merge from dev, bump version to v3.3.1

Author: daanx

cmake/mimalloc-config-version.cmake

@@ -1,6 +1,6 @@
 set(mi_version_major 3)
 set(mi_version_minor 3)
-set(mi_version_patch 0)
+set(mi_version_patch 1)
 set(mi_version ${mi_version_major}.${mi_version_minor})
 
 set(PACKAGE_VERSION ${mi_version})

contrib/vcpkg/portfile.cmake

@@ -3,12 +3,13 @@ vcpkg_from_github(
   REPO microsoft/mimalloc
   HEAD_REF master
 
-  # The "REF" can be a commit hash, branch name (dev3), or a version (v3.3.0).
+  # The "REF" can be a commit hash, branch name (dev3), or a version (v3.3.1).
   REF "v${VERSION}"
 
   # The sha512 is the hash of the tar.gz bundle.
   # (To get the sha512, run `vcpkg install "mimalloc[override]" --overlay-ports=<dir of this file>` and copy the sha from the error message.)
-  SHA512 5830ceb1bf0d02f50fe586caaad87624ba8eba1bb66e68e8201894221cf6f51854f5a9667fc98358c3b430dae6f9bf529bfcb74d42debe6f40a487265053371c
+  # (and maybe `vcpkg remove mimalloc` first to remove any previous install)
+  SHA512 601bdf622d0bc7521edf0cc73d1caec9d976bcd1faa689ff48cc18a9a6a3b2294b571fc71d3266b38907bc5aad10a41d92d03d2cdde139a30b08357ee7bc25c5
 )
 
 vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS

include/mimalloc.h

@@ -8,7 +8,7 @@ terms of the MIT license. A copy of the license can be found in the file
 #ifndef MIMALLOC_H
 #define MIMALLOC_H
 
-#define MI_MALLOC_VERSION 30300   // major + 2 digits minor + 2 digits patch
+#define MI_MALLOC_VERSION 30301   // major + 2 digits minor + 2 digits patch
 
 // ------------------------------------------------------
 // Compiler specific attributes

readme.md

@@ -15,9 +15,9 @@ is a general purpose allocator with excellent [performance](#performance) charac
 Initially developed by Daan Leijen for the runtime systems of the
 [Koka](https://koka-lang.github.io) and [Lean](https://github.com/leanprover/lean) languages.
 
-Latest release   : `v3.3.0` (2026-04-15) recommended.  
-Latest v2 release: `v2.3.0` (2026-04-15) stable.  
-Latest v1 release: `v1.9.8` (2026-04-15) legacy.
+Latest release   : `v3.3.1` (2026-04-20) recommended.  
+Latest v2 release: `v2.3.1` (2026-04-20) stable.  
+Latest v1 release: `v1.9.9` (2026-04-20) legacy.
 
 mimalloc is a drop-in replacement for `malloc` and can be used in other programs
 without code changes, for example, on dynamically linked ELF-based systems (Linux, BSD, etc.) you can use it as:
@@ -88,6 +88,9 @@ New development is mostly on v3, while v1 and v2 are maintained with security an
 - __v1__: legacy version: initial design of mimalloc (release tags: `v1.9.x`, development branch `dev`). Send PR's against this version if possible.
 
 ### Releases
+* 2026-04-20, `v1.9.9`, `v2.3.1`, `v3.3.1`: various bug and security fixes. Special thanks to 
+  @jinpzhanAMD, @res2k, and @GoldJohnKing for their help in improving Windows finalization, and 
+  @Zoxc for his help in finding various issues.
 * 2026-04-15, `v1.9.8`, `v2.3.0`, `v3.3.0`: initial support for github (binary) releases, 
   fix visiting of full pages during collection (performance),
   fix THP alignment (performance), fix arm64 cross-compilation on Windows, enable guard pages in debug mode,
@@ -399,15 +402,17 @@ OS will copy the entire 1GiB huge page (or 2MiB large page) which can cause the
 _mimalloc_ can be build in secure mode by using the `-DMI_SECURE=ON` flags in `cmake`. This build enables various mitigations
 to make mimalloc more robust against exploits. In particular:
 
-- All internal mimalloc pages are surrounded by guard pages and the heap metadata is behind a guard page as well (so a buffer overflow
-  exploit cannot reach into the metadata).
+- All internal mimalloc page meta-data is surrounded by guard pages (so a buffer overflow exploit cannot reach into the metadata).
 - All free list pointers are
   [encoded](https://github.com/microsoft/mimalloc/blob/783e3377f79ee82af43a0793910a9f2d01ac7863/include/mimalloc-internal.h#L396)
   with per-page keys which is used both to prevent overwrites with a known pointer, as well as to detect heap corruption.
 - Double free's are detected (and ignored).
 - The free lists are initialized in a random order and allocation randomly chooses between extension and reuse within a page to
   mitigate against attacks that rely on a predicable allocation order. Similarly, the larger heap blocks allocated by mimalloc
   from the OS are also address randomized.
+- If enabling `-DMI_SECURE_FULL=ON` there will also be guard pages at the end of each (64KiB) mimalloc page (thus interleaving
+  valid block data with inaccessible gaps). This setting is not recommended in general as it is more expensive and can lead to
+  reaching the maximum VMA limit on Linux systems if the heap gets too large.
 
 As always, evaluate with care as part of an overall security strategy as all of the above are mitigations but not guarantees.