CHANGELOG
=========

8.1
---

 * Extract `SameOriginCsrfListener` from `SameOriginCsrfTokenManager` to handle cookie persistence and clearing
 * Deprecate `SameOriginCsrfTokenManager::onKernelResponse()`, `SameOriginCsrfTokenManager::clearCookies()` and `SameOriginCsrfTokenManager::persistStrategy()`

7.4
---

 * Add support for `Sec-Fetch-Site` to `SameOriginCsrfTokenManager`

7.2
---

 * Add `SameOriginCsrfTokenManager`

6.0
---

 * Remove the `SessionInterface $session` constructor argument of `SessionTokenStorage`, inject a `\Symfony\Component\HttpFoundation\RequestStack $requestStack` instead
 * Using `SessionTokenStorage` outside a request context throws a `SessionNotFoundException`

5.3
---

The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md