- in #9ee2627 we moved code to provide csrf checks above the null-check for adapters, custom handlers should be secured too; however, we forgot to move the CSRF check above the null check aswell; resulting in csrf tokens beeing ready for checks but never actually checked when the adapter is null.

With this release, the issues is patched.