Skip to main content
Skip table of contents

Release Notes

Introduction 

The release notes give a brief and high-level overview of the new features in HaloENGINE and HaloENGINE Service. Before installing HaloENGINE, it is recommended to read the release notes to understand any current limitations or bugs that may apply to this version of the software.

Product Description

HaloENGINE is a Java-based Server component that exposes a web service to HaloCORE SAP Add-On and HaloCAD for PLM. The HaloENGINE Service is a Windows service that connects to the HaloENGINE over TCP/IP. It is only one component that interacts directly with the Azure Right Management Service (Azure RMS) to obtain the MPIP label required to protect a file. It actively listens to HaloENGINE decisions and encrypts and decrypts files based on them. It is a common component used by HaloCORE and HaloCAD solutions.

Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Operating System

HaloENGINE and HaloENGINE Service must be installed on the same server.

HaloENGINE

  1. MongoDB Compass 7.0.7

  2. The most recent versions of Microsoft Edge, Chrome, and Firefox are supported by the HaloENGINE Admin portal.

HaloENGINE Service

  1. Supported only in Microsoft Windows Server: 2016 and above.

  2. Requires .NET Framework 4.6.2 and above.

  3. Latest Windows system updates installed.

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. A valid network path from the server, which will host the HaloENGINE Service, to the RMS service. HaloENGINE Service creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

  7. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 endpoints to bypass the proxy. View a list of endpoints at “Microsoft Online Documentation”. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Code Quality and Security

Secude focuses on software quality and security. This is accomplished by adhering to and exceeding best practices in development, testing, and quality control. Secude has chosen SonarQube as the first building block for building and implementing a robust continuous code quality assurance (QA). SonarQube is a platform for statical code analysis for continuous inspection of code quality. It performs automatic reviews of code to detect bugs, code smells, unit test coverage, and security issues in 29 programming languages.

SonarQube is utilized throughout the development process at Secude and only the highest marks are accepted for a product to be released. It helps to regulate code quality from the beginning of development, find and repair issues promptly, and improve overall software stability.

Each build report can be found under its relevant version heading in this release notes.

Reliability Rating 

  • A = 0 Bugs

  • B = at least 1 Minor Bug

  • C = at least 1 Major Bug

  • D = at least 1 Critical Bug

  • E = at least 1 Blocker Bug

Security Rating

  • A = 0 Vulnerabilities

  • B = at least 1 Minor Vulnerability

  • C = at least 1 Major Vulnerability

  • D = at least 1 Critical Vulnerability

  • E = at least 1 Blocker Vulnerability

Security Review Rating 

The Security Review Rating is a letter grade based on the percentage of Reviewed (Fixed or Safe) Security Hotspots.

  • A = >= 80%

  • B = >= 70% and <80%

  • C = >= 50% and <70%

  • D = >= 30% and <50%

  • E = < 30%

Maintainability Rating 

A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1

The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is:

  • <=5% of the time that has already gone into the application, the rating is A

  • between 6 to 10% the rating is a B

  • between 11 to 20% the rating is a C

  • between 21 to 50% the rating is a D

  • anything over 50% is an E

Build 6.7

HaloENGINE

New Features

This section lists the new features in the current release.

Support for setting up password regulations through the admin portal. The default password should have a minimum of 12 characters and a maximum of 30 characters, with at least one uppercase, one lowercase, one number, and one symbol. The System Configuration menu now includes this feature. HC-3106

Improvements

This section lists the improvements in the current release.

  1. A scheduler option has been included in the dashboard to set the duration for maintaining logs at the specified location/path.

  2. The dashboard now includes a Select Charts option for choosing the charts to be displayed and rearranging them as necessary.

  3. In the monitor log, a new field called "blocked_by":["blocked_by_rule"] has been added if a block action takes place that is blocked by a rule. HC-3117

  4. As part of the rebranding, the current version has undergone the following changes, including URLs and certificates. HC-2979

    1. http://localhost:8383/halocore-admin/http://localhost:8383/haloengine-admin/

    2. https://localhost:8746/halocore-central-server/process?wsdlhttps://localhost:8746/haloengine-server/process?wsdl

    3. https://localhost:8746/halocore-central-server/haloresthttps://localhost:8746/haloengine-server/halorest

    4. https://localhost:8746/halocore-central-server/halsdkhttps://localhost:8746/haloengine-server/halsdk

    5. http://localhost:8383/halocore-service-monitor/http://localhost:8383/haloengine-service-monitor/

  5. The term "halocore" is changed to "haloengine" in the Tomcat, Service_Monitor.log, and HaloENGINE.log. HC-2980

  6. The HaloENGINE server certificate has been changed from HalocoreServer.cer to HaloENGINEServer.cer. If you wish to use the existing server certificate HalocoreServer.cer, rename it to HaloENGINEServer.cer and use it.

  7. The log entry now includes a new field called "client_type" that provides further information about the client/source type. HC-2793

  8. HaloENGINE API: A new POST method, DecryptFileAndFetchLabel, has been added to decrypt an encrypted file and determine its label.

  9. HaloENGINE API: Added a message to respond if the customer ID or system type used is incorrect - 406 NOT_ACCEPTABLE"Either the customer name or System type is wrong. Please contact the administrator.” HC-3107

Limitation

This section lists the limitations of the current release.

  1. With this version, you can only install HaloENGINE without the dashboard via silent mode. If you want HaloENGINE integrated with the dashboard, please use the HaloENGINE installer. HC-3141

  2. If you set a Password Policy that includes more than one special character, you must input the password continuously. For example, if you set the No. of special character to 2, input them one after the other (for example, Pass234567!$). Entering special characters apart (for example, Pass!234567$) in the new password field will not be accepted. HC-3144

  3. Installing HaloENGINE in a desktop path causes dashboard data to not load properly. To resolve, grant Network Service the required permissions. HC-3148

  4. When running the migration bat command, ensure that the folder name does not contain any spaces. HC-3155

Fixed Bugs

This section lists the fixed issues in the current release.

  1. As of this version, it is not required to manually add the environment variable before installing the HaloENGINE. During the installation process, the HaloENGINE installer automatically creates the necessary environment variables.

  2. Fixed an issue that prevented the newly created upload action rule from being saved. HC-3102

  3. Fixed an issue that prevented the creation of classification rules with custom pre-expression metadata. HC-3099

  4. Fixed an issue that prevented the creation of a classification rule and displayed an error message when using the metadata SET_GET_PARAMETERS, PRECLASSIFICATION, and KPRO_DOC_ATTRIBUTES. HC-3110

  5. The audit log for PLM now includes a new field called client_type that contains further information about the client/source type. HC-2793

  6. Fixed an issue that allowed bypassing the authentication in the HaloENGINE Admin Portal by providing a previously captured login request response using Burp Suite. HC-3090

Known Issues

This section lists the known issues in the current release.

  1. The following sporadic issue may occur using HCCS Classification: File labeling and protection fail with an error message “Message from service: [PROTECT, LABEL] Parameter validation failed, please check input while downloading data from SAP”. HC-1179

  2. The file type will be displayed as unknown when an already (MIP) labeled Non-Office file is downloaded. HC-1393

  3. An error will occur when downloading the file from SAP if only the Action rule is configured for the default value without the Classification rule. HC-2756

  4. When downloading an assembly file with many dependent files from the Windchill workspace and selecting the Open in Creo option, the document is downloaded and opened in the Creo application, but the temporary files are saved in the HaloENGINE temporary folder. HC-3074

  5. When using SBWP Tcode to upload and download file types such as CSV/XML/DIF/NTR/EMN/EMP/EPS/FACET/IV/NEU/SAT/SLK/SLP/UNV/VDA/X_T, the file extension changes to PTXT. HC-3150

  6. Logs will not appear in the HaloENGINE Dashboard if the Scheduler file path is specified. HC-3072

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the "Code Quality and Security" section for more information on rating definitions.

Metric

Value

Coverage

80%

Maintainability Rating

A*

Reliability Rating

A*

Security Hotspots Reviewed

A*

Security Rating

A*

Quality Gate report

HaloENGINE Service

New Features

This section lists the new features in the current release.

  1. Support for enabling the FIPS module has been added to the installer UI, silent installation, and administration tool. HCSRV-920, HCSRV-923, and HCSRV-931.

  2. Support has been added for masking and allowing clear text visibility of Personally Identifiable Information (PII) in the MIP SDK logs using the registry key block_pii. HCSRV-932

Improvements

This section lists the improvements in the current release.

As in previous versions, a content ID was obtained to track files. From this version, the protected file can be registered using the MIP SDK API for tracking and revocation. HCSRV-925

Fixed Bugs

This section lists the fixed issues in the current release.

As of this version, it is necessary to restart the HaloENGINE service after making any log-related changes with the hesadm.exe tool. HCSRV-922

Known Issues

This section lists the known issues in the current release.

  1. HaloCORE labeled values are not shown in non-office file properties. HCSRV-339

  2. Vault - AutoCAD integration: The watermark does not get applied on an AutoCAD file, despite the label applied configured with a watermark feature. However, this issue does not occur in a standalone AutoCAD add-on. HCSRV-770

  3. Error message appears as “Error 1069: The Service did not start due to a logon failure” when you start the HaloENGINE Service. This is because the user who is running the service or a specific group that the user belongs to (e.g., Administrators) is added to the Deny log on as a service policy (Local Security Policy > Security Settings > Local Policies > User Rights Assignment). To prevent such an error, make sure the user(s) or the group that the user belongs to who runs the Service does not exist in the group policy. HCSRV-797

  4. An error can occur while downloading a MSG file that contains Jira content and will not be protected. HCSRV-826

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the "Code Quality and Security" section for more information on rating definitions.

Metric

Value

Coverage

82.5%

Maintainability Rating

A

Reliability Rating

A

Security Hotspots Reviewed

A

Security Rating

A

Quality Gate report

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close