Release v0.4.5 - Session-correctness sweep: regenerate-id sid desync (broke session_regenerate_id(true) login flows in every mode), strict-mode rotation of issued-but-empty sessions, and superglobal OWNERSHIP gating with ext-zealphp 0.3.36/0.3.37 — the go()-child steal (first-request 501s, #332) and the service-coroutine restore wipe (ext#32). Session counters deterministic across bare Mode 4 + coroutine-legacy on PHP 8.3 + 8.4. - Security: WS rooms/routing follow session auth (#234), ScopedMiddleware path-normalization bypass (#232), IpAccessMiddleware trusted proxies (#239). - mod_php parity: REQUEST_URI query string (#306), $_COOKIE treat-data (#305), $_FILES field-major (#304), Basic-auth $_SERVER (#307), Set-Cookie byte-parity + SameSite=None warning (#293/#319), raw status-line passthrough (#327), filter_input in CGI workers (#316). - Pool cold-start TOCTOU connection leak (#322), sendFile delegates to ConditionalRequest + MimeResolver (#321/#317), per-coroutine CWD isolation (#323, ext 0.3.35), quick-wins #308-#311/#318/#320, fcgi hang (#289), session handlers in coroutine mode (#295). - ext-zealphp default pin -> v0.3.37.