dotnet · x789 · Oct 8, 2022 · Oct 16, 2022 · Oct 16, 2022 · Oct 16, 2022
@@ -24,6 +24,11 @@ ms.author: gewarren
 
 A public or protected event-handling method was detected.
 
+> [!NOTE]
+> This rule last shipped with Microsoft.CodeAnalysis.Analyzers v3.3.0.
+> 
+> It was removed because the threat that the analyzer warned about (an untrusted intermediary hooking a privileged event handler to a privileged event invoker) did not exist since .NET 4.5.
+
 ## Rule description
 
 An externally visible event-handling method presents a security issue that requires review.

@@ -161,7 +161,6 @@ The following table lists code quality analysis rules.
 > | [CA2018: The `count` argument to `Buffer.BlockCopy` should specify the number of bytes to copy](ca2018.md) | When using `Buffer.BlockCopy`, the `count` argument specifies the number of bytes to copy. You should only use `Array.Length` for the `count` argument on arrays whose elements are exactly one byte in size. `byte`, `sbyte`, and `bool` arrays have elements that are one byte in size. |
 > | [CA2100: Review SQL queries for security vulnerabilities](ca2100.md) | A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string that is built from user input is vulnerable to SQL injection attacks. |
 > |[CA2101: Specify marshalling for P/Invoke string arguments](ca2101.md) | A platform invoke member allows partially trusted callers, has a string parameter, and does not explicitly marshal the string. This can cause a potential security vulnerability. |
-> | [CA2109: Review visible event handlers](ca2109.md) | A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary. |
 > | [CA2119: Seal methods that satisfy private interfaces](ca2119.md) | An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly. |
 > |[CA2153: Avoid handling Corrupted State Exceptions](ca2153.md) | Corrupted State Exceptions (CSEs) indicate that memory corruption exists in your process. Catching these rather than allowing the process to crash can lead to security vulnerabilities if an attacker can place an exploit into the corrupted memory region. |
 > | [CA2200: Rethrow to preserve stack details](ca2200.md) | An exception is rethrown and the exception is explicitly specified in the throw statement. If an exception is rethrown by specifying the exception in the throw statement, the list of method calls between the original method that threw the exception and the current method is lost. |

@@ -22,7 +22,6 @@ Security rules support safer libraries and applications. These rules help preven
 |Rule|Description|
 |----------|-----------------|
 |[CA2100: Review SQL queries for security vulnerabilities](ca2100.md)|A method sets the System.Data.IDbCommand.CommandText property by using a string that is built from a string argument to the method. This rule assumes that the string argument contains user input. A SQL command string built from user input is vulnerable to SQL injection attacks.|
-|[CA2109: Review visible event handlers](ca2109.md)|A public or protected event-handling method was detected. Event-handling methods should not be exposed unless absolutely necessary.|
 |[CA2119: Seal methods that satisfy private interfaces](ca2119.md)|An inheritable public type provides an overridable method implementation of an internal (Friend in Visual Basic) interface. To fix a violation of this rule, prevent the method from being overridden outside the assembly.|
 |[CA2153: Avoid Handling Corrupted State Exceptions](ca2153.md)|[Corrupted State Exceptions (CSE)](/archive/msdn-magazine/2009/february/clr-inside-out-handling-corrupted-state-exceptions) indicate that memory corruption exists in your process. Catching these rather than allowing the process to crash can lead to security vulnerabilities if an attacker can place an exploit into the corrupted memory region.|
 |[CA2300: Do not use insecure deserializer BinaryFormatter](ca2300.md)|Insecure deserializers are vulnerable when deserializing untrusted data. An attacker could modify the serialized data to include unexpected types to inject objects with malicious side effects.|

@@ -1154,8 +1154,6 @@ items:
             href: code-analysis/quality-rules/security-warnings.md
           - name: CA2100
             href: code-analysis/quality-rules/ca2100.md
-          - name: CA2109
-            href: code-analysis/quality-rules/ca2109.md
           - name: CA2119
             href: code-analysis/quality-rules/ca2119.md
           - name: CA2153