Skip to main content
Skip table of contents

Release Notes

Introduction 

The release notes give a brief and high-level overview of the new features in HaloENGINE and HaloENGINE Service. Before installing HaloENGINE, it is recommended to read the release notes to understand any current limitations or bugs that may apply to this version of the software.

Product Description

HaloENGINE is a Java-based Server component that exposes a web service to HaloCORE SAP Add-On and HaloCAD for PLM. The HaloENGINE Service is a Windows service that connects to the HaloENGINE over TCP/IP. It is only one component that interacts directly with the Azure Right Management Service (Azure RMS) to obtain the MPIP label required to protect a file. It actively listens to HaloENGINE decisions and encrypts and decrypts files based on them. It is a common component used by HaloCORE and HaloCAD solutions.

Requirements

The following system requirements table specifies the minimum and recommended technical specifications, such as software and network resources, necessary to run the product.

Components

Details

Operating System

HaloENGINE and HaloENGINE Service must be installed on the same server.

HaloENGINE

  1. MongoDB Compass 7.0.7

  2. The most recent versions of Microsoft Edge, Chrome, and Firefox are supported by the HaloENGINE Admin portal.

HaloENGINE Service

  1. Supported only in Microsoft Windows Server 2022 and above.

  2. Requires .NET Framework 4.6.2 and above.

  3. Latest Windows system updates installed.

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. A valid network path from the server, which will host the HaloENGINE Service, to the RMS service. HaloENGINE Service creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

  7. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 endpoints to bypass the proxy. View a list of endpoints at “Microsoft Online Documentation”. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Code Quality and Security

Secude focuses on software quality and security. This is accomplished by adhering to and exceeding best practices in development, testing, and quality control. Secude has chosen SonarQube as the first building block for building and implementing a robust continuous code quality assurance (QA). SonarQube is a platform for statical code analysis for continuous inspection of code quality. It performs automatic reviews of code to detect bugs, code smells, unit test coverage, and security issues in 29 programming languages.

SonarQube is utilized throughout the development process at Secude and only the highest marks are accepted for a product to be released. It helps to regulate code quality from the beginning of development, find and repair issues promptly, and improve overall software stability.

Each build report can be found under its relevant version heading in this release notes.

Reliability Rating 

  • A = 0 Bugs

  • B = at least 1 Minor Bug

  • C = at least 1 Major Bug

  • D = at least 1 Critical Bug

  • E = at least 1 Blocker Bug

Security Rating

  • A = 0 Vulnerabilities

  • B = at least 1 Minor Vulnerability

  • C = at least 1 Major Vulnerability

  • D = at least 1 Critical Vulnerability

  • E = at least 1 Blocker Vulnerability

Security Review Rating 

The Security Review Rating is a letter grade based on the percentage of Reviewed (Fixed or Safe) Security Hotspots.

  • A = >= 80%

  • B = >= 70% and <80%

  • C = >= 50% and <70%

  • D = >= 30% and <50%

  • E = < 30%

Maintainability Rating 

A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1

The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is:

  • <=5% of the time that has already gone into the application, the rating is A

  • between 6 to 10% the rating is a B

  • between 11 to 20% the rating is a C

  • between 21 to 50% the rating is a D

  • anything over 50% is an E

Build 6.8

HaloENGINE Service

New Features

There are no new features to highlight in this release.

Improvements

There are no improvements to mention in the current release.

Limitations

This section lists the limitations of the current release.

Many enterprises enforce a Group Policy Objects (GPO) that requires all outbound internet traffic routed through a proxy server. These proxy settings need to be used by both the MIP SDK and the MSAL library for MPIP authentication and functionalities. To use proxy settings for the MSAL library, we need to set the msal_proxy_address in HKEY_LOCAL_MACHINE\SOFTWARE\Secude\HaloENGINE Service.
If the above does not work for service-running users, in such cases, set the registry keys ProxyServer and ProxyEnable in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. For more information, refer to the Proxy Configuration section of the Installation and Configuration Manual.

Fixed Bugs

There are no new features to highlight in this release.

Known Issues

This section describes the known issues with the current release.

  1. HaloCORE labeled values are not shown in non-office file properties. HENGINESRV-339

  2. Vault - AutoCAD integration: The watermark does not get applied on an AutoCAD file, despite the label applied configured with a watermark feature. However, this issue does not occur in a standalone AutoCAD add-on. HENGINESRV-770

  3. Error message appears as “Error 1069: The Service did not start due to a logon failure” when you start the HaloENGINE Service. This is because the user who is running the service or a specific group that the user belongs to (e.g., Administrators) is added to the Deny log on as a service policy (Local Security Policy > Security Settings > Local Policies > User Rights Assignment). To prevent such an error, make sure the user(s) or the group that the user belongs to who runs the Service does not exist in the group policy. HENGINESRV-797

  4. An error can occur while downloading a MSG file that contains Jira content and will not be protected. HENGINESRV-826

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the "Code Quality and Security" section for more information on rating definitions.

Metric

Value

Coverage

82.5%

Maintainability Rating

A

Reliability Rating

A

Security Hotspots Reviewed

A

Security Rating

A

Quality Gate report

HaloENGINE

New Features

This section highlights the new features in the current release.

  1. In previous releases, file pattern recognition was done in the background by default. However, in this release, the File Pattern Detection functionality can now be enabled or disabled by the administrator. A new button has been added to the HaloENGINE Features page in the Admin Portal. Once enabled, HaloENGINE will automatically identify the file type by analyzing its structure, format, and extension and then transmit the results to the HaloENGINE Service. However, if File Pattern Detection is off, HaloENGINE will only forward the file to HaloENGINE Service for processing without doing any analysis. HENGINE-2852

  2. In addition to the MONITOR, BLOCK, and PROTECT features, HaloCORE and HaloENGINE now integrate with the OpenAI API, which creates risk reports based on user requests. This is a licensed functionality that is currently only available for SAP. In the HaloENGINE admin portal, a new user interface called Generative AI Token Configuration has been added under Monitor Configuration. Integration is enabled via a registered API key. HENGINE-3194

Improvements

This section lists improvements added to the current release.

  1. The Tomcat version has been updated to 9.0.102. HENGINE-3214

  2. A new metadata author_name has been added for HaloCAD for SOLIDWORKS PDM system type. HENGINE-3209

Limitation

This section lists the limitations of the current release.

Currently, Wildcard * is only supported when defining categorization rules and custom pre-expressions. HENGINE-1760

Fixed Bugs

This section lists the fixed issues in the current release.

  1. Fixed an issue that caused Null to appear instead of Possible Data Leak under Classification for File Labels for Download when uploading Monitor logs to the Dashboard. HENGINE-3157

  2. Fixed an issue that caused an incorrect response when attempting to upload a log file after stopping the MongoDB Server. HENGINE-3030

  3. With this release, the Fully Qualified Domain Name (FQDN) of the HaloENGINE server will be automatically configured in the hc-servlet.xml, thereby preventing dynamic IP-related issues. HENGINE-3196

  4. In the previous release, because the server.xml file could not be empty after generating a self-signed server certificate or importing the company's certificate (PFX), a client certificate had to be issued or imported immediately. As of this release, the client certificate no longer has to be created or imported immediately. HENGINE-3215

Known Issues

This section provides a list of the fixed issues in the current release.

  1. The following sporadic issue may occur using HCCS Classification: File labeling and protection fail with an error message “Message from service: [PROTECT, LABEL] Parameter validation failed, please check input while downloading data from SAP”. HENGINE-1179

  2. The file type will be displayed as unknown when an already (MIP) labeled Non-Office file is downloaded. HENGINE-1393

  3. An error will occur when downloading the file from SAP if only the Action rule is configured for the default value without the Classification rule. HENGINE-2756

  4. When downloading an assembly file with many dependent files from the Windchill workspace and selecting the Open in Creo option, the document is downloaded and opened in the Creo application, but the temporary files are saved in the HaloENGINE temporary folder. HENGINE-3074

  5. When using the SBWP Tcode to upload and download file types such as CSV/XML/DIF/NTR/EMN/EMP/EPS/FACET/IV/NEU/SAT/SLK/SLP/UNV/VDA/X_T, the file extension changes to PTXT. HENGINE-3150

  6. Logs will not appear in the HaloENGINE Dashboard if the Scheduler file path is specified. HENGINE-3072

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the "Code Quality and Security" section for more information on rating definitions.

Metric

Value

Coverage

80%

Maintainability Rating

A*

Reliability Rating

A*

Security Hotspots Reviewed

A*

Security Rating

A*

Quality Gate report

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close