Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :
  • * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
  • * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
  • * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Performing minor updates on a CentOS/ RedHat based WAPT Server

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the CentOS/ RedHat underlying distribution:

    yum update

WAPT Enterprise

Modify the repository address then launch the upgrade.

Hint

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the baseurl parameter to access WAPT Enterprise repository.

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Enterprise Server Repo
baseurl=https://user:password@srvwapt-pro.tranquil.it/entreprise/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install epel-release
yum install cabextract
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

WAPT Community

  • modify the repository address then launch the upgrade:

cat > /etc/yum.repos.d/wapt.repo <<EOF
[wapt]
name=WAPT Server Repo
baseurl=https://wapt.tranquil.it/centos7/wapt-1.8/
enabled=1
gpgcheck=1
EOF

wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/centos7/RPM-GPG-KEY-TISWAPT-7"; rpm --import /tmp/tranquil_it.gpg
yum install postgresql96-server postgresql96-contrib tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step:

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration asks you to configure Nginx;

    Attention

    • with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to the waptwua root folder (/var/www/waptwua).

    • if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories.

    /opt/wapt/waptserver/scripts/postconf.sh

  • start the WAPT Server:

    systemctl start waptserver

  • upgrade the WAPT console by following the same set of steps as installing the WAPT console;

  • then create the WAPT agent:

    You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!

    This will generate a waptupgrade package in the private repository.

    Note

    There are two methods for deploying the updates:

    • using a GPO and waptdeploy;

    • using a waptupgrade package and deploy it using WAPT;

  • update the WAPT agents:

    The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.

    Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.

    As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.