==========================Django 1.8.4 release notes==========================*August 18, 2015*Django 1.8.4 fixes a security issue and several bugs in 1.8.3.Denial-of-service possibility in ``logout()`` view by filling session store===========================================================================Previously, a session could be created when anonymously accessing the``django.contrib.auth.views.logout()`` view (provided it wasn't decoratedwith :func:`~django.contrib.auth.decorators.login_required` as done in theadmin). This could allow an attacker to easily create many new session recordsby sending repeated requests, potentially filling up the session store orcausing other users' session records to be evicted.The :class:`~django.contrib.sessions.middleware.SessionMiddleware` has beenmodified to no longer create empty session records, including when:setting:`SESSION_SAVE_EVERY_REQUEST` is active.Bugfixes========* Added the ability to serialize values from the newly added:class:`~django.db.models.UUIDField` (:ticket:`25019`).* Added a system check warning if the old ``TEMPLATE_*`` settings are definedin addition to the new ``TEMPLATES`` setting.* Fixed ``QuerySet.raw()`` so ``InvalidQuery`` is not raised when using the``db_column`` name of a ``ForeignKey`` field with ``primary_key=True``(:ticket:`12768`).* Prevented an exception in ``TestCase.setUpTestData()`` from leaking thetransaction (:ticket:`25176`).* Fixed ``has_changed()`` method in ``contrib.postgres.forms.HStoreField``(:ticket:`25215`, :ticket:`25233`).* Fixed the recording of squashed migrations when running the ``migrate``command (:ticket:`25231`).* Moved the :ref:`unsaved model instance assignment data loss check<unsaved-model-instance-check-18>` to ``Model.save()`` to allow easier usageof in-memory models (:ticket:`25160`).* Prevented ``varchar_patterns_ops`` and ``text_patterns_ops`` indexes for``ArrayField`` (:ticket:`25180`).