Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :
  • * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
  • * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
  • * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Performing minor updates on a Debian based WAPT Server

Attention

Ports 80 and 443 are used by the WAPT Server and must be available.

  • first of all, update the Debian underlying distribution:

    apt update && apt upgrade -y && apt dist-upgrade

  • add the package repository for Debian packages, import the GPG key from the repository and install the WAPT Server packages:

WAPT Enterprise

Hint

To access WAPT Enterprise ressources, you must use the username and password provided by our sales department.

Replace user and password in the deb parameter to access WAPT Enterprise repository.

apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://user:password@srvwapt-pro.tranquil.it/entreprise/debian/wapt-1.8/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptrepo tis-waptsetup

WAPT Community

apt install apt-transport-https lsb-release
wget -O - https://wapt.tranquil.it/debian/tiswapt-pub.gpg  | apt-key add -
echo  "deb  https://wapt.tranquil.it/debian/wapt-1.8/ $(lsb_release -c -s) main"  > /etc/apt/sources.list.d/wapt.list
apt update
apt install tis-waptserver tis-waptsetup

Post-configuration

  • launch the post-configuration step

    Note

    • we advise that you launch the post-configuration steps after each server upgrade so that the server uses the latest configuration format;

    • it is not required to reset a password for the WAPT console during the post-configuration step;

    • if you have personalized the configuration of Nginx, do not answer Yes when the post-configuration ask you to configure Nginx;

    Attention

    • with WAPT 1.8 post-configuration, WAPT WUA packages will be moved from their current storage location to waptwua root folder (/var/www/waptwua).

    • if repository replication has been set, all KB/CAB packages will be re-synchronized on remote repositories

    /opt/wapt/waptserver/scripts/postconf.sh

    The password requested in step 4 is used to access the WAPT console.

  • start the WAPT Server:

    systemctl restart waptserver

  • upgrade the WAPT console by following the same set of steps as installing the WAPT console;

  • then create the WAPT agent:

    You will have to keep the same prefix for your packages and change nothing in relation to the private key/ public certificate pair!

    This will generate a waptupgrade package in the private repository.

    Note

    There are two methods for deploying the updates:

    • using a GPO and waptdeploy;

    • using a waptupgrade package and deploy it using WAPT;

  • update the WAPT agents

    The steps to follow to update WAPT agents are the same as the ones to first install the WAPT agents.

    Download and install the latest version of the WAPT agent by visiting http://wapt.mydomain.lan/wapt/waptagent.exe.

    As mentioned above, this procedure may be made automatic with a GPO or a waptupgrade package.