Spring Security Inaccurate javadoc text in setRequestHandler method from CsrfWebFilter class

Expected Behavior

In version 6.0, the default ServerCsrfTokenRequestHandler of the CsrfWebFilter class has changed to XorServerCsrfTokenRequestAttributeHandler and the javadoc of the setRequestHandler method should reflect this change.

Current Behavior

The javadoc of the setRequestHandler method still says that the default is the ServerCsrfTokenRequestAttributeHandler.

Although XorServerCsrfTokenRequestAttributeHandler is a subclass of ServerCsrfTokenRequestAttributeHandler, the behavior is quite different.

Context

In this line, the requestHandler is initialized with a XorServerCsrfTokenRequestAttributeHandler instance.

And in this line the javadoc inform the default ServerCsrfTokenRequestHandler.