⭐ New Features
- Propagate security context via channel interceptor #12532
- RequestedUrlRedirectInvalidSessionStrategy can cause the HTTP method to change depending on the user agent #12797
- RequestedUrlRedirectInvalidSessionStrategy doesn't take servlet context path into account #12795
🪲 Bug Fixes
- Added a note about the fact that if the CSRF protection is disabled in configuration, no logout confirmation page is shown to the user and the logout is performed directly. #13442
- Use same case for all fields in toString #13917
❤️ Contributors
We'd like to thank all the contributors who worked on this release!