diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
index c203f90403..abd83a4007 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
@@ -748,7 +748,7 @@ csrf-options.attlist &=
 	## The RequestMatcher instance to be used to determine if CSRF should be applied. Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
 	attribute request-matcher-ref { xsd:token }?
 csrf-options.attlist &=
-	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by LazyCsrfTokenRepository.
 	attribute token-repository-ref { xsd:token }?
 
 headers =
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
index deb1afbf02..ab59e8991a 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
@@ -2337,7 +2337,8 @@
       </xs:attribute>
       <xs:attribute name="token-repository-ref" type="xs:token">
          <xs:annotation>
-            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by
+                LazyCsrfTokenRepository.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
index 7745be394b..5d5e0a60b3 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.rnc
@@ -738,7 +738,7 @@ csrf-options.attlist &=
 	## The RequestMatcher instance to be used to determine if CSRF should be applied. Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
 	attribute request-matcher-ref { xsd:token }?
 csrf-options.attlist &=
-	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by LazyCsrfTokenRepository.
 	attribute token-repository-ref { xsd:token }?
 
 headers =
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
index f33766f530..8db35bb3a1 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.0.xsd
@@ -2232,7 +2232,8 @@
       </xs:attribute>
       <xs:attribute name="token-repository-ref" type="xs:token">
          <xs:annotation>
-            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by
+                LazyCsrfTokenRepository.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
index af761497c9..5cc0bfe0fd 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.rnc
@@ -738,7 +738,7 @@ csrf-options.attlist &=
 	## The RequestMatcher instance to be used to determine if CSRF should be applied. Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
 	attribute request-matcher-ref { xsd:token }?
 csrf-options.attlist &=
-	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+	## The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by LazyCsrfTokenRepository.
 	attribute token-repository-ref { xsd:token }?
 
 headers =
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
index 6dd9a867c0..f7afe3c4e5 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-5.1.xsd
@@ -2232,7 +2232,8 @@
       </xs:attribute>
       <xs:attribute name="token-repository-ref" type="xs:token">
          <xs:annotation>
-            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository
+            <xs:documentation>The CsrfTokenRepository to use. The default is HttpSessionCsrfTokenRepository wrapped by
+                LazyCsrfTokenRepository.
                 </xs:documentation>
          </xs:annotation>
       </xs:attribute>