Release v0.2.12 — session-file corruption worker-crash fix Stability fix (high severity, DoS class): Production-breaking TypeError on corrupted / empty / non-array session payloads. unserialize() false → typed array assignment → worker abnormal exit. Affects all v0.2.6 through v0.2.11. Fixed at three call sites in src/Session/utils.php: - zeal_session_start (request entry) - zeal_session_reset (mid-request reset) - zeal_session_decode (user-controlled input) zeal_session_decode now returns bool matching PHP native signature. 11 new regression tests in SessionFileCorruptionTest.php cover empty / corrupted / garbage / non-array / missing-file scenarios. ROADMAP.md restructured around 'v0.2.x = security & migration' framing. Connection pool moved out of v0.3 into remaining v0.2.x items — it's a production-trust gap, not an observability feature. 204 unit tests, PHPStan green. See CHANGELOG.md and CRITIC.md.