Immutable release entry — part of the project changelog. One file per release; format and rationale in ADR-0038. Released entries are never edited.
1.1.2 — 2026-06-15
Maintenance release. A PATCH fixing four verified, third-party-reported
defects (the first real use of the in-repo bug ledger, ADR-0039)
plus the accumulated documentation work. The library's public surface is
unchanged from v1.1.1 (no API/ABI change); the fixes are header-only / core
internals. Highlights: an InstrumentedPool data race on the growth counter
(BUG-0001),
a live_ counter underflow on foreign/double frees + an over-promising header
note (BUG-0002),
a missing destroyed event on move-assignment
(BUG-0003),
and a latent grow_pool overflow guard
(BUG-0004).
- The
docs-siteCI status badge was removed from the README header in all three locales (English,zh-Hans,ja). The published Doxygen site is already linked from the API reference badge, so the separate build-status badge was redundant. Thedocs-site.ymlworkflow itself is unchanged. Documentation-only; no API change.
zh-Hans/jaREADME translations re-synced tov1.1.1. Carries the English README'sv1.1.1deltas into both locales — thev1.1.1status badge (and its release-tag link) and the newv1.1.1status paragraph (bug ledger, PR-metadata policy,SECURITY.md,packaging-smokeCI, session journal, the roadmap-placement rule, and the changelog split), with thetranslation-status.mdmanifest re-pinned. Documentation-only; no API change.
InstrumentedPooldata race on the growth counter (BUG-0001).notify_if_grew()read and wrote the non-atomiclast_growths_on the allocation hot path, while the decorator is documented as safe to drive concurrently over a thread-safe pool — a data race (UB) underMUTEX+ dynamic growth.last_growths_is nowstd::atomicand advanced with acompare_exchange, so the growth event is emitted once per growth without a race. A concurrentInstrumentedPoolcase was added to the ThreadSanitizer stress suite. Header-only; no API change.InstrumentedPool::deallocateno longer underflowslive_(BUG-0002). A foreign or double-freed pointer (a no-op in the core, ADR-0012) used to decrement the unsignedlive_counter unconditionally, wrapping it toSIZE_MAXand corruptingstats(). The decrement now clamps at zero. The C header'smemory_pool_freenote was corrected to stop claiming the Decorator detects double-free (it counts but cannot distinguish one). Header/doc-only; no API change.InstrumentedPoolmove-assignment now emitsdestroyedfor the replaced pool (BUG-0003). Move-assigning over an instrumented pool released itsPooland observers without notifyingPoolEvent::destroyed, asymmetric with the destructor. It now notifies before reassignment. Header-only; no API change.- Overflow guard in
grow_pool(BUG-0004). The dynamic-growth path computedtotal * (grow_factor_ - 1)before any overflow check, so that product could wrapsize_tand feed the downstreamblock_sizeguard an already-wrapped value. Added awould_overflow_productguard on the growth-count product first, mirroring the create-path guard; on overflow the pool falls back to fixed-mode exhaustion. Latent (not runtime-reachable — RAM exhausts first); no API change.