							warn!(%url, "HTTP pusher URL is not a valid URL: {e}")
+						)))
+					})?;
+
+					if ["http", "https"]
+						.iter()
+						.all(|&scheme| scheme != url.scheme().to_lowercase())
+					{
+						return Err!(Request(InvalidParam(
+							warn!(%url, "HTTP pusher URL is not a valid HTTP/HTTPS URL")
+						)));
+					}
+
+					if let Ok(ip) =
+						IPAddress::parse(url.host_str().expect("URL previously validated"))
+					{
+						if !self.services.client.valid_cidr_range(&ip) {
+							return Err!(Request(InvalidParam(
+								warn!(%url, "HTTP pusher URL is a forbidden remote address")
+							)));
+						}
+					}
+				}
+
 				let key = (sender, data.pusher.ids.pushkey.as_str());
 				self.db.senderkey_pusher.put(key, Json(pusher));
 			},
@@ -330,16 +360,42 @@ impl Service {
 		pusher: &Pusher,
 		tweaks: Vec<Tweak>,
 		event: &PduEvent,
-	) -> Result<()> {
+	) -> Result {
 		// TODO: email
 		match &pusher.kind {
 			| PusherKind::Http(http) => {
+				let url = &http.url;
+				let url = url::Url::parse(&http.url).map_err(|e| {
+					err!(Request(InvalidParam(
+						warn!(%url, "HTTP pusher URL is not a valid URL: {e}")
+					)))
+				})?;
+
+				if ["http", "https"]
+					.iter()
+					.all(|&scheme| scheme != url.scheme().to_lowercase())
+				{
+					return Err!(Request(InvalidParam(
+						warn!(%url, "HTTP pusher URL is not a valid HTTP/HTTPS URL")
+					)));
+				}
+
+				if let Ok(ip) =
+					IPAddress::parse(url.host_str().expect("URL previously validated"))
+				{
+					if !self.services.client.valid_cidr_range(&ip) {
+						return Err!(Request(InvalidParam(
+							warn!(%url, "HTTP pusher URL is a forbidden remote address")
+						)));
+					}
+				}
+
 				// TODO (timo): can pusher/devices have conflicting formats
 				let event_id_only = http.format == Some(PushFormat::EventIdOnly);
 
 				let mut device =
 					Device::new(pusher.ids.app_id.clone(), pusher.ids.pushkey.clone());
-				device.data.default_payload = http.default_payload.clone();
+				device.data.data.clone_from(&http.data);
 				device.data.format.clone_from(&http.format);
 
 				// Tweaks are only added if the format is NOT event_id_only
@@ -352,8 +408,17 @@ impl Service {
 
 				notifi.event_id = Some((*event.event_id).to_owned());
 				notifi.room_id = Some((*event.room_id).to_owned());
-				// TODO: missed calls
-				notifi.counts = NotificationCounts::new(unread, uint!(0));
+				if http
+					.data
+					.get("org.matrix.msc4076.disable_badge_count")
+					.is_none() && http.data.get("disable_badge_count").is_none()
+				{
+					notifi.counts = NotificationCounts::new(unread, uint!(0));
+				} else {
+					// counts will not be serialised if it's the default (0, 0)
+					// skip_serializing_if = "NotificationCounts::is_default"
+					notifi.counts = NotificationCounts::default();
+				}
 
 				if event_id_only {
 					self.send_request(