Update What's New

docs/modules/ROOT/pages/whats-new.adoc

@@ -11,19 +11,25 @@ Below are the highlights of the release.
 
 ** Introduced xref:servlet/authentication/persistence.adoc#requestattributesecuritycontextrepository[`RequestAttributeSecurityContextRepository`]
 ** Introduced xref:servlet/authentication/persistence.adoc#securitycontextholderfilter[`SecurityContextHolderFilter`] - Ability to require explicit saving of the `SecurityContext`
+** Added DSL support for xref:servlet/exploits/headers.adoc#servlet-headers-cross-origin-policies[Cross Origin Policies headers]
 
 * OAuth 2.0 Client
 
 ** Allow configuring https://github.com/spring-projects/spring-security/issues/6548[PKCE for confidential clients]
 ** Allow configuring a https://github.com/spring-projects/spring-security/issues/9812[JWT assertion resolver] in `JwtBearerOAuth2AuthorizedClientProvider`
 ** Allow customizing claims on https://github.com/spring-projects/spring-security/issues/9855[JWT client assertions]
 
+* SAML 2.0
+
+** Added xref:servlet/appendix/namespace/http.adoc#nsa-saml2-login[SAML 2.0 Login & Single Logout XML support]
+
 [[whats-new-webflux]]
 == WebFlux
 
 * Web
 
 ** Allow customizing https://github.com/spring-projects/spring-security/issues/10903[charset] in `ServerHttpBasicAuthenticationConverter`
+** Added DSL support for xref:reactive/exploits/headers.adoc#webflux-headers-cross-origin-policies[Cross Origin Policies headers]
 
 * OAuth 2.0 Client