diff --git a/composer.json b/composer.json
index 42f4828..e43d12e 100644
--- a/composer.json
+++ b/composer.json
@@ -9,7 +9,7 @@
         "symfony/dependency-injection": "^4.0|^5.0",
         "symfony/http-kernel": "^4.0|^5.0",
         "symfony/routing": "^4.0|^5.0",
-        "api-platform/core": ">=2.1.0 <2.5.0"
+        "api-platform/core": "^2.5"
     },
     "autoload": {
         "psr-4": {
diff --git a/src/AccessControl/RouteAccessControlFactory.php b/src/AccessControl/RouteAccessControlFactory.php
index 4db749b..9c6513a 100644
--- a/src/AccessControl/RouteAccessControlFactory.php
+++ b/src/AccessControl/RouteAccessControlFactory.php
@@ -76,7 +76,7 @@ protected function getAccessControlExpressionForApiPlatform(Route $route): strin
             try {
                 $resourceMetadata = $this->resourceMetadataFactory->create($resourceClass);
                 $attributes = AttributesExtractor::extractAttributes($route->getDefaults());
-                $isGranted = $resourceMetadata->getOperationAttribute($attributes, 'access_control', null, true);
+                $isGranted = $resourceMetadata->getOperationAttribute($attributes, 'security', null, true);
                 if (null === $isGranted) {
                     $isGranted = RouteAccessControlData::NO_ACCESS_CONTROL;
                 }