Spring Security Raise log level from DEBUG to WARN for firewall-rejected requests in HttpStatusExchangeRejectedHandler

Expected Behavior

It seems that logging request rejections from ServerWebExchangeFirewall at the WARN level would improve visibility in production environments, where debug logging is typically disabled.

Current Behavior

Currently, request rejections by ServerWebExchangeFirewall are logged at the DEBUG level. (HttpStatusExchangeRejectedHandler) As debug logging is commonly turned off in production, these rejections can easily go unnoticed.

Context

This behavior affects our ability to monitor and detect unexpected request rejections in production environments.
To improve observability, we’d like these events to be logged more prominently — especially during version upgrades, where behavioral changes (such as those introduced with StrictServerWebExchangeFirewall in Spring Security 6.4.0) may occur silently.

Would you be open to considering this change?
Thank you for your time and consideration!

(It would be great if you could also take a look at the related PR: #17472)

Comment From: jzheaux

Closing in favor of https://github.com/spring-projects/spring-security/pull/17472