Django 1.4.22 版本发行说明

Django 1.4.22 fixes a security issue in 1.4.21.

Previously, a session could be created when anonymously accessing the view (provided it wasn’t decorated with login_required() as done in the admin). This could allow an attacker to easily create many new session records by sending repeated requests, potentially filling up the session store or causing other users’ session records to be evicted.

Additionally, the and methods have been modified to avoid creating a new empty session. Maintainers of third-party session backends should check if the same vulnerability is present in their backend and correct it if so.