Add section for migrating WebSocket support

Steve Riesenberg · Steve Riesenberg · commit 179428f7da20 · 2023-01-26T15:45:09.000-06:00
Issue gh-12378
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
@@ -5,6 +5,7 @@
 * xref:migration/index.adoc[Migrating to 6.0]
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 *** xref:migration/servlet/session-management.adoc[Session Management]
+*** xref:migration/servlet/exploits.adoc[Exploit Protection]
 *** xref:migration/servlet/authentication.adoc[Authentication]
 *** xref:migration/servlet/authorization.adoc[Authorization]
 ** xref:migration/reactive.adoc[Reactive Migrations]
diff --git a/docs/modules/ROOT/pages/migration/servlet/exploits.adoc b/docs/modules/ROOT/pages/migration/servlet/exploits.adoc
@@ -0,0 +1,11 @@
+= Exploit Protection Migrations
+
+The following steps relate to how to finish migrating exploit protection support.
+
+== CSRF BREACH with WebSocket support
+
+In Spring Security 5.8, the default `ChannelInterceptor` for making the `CsrfToken` available with xref:servlet/integrations/websocket.adoc[WebSocket Security] is `CsrfChannelInterceptor`.
+`XorCsrfChannelInterceptor` was added to allow opting into CSRF BREACH support.
+
+In Spring Security 6, `XorCsrfChannelInterceptor` is the default `ChannelInterceptor` for making the `CsrfToken` available.
+If you configured the `XorCsrfChannelInterceptor` only for the purpose of updating to 6.0, you can remove it completely.
