diff --git a/CHANGES.md b/CHANGES.md
index ab9b72e2a..8fbd50f20 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,4 @@
-# Synapse 1.142.0rc3 (2025-11-04)
+# Synapse 1.142.0rc4 (2025-11-07)
 
 ## Dropped support for Python 3.9
 
@@ -29,6 +29,14 @@ of these wheels downstream, please reach out to us in
 [#synapse-dev:matrix.org](https://matrix.to/#/#synapse-dev:matrix.org). We'd
 love to hear from you!
 
+## Bugfixes
+
+- Fix a bug introduced in 1.142.0rc1 where any attempt to configure `matrix_authentication_service.secret_path` would prevent the homeserver from starting up. ([\#19144](https://github.com/element-hq/synapse/issues/19144))
+
+
+
+
+# Synapse 1.142.0rc3 (2025-11-04)
 
 ## Internal Changes
 
diff --git a/debian/changelog b/debian/changelog
index 0dae01285..6531a5956 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+matrix-synapse-py3 (1.142.0~rc4) stable; urgency=medium
+
+  * New Synapse release 1.142.0rc4.
+
+ -- Synapse Packaging team <packages@matrix.org>  Fri, 07 Nov 2025 10:54:42 +0000
+
 matrix-synapse-py3 (1.142.0~rc3) stable; urgency=medium
 
   * New Synapse release 1.142.0rc3.
diff --git a/pyproject.toml b/pyproject.toml
index 0eef197cf..7b60dd06f 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -112,7 +112,7 @@ module-name = "synapse.synapse_rust"
 
 [tool.poetry]
 name = "matrix-synapse"
-version = "1.142.0rc3"
+version = "1.142.0rc4"
 description = "Homeserver for the Matrix decentralised comms protocol"
 authors = ["Matrix.org Team and Contributors <packages@matrix.org>"]
 license = "AGPL-3.0-or-later OR LicenseRef-Element-Commercial"
diff --git a/synapse/config/mas.py b/synapse/config/mas.py
index dd982589a..104ba17ab 100644
--- a/synapse/config/mas.py
+++ b/synapse/config/mas.py
@@ -37,7 +37,8 @@ class MasConfigModel(ParseModel):
     enabled: StrictBool = False
     endpoint: AnyHttpUrl = AnyHttpUrl("http://localhost:8080")
     secret: StrictStr | None = Field(default=None)
-    secret_path: FilePath | None = Field(default=None)
+    # We set `strict=False` to allow `str` instances.
+    secret_path: FilePath | None = Field(default=None, strict=False)
 
     @model_validator(mode="after")
     def verify_secret(self) -> Self:
diff --git a/synapse/util/pydantic_models.py b/synapse/util/pydantic_models.py
index f1d35a35e..783d12201 100644
--- a/synapse/util/pydantic_models.py
+++ b/synapse/util/pydantic_models.py
@@ -30,6 +30,13 @@ class ParseModel(BaseModel):
 
     but otherwise uses Pydantic's default behaviour.
 
+    Strict mode can adversely affect some types of fields, and should be disabled
+    for a field if:
+
+    - the field's type is a `Path` or `FilePath`. Strict mode will refuse to
+      coerce from `str` (likely what the yaml parser will produce) to `FilePath`,
+      raising a `ValidationError`.
+
     For now, ignore unknown fields. In the future, we could change this so that unknown
     config values cause a ValidationError, provided the error messages are meaningful to
     server operators.