diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc52975..3729589 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,24 +8,9 @@ on:
 
 jobs:
   tests:
-    name: PHP ${{ matrix.php }}, SF ${{ matrix.symfony }} - ${{ matrix.deps }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php: [7.4, 8.0]
-        deps: [hightest]
-        symfony: [4.4.*, 5.3.*, 5.4.*]
-        include:
-          - php: 7.4
-            deps: lowest
-            symfony: '*'
-    steps:
-      - uses: zenstruck/.github@php-test-symfony
-        with:
-          php: ${{ matrix.php }}
-          symfony: ${{ matrix.symfony }}
-          deps: ${{ matrix.deps }}
-          phpunit: simple-phpunit
+    uses: zenstruck/.github/.github/workflows/php-test-symfony.yml@main
+    with:
+      phpunit: simple-phpunit
 
   code-coverage:
     uses: zenstruck/.github/.github/workflows/php-coverage-codecov.yml@main
diff --git a/composer.json b/composer.json
index 1fc0805..06e3649 100644
--- a/composer.json
+++ b/composer.json
@@ -15,9 +15,9 @@
         "php": ">=7.4",
         "behat/mink": "^1.8",
         "mtdowling/jmespath.php": "^2.6",
-        "symfony/browser-kit": "^4.4.9|^5.0.9",
-        "symfony/css-selector": "^4.4|^5.0",
-        "symfony/framework-bundle": "^4.4|^5.0",
+        "symfony/browser-kit": "^4.4.9|^5.0.9|^6.0",
+        "symfony/css-selector": "^4.4|^5.0|^6.0",
+        "symfony/framework-bundle": "^4.4|^5.0|^6.0",
         "symfony/polyfill-php80": "^1.20",
         "zenstruck/assert": "^1.0",
         "zenstruck/callback": "^1.1"
@@ -26,8 +26,8 @@
         "dbrekelmans/bdi": "^0.3.0",
         "symfony/mime": ">=4.4.1",
         "symfony/panther": "^1.0",
-        "symfony/phpunit-bridge": "^5.2",
-        "symfony/security-bundle": "^4.4|^5.0"
+        "symfony/phpunit-bridge": "^5.3",
+        "symfony/security-bundle": "^4.4|^5.0|^6.0"
     },
     "config": {
         "preferred-install": "dist",
diff --git a/src/Browser/Test/HasBrowser.php b/src/Browser/Test/HasBrowser.php
index 85d82a8..c4e8c19 100644
--- a/src/Browser/Test/HasBrowser.php
+++ b/src/Browser/Test/HasBrowser.php
@@ -101,8 +101,10 @@ protected function httpBrowser(array $kernelOptions = [], array $pantherOptions
                 static::bootKernel($kernelOptions);
             }
 
-            if (static::$container->has('profiler')) {
-                $browser->setProfiler(static::$container->get('profiler'));
+            $container = \method_exists(static::class, 'getContainer') ? static::getContainer() : static::$container;
+
+            if ($container->has('profiler')) {
+                $browser->setProfiler($container->get('profiler'));
             }
         }
 
@@ -133,11 +135,13 @@ protected function browser(array $kernelOptions = [], array $server = []): Kerne
             // reboot kernel before starting browser
             static::bootKernel($kernelOptions);
 
-            if (!static::$container->has('test.client')) {
+            $container = \method_exists(static::class, 'getContainer') ? static::getContainer() : static::$container;
+
+            if (!$container->has('test.client')) {
                 throw new \RuntimeException('The Symfony test client is not enabled.');
             }
 
-            $client = static::$container->get('test.client');
+            $client = $container->get('test.client');
             $client->setServerParameters($server);
 
             $browser = new $class($client);
diff --git a/tests/Fixture/Kernel.php b/tests/Fixture/Kernel.php
index e5d356a..5575f25 100644
--- a/tests/Fixture/Kernel.php
+++ b/tests/Fixture/Kernel.php
@@ -14,8 +14,9 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Kernel as BaseKernel;
+use Symfony\Component\Routing\Loader\Configurator\RoutingConfigurator;
 use Symfony\Component\Routing\RouteCollectionBuilder;
-use Symfony\Component\Security\Core\User\User;
+use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Core\User\UserInterface;
 
 /**
@@ -126,7 +127,15 @@ public function user(?UserInterface $user = null): Response
     public function registerBundles(): iterable
     {
         yield new FrameworkBundle();
-        yield new SecurityBundle();
+
+        if (self::securityEnabled()) {
+            yield new SecurityBundle();
+        }
+    }
+
+    public static function securityEnabled(): bool
+    {
+        return self::VERSION_ID >= 50300;
     }
 
     protected function configureContainer(ContainerBuilder $c, LoaderInterface $loader): void
@@ -136,30 +145,58 @@ protected function configureContainer(ContainerBuilder $c, LoaderInterface $load
             'router' => ['utf8' => true],
             'test' => true,
             'profiler' => ['enabled' => true, 'collect' => true],
-            'session' => ['storage_id' => 'session.storage.mock_file'],
-        ]);
-        $c->loadFromExtension('security', [
-            'encoders' => [User::class => 'plaintext'],
-            'providers' => ['users' => ['memory' => ['users' => ['kevin' => ['password' => 'pass']]]]],
-            'firewalls' => ['main' => ['anonymous' => true]],
         ]);
         $c->register('logger', NullLogger::class); // disable logging
+
+        if (self::securityEnabled()) {
+            $c->loadFromExtension('security', [
+                'enable_authenticator_manager' => true,
+                'password_hashers' => [InMemoryUser::class => 'plaintext'],
+                'providers' => ['users' => ['memory' => ['users' => ['kevin' => ['password' => 'pass']]]]],
+                'firewalls' => ['main' => []],
+            ]);
+
+            $c->loadFromExtension('framework', [
+                'session' => ['storage_factory_id' => 'session.storage.factory.mock_file'],
+            ]);
+        }
     }
 
-    protected function configureRoutes(RouteCollectionBuilder $routes): void
-    {
-        $routes->add('/page1', 'kernel::page1');
-        $routes->add('/page2', 'kernel::page2');
-        $routes->add('/text', 'kernel::text');
-        $routes->add('/submit-form', 'kernel::submitForm');
-        $routes->add('/http-method', 'kernel::httpMethod');
-        $routes->add('/exception', 'kernel::exception');
-        $routes->add('/redirect1', 'kernel::redirect1');
-        $routes->add('/redirect2', 'kernel::redirect2');
-        $routes->add('/redirect3', 'kernel::redirect3');
-        $routes->add('/json', 'kernel::json');
-        $routes->add('/xml', 'kernel::xml');
-        $routes->add('/javascript', 'kernel::javascript');
-        $routes->add('/user', 'kernel::user');
+    /**
+     * @param RouteCollectionBuilder|RoutingConfigurator $routes
+     */
+    protected function configureRoutes($routes): void
+    {
+        if ($routes instanceof RouteCollectionBuilder) {
+            $routes->add('/page1', 'kernel::page1');
+            $routes->add('/page2', 'kernel::page2');
+            $routes->add('/text', 'kernel::text');
+            $routes->add('/submit-form', 'kernel::submitForm');
+            $routes->add('/http-method', 'kernel::httpMethod');
+            $routes->add('/exception', 'kernel::exception');
+            $routes->add('/redirect1', 'kernel::redirect1');
+            $routes->add('/redirect2', 'kernel::redirect2');
+            $routes->add('/redirect3', 'kernel::redirect3');
+            $routes->add('/json', 'kernel::json');
+            $routes->add('/xml', 'kernel::xml');
+            $routes->add('/javascript', 'kernel::javascript');
+            $routes->add('/user', 'kernel::user');
+
+            return;
+        }
+
+        $routes->add('page1', '/page1')->controller('kernel::page1');
+        $routes->add('page2', '/page2')->controller('kernel::page2');
+        $routes->add('text', '/text')->controller('kernel::text');
+        $routes->add('submit-form', '/submit-form')->controller('kernel::submitForm');
+        $routes->add('http-method', '/http-method')->controller('kernel::httpMethod');
+        $routes->add('exception', '/exception')->controller('kernel::exception');
+        $routes->add('redirect1', '/redirect1')->controller('kernel::redirect1');
+        $routes->add('redirect2', '/redirect2')->controller('kernel::redirect2');
+        $routes->add('redirect3', '/redirect3')->controller('kernel::redirect3');
+        $routes->add('json', '/json')->controller('kernel::json');
+        $routes->add('xml', '/xml')->controller('kernel::xml');
+        $routes->add('javascript', '/javascript')->controller('kernel::javascript');
+        $routes->add('user', '/user')->controller('kernel::user');
     }
 }
diff --git a/tests/KernelBrowserTests.php b/tests/KernelBrowserTests.php
index afaa4d2..7ee8ff0 100644
--- a/tests/KernelBrowserTests.php
+++ b/tests/KernelBrowserTests.php
@@ -2,10 +2,9 @@
 
 namespace Zenstruck\Browser\Tests;
 
-use Symfony\Bundle\FrameworkBundle\KernelBrowser as SymfonyKernelBrowser;
 use Symfony\Component\Security\Core\User\InMemoryUser;
-use Symfony\Component\Security\Core\User\User;
 use Zenstruck\Browser\KernelBrowser;
+use Zenstruck\Browser\Tests\Fixture\Kernel;
 
 /**
  * @author Kevin Bond <kevinbond@gmail.com>
@@ -32,15 +31,13 @@ public function can_use_kernel_browser_as_typehint(): void
      */
     public function can_act_as_user(): void
     {
-        if (!\method_exists(SymfonyKernelBrowser::class, 'loginUser')) {
-            $this->markTestSkipped(SymfonyKernelBrowser::class.'::loginUser() is only available in Symfony 5.1+.');
+        if (!Kernel::securityEnabled()) {
+            $this->markTestSkipped('Only enable security-related tests in 5.3+');
         }
 
-        $userClass = \class_exists(InMemoryUser::class) ? InMemoryUser::class : User::class;
-
         $this->browser()
             ->throwExceptions()
-            ->actingAs(new $userClass('kevin', 'pass'))
+            ->actingAs(new InMemoryUser('kevin', 'pass'))
             ->visit('/user')
             ->assertSee('user: kevin/pass')
         ;