Recently I was upgrading a spring-boot app from 2.x to 3.x. This app has also a dependency on spring-cloud, so I'm not able to upgrade to spring-boot 6.1.x.
I ran into an issue with CSRF and I was clueless how to solve it, the documentation of 6.0.x. made it clear that there were changes due to the BREACH vulnerability. Today I was able to solve it by applying the documentation for 6.1.x to my problem and it was fixed.
It would be very beneficial for other users that the 6.1.x documentation for CSRF can be applied to the 6.0.x branch as well. Even better would be to add this section to 6.0.x. Maybe all of CSRF is applicable to 6.0.x, I didn't analyze the changes between 6.0.x and 6.1.x to check whether it would be a complete fit.
Comment From: sjohnr
Thanks for the feedback @JurrianFahner! I discussed this with the team and we agreed that this should be backported to 6.0 documentation. This will appear with the next patch release on Monday.