diff --git a/UPGRADE-2.8.md b/UPGRADE-2.8.md
index 797e2a5015..883ef576d3 100644
--- a/UPGRADE-2.8.md
+++ b/UPGRADE-2.8.md
@@ -448,6 +448,9 @@ FrameworkBundle
 Security
 --------
 
+ * The `object` variable passed to expressions evaluated by the `ExpressionVoter`
+   is deprecated. Instead use the new `subject` variable.
+
  * The `AbstractVoter` class was deprecated. Instead, extend the `Voter` class and
    move your voting logic in the `supports($attribute, $subject)` and
    `voteOnAttribute($attribute, $object, TokenInterface $token)` methods.
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
index 98b8f50f15..96a7ece998 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
@@ -102,6 +102,7 @@ class ExpressionVoter implements VoterInterface
             'token' => $token,
             'user' => $token->getUser(),
             'object' => $object,
+            'subject' => $object,
             'roles' => array_map(function ($role) { return $role->getRole(); }, $roles),
             'trust_resolver' => $this->trustResolver,
         );