django-session-security 2.4.0 release


This new release enforces SESSION_EXPIRE_AT_BROWSER_CLOSE, because it makes no sense to use django-session-security without it, by design.

However, a vulnerability caused by having SESSION_EXPIRE_AT_BROWSER_CLOSE disabled was fixed, thanks Clayton Delay for the report.