The current documentation uses a @ControllerAdvice to handle the CompromisedPasswordException and redirect the user to the /reset-password page:

@ControllerAdvice
public class MyControllerAdvice {

    @ExceptionHandler(CompromisedPasswordException.class)
    public String handleCompromisedPasswordException(CompromisedPasswordException ex, RedirectAttributes attributes) {
        attributes.addFlashAttribute("error", ex.message);
        return "redirect:/reset-password";
    }

}

The Controller Advice won't work for handling compromised passwords when the check is done by Spring Security because the Filter happens before the advice can be applied. Instead, a failureHandler should be used in the formLogin DSL.