Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :

• * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
• * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
• * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Upgrading WAPT from 1.3 to 1.6 on Debian

Preamble

Note

We make the assumption that your WAPT Server is installed on a basic minimal install of Debian9 (x64). If this is not the case, you may follow the documentation to upgrade your base server.

This procedure aims to explain the migration of WAPT 1.3 to 1.6, only.

Element	WAPT 1.3	WAPT 1.6
Database	MongoDB	PostgreSQL
Web server	Apache2	Nginx
WAPT agent	agent listening on agent port 8088	agent initiating and maintaining a websocket with the server.
Signature	sha1 hashes	a Code Signing certificate is required, control file attributes are signed with sha256 hashes.

These changes require to follow scrupulously several operations for a smooth upgrade.

Install systemd and ca-certificates

• install systemd

apt install systemd

• install ca-certificates:

apt install ca-certificates

• restart the WAPT service:

reboot

Uninstalling WAPT 1.3 from the Debian server

apt remove tis-waptrepo tis-waptsetup tis-waptserver
systemctl stop apache2
systemctl disable apache2

Setting up the GNU/ Linux Debian server

apt update && apt upgrade -y
apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://wapt.tranquil.it/debian/wapt-1.6/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update

Installing WAPT 1.6 on the Debian server

apt install tis-waptserver tis-waptsetup

Note

The installation may ask you for the Kerberos realm. You may ignore it by pressing Enter to go on to the next step.

Launching the post-configuration script

Note

• we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

• it is not required to reset a password for the WAPT console during the post-configuration step;

/opt/wapt/waptserver/scripts/postconf.sh

The post-configuration step will offer you to change the password or to move to the next step, you may choose to change the password if desired.

The post-configuration step will then detect that the current version is 1.3 and it will try to launch the process of migrating the MongoDB database to PostgreSQL.

The post-configuration step will next offer you to configure the Nginx web server. Validate this step.

Starting up WAPT on the Debian server

systemctl enable waptserver
systemctl start waptserver

Cleaning up the Debian server

At the end of the migration process, it is necessary to clean the WAPT Server.

WAPT will use from now on Nginx as its web server and PostgreSQL as its database server.

apt remove apache2 mongodb
apt autoremove
apt clean

Installing the new WAPT console

• download waptsetup: https://srvwapt.mydomain.lan/wapt/waptsetup-tis.exe;

• start the installation; the configuration of the WAPT repository and server URLs has not changed;

• open the waptconsole by selecting C:\Program Files (x86)\wapt\waptconsole.exe (default location) or C:\wapt\waptconsole.exe (older WAPT versions);

• check that the WAPT Server works correctly by clicking on the wrench icons and the button Verify!

You may now go to the next step to generate the necessary keys.