HaloENGINE
HaloENGINE
Breadcrumbs

Release Notes

Introduction 

The release notes provide brief and high-level descriptions of the new features of HaloENGINE. Before installing HaloENGINE, it is recommended to read the release notes to understand any current limitations or bugs that may apply to this version of the software.

Product Description

HaloENGINE is a Java-based classification engine that applies business logic and integrates with the Microsoft Purview Information Protection service to fetch the sensitivity labels for configuration in the admin portal. Using metadata, it classifies and organizes data while enforcing schemas and action rules, serving as the core component that works with the HaloCAD for PLM/PDM solution to protect data.

Requirements

The following system requirements table outlines the minimum and recommended technical specifications, including software and network requirements, necessary to run the product.

Components

Details

Operating System

Supported only on Microsoft Windows Server 2022 or later with the latest system updates installed.

Other Applications

  1. MongoDB Compass 7.0.7

  2. Requires .NET Framework 4.6.2 and above.

  3. The HaloENGINE Admin portal supports the most recent versions of Microsoft Edge, Chrome, and Firefox.

Office 365 Subscription

  1. An Azure subscription is required to use Azure RMS and the MPIP functionality.

  2. A working Microsoft Entra ID service must be available.  

  3. Microsoft Purview Information Protection must be fully configured.

  4. A valid network path from the server, which will host the HaloENGINE, to the RMS service. HaloENGINE creates an outbound network communication with Microsoft Azure Services.

  5. TLS 1.2 or higher must be enabled to ensure the use of cryptographically secure protocols.

  6. Audit logging: Your Azure subscription must include Log Analytics on the same tenant as Microsoft Entra ID.

  7. Register an application to get the Application (client) ID and Tenant ID in the Azure portal.

Requirements

Recommended URLs, Addresses, and Ports for MPIP

MIP SDK doesn't support the use of authenticated proxies. So, make sure you set the Microsoft 365 endpoints to bypass the proxy. View a list of endpoints at “ Microsoft Online Documentation ”. However, Microsoft recommends the following:

Addresses

Ports

*.protection.outlook.com

40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 

TCP 443

*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net,*.office.com (add substrate.office.com if you don't want to add all sub-domains), crl3.digicert.com, crl4.digicert.com.

TCP 443, 80

For event logging

*.events.data.microsoft.com

TCP 443

National Cloud

Microsoft Entra ID authentication endpoint

Microsoft Entra ID for the US Government

https://login.microsoftonline.us

Microsoft Entra ID (global service)

https://login.microsoftonline.com

Recommended endpoints

Code Quality and Security

Secude focuses on software quality and security. This is accomplished by adhering to and exceeding best practices in development, testing, and quality control. Secude has chosen SonarQube as the first building block for building and implementing a robust continuous code quality assurance (QA). SonarQube is a platform for statical code analysis for continuous inspection of code quality. It performs automatic reviews of code to detect bugs, code smells, unit test coverage, and security issues in 29 programming languages.

SonarQube is utilized throughout the development process at Secude and only the highest marks are accepted for a product to be released. It helps to regulate code quality from the beginning of development, find and repair issues promptly, and improve overall software stability.

Each build report can be found under its relevant version heading in this release notes.

Reliability Rating 

  • A = 0 Bugs

  • B = at least 1 Minor Bug

  • C = at least 1 Major Bug

  • D = at least 1 Critical Bug

  • E = at least 1 Blocker Bug

Security Rating

  • A = 0 Vulnerabilities

  • B = at least 1 Minor Vulnerability

  • C = at least 1 Major Vulnerability

  • D = at least 1 Critical Vulnerability

  • E = at least 1 Blocker Vulnerability

Security Review Rating 

The Security Review Rating is a letter grade based on the percentage of Reviewed (Fixed or Safe) Security Hotspots.

  • A = >= 80%

  • B = >= 70% and <80%

  • C = >= 50% and <70%

  • D = >= 30% and <50%

  • E = < 30%

Maintainability Rating 

A=0-0.05, B=0.06-0.1, C=0.11-0.20, D=0.21-0.5, E=0.51-1

The Maintainability Rating scale can be alternately stated by saying that if the outstanding remediation cost is:

  • <=5% of the time that has already gone into the application, the rating is A

  • between 6 to 10% the rating is a B

  • between 11 to 20% the rating is a C

  • between 21 to 50% the rating is a D

  • anything over 50% is an E

Build 6.9

This chapter provides an overview of the updates and quality insights included in this release. It covers the fixed issues, improvements, limitations, new features, and known issues, along with a summary of SonarQube’s key parameters to highlight code quality metrics and analysis results.

New Features

There are no new features to highlight in this release.

Improvements

This section lists improvements added to the current release.

  1. Upgraded JDK 17 with Tomcat 10.x support. HENGINE-3232, HENGINE-3224, HENGINE-3229

  2. With this release, all clients communicate through RESTful services using JSON request and response formats.

  3. In earlier releases, HaloENGINE and HaloENGINE Service functioned independently and required separate installers. Beginning with this release, HaloENGINE is delivered as a unified component that bundles the HaloENGINE Tomcat Service DLL within a single installer. HaloENGINE now connects to Microsoft Purview Information Protection to fetch the sensitivity labels and make them available for label configuration. These enhancements simplify deployment and improve overall performance.

  4. Enhanced Export Functionality in Admin Portal. In earlier releases, the Admin Portal could import only configuration files, and certificates were not included. In this release, you can now choose to include certificates during the upgrade process. This improvement makes upgrading to the next version easier by removing the need for manual certificate handling. HENGINE-3241

Limitations

This section lists the limitations of the current release.

Currently, Wildcard * is only supported when defining categorization rules and custom pre-expressions. HENGINE-1760

Fixed Bugs

This section lists the fixed issues in the current release.

In this release, the service is delivered as a DLL, and tenant details have been integrated into the ENGINE UI. Consequently, the following changes have been introduced in the Admin Portal:

  1. The Service Configuration tab has been removed.

  2. The HaloENGINE Service Monitor has been removed.

  3. The Upload Rules tab has been removed (previously available only for the SAP client type). HENGINE-3238

  4. The Service Map and Service Configuration tabs have been removed.

  5. SAP-supported WSDLs have been removed. (Process URL: http://localhost:8383/haloengine-server/process?wsdl,
    Monitor URL: http://localhost:8383/haloengine-server/monitor?wsdl,
    Stateful Process URL: http://localhost:8383/haloengine-server/stateful_process?wsdl)

  6. The following options have been removed: Simulation Mode, File Pattern Detection, Transform .tsv with xls/xlsx extension, Automatically transform tab-separated content to xlsx, Use .txt on xls/xlsx transformation failure, and AI Risk Report. HENGINE-3239.

  7. Running multiple services is no longer supported. Starting with this release, only a single service is supported.HENGINE-344

  8. In previous releases, Single Customer and Multiple Customer modes were supported; starting with this release, these modes have been removed, and a single default customer ID halo_customer (changeable) is used.

  9. Resolved an issue where users were unable to log in to the Admin Portal using Microsoft Azure login. The login now works correctly after configuring the OAuth2 client secret and ensuring the corresponding key is set in the Admin Portal. HENGINE-3249

Known Issues

This section provides a list of the fixed issues in the current release.

  1. The file type will be displayed as 'unknown' when an already labeled (MPIP) non-office file is downloaded. HENGINE-1393

  2. When downloading an assembly file with many dependent files from the Windchill workspace and selecting the Open in Creo option, the document is downloaded and opened in the Creo application. Still, the temporary files are saved in the HaloENGINE temporary folder. HENGINE-3074

  3. When using the SBWP Tcode to upload and download file types such as CSV/XML/DIF/NTR/EMN/EMP/EPS/FACET/IV/NEU/SAT/SLK/SLP/UNV/VDA/X_T, the file extension changes to PTXT. HENGINE-3150

  4. Logs will not appear in the HaloENGINE Dashboard if the Scheduler file path is specified. HENGINE-3072

Quality Gate Report

Please see the table below for a list of SonarQube's key parameters for this version. Refer to the " Code Quality and Security " section for more information on rating definitions.

Metric

Value

Coverage

80%

Maintainability Rating

A*

Reliability Rating

A*

Security Hotspots Reviewed

A*

Security Rating

A*

Quality Gate report