diff --git a/UPGRADE-3.2.md b/UPGRADE-3.2.md
index 59691a157c31..1a78140437e4 100644
--- a/UPGRADE-3.2.md
+++ b/UPGRADE-3.2.md
@@ -4,6 +4,10 @@ UPGRADE FROM 3.1 to 3.2
 FrameworkBundle
 ---------------
 
+ * The `symfony/security-core` and `symfony/security-csrf` dependencies have
+   been removed; require them via `composer require symfony/security-core
+   symfony/security-csrf` if you depend on them and don't already depend on
+   `symfony/symfony`
  * The `symfony/templating` dependency has been removed; require it via `composer
    require symfony/templating` if you depend on it and don't already depend on
    `symfony/symfony`
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
index 1bb49025e51a..9bfe46b8f98d 100644
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 3.2.0
 -----
 
+ * Removed `symfony/security-core` and `symfony/security-csrf` from the list of required dependencies in `composer.json`
  * Removed `symfony/templating` from the list of required dependencies in `composer.json`
  * Removed `symfony/translation` from the list of required dependencies in `composer.json`
  * Removed `symfony/asset` from the list of required dependencies in `composer.json`
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index 3f76278124ec..1d602ac9c2e2 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -1021,6 +1021,10 @@ private function registerSecurityCsrfConfiguration(array $config, ContainerBuild
             return;
         }
 
+        if (!class_exists('Symfony\Component\Security\Csrf\CsrfToken')) {
+            throw new LogicException('CSRF support cannot be enabled as the Security CSRF component is not installed.');
+        }
+
         if (!$this->sessionConfigEnabled) {
             throw new \LogicException('CSRF protection needs sessions to be enabled.');
         }
diff --git a/src/Symfony/Bundle/FrameworkBundle/composer.json b/src/Symfony/Bundle/FrameworkBundle/composer.json
index 8242f5185779..602e723e785e 100644
--- a/src/Symfony/Bundle/FrameworkBundle/composer.json
+++ b/src/Symfony/Bundle/FrameworkBundle/composer.json
@@ -28,8 +28,6 @@
         "symfony/filesystem": "~2.8|~3.0",
         "symfony/finder": "~2.8|~3.0",
         "symfony/routing": "~3.0",
-        "symfony/security-core": "~3.2",
-        "symfony/security-csrf": "~2.8|~3.0",
         "symfony/stopwatch": "~2.8|~3.0",
         "doctrine/cache": "~1.0",
         "doctrine/annotations": "~1.0"
@@ -45,6 +43,8 @@
         "symfony/form": "~2.8|~3.0",
         "symfony/expression-language": "~2.8|~3.0",
         "symfony/process": "~2.8|~3.0",
+        "symfony/security-core": "~3.2",
+        "symfony/security-csrf": "~2.8|~3.0",
         "symfony/serializer": "~2.8|~3.0",
         "symfony/translation": "~2.8|~3.0",
         "symfony/templating": "~2.8|~3.0",