diff --git a/.github/workflows/build-base-app.yml b/.github/workflows/build-base-app.yml
index 85842d9dc..3995b4b49 100644
--- a/.github/workflows/build-base-app.yml
+++ b/.github/workflows/build-base-app.yml
@@ -34,7 +34,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: docker/base.Dockerfile
diff --git a/.github/workflows/build-celery-worker.yml b/.github/workflows/build-celery-worker.yml
index 9c37d02ce..d14e4f2c8 100644
--- a/.github/workflows/build-celery-worker.yml
+++ b/.github/workflows/build-celery-worker.yml
@@ -35,7 +35,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/celery/Dockerfile
diff --git a/.github/workflows/build-mq-broker.yml b/.github/workflows/build-mq-broker.yml
index ba935405f..8c6f1e6ae 100644
--- a/.github/workflows/build-mq-broker.yml
+++ b/.github/workflows/build-mq-broker.yml
@@ -37,7 +37,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/mq/Dockerfile
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5d5233656..e42685678 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -240,7 +240,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build Release Docker Image
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/build/Dockerfile
diff --git a/.github/workflows/dev-assets-sync-nightly.yml b/.github/workflows/dev-assets-sync-nightly.yml
index bfb50bd41..a7fe67f01 100644
--- a/.github/workflows/dev-assets-sync-nightly.yml
+++ b/.github/workflows/dev-assets-sync-nightly.yml
@@ -39,7 +39,9 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker Build & Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
+        env:
+          DOCKER_BUILD_NO_SUMMARY: true
         with:
           context: .
           file: dev/shared-assets-sync/Dockerfile
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1c44bb6f2..616ffdcc6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -59,7 +59,7 @@ jobs:
         path: geckodriver.log
 
     - name: Upload Coverage Results to Codecov
-      uses: codecov/codecov-action@v4.4.1
+      uses: codecov/codecov-action@v4.5.0
       with:
         files: coverage.xml
         
diff --git a/ietf/sync/views.py b/ietf/sync/views.py
index da407e1ef..87447111f 100644
--- a/ietf/sync/views.py
+++ b/ietf/sync/views.py
@@ -52,9 +52,6 @@ def notify(request, org, notification):
     password = request.POST.get("password") or request.GET.get("password")
 
     if username != None and password != None:
-        if settings.SERVER_MODE == "production" and not request.is_secure():
-            permission_denied(request, "You must use HTTPS when sending username/password.")
-
         if not user.is_authenticated:
             try:
                 user = User.objects.get(username__iexact=username)
diff --git a/k8s/celery.yaml b/k8s/celery.yaml
index e0e506269..dfb20fa40 100644
--- a/k8s/celery.yaml
+++ b/k8s/celery.yaml
@@ -60,6 +60,10 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-home
+              mountPath: /home/datatracker
+            - name: dt-xml2rfc-cache
+              mountPath: /var/cache/xml2rfc
             - name: dt-cfg
               mountPath: /workspace/ietf/settings_local.py
               subPath: settings_local.py
@@ -83,6 +87,12 @@ spec:
         - name: dt-tmp
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-xml2rfc-cache
+          emptyDir:
+            sizeLimit: "2Gi"
+        - name: dt-home
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap
diff --git a/k8s/datatracker.yaml b/k8s/datatracker.yaml
index ee8248927..72e35b73d 100644
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@@ -58,12 +58,19 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-home
+              mountPath: /home/datatracker
+            - name: dt-xml2rfc-cache
+              mountPath: /var/cache/xml2rfc
             - name: dt-cfg
               mountPath: /workspace/ietf/settings_local.py
               subPath: settings_local.py
           env:
             - name: "CONTAINER_ROLE"
               value: "datatracker"
+            # ensures the pod gets recreated on every deploy:
+            - name: "DEPLOY_UID"
+              value: "$DEPLOY_UID"
           envFrom:
             - configMapRef:
                 name: django-config
@@ -81,6 +88,12 @@ spec:
         - name: dt-tmp
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-xml2rfc-cache
+          emptyDir:
+            sizeLimit: "2Gi"
+        - name: dt-home
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap
diff --git a/k8s/django-config.yaml b/k8s/django-config.yaml
index 9ece6fa9e..eff4eb802 100644
--- a/k8s/django-config.yaml
+++ b/k8s/django-config.yaml
@@ -57,6 +57,8 @@ data:
     yeUc2Ykkwemt3U0IKcXZOVStxUldpK1lYcklUc2duOTIvZ1Z4WDVBb0swbitzNUx4
     N2ZwanhrQVJWaTY2U0Y2elRKblgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
 
+  #DATATRACKER_REGISTRATION_API_KEY: "some-key"  # secret"
+
   # DATATRACKER_MEETECHO_API_BASE: "https://meetings.conf.meetecho.com/api/v1/"
   DATATRACKER_MEETECHO_CLIENT_ID: "this-is-the-meetecho-client-id"  # secret
   DATATRACKER_MEETECHO_CLIENT_SECRET: "this-is-the-meetecho-client-secret"  # secret
diff --git a/k8s/settings_local.py b/k8s/settings_local.py
index 8fd9530d7..3735fc4fe 100644
--- a/k8s/settings_local.py
+++ b/k8s/settings_local.py
@@ -118,7 +118,10 @@ IANA_SYNC_PROTOCOLS_URL = "http://www.iana.org/protocols/"
 
 RFC_EDITOR_NOTIFICATION_URL = "http://www.rfc-editor.org/parser/parser.php"
 
-STATS_REGISTRATION_ATTENDEES_JSON_URL = 'https://registration.ietf.org/{number}/attendees/?apikey=redacted'
+_registration_api_key = os.environ.get("DATATRACKER_REGISTRATION_API_KEY", None)
+if _registration_api_key is None:
+    raise RuntimeError("DATATRACKER_REGISTRATION_API_KEY must be set")
+STATS_REGISTRATION_ATTENDEES_JSON_URL = f"https://registration.ietf.org/{{number}}/attendees/?apikey={_registration_api_key}"
 
 #FIRST_CUTOFF_DAYS = 12
 #SECOND_CUTOFF_DAYS = 12
@@ -127,7 +130,8 @@ STATS_REGISTRATION_ATTENDEES_JSON_URL = 'https://registration.ietf.org/{number}/
 MEETING_MATERIALS_SUBMISSION_CUTOFF_DAYS = 26
 MEETING_MATERIALS_SUBMISSION_CORRECTION_DAYS = 54
 
-HTPASSWD_COMMAND = "/usr/bin/htpasswd2"
+# disable htpasswd by setting to a do-nothing command
+HTPASSWD_COMMAND = "/bin/true"
 
 _MEETECHO_CLIENT_ID = os.environ.get("DATATRACKER_MEETECHO_CLIENT_ID", None)
 _MEETECHO_CLIENT_SECRET = os.environ.get("DATATRACKER_MEETECHO_CLIENT_SECRET", None)