On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.0-M5 is available now.
This release includes dependency upgrades, bug fixes, and minor enhancements as well as a fix for a bug where the StrictHttpFirewall incorrectly rejects valid CJKV characters. The milestone contains a few noteworthy changes:
Authorization on Every Dispatch Type
Change the default of shouldFilterAllDispatchTypes to true
Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter
Remove SAML Deprecations
See the release notes here and here for more details.