CVE-2024-6200 – Stored Cross-Site Scripting in Tickets

General Information This article contains frequently asked questions relating to the store cross-site scripting vulnerability affecting Halo versions up to 2.143.6. Users with the permission to open tickets may embed malicious JavaScript code into them, that, when accessed by another user, executes within the context of that user. Are hosted Halo instances affected? Hosted customers […]

CVE-2023-4863

The issue is resolved as of version 2.170.1 see Update 31/10/2024 for more information General Information This article contains frequently asked questions relating to the heap buffer overflow vulnerability affecting libwebp. On September 11, 2023, Google published a stable channel update to address the vulnerability with weblibp and assigned CVE-2023-4863 to track this vulnerability. libwebp […]

CORS Policy on Halo API

By default, the CORS policy on all Halo web apps is a wildcard that allows all. To enable a stricter CORS policy to block requests from other origins, follow the below. In appsettings.json in the API and Auth Server add "UseCorsPolicy": true. Also, add "CorsWhiteList" as an array of strings. Enter the hostname of each […]

Agreements (Contracts)

Configuration > Agreements Related Guides: Creating an Agreement/Recurring Invoice for a customer Field Type Description Contract charge description Free Text When any billing is processed for Agreement-related charges, this will be the line that appears on invoices, along with the Agreement name. $ Variables can be used. Variables Guide Enable agreement cost calculation using calculation […]

Deprecation of Summary Contains for Filter Profiles and Filters in Lists

Halo will be removing the ability to use the summary field as a filter in lists (by September for all customers, end of July for beta customers). In order to identify the affected filter profiles and lists, please use the following report: https://{YOURHALODOMAIN}/reports?mainview=onlinerepository&id=5556 For reference to the affected area of Halo: Fig 1. Create a […]

Useful Type lookups for writing SQL reports

The below list of Tables, Columns and References can be used when writing reports for table such as Devicechange or Userchange so that you can properly label the field that was changed. UserChange – UCFieldID Add = -1, SiteChange = 1, Inactive = 2, [ProRata] Delete = 3, ServiceAccount = 4, IgnoreAutomatedBilling = 5, PopUpNotes […]

Deprecation of DCDSite & DCDevNum from DeviceChange

This article details the deprecation of the ‘DCDSite’ & ‘DCDevNum’ columns from the DeviceChange table, and how to identify & address and affected entities The motivation for this change is to improve the performance of the platform, which is hindered by the inclusion of the (redundant) DCDSite & DCDevNum columns, found within the DeviceChange table […]

Using HaloDBLookupService to run custom integration methods on internally facing APIs

In version 2.184+ there is a new connection option for Custom Integrations to connect to internally facing APIs: This connection method allows you to host a proxy application called "HaloDBLookupService" on your own network which can access your internally facing APIs. The Halo API then connects to this Service using requests signed by a common […]

Automating Procurement

In this guide we will cover: – How to have purchase orders automatically create when item stock is below a set level This functionality helps to automate stock management, rather than monitoring stock manually this allows stock to be monitored and have purchase orders raised accordingly to replenish stock. Pre-requisites: You must be using our […]

SaaSAlerts Integration

In this guide we will cover: – What is the SaaS Alerts Integration? – Link to SaaS Documentation – Solution Overview – Integration Benefits What is the SaaS Alerts Integration? The SaaS Alerts and Halo integration allows you to more easily create, organize and manage medium and critical alerts from SaaS Alerts. Link to SaaS […]