Changelog

WAPT-2.5 Serie

WAPT-2.5.5.15697 (2024-09-11)

hash: 20422a0b

This is a bugfix releases.

  • [FIX] waptconsole wads: Fixed a bug with djoin

  • [UPD] waptcore: upgrade lib OpenSSL to 3.1.7, upgrade python to 3.8.20

  • [FIX] correction of the login on wads which no longer worked

  • [IMP] waptserver: on Linux: use TLS1.3 AND use TLS1.2 for nginx on linux

WAPT-2.5.5.15691 (2024-07-18)

hash: 84dca83d

This is a bugfix releases. The main change is the use of an generic Linux Python build (one per architecture) on Linux. The generic Linux Python build allows to use the same WAPT agent on different deb and rpm based distribution.

  • [FIX] waptconsole: fix hardware treeview filtering does not show keys with NULL values

  • [IMP] waptconsole: improve search ldap groups with pagination for larger domains

  • [FIX] waptconsole: fix potential Access violation when importing a package from sources with dependencies

  • [FIX] waptconsole: fix export to CSV / XLS of NULL or empty cells

  • [FIX] waptconsole: htmlviewer: ensure templates path is created when editing template

  • [IMP] waptconsole: improve GUI for waptupgrade (Linux and macOS)

  • [IMP] waptconsole: improve waptserver reconnection

  • [FIX] waptcore: add python waptcrypto SSLPKCS12.save_as_p12. Don’t create a pkcs#12 bundle on register anymore (to avoid potential CVE-2024-26130)

  • [FIX] waptcore: fix get_domain_info() ldap result does not need .items call anymore

  • [IMP] waptcore: remove dist from agent and server rpm package names

  • [FIX] waptcore: fix type_debian() and type_redhat(). It should now better match for any Debian / Redhat derivatives

  • [IMP] waptcore: add impacted_process in waptupgrade packages

  • [IMP] waptcore: on Linux, use generic python build build with generic linux python

  • [FIX] waptcore: fix get_domain_info unix using pyldap

  • [NEW] waptcore: add pyldap cldap_get_best_ldap_controller, cldap_get_ldap_controller cldap_get_domain_info helpers

  • [FIX] waptcore: fix pyldap memory leaks and double free issue

  • [FIX] waptcore: mormot2 better handling of 0 byte zip file

  • [FIX] waptagent: setup: fix write to default_global instead of global if default_global section is not empty

  • [FIX] waptagent: fix getting current user domain for wapt self service

  • [FIX] waptagent: waptself: fix some memory leaks

  • [FIX] waptagent: be sure to not try to call windll.iphlpapi on non windows OS (might be called on non windows os when reconfig_on_network_change = True)

  • [IMP] waptagent: allow to use selfservice features on command line to improve usability for visually challenged users. As standard user, using wapt-get install -S tis-packagename, wapt-get will authenticate using Kerberos with the local service and install the package

  • [IMP] waptserver: improve nginx configuration for large network: sendfile_max_chunk -> 1m

  • [IMP] waptserver: add /homepage_kerberos URI for SSO authentication on waptserver home page

  • [IMP] waptserver: rpm waptserver and waptagent: removed dependencies policycoreutils-python-utils, postgresql-server, postgresql-contrib. Installation of dependencies is already covered in the documentation. It allows more transparent upgrades.

  • [IMP] waptserver: add a requests rate limitation on nginx if rate_limit server parameter is True

  • [IMP] waptserver: restrict list of Ad OU, Ad Sites, Ad Groups based on user perimeters acls.

  • [IMP] waptserver: on Linux: use TLS1.3 for nginx on linux

  • [FIX] waptserver: on Linux, fix for non conventional umask, reset right on Packages after recreation

  • [FIX] waptserver: on Windows, fix typo in InnoSetup server installer

  • [NEW] waptserver: add script get_linux_and_macos_agent.sh (for download waptagent linux and macos form linux server)

  • [IMP] waptserver: linux: logrotate with limit in log files (waptserver and waptserver-uwsgi systemd scripts)

  • [IMP] waptserver: add /opt/wapt/waptserver/scripts/testing-ldap-connectivity.sh to check and validate LDAP configuration on WaptServer

  • [IMP] waptserver: improve web interface of waptserver (for linux and macos, download and config)

  • [FIX] setuphelpers: Invalid IPinnedList interface version detection for pin_to_taskbar() function

  • [FIX] setuphelpers: fix regression “ImportError: cannot import name ‘get_computer_domain’ from ‘setuphelpers’ (/opt/wapt/setuphelpers.py)””

  • [IMP] setuphelpers: reduced GetBiosInfos

WAPT-2.5.5.15640 (2024-06-20)

hash: 7265bc7e

This is a bugfix releases. Among other things, it fixes a minor memory leak that could become major in certain corner cases.

  • [FIX] waptcore: fix memory leak in DVToPyObject

  • [FIX] waptcore: fix linux create waptagent on command line: fix GetApplicationVersion on unix (erroneous spaces in waptupgrade filename)

  • [FIX] waptcore: fix wapt-scanpackages “path should be string, not None” for ssl_client_crls server config parameter

  • [UPD] waptcore: upgrade lib OpenSSL to 3.1.6, SQLite to 3.46.0, 7zip lib to 24.6.0, Psycopg2 to 2.9.9

  • [NEW] waptcore: add support for Ubuntu 24.04

  • [NEW] waptcore: rework Python 3.8.19 install to be distribution agnostic

  • [FIX] waptserver: fix update websocket status table (update_ws_db) for SQL queries in reporting

  • [UPD] waptserver: increase max size of computer_ad_site and computer_ad_ou for computer with very long DN in Active Directory

  • [FIX] waptserver: require admin or register_host acl for add_host endpoint

  • [FIX] waptconsole: allow a simple user with ‘view’ acl to change its password if password is manages by the wapt server htpasswd file (auth method ‘passwd’ only)

  • [FIX] waptconsole: avoid starting gettasksstatus thread if no personal certificate

  • [FIX] waptconsole licence status: in case of network failure, dont’t retry to get licences data too often

  • [IMP] setuphelpers: Add implicit names for install scripts for automatic completion in PyScripter and VSCode

  • [NEW] setuphelpers: on windows add new helpers pin_to_taskbar() (available on win7, win8, win10),

    unpin_from_taskbar(), list_taskbar_pins()

  • [NEW] setuphelpers: add waptlicences.get_battery_infos() helper

  • [FIX] wads: allow wads in http even though force_https=True

  • [FIX] waptagent self service: don’t allow to remove a package if use is not allowed to remove parent packages whose depend on it

  • [UPD] waptself: reset frame status progress bar and buttons if uninstall is not allowed

WAPT-2.5.5.15602 (2024-05-22)

hash: 2793e726

This release is implements a few fixes after user feedback since 2.5.5.15556.

The main issue were:

  • failure in self service login which was failing for users that had no entry in WAPT ACL table

  • overwrite of let’s encrypt https certificate in some cases

Details of changelog entries:

  • [FIX] waptagent: waptsetup use_random_uuid from json config

  • [FIX] waptagent: reporting [install_status] property not found

  • [FIX] waptagent: fix use_random_uuid which didn’t work properly when coupled with dynamic config

  • [IMP] waptagent: add a buggy bios uuid 03000200-0400-0500-0006-000700080009

  • [FIX] waptagent: fix waptagent use_random_uuid regression

  • [FIX] waptagent: dynamic config editor: be tolerant if a pem from json is empty * but this should not happen

  • [FIX] waptagent: waptsetup: don’t cleanup agent’s <wapt>\templates folder on install.

  • [FIX] waptagent: wapt-get add-licence ask explicitly for server auth Same RequireServerAuth hook added for list-available-config, upload-package, build-waptagent

  • [UPD] waptagent: waptsetup: removed the ability to cleanup the current agent configuration. Some users wrongly select this option without knowledge of the actual consequences (removed all config, certificates, etc…)

  • [UPD] waptagent: vscode package edit: use <wapt>\Scripts\python.exe as python interpreter. Don’t create python.exe link in <wapt> folder. <wapt> folder is currently in system PATH and some people expect that “python” in cmd launches the first found system wide “python” instead of wapt python.

  • [FIX] waptagent: missing manifest for python substitute.

    • python.exe win32api.GetVersionExe() returning 6.2 for win10.

    • fix regression on debug runwaptserver command

    • fix regression on debug runwaptservice.bat command

  • [FIX] waptagent: websocket client: be sure to not use a HTTP_PROXY from environment when no proxy is defined in config. There is a bug in websocket module which does not follow the trust_env=False parameter from requests.Session.

  • [IMP] waptagent: wapt-get build-waptagent : takes in account default maturity from command line or ini file. Set forced_install_on to now like in waptconsole

  • [FIX] waptserver: ldap server auth failed for selfservice if user has no acls on wapt server. Revert “[SEC] waptserver: for /login, if user has no acls at all, reject authentication even if raw authentication is successful”

  • [IMP] waptcore: use get_system_cabundle_path from lazarus waptlicences module. On windows, if current user is system account, use <WaptBaseDir>\ssl\server\cacert.pem for cacert.pem file path containg extraction of system store certificates. Share the same logic between python code and lzarus code

  • [SEC] waptcore: waptlicences.waptserver_login: user password not cleared in memory on function exit Fix last commit (ask temporary client private key password on relogin)

  • [FIX] waptcore: regression: use default pyscripter editor if None defined in ini file.

  • [FIX] waptcore: memleak in waptserverconnection.login when opening a connection to the server

  • [FIX] waptcore: fix memleak in waptcrypto TX509CertificatesChainHelper.InitFromPEM

  • [IMP] waptserver: allow POST requests for import_host_from_inventory

  • [IMP] waptserver: linux postconf: keep old server certificate CN and subjectAltName attributes when generating a new children certificate. Prevent the case where the actual linux server name is not a valid dns name. In this case, we created a bad certificate previously.

  • [FIX] waptconsole: trim user edited text in grids for trailing space or leading space

  • [FIX] waptconsole: fix “file not opened” error in waptconsole MSI package wizard.

  • [FIX] waptconsole: fix portable application template in package wizard

  • [UPD] waptconsole: takes in account –config -c argument to set a specific configuration file

  • [FIX] waptconsole: fix access violation if tisgrid (when refreshing wads hosts grid)

  • [NEW] waptconsole: add an action (hidden by default, can be added to toolbar) to export wapt hosts inventory to wads hosts inventory.

  • [NEW] waptconsole: Add an action in hosts popup menu to export selected hosts to Wads inventory.

  • [FIX] waptconsole: ad treeview focused node color on Linux

  • [FIX] waptconsole: fix translation of “forced install on”

  • [FIX] setuphelpers: regression on setuphelpers get_powershell_str(). Progress was returned in output beacuse of stderr redirected to stdout

  • [IMP] wads: wgetwads calc wads.exe url using rules.json and GetSecondaryRepo like in wads instead of requesting waptserver with a redirect?

  • [IMP] wads: use http:// by default instead of https for the proposed url of secondary repositories There is no easy way to distribute a server CA for secondary repositories

  • [FIX] wads: when calculating secondary repo URL on server, keep the protocol of default URL only for IPXE /api/v3/get_host_ipxe endpoint. For other cases, we keep the proto of the rule. (forward_proto=False)

WAPT-2.5.5.15556 (2024-04-24)

hash: bc556ed5

Note

This version has a few issues. Please do no use and use the next one.

This is a bugfix and security hardening release.

Noteworthy items:

  • for security hardening, standard Python interpreted python.exe is now replaced by a Lazarus wrapper calling python38.dll that restrict the PATH, PYTHOHPATH and VENV auto discovery to avoid looking outside of the WAPT install directory.

Caveats:

  • wapt-get edit package does not load vscode editor (code.cmd is no more in default windows PATH as PATH is cleaned up).

  • python winsys.dialogs module can not be loaded on windows: winsys.dialogs.x_dialogs: (1813, 'LoadIcon', 'The specified resource type cannot be found in the image file.'). The module winsys is not used by WAPT itslef anymore or by packages on the WAPT store, but may be used in internally developed packages.

  • in vscode, the python launcher is still the original waptpython.exe. Using wapt-get.exe as launcher does not work and is fixed in master/2.6. This means debugging in vscode does not match exactly what will be done in waptservice as wapt-get.exe cleans up python PYTHONPATH and windows system PATH, and wapt-get.exe provides pyldap and waptlicences python modules.

Details of fixes and improvements:

  • [FIX] waptagent: update of cacert.pem from windows certstore in win64 system32 localappdata .certifi

  • [FIX] waptagent: macOS: improve pre and post install scripts in install macOS agent to improve upgrade handling of WAPT

  • [FIX] waptagent: republish ‘repositories’ url list in host_info

  • [FIX] waptagent: waptwua: ignore corrupted wua rules json file (empty file, or not json file)

  • [FIX] waptagent: macos: stopping waptservice before install

  • [FIX] waptagent: macos: fresh install of agent service file WAPT on macOS.

  • [FIX] waptagent: wapt-get: init sys.path for linux / darwin

  • [IMP] waptagent: macos: avoid calling mac_ver too frequently as system version is unlikely to change without a restart of waptservice.

  • [FIX] waptagent: linux: try to create .config user dir for token_file

  • [FIX] waptagent: linux: fix password echoing on linux console

  • [FIX] waptagent: wapt-get server password utf8 encoding when types from windows command line.

  • [FIX] waptagent: waptwua: fix install_date info

  • [UPD] waptagent: default httpkeepalive to 2s

  • [UPD] waptagent: service: socket client, retry accessing to waptdb at startup in case db is locked by other processes.

  • [FIX] waptagent: fix NetLocalGroupGetMembers

  • [IMP] waptagent: windows: local_group_members now use get_user_from_sid

  • [FIX] waptagent: Fix domain_controller_address

  • [IMP] waptagent: create cache for sid to username mapping, use Domain information from history (registry, gpupdate)

  • [FIX] waptagent: install_updates disable install if not waptwua_enabled

  • [SEC] waptagent: improve randomness of temporary client private key password

  • [UPD] waptagent: improve wapt agent logs

  • [FIX] waptagent: wapt-get check-licences : be tolerant if waptdb.sqlite is readonly (not admin mode)

  • [UPD] waptagent: agent logs: keeps log in one file per executable and limit its size to 4Mb

  • [FIX] waptagent: wapt-get --service action: don’t use ‘admin’ default user.

  • [SEC] waptagent: waptsetup.exe: be sure to run commands from explicit locations

  • [FIX] waptagent: waptstarter: set repo_url and install tranquilit trusted cert for packages

  • [FIX] waptagent: service: selfservice rules merging: merge issue if group names are not lowercase

  • [NEW] waptagent: waptwua: add forced install checkboxes for wsus rules packages and self service rules packages

  • [NEW] waptagent waptwua: Add user_locale in waptwua params

  • [IMP] wapagent: wapt-get: add a debug ldap search tool (lds action): wapt-get lds “filter” [csv-list-of-attributes]. If given filter arg does not start with '(', search with (|(CN=%)(mail=%)(name=%)(sn=%)(givenName=%)) filter

  • [SEC] waptcore: wapt-get is now the python launcher for service and server

    • Scriptspython.exe is now a symlink to wapt-get.exe

    • Scriptspython.exe is the python launcher for pyscripter.

  • [IMP] waptcore: buildwaptpackage: don’t try to compress files known to be already compressed (‘.msi’,’.jpg’,’.zip’,’.z’,’7z’,’.png’,’.gz’, etc.)

  • [IMP] waptcore: use wapt-get --hide for session-setup on windows

  • [FIX] waptcore: wapt-get linux: remove line ending trick as it force buffering of output.

  • [IMP] waptcore: use wapt-get.exe instead of waptpython.exe as python loader in waptagent and waptserver services

    • windows system contains only windows and wapt directories

    • make sure sys.path contains only modules provided by wapt.

    • waptlicences and pyldap modules are provided directly by wapt-get.exe

    • wapt-get.exe can be used instead of waptpython.exe with pyscripter for example.

  • [IMP] waptcore: wapt-get: when windows PATH cleanup, keep all c:\windows\* PATH parts

  • [FIX] waptcore: wapt-get: load properly the config from -c command line option

  • [FIX] waptcore: updated sanitize_filename in python to match what is done in fpc code SanitizeFilename (allow @ ( ), disallow / " and #127 (del))

  • [SEC] waptcore: update Python to 3.8.19

  • [FIX] waptcore: switch python4delphi to python-for-lazarus for mac arm64 compatibility.

  • [FIX] waptcore: wapt-get install/remove/forget/audit –service with multiple packages. Initialize logger level and output for wapt-get –shell

  • [SEC] waptcore: workaround for buggy mimetypes module

  • [UPD] waptcore: add a updated_on information on dict host inventory

  • [SEC] waptcore: replace dangerous python uptime with mormot function. Remove uptime lib

  • [FIX] waptcore: waptlicences add encrypt_aes_pkcs7 and decrypt_aes_pkcs7

  • [FIX] waptcore: be sure to send new audit data even if host clock is in future

  • [FIX] waptcore: don’t keep cached cacert.pem if filesize on disk is null

  • [FIX] waptcore: in some cases, there could no audit_data if never sent to server (None compared to str)

  • [REM] waptcore: remove build upload in vscode and pyscripter project file. Build-upload should now be done through the waptconsole as there are many cases where it does not work in dev user context.

  • [NEW] waptcore: add update_package file reference on psproj for easier access

  • [UPD] waptcore: update mormot2 for the use of .test in IsDirectoryWritable() (reduced risk of EDR false positive)

  • [UPD] waptcore: when updating CRL, check new CRL before replacing it

  • [IMP] waptcore: force usage of mormot.core.os.GetTickCount64 for Windows 2008/XP compatibility

  • [NEW] waptcore: introduce pltis_pyldap module to replace python ldap3 module for better AD LDAP support

  • [UPD] waptcore: wapt persistent_dir handling in dev mode. Persistent_source_dir is always defined and =dev directory. Persistent_dir=persistent_source_dir when package_uuid is None. On package remove, be sure to not delete persistent_dir if path does not start with agent private/persistent path

  • [IMP] waptcore: update copyright date… we are now in 2024

  • [FIX] waptcore: invalid waptupgrade package control signature if forced_install_on is unchecked

  • [FIX] waptconsole: fix combo layout: removed maxheight 21 for linux layout

  • [FIX] waptconsole: fix offline export/import of missing wsus cab

  • [IMP] waptconsole: add audit and forced install action in host packages status overview popup menu

  • [IMP] waptconsole: fix wads search hosts

  • [FIX] waptconsole : fix update_package support on Linux

  • [SEC] waptconsole: don’t keep server user encrypted password in wapt-get memory

  • [SEC] waptconsole: don’t keep an the encrypted user server password in memory anymore

  • [FIX] waptconsole: when editing control file in waptconsole, don’t refresh control edit content if focused. This fix the issue of not able to type a space at the end of a line

  • [FIX] waptconsole update package source form: allow to upload if update_package function return True

  • [FIX] waptconsole: on Windows, proxy configuration or store token may not be properly kept saved in configuration file when console is closed.

  • [FIX] waptconsole: update_package_sources gui: be sure to have WaptBaseDir in python path (otherwise it prevent update_package from working on linux platform)

  • [FIX] waptconsole: better handle decrypt/encrypt checkbox in audit data to avoid wrong refresh

  • [FIX] waptconsole import proprietary packages: redirect to web page for licence validation

  • [NEW] waptconsole: provide re-signing option in wads iso listing (useful when old adminsys is gone for example)

  • [NEW] waptconsole: provide re-signing option on wads host configuration (useful when old adminsys is gone for example)

  • [IMP] waptconsole: restore right click on wads host configuration to edit config

  • [UPD] waptconsole: add secondary shortcut Ctrl+Shift+U for forced update and restore Ctrl+U for update shortcut

  • [IMP] waptconsole: improve usability of the context menu in the private repository to update selected packages from selected store. Now it is redirected to the import from internet gui with proper settings to see the updates available.

  • [IMP] waptconsole: handling enterprise or entreprise spellings in packages tags.

  • [UPD] waptconsole grids: increase max width

  • [NEW] waptconsole: add context menu to re-sign wads driver bundles (handy when older sysadmin is gone and one need to re-sign with own key)

  • [IMP] waptconsole: wads more permissive import from csv with just minimal values “hostname”;”mac_addresses”

  • [UPD] waptconsole: createwaptagent: show a warning if there are no SubjectAltNames on server certificate * don’t save initialdir

  • [UPD] waptconsole: disable autosearch in import packages from internet

  • [UPD] waptconsole: multiserver mode: when a specific server is selected, use settings from its section. It is useful when different private keys are used depending on server. If server specific settings used are a merge of section specific settings and [global] section settings.

  • [IMP] waptconsole: save secondary repos grid settings

  • [SEC] setuphelpers: waptconsole update-package: don’t provide GetPrivateKeyPassword and GetWaptServerAuth hooks to waptconsole python scripts anymore. This can lead to password leaks if used inproperly

  • [FIX] setuphelpers: regression on run_powershell with bad xml output

  • [IMP] setuphelpers: backport reg_delete_subkeys and run_powershell_script. Use absolute path for run_powershell system32WindowsPowerShellv1.0powershell.exe

  • [IMP] setuphelpers: unregister_uninstall now includes empty_names to make sure the registry is cleaned up as expected

  • [IMP] wads: switch copy_winpe_x64_in_tftp_folder to True

  • [FIX] wads: require client side ssl authentication for rule.json only if login_on_wads=True

  • [FIX] wads: GetSecondaryRepo random response. Order rules by sequence, initialize IsMatching to False. Handle no_fallback and check reachability with test to <repohost>/wads/hash.json

  • [FIX] waptserver: don’t force to lowercase wapt-get first argument as it can be a filename

  • [FIX] waptserver: better handling of local cookies: set SESSION_COOKIE_PATH to application uri path

  • [FIX] waptserver: windows install: use wapt-get.exe as python wrapper for postinstall scripts

  • [SEC] waptserver: windows setup: use absolute paths for winsetup.py

  • [FIX] waptserver: pylicences: takes in account waptbasedir

  • [SEC] waptserver: for /login, if user has no acls at all, reject authentication even if raw authentication is successful

  • [SEC] waptserver: in secure mode, the server session token is regenerated at each server startup

  • [SEC] waptserver: You should not respond immediately to everyone even if the answer is correct, otherwise brute force is available by calculating the response time. Add _dns_sid_ttl for sid

  • [IMP] waptserver: purge old unreferenced packages record from database after scanning repository. Remove records for the no more available packages and no longer referenced by hosts inventories.

  • [FIX] waptserver: uswgi mode: bad path for uwsgi_params -> will be in wapt/conf/uwsgi_params only now. missing PROTO forwarding ($scheme -> HTTP_X_FORWARDED_PROTO -> X-Forwarded-Proto)

  • [FIX] waptserver: typo in waptserver config url on index page

  • [SEC] waptserver: use uuid4 instead of uuid1 for server_uuid

  • [SEC] waptserver: htpasswd: use sha256_crypt as default password scheme, change 600 access mode on htpasswd file on linux.

  • [SEC] waptserver: waptserversetup.exe: be sure to run commands from explicit locations

  • [FIX] waptserver: Remove check computer_fqdn with kerberos when register, problem with linux and mac

  • [FIX] waptserver: on index page: use original request http protocol for the agent configuration download URL. Fix URL in http instead of https.

  • [FIX] waptserver: nginx config: forward the original http protocol for redirects. It fixes waptdeploy trying to download using http instead of https

  • [UPD] waptserver: postconf linux: if current server certificate is self signed, is CA and has no subjectAltNames. Use it as a CA and recreate a child certificate with subjectAltNames for nginx server. There is an issue with some https client if server certificate has no subjectAltNames. Verification is failing.

  • [FIX] waptserver: regression on loading existing session secret_key from waptserver.ini. When use_uwsgi=True, secret_key is shared between all waptserver processes

  • [UPD] wads: set time when ptcode: upgrade mormot2 for SetSystemTime feature.

  • [IMP] wads: add template desktop linux ubuntu 22.04.01

  • [UPD] wads: djoin add dnsHostName and servicePrincipalNames attribute when creating machine account. Allow add groups to machines by default

  • [IMP] wads: open import template folder on templates path

  • [NEW] wads: new debian desktop templates with graphical interface dans djoin integration

WAPT-2.5.4.15342 (2024-02-16)

hash: 6215c9da

This is a minor bugfix release, upgrade is not necessary unless you happen to have the corresponding bug.

  • [FIX] Better handling of non-standard http/https port in during Kerberos authentication. WAPT Agent authentication could fail is the https port was non standard (like 8443 for example) when using Microsoft Active Directory. There is no issue if you use Samba Active Directory, the problem happens only with Microsoft Active Directory.

WAPT-2.5.4.15337 (2024-02-14)

hash: 01a4eee0

This is the fourth release of WAPT 2.5 serie.

It fixes a bug in the console that prevented to update waptagent due to a too strict certificate check The signature validity was checked on today’s date rather than the date of the signature itself.

Other minor fixes are listed below.

  • [UPD] waptcore: check waptsetup.exe hash using waptbinaries.sha256 and code signing cert when wapt-get build-waptagent

  • [UPD] waptcore: codesigning certificate is now a EV code signing certificate.

  • [UPD] waptdeploy: by default, disable the check of codesigning certificate (waptdeploy check fingerprint by default). Codesigning could fail on older Windows with non-up-to-date root CA or internet access. Previous behavior can be force-enabled with –disablechecksignature=0

  • [UPD] waptcore: accept to read RSA384 and RSA512 X509 certificates in all the wapt code

  • [FIX] waptconsole: fix proper WADS status icon

  • [FIX] waptexit: fix splitter position

  • [FIX] waptconsole: fix splitter position in configuration form

  • [FIX] waptserver: during host package signer check: be tolerant if host_capabilities is not known yet

  • [FIX] wapt-get: no stdout when run with stdout redirection (be sure to finalize, else we don’t have final stdout (wapt-get through paramiko ssh))

  • [FIX] waptconsole: when building agent, check of waptsetup.exe hash signature fails because of Tranquil IT certificate expiration add AllowExpiredCertificate to signature checking, with default value AllowExpiredCertificate=True for waptbinaries.sha256 hashs check.

  • [FIX] waptcore: missing locales for HostCapabilities.from_string_filter

  • [FIX] waptconsole: reload python config after editing console config

  • [FIX] waptconsole: fix bug in update source package when loading / offloading python engine in the console

  • [IMP] waptconsole: add support to search ldap groups interactively in wads djoin gui

  • [FIX] waptselfservice: fix self service system on linux and macos

  • [FIX] waptserver: fix upgrade from wapt<2.3. (don’t alter packages table if it has been recreated in upgrade process)

  • [IMP] waptserver: removed host certificate cache (not used anymore as nginx is doing the job)

  • [IMP] waptcore: in reporting update hostwebsocket table from in memory status info before executing reporting query if this table name is found in query text. Introduce ‘update_websocket_reporting_table’ server config parameter

  • [FIX] waptcore: wapt on Linux, set i386 architecture for debian i686 agent packages

  • [FIX] waptcore: make TWaptRepo index by package name case sensitive to be consistent with other parts of Wapt

  • [FIX] waptcore: add is_local_user on macOS

WAPT-2.5.3.15292 (2024-02-07)

hash: 24c6e7c0

This is the third release of WAPT 2.5 serie. It includes fixes since the 2.5.2 version.

  • [SEC] Openssl library upgraded to 3.1.5

  • [FIX] reporting: fix delimier when exporting report data, fix json list display

  • [FIX] audit data: improve display of audit data (hide irrevelent info, fix json list display)

  • [REF] remove deprecated unused get_websocket_auth_token endpoint that may create overload during upgrade from 2.4 to 2.5

  • [FIX] fix wapt-get build-upload, maturity parameter was not taken into account

  • [FIX] potential access violation on waptconsole on Linux when editing machine description

  • [FIX] fix djoin layout, domain part could be hidden

  • [FIX] fix user client ssl auth forwarding when using uwsgi (machine where not impacted)

  • [FIX] waptexit: fix closing before launching upgrade if wua is enabled

    • race condition setting WaitingCountdown to false

    • removed dangerous kill thread

    • localhttp jsonget timeout set to the wapt-get.ini setting (10s by default)

  • [UPD] agent waptcrypto: skip the loading of badly formed x509 certificates from waptssl

    • they are ignored so that a corrupted certificate don’t prevent trusting the other good certificates

  • [FIX] waptsetup not taking config name and hash from filename

    • filename must have the form waptsetup-test123456_dbef360b08b929cde6cfa7b3df12b81331db42a4af0df02439890907b812d5d5.exe

  • [UPD] waptdeploy: forward config_name and config_hash from waptsetupurl

  • [IMP] store host description into wapt db for non windows platform

    • allow to add a description to linux and mac hosts in waptconsole.

  • [IMP] shell syntax highlighting for wads linux scripts

  • [UPD] use reset-config-from-url in debian debconf example

  • [FIX] waptupgrade linux: small fix for version logging

    • fix support for intel i686 in buildlib (i386 is the same as i686 on debian)

    • add log for check auth (for fail2ban)

  • [UPD] wapt-get: enable logging configuration from command line –loglevel

  • [FIX] waptconsole: Try kerberos login before regular login and only if none password supplied

  • [UPD] waptconsole: improve certificate trust when importing package.

  • [UPD] wapconsole manifest: remove useless longPathAware and add security asInvoker

    • adding asInvoker disable the Uac virtualization which causes beahaviour inconsistencies between win32 and win64

    • longPathAware is not handled properly by the fpc rtl

  • [FIX] waptserver postconf: when upgrading structure, don’t try do get null host_capabilities

  • [IMP] waptconsole wads djoin: add list of computer groups, OU filter and sort OU by name

  • [IMP] wads: retry 5 times download of iso in case of failure

  • [REF][FIX] wads : improve re-connection in case of drivers download failure

    • recreate socket in case of drivers download error

    • add command line tests actions ‘download-extract-iso <iso_sha256>’ < and ‘download-drivers <driver_bundle_name>’

    • don’t URLEncode GetMachineInfos data (they are POSTed)

    • removed wadslogic methods parameters which are already properties

    • made methods public to allow testing

    • removed steps test at beginning of each step to allow testing individual steps

    • download of iso in c:tmp subdir

    • improved default notification on console. blank line before overwriting next step status to avoid garbage

  • [IMP] WADS: errors are now sent back to the server

  • [IMP] update login form caption with selected configuration for password managers.

  • [FIX] waptconsole: after edit config, auth login dialog was shown repeatedly

  • [UPD] postconf: removed the option to disable client side ssl auth

  • [UPD] waptself:

    • terminate threads earlier in the close event instead of terminate app.

    • missing task description

    • little refactor of local auth callback

  • [IMP] waptconsole: enable autofilter in edit package grids

    • don’t enable OLE for drop to avoid ole dropsite initialization

    • don’t check CA usage by default for create new certificate

    • show CA cert in filemanager in import package form if one clicks on path label

  • [UPD] cleanup wapt-get

    • removed unused anymore CreateWaptSetup / CreateWaptAgent

    • takes in account –wapt-server-url , –wapt-repo-url in wapt-get.exe code

    • add –service_auth_type for wapt-get.exe

    • make –user=xxx equivalent to –waptservice-user=xxx or –WaptServiceUser=xxx

  • [UPD] update mormot2 for better wget resume

    • avoid appending error data from server to current in progress payload

Small fixes

  • [FIX] waptconsole gui: don’t activate grid editor on right-click

  • [UPD] waptconsole hosts grid: make columns up to fqdn fixed on the left

    • tisgrid and sogrid: DragType default dtVCL

    • removed toAcceptOLEDrop from MiscOptions by default

  • [FIX] wapt-get install: don’t print “Installing…” twice

WAPT-2.5.2.15207 (2024-01-15)

hash: ed70d8c7

This is the second release of WAPT 2.5 serie. It includes many fixes since the 2.5.1 version.

As for WAPT 2.5.1, the focus of this release is the security and performance improvement. Now the client SSL auth is configured by default to enhance the security of the server, protecting both the repository and the API endpoints used by the agent. On the performance front, the upload of inventory updates from the agent to the server are more atomic to avoid unnecessary bandwidth and cpu consumption.

Upgrade notes:

  • It is not required anymore to have verify_cert enabled like in WAPT 2.5.1, even if it is strongly encouraged to enable it.

  • When upgrading, the websocket protocol is incompatible between the WAPT 2.4 version and WAPT 2.5 version. Due to this incompatibility, the connectivity status will be DISCONNECTED while the client does its waptagent upgrade. Upgrade is done by default in the next two hours. The waptupgrade package has to be assigned to all computers before hand.

  • The support of reverse proxy (WAF, etc.) doing TLS interceptions or TLS terminaison is no longer supported. If you have a reverse proxy in front of the WAPT server, it has to be configured as a simple TLS forwarding proxy based on SNI (cf. ngx_stream_core_module on nginx server for example).

  • The waptserver webpage for waptagent download is not enabled by default anymore. Please check the corresponding documentation.

  • In order to avoid machine UUID lower/upper caps mismatch, now machine UUID are sent in lower case if there is no pre-existing uppercase registered host.

  • The function from waptcrypto import encrypted_data_str has been moved to from setuphelpers import rsa_encrypted_data_str.

  • WMI and DMI inventory are now supported by default through auditing packages tis-audit-wmi and tis-audit-dmi. You can force dmi/wmi support directly in the waptagent, but it is less efficient and not recommended.

  • If you are calling api endpoints in scripting, beware that client certificate authentication is now mandatory.

Other highlights:

  • Add waptserver and waptagent support for debian 12 arm64.

  • Support for dark mode on Linux and macOS is now on par with light mode. Dark mode on Windows is not yet supported though.

  • The download speed was throttled due to a bug in the WAPT Console. Now download is done at full speed in the console.

  • In all the grids of WAPT console you can now create pie charts based on selected data.

  • For more clarity, date / time are displayed in localized local time instead of UTC.

  • In the process of security hardening of WAPT, the unit test coverage has been improved, the code base has gone through some cleanup and integration tests have been expanded.

  • You can now add custom audit data to create custom fields with hand typed data (for example warranty expiry date, etc).

  • To make inventory upload more efficient and avoid overloading the server, when installing / updating packages, the update status of waptagent is sent at the end of the upgrade cycle of the agent.

  • 2 cmd.exe black screens were showing on opening a user session to execute WAPT session-setup scripts. We have been informed that some users where attempting to close the windows before the scripts completed. Now, the WAPT session-setup scripts execute without displaying the black screens on users opening their Windows session.

WAPT Console

  • [FIX] waptconsole: add ability to get server certificate chain through proxy

  • [FIX] waptconsole: add filtering on both ADGroups and ADSites

  • [FIX] waptconsole: default selection of repo when importing

  • [FIX] waptconsole: better handling dynamic configurations certificates path when adding a new config

  • [FIX] waptconsole: better support for host tags and packages target_os with os version condition

  • [FIX] waptconsole: fix acls signature checking

  • [FIX] waptconsole: fix dynamic configuration: server certificate combobox

  • [FIX] waptconsole: fix login error if changing server config file after a failed login.

  • [FIX] waptconsole: handle proxy for mustache http handlers in html viewer

  • [FIX] waptconsole: improve darkmode in TisGrid HTML cells

  • [FIX] waptconsole: improve importing package from package file

  • [IMP] signature check on importing packages from store

  • [NEW] waptconsole: Add a filter in import packages to filter packages compatible with registered hosts

    • hosts compatibility (show last compatible version)

    • package newest only and newest than mine and compatible with my hosts.

  • [FIX] waptconsole: improve dynamic configuration wizard layout for Linux

  • [FIX] waptconsole: improve password complexity description

  • [FIX] waptconsole: tasks polling: make socket receive timeout longer than poll timeout

  • [FIX] waptconsole: tasks polling: reset LastEventId in case of failure to fix wrong display history

  • [FIX] waptconsole: multi server support, some fixes to better support TLS client auth.

  • [FIX] waptconsole: show BIOS revision

  • [FIX] waptconsole: use OpenURL to start web browser on URL instead of OpenDocument (for Linux support).

  • [FIX] waptconsole: user certificate fingerprints in ACLS mismatch.

  • [FIX] waptconsole: verifying subnet in remote repo rules and refuse if ipsubnet/mask pair is incorrect

  • [FIX] waptconsole: very slow when using a proxy to access repo or server with verify_cert=1

  • [IMP] waptconsole: ask for trusted cert on import package

  • [IMP] waptconsole: don’t display the update popup when checking newer waptagent version under Linux / macOS

  • [IMP] waptconsole: grid: persist Custom Expressions in grid settings between sessions

  • [IMP] waptconsole: import packages: add some progress feedback

  • [IMP] waptconsole: improve check cert before import package

  • [IMP] waptconsole: improve loading WAPT Console time and some saved properties

  • [IMP] waptconsole: improve certificate graphical and textual display UI/UX

  • [IMP] waptconsole: invalidate trusted signers cache on package index refresh

  • [IMP] waptconsole: testing if the bundle path is writable on local filesystem on updates.

  • [IMP] waptconsole: verify cert before importing package in local repo

  • [NEW] waptconsole: showing proper panels with repo_rules_enable or repo_sync_enable

  • [NEW] waptconsole: improve form to validate and trust certificate for external repositories

  • [UPD] waptconsole: add Signer sha256 fingerprint of package in private repo grid.

  • [UPD] waptconsole: Better explanation for enable_reposync parameter in dynamic configurations.

  • [NEW] waptconsole: add checkbox in waptsetup form to force install of WaptUpgrade package

  • [NEW] waptconsole: display/hide Tabs and Features in “View” menu to make it easier to find

  • [NEW] waptconsole: add support for pie chart in waptconsole grids

  • [NEW] waptconsole: option to enable autofilters on grid similar to

  • [NEW] waptconsole: server certificate pinning in preferences

  • [NEW] waptconsole: warnings if no CA defined for https server or package verification from store

  • [UPD] waptconsole: add sha1 fingerprint in certificates grid

  • [UPD] waptconsole: comestic improvments : increase row height of certificates grid

  • [UPD] waptconsole: disable http request helper in mustache html frame viewer by default.

  • [UPD] waptconsole: edit host: filter packages with the host_packages_filter string

  • [UPD] waptconsole: edit packages layout: remove top panel scrollbox

  • [UPD] waptconsole: handle “update_server_status_on_connect” in waptconsole json config wizard

  • [UPD] waptconsole: hide windows update and banned columns in software inventory tab

  • [UPD] waptconsole: import packages: add a trusted_signer column

  • [UPD] waptconsole: import packages. Improve filter on packages compatibles with my hosts

  • [UPD] waptconsole: include custom expression filter on grids.

  • [UPD] waptconsole: renamed display setting “debug mode” into “advanced display and grid settings

  • [IMP] waptconsole: improve import queries from wapt store in reporting

  • [UPD] waptconsole: allow export for newly converted dvgrid (audits and reports)

  • [FIX] waptconsole: reports saving and report tabs closing issues

  • [UPD] waptconsole: reporting: add an option to filter result grid rows on same selected values

  • [UPD] waptconsole: save MRU of search edit combobox

  • [UPD] waptconsole: set default position of forms into first FHD screen. (to avoid lost forms on non existent second screen)

  • [UPD] waptconsole: sort by os_name,os_version if inventory grid sort is on os_name

  • [UPD] waptconsole: tasks list: add some columns. Reduce count of default visible columns

  • [UPD] waptconsole: update grids autofilters to keep custom expressions visible

  • [UPD] waptconsole: use computer fqdn for RDP connection to allowNLA Kerberos

  • [UPD] waptconsole: add a http_keep_alive_ms parameter in waptconsole.ini to improve console http requests latency.

  • [UPD] waptconsole WaptRepo class: add CheckControlSignature attribute to force checking control signature when loading packages Index.

  • [UPD] waptconsole: use domain_name for host html template domain.

  • [FIX] waptconsole: fix import reports/queries from url and file

  • [FIX] waptconsole: set splitter to color clDefault for better dark mode handling

  • [FIX] waptconsole: disable kerberos by default when building the agent

  • [FIX] waptconsole: update dynamic config form layout

  • [NEW] waptconsole: added “Remove custom column” item for column popup menu in grids

  • [FIX] waptconsole: avoiding importing packages twice if already downloaded

  • [UPD] waptconsole: grid colors: add guessed default chart colors from well known status label

  • [FIX] waptconsole : dynamic json config. don’t add empty repo_url, wapt_server, profiles to [global]

  • [FIX] waptconsole. Clipboard not working under Linux GTK

  • [IMP] waptconsole: introduced Chart most used values

  • [IMP] waptconsole: updating grids after importing packages

  • [UPD] waptconsole: default columns for WUA in Inventory

  • [UPD] waptconsole: add p12 file filter for private key password change

  • [UPD] waptconsole: always enable privatekey password change menu

  • [UPD] waptconsole: private key password form: Add certificate file path in windows title to ease use of passwords manager auto fill

  • [UPD] waptconsole: more helpful message when no certificate is defined in configuration

  • [FIX] waptconsole: dynamic config wizard: server cert not saved properly

  • [UPD] waptconsole custom audit data edit

  • [FIX] waptconsole: audit data editing in grids

  • [UPD] waptconsole: re enable “don’t check certificate” when building a custom agent

WAPT Server

  • [NEW] waptserver: add homepage_enable parameter in waptserver.ini to enable/disable waptserver homepage

  • [NEW] waptserver: add login_on_homepage parameter in waptserver.ini to require or not authentication on waptserver homepage

  • [NEW] waptserver: add UseSslClientAuth option in waptserver windows setup.

  • [UPD] waptserver: default CRL expiration set to 10 days

  • [UPD] waptserver: try to reload nginx if CRL updated

  • [UPD] waptserver: more meaningful waptserver error when trying to upload a host package which is not trusted by the target host.

  • [UPD] waptserver: linux postconf: add a question “Authenticate Agents using https client certificate (recommended)”

  • [UPD] waptserver: on linux: add a sudo rule to allow wapt user to reload nginx

  • [UPD] waptserver: waptpackage update_packages_index: rewrite Package zip file only if has actually changed

  • [UPD] waptserver: windows waptservice and waptserver angelize daemons: use json format as it is more mormot compatible

  • [FIX] waptserver: api logs: decode properly request args when gzipped

  • [FIX] waptserver: db model : be sure unique id sequences are bigint

  • [FIX] waptserver: db model revert “unlogged” to “logged” on status tables.

  • [FIX] waptserver: in connection auth callback, avoid double call to callback.

  • [FIX] waptserver: during hostgroups handling, entry.depends must be splitted by ‘,’

  • [FIX] waptserver: repos rules, removed legacy endpoints /sync.json /rules.json

  • [FIX] waptserver: update_file_tree_of_files for upload_file and merge_stripped_package

  • [FIX] waptserver: windows waptserversetup: use previous nginx cert CN to guess server name when upgrading.

  • [IMP] waptserver: during Linux server postconf, stop if kerberos ans spnego packages are not installed

  • [SEC] waptserver: forbid missmatch subject_alt_names in cert and computer_fqdn

  • [SEC] waptserver: when kerberos mode, verify add_host_kerberos when use auth_result

  • [UPD] waptserver: add a certbot letsencrypt route in nginx config

  • [FIX] waptserver: multiple fixes for uwsgi support

  • [FIX] waptserver: fix postconf kerberos and not exist subject_alt_names

WAPT Agent

  • [SEC] waptagent: add page hashes when siging windows binaries for tests with IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY (force windows to check exe signatures)

  • [SEC] waptagent: waptselfservice : prevent ntlm use for local auth system

  • [UPD] waptagent: include “update_server_status_on_connect” in waptagent json config.

  • [UPD] waptagent: add wapt-get delete-param for debugging purpose

  • [UPD] waptagent: auto convert wua error with : https://learn.microsoft.com/en-us/windows/deployment/update/windows-update-error-reference

  • [UPD] waptagent: waptagent upgrade: install this package as soon as agent see it -> Install waptupgrade package as soon as agent see it

  • [UPD] waptagent: force update if there was some valid_from, valid_until, force_install in future in previous update

  • [UPD] waptagent: take in account wapt_base_dir ini file in [global]

  • [UPD] waptagent: add an option “update_server_status_on_connect=1” to update server status when websockets reconnects.

  • [UPD] waptagent: waptsetup windows: hide console when running wapt-get session-setup ALL on login

  • [UPD] waptagent: waptself: notify_server_on_finish for self service actions

  • [NEW] waptagent: GetLocalAppdataFolder for UNIX

  • [NEW] waptagent: -l param for WAPT Message loading dynamic logo

  • [NEW] waptagent: wapt-get: add get-params to get local db params as json with wildcards

  • [FIX] waptagent: waptservice: check_auth_groups: handle multiple authorization headers for local auth

  • [FIX] waptagent: waptself: default position on first monitor (X low enough…) to avoid AV when getting monitor DPI

  • [FIX] waptagent: append min_os_version and max_os_version = os_version to PackageRequest initialized from agent’s OS tags.

  • [FIX] waptagent: improve wua status install when and error happens

  • [FIX] waptagent: in waptservice, in case of server auth failure on update_server_status, try re-register only if last successful register is older than 2 hours

  • [FIX] waptagent: kill task waptexit.exe before installing it

  • [FIX] waptagent: python WaptRemoteRepo init if config is None.

  • [FIX] waptagent: regression with urllib3 when verify_cert=False.

  • [FIX] waptagent: remove erroneous extra arg installed_by for WaptPackageInstall

  • [FIX] waptagent: reset_host_uuid if uuid was present in section ‘default_global’

  • [FIX] waptagent: use proper dmidecode under MacOS with intel processor

  • [FIX] waptagent: wapt-get –service ping stucked sometimes during waptsetup last step.

  • [FIX] waptagent: waptserver login_self_service: unsupported media type

  • [FIX] waptagent: waptservice tasks not executed in the right order

  • [FIX] waptagent: waptwua client https certificate auth and proxies support

  • [FIX] waptagent: fix empty configuration handling when first starting service without config on Linux

  • [FIX] waptagent: on linux/macos ensure app ini filename directory exists

  • [IMP] waptagent: do not fill the organization attributes in machines CSR

  • [FIX] waptagent: waptsetup fix guessing config name and config hash from filename

  • [FIX] waptagent: waptwua, fix wmi_installed_windows_updates_result

  • [FIX] waptagent: waptwua, use wmi_installed_windows_updates_result for search kb install date

  • [UPD] waptagent: waptexit: removed sogrid.

  • [FIX] waptagent: fix audit many packages on upgrade stopped on first failed audit

  • [UPD] waptagent: add forced install on linux waptupgrade packages

  • [IMP] waptagent: during waptservice upgrade, tweak notify_server_on_finish

  • [SEC] waptagent: resetting private and log folders in wapt rights after each update in case it has been messed up by sysadmin or other scripts

  • [IMP] waptagent: waptself: reduce amount of data in task grid.

  • [FIX] waptagent: waptwua client: revert more registry paramaters when reenabling windows wua service

  • [FIX] waptagent: fix uninstall kb on win10 using DISM and mum files data

  • [UPD] waptagent: waptservice tasks: add start_not_before and start_not_after attributes in reporting json dict

  • [FIX] waptagent: don’t check wsusscn2cab date if waptwua is disabled

WAPT Core

  • [SEC] waptcore: upgrade cryptography to 41.0.7 for CVE-2023-49083

  • [UPD] waptcore: remove wapt version in exe filename with auto_create_waptagent_from_config

  • [UPD] waptcore: wapt-get.exe now honors “–not-interactive” command line flag

  • [REF] waptcore: waptcrypto: export cacert.pem in non redirected profile path if different from redirected one on Windows (SysWOW64 / system32)

  • [UPD] waptcore: when comparing target_os version and versions, add missing ending version members

  • [NEW] waptcore: add 7zip dlls in default wapt install

  • [IMP] waptcore: upgrade to openssl 3.1.4

  • [FIX] waptcore: Change all http client calls to not retry once if timeout.

  • [FIX] waptcore: fixed socket (Wget) performance regression on Windows

  • [FIX] waptcore: fix install_msi_if_needed in setup.install. some args were not passed to underlying setuphelper function.

  • [FIX] waptcore: remove_user_programs_menu_folder() failed if dir didn’t exist

  • [FIX] waptcore: sys and time sould be imported by default

  • [FIX] waptcore: use ~ for make_packages_filter_string separator

  • [FIX] waptcore: verify_cert not propagated properly from config WaptRemoteRepo config argument

  • [FIX] waptcore: wapt-get local auth: avoid sending 2 authorization (Bearer + Basic)

  • [FIX] waptcore: wapt-scanpackages: add –reload-nginx-if-needed option to reload nginx config if CRL updated (need specific sudo rights for wapt user)

  • [FIX] waptcore: waptutils.get_requests_client_cert_session : be sure verify_cert is True if arg is None

  • [FIX] waptcore: waptsetuputil for waptserversetup: don’t use openssl to extract Subject from X509 certificate to avoid locking

  • [FIX] waptcore: ignore trailing zero subversion when doing comparison. Now 2.1.0 == 2.1

  • [FIX] waptcore: uuid to lower in WADS

  • [FIX] waptcore: remove non valid chars from package Dev directory when building package name

  • [FIX] waptcore: fix missing Exception message reporting from the agent

  • [FIX] waptcore: wapt-get check-package 401 error when trying to get Packages index

  • [FIX] waptcore: wapt-get build-package when personal crt file has multiple certificates

  • [FIX] waptcore: wapt-get reset-uuid: delete stored hardware_uuid and hostname

WAPT WADS

  • [NEW] wads: add support for static ip address in WinPE

  • [NEW] wads: getting net interfaces info for WADS

  • [NEW] wads: when using a winre wim file for wifi support on wads, del winpeshl.ini to behave like a winpe

  • [NEW] wads: improve information updates on waptserver when wads install starts

  • [UPD] wads: wapttftpserver: set case insensitive filename option

  • [IMP] wads: replace ipxe.efi with snponly.efi to improve support of ip stack on uefi bios

  • [IMP] wads: Run setupcomplete.cmd with “schtasks /Create /RU SYSTEM /SC ONSTART” to support wapt postinstall script on Windows Pro OEM or Windows Home OEM (otherwise it was not run)

  • [FIX] wads: add except ValueError for ipaddress.ip_network (fix fail if bad network)

  • [FIX] wads: avoid checking for WinPE under UNIX system since it can only be created on Windows systems

  • [FIX] wads: ensure waptdjoin overwrite/move works with children

  • [FIX] wads: improve WinPE creation (7z.dll and certificate improvements)

  • [FIX] wads: loading properly pem data in grid

  • [FIX] wads: login: clear password if login fails

  • [FIX] wads: setting selected .wim file for managing WinPE

  • [FIX] wads: switch token generation to “it’s dangerous” lib

  • [FIX] wads: add json signature check in wgetwads

  • [FIX] wads: remove bad templates/wads_template/windows/conf/win7_with_join_ad_offline.xml because djoin blob handling fails on win7

  • [FIX] wads: Remove ProductKey in xml templates to let windows get product key from UEFI/Bios

  • [FIX] wads: fix disable schtask to do postinstall script

  • [IMP] wads: add 3 download retry when downloading drivers to handle shacky networks

  • [FIX] waptwads: add a default filter based on manufacturermodel when creating/uploading drivers from wads inventory

Setuphelpers / setupdevhelpers

  • [FIX] setupdevhelpers: replace of unicode 2019 character was incorrect

  • [FIX] setuphelpers: link was broken for wmi-rebuilding-the-wmi-repository

  • [ADD] setuphelpers: raise_error flag on set_service_start_mode()

  • [IMP] setupdevhelpers: complete_control_impacted_process now handle .EXE (caps)

  • [IMP] setupdevhelpers: descriptions will now cleared from black unicode character “u202f”.

  • [FIX] complete_control_min_wapt_version was not returning right value

  • [IMP] setupdevhelpers: get_private_persistent_package_() improved for DEV

  • [NEW] setupdevhelpers: complete_control_impacted_process returns a dict for advanced action in other scripts

  • [NEW] setupdevhelpers: remove_outdated_binaries will remove part files as it should be removed in update_package

  • [IMP] setupdevhelpers: add UNIX compatibility of unzip_with_7zip()

  • [IMP] setuphelpers: remove_appx() : No longer try to remove NonRemovable AppX package and optimize powershell by using output_format=”text”

  • [NEW] setupdevhelpers: add get_size() and update complete_control_impacted_process() functions

  • [NEW] setuphelpers: setuphelpers_windows functions: add_netfirewallrule() and remove_netfirewallrule()

  • [FIX] setupdevhelpers: get_private_persistent_package_*() when package is not installed yet

WAPT-2.5.1.14695 (2023-10-03)

hash : f667ffe1

This is the first release for WAPT 2.5 serie. The focus of this release is the security and performance improvement. Now the client SSL auth is configured by default to enhance the security of the server, protecting both the repository and the API endpoints used by the agent. On the performance front, the upload of inventory updates from the agent to the server are more atomic to avoid unnecessary bandwidth and cpu consumption.

In the process of security hardening of WAPT, the unit test coverage has been improved, the code base has gone through some cleanup and integration tests have been expanded. For more clarity, date / time are displayed in localized local time instead of UTC.

Note: be sure to read the upgrade procedure, it is required to have verify_cert enabled.

Libraries updates:

  • update python to 3.8.18

  • update openssl to 3.1.3

  • update krb5 lib to 1.21.2

  • update mormot2 framework to 2.1

WAPT Console

  • [NEW] waptconsole: “Don’t ask again” option on hosts trigger updates / upgrades / actions forms.

  • [IMP] waptconsole: displays the fingerprint of retrieved certificate when pinning a certificate.

  • [UPD] waptconsole: simplify default grid layout on first launch. Only minimal columns for Host and Packages status.

  • [SEC] waptconsole: when retrieving it initially from server, show the certificate to the user so that it can check.

  • [FIX] waptconsole: don’t try to load previous configuration before switching to the selected one.

  • [IMP] waptconsole: save certificate grid layout in the “create Wapt setup” windows.

  • [UPD] waptconsole: OSDeploy / Configuraration forms now show datetime columns as local time using OS default format.

  • [FIX] waptconsole: prevent unnecessary call the the api/v3/known_packages API in packageNameSelect.

  • [FIX] waptconsole: keep import packages basket always visible and disable importing when importing another package.

  • [UPD] waptconsole: remove all cached file for configured servers repo only when cleaning up local cache.

  • [UPD] waptconsole: in create waptagent, store upgrade package in local cache.

  • [IMP] waptconsole: ask to delete package in dev folder if it’s existing (for avoiding checksum issue).

  • [FIX] waptconsole: create waptsetup: don’t try to check certificate until form is initialized.

  • [IMP] waptconsole: create waptagent: trust at least one’s own certificate if no configuration yet.

  • [IMP] waptconsole: external repositories settings.

  • [FIX] waptconsole: Don’t include unnecessary option parameters in wapt-get.ini when disabling waptwua in agent generation.

  • [FIX] waptconsole: improve gui form with checkboxes to select BIOS UUID, random UUID or FQDN UUID when creating the WAPT Agent.

  • [NEW] waptconsole build custom waptagent simplified dialog.

  • [FIX] waptconsole: import packages filenames truncated in dialog.

  • [NEW] waptconsole: add actions on OU menus host audit, launch wapt exit, apply update safe.

  • [SEC] waptconsole: client side temporary auth cert: don’t provide a CSR on login if ClientPrivateKeyPath is set, don’t override client private key if not temporary.

  • [SEC] waptconsole: delete temporary client keys on renew or shutdown.

  • [NEW] waptconsole: create a CSR on login to get from server a tempory certificate for client side AuthMethod.

  • [IMP] waptconsole: beter error catching when uploading files.

  • [FIX] waptconsole: keep cursor position in task log when refreshing.

  • [IMP] waptconsole / acls: cosmetic change: show green checks centered. Multiple orange checks when acl is not boolean but a list show icon if assigned certificate or user with server password.

  • [IMP] waptconsole / acls: reorder users grid columns.

  • [IMP] waptconsole: packages filtering: add redhat os when selecting Linux closes.

  • [IMP] waptconsole: add python syntax highlight to .py files edit.

  • [FIX] waptconsole: GUI Logical problems on Generate Agent Visual.

  • [IMP] waptconsole: add credentials to authenticate to a proxy while importing from internet repository. The password is encrypted as the repository credential in import from internet.

  • [FIX] waptconsole: fix sizing text / button when changing language.

  • [IMP] waptconsole: change Host Delete window’s CheckBox and phrasing to be more user friendly.

  • [IMP] waptconsole: certificate’s serial numbers on console hostpage now in displayed in hexadecimal.

  • [IMP] waptconsole: add total size total of import package selection.

  • [IMP] waptconsole: add a search button for AD Group in self-service rules.

  • [IMP] waptconsole: implement a new popup that warn the user when he imports a package that has dependencies which are not located in the current repository.

  • [IMP] waptconsole: add the service authentication type setting in windows waptagent build form.

  • [FIX] waptconsole / config: missing use_random_uuid property in json config.

  • [NEW] waptconsole / gui: add multi-filter in Grid, add Function to filter all agents, add filter in Grid for os_version (add str_removechars to compare os version).

  • [NEW] waptconsole / reporting: add snapshot action on report results.

  • [UPD] waptconsole / config: verify server cert by default.

  • [FIX] waptconsole / audit gui: better date handling by setting expiration date to NULL.

  • [UPD] waptconsole / acl gui: allow html selection in valid certificates frame.

  • [FIX] waptconsole / software repo: fix display of last detected software version by Luti.

  • [FIX] waptconsole / inventory: wrong image when OU is written in lowercase.

  • [IMP] waptconsole / inventory: introduce better FrmHtmlViewer.RenderTemplate.

  • [IMP] waptconsole / inventory: in LDAP tree enable display sub-OU checkbox by default.

  • [UPD] waptconsole / gui : store and manage all date / time in UTC. Display datetime in localized format in console.

  • [IMP] waptconsole / gui: visual color adjustments.

  • [NEW] waptconsole / create waptagent: add UI to set include_dmi_inventory and include_wmi_inventory_default in waptsetup and dynamic configurations.

  • [UPD] waptconsole: import package from external repo: when looking for package, strip specifically the configured prefix instead of any prefix. This fix the case when several prefixes are used in private repo. If the same package exists with 2 different prefixes, the comparison can use he wrong package and report incorrectly that a newer package exists.

  • [FIX] waptconsole / gui: LDAP search form: minor fixes and usage improvement.

  • [IMP] waptconsole / gui: introduce new filter by column in TisGrid / SOGrid.

  • [NEW] waptconsole: CheckLicence with out RemainingDays parameter.

  • [FIX] waptconsole: avoid trying execution of updates on non connected host to speed up the process.

  • [FIX] waptconsole: default and cancel action shortcut where missing.

  • [IMP] waptconsole: show Close button on form WUA pending updates.

  • [NEW] waptconsole: adding possibility to show only Cancel button acting like Close.

  • [GUI] waptconsole: showing os version in column os_name on Inventory.

  • [IMP] waptconsole: when editing corrupted package in pyscripter, don’t delete dev directory but show a warning.

  • [FIX] waptconsole / gui: wrong color on splitter, should be default color parameter.

  • [IMP] waptconsole: cleanly abort import packet on abort by user.

  • [SEC] waptconsole: Be sure to clear password memory in case of exception.

  • [IMP] waptconsole / multi-servers: authenticate separately on each server, avoid AV if one server is not responding anymore.

  • [UPD] waptconsole: add a “forced update” checkbox when triggering host updates if Ctrl+Maj are pressed.

  • [IMP] waptconsole: Disable audit button if user is not admin.

  • [IMP] waptconsole / licencing: allow to upload an already activated licence if activated for the same server_uuid.

  • [FIX] waptconsole: fix WUA order in inventory main grid.

  • [UPD] waptconsole: some improvements in the Linux / macOS agent download gui.

  • [FIX] waptconsole: fix missing repository error on imported queries.

  • [UPD] waptconsole: in create waptsetup, display localized date time for certificates.

  • [IMP] waptconsole: avoid to pop hosts limit approaching to license capacity limit.

  • [IMP] waptconsole: avoid unnecessary messagebox when checking licenses.

  • [UPD] waptconsole: add support for HTML in grid.

  • [FIX] waptconsole: proper property name for status / sync_status in grid agent repo.

  • [SEC] waptconsole: check that certificate used to sign new certificates is flagged for CA usage in CreateSignedCert.

  • [FIX] waptconsole: avoiding to load templates for now when messaging users.

  • [UPD] waptconsole html viewer: when secure_mode, disable http request in mustache templates.

  • [UPD] waptconsole: cosmetic layout change of waptconsole config.

  • [FIX] waptconsole: ask for a private key password even if it not encrypted.

  • [IMP] waptconsole: hiding WADS actions if wads_enable is false.

  • [IMP] waptconsole: hiding WUA actions is waptwua_enable is false.

  • [NEW] waptconsole: disabling OS Deploy and WUA by server options.

  • [IMP] waptconsole: enabling / disabling tabs from preferences.

  • [NEW] waptconsole: reduce validity duration of new certificates created in waptconsole if server is in secure_mode.

  • [FIX] waptconsole: temporary fix for waptconsole crash on win7 large fonts.

  • [FIX] waptconsole: Inventory host certificates multi selection shows merged certificates of selected hosts.

  • [FIX] waptconsole: warns the user when his Acls changes during his session.

  • [FIX] waptconsole: disable ActReportingQueryReload if user doesn’t have ‘run_report’ ACL.

  • [UPD] waptconsole: create waptsetup: make use kerberos more visible: move it in non advanced setting.

  • [FIX] waptconsole: update from store final report truncated.

  • [FIX] waptconsole: add filters on certificates dialog.

  • [UPD] waptconsole: improve and simplify private packages repo grid.

  • [FIX] waptconsole: enabling Ok button by default on Make WinPE.

  • [FIX] waptconsole: and other guis: fix Settings saving and loading.

  • [FIX] waptconsole: import newest packages than mine.

  • [FIX] waptconsole: empty certificate in waptsetup and json configuration.

  • [UPD] waptconsole: specify that don’t check certificate is dangerous.

  • [UPD] waptconsole: handle visibility of Wapt Dev tab in advanced display settings.

  • [SEC] waptconsole: encrypt the temporary key generated at waptconsole login.

  • [NEW] waptconsole: provide a copy of generated and uploaded waptsetup in local repo cache on admin computer

  • [NEW] waptconsole: allow hide and display on all main tabs in the console

  • [IMP] waptconsole: show_softwares_inventory set to false by default

  • [FIX] waptconsole: create waptsetup: check use_kerberos against global server config

  • [NEW] waptconsole: manageable hide/display items on host pages

  • [NEW] waptconsole: show_secondary_repo set to false by default

  • [IMP] waptconsole: show_waptdev set to false by default

  • [NEW] waptconsole: cbDontAskAgain after modifying host

  • [NEW] waptconsole: hide WUA in Agent creation setup and configuration and package creation

  • [FIX] waptconsole: use HttpgetSafe instead of HttpGet for host overview templates (check certificates)

WAPT Server

  • [UPD] waptserver / postconf: disable wads endpoints and send a http 403 answer if wads is not enabled.

  • [FIX] waptserver / postconf: improve upgrade path by better reloading server config to load calculated default values.

  • [FIX] waptserver / postconf: fix Linux postconf may need be launched twice to have a proper installation.

  • [FIX] waptserver / config: use a ping test file to test repo/wapt access instead of querying wapt/Packages url.

  • [SEC] waptserver / nginx: always set X-Ssl-Authenticated X-Ssl-Client-DN X-Ssl-Client-Sha1.

  • [SEC] waptserver / config: use_ssl_client_auth = True by default.

  • [IMP] waptserver: don’t capture and save user certificate provided on login.

  • [FIX] waptserver: newest_only in api/v3/packages api does not compare versions properly.

  • [NEW] waptserver model Packages: change architecture locale target_os licence to Array instead of text.

  • [FIX] waptserver: fix for waptserver postconf linux must be launched twice to have a proper installation.

  • [IMP] waptserver: Don’t set CA true by default when generating a self signed certificate.

  • [FIX] waptserver: fix model upgrade issues when coming from 1.8.

  • [SEC] waptserver: add a sleep of 3s in case of authentication failure to reduce risk of brute force or ddos on auth endpoints.

  • [FIX] waptserver: better handling of special caracters in LDAP authentications.

  • [UPD] waptserver: wapt-get server connection: try to use host keys if no key defined in config file (ClientPrivateKeyPath and ClientCertificatePath).

  • [NEW] waptserver: showing agents list on webserver index page.

  • [NEW] waptserver: getting agents symlink from waptagent folder (usefull for html template).

  • [FIX] waptserver update_server_status installed_packages: forgotten packages not removed from database.

  • [IMP] waptserver auth: in ssl auth, decode DN of certificate using ldap3.utils.dn.parse_dn for better parsing.

  • [NEW] waptserver config: introduce ssl_client_crls and ssl_client_certificates for nginx config on nginx, when client side cert auth is enabled, often we have at least 2 CA to trust: CA of wapt clients, and CA of wapt admins. In nginx, this means we have to concatenate in one PEM file 2 CAs the same for the CRLS if they are defined.

  • [REF] waptserver: nginx configuration: introduce common forward_ssl_auth.conf and require_ssl_auth.conf files.

  • [IMP] waptserver: add audit_data_def endpoints for audit data metadata description and html templates.

  • [SEC] waptserver: use a different secret for token and session cookies, use a temporary secret for session cookies on agent.

  • [NEW] waptserver check_auth. allow ‘admin’ user athentication with ‘token’ method (similar to session) useful for WADS on Linux.

  • [FIX] waptserver uninstall : delete waptserver_pycache_ folder when uninstalling for cleanup.

  • [IMP] waptserver: server waptwinsetup installer: add new paramaters –server-names= on Linux and /ServerNames on Windows to initialize server certificates CN and AltSubjectNames.

  • [IMP] waptserver waptcrypto : enable the use of IP in AltSubjectName of X509 certificates.

  • [FIX] waptserver: server postconf better handling of client ssl authentication configuration.

  • [IMP] waptserver socket authentication: use only client side certificate TLS authentication.

  • [UPD] waptserver: add waptserver update-crls action.

  • [UPD] waptserver postconf: configure ssl_additional_crls, clients_signing_crl and clients_signing_crl_url.

  • [FIX] waptserver: error for revoke_cert of host certificate when deleteing a host.

  • [UPD] waptserver conf: add ‘trust_signed_host_certificate’ default to False.

  • [FIX] waptserver: update default values for wads_enable and waptwua_enable.

  • [FIX] waptserver: allow access to api/v3/get_waptagent_exe/.*/waptagent.exe without client cert.

  • [NEW] waptserver: check password complexity on server when change_password is called.

  • [FIX] waptserver: be sure we have a username to check before checking certificate CN during ‘ssl’ authentication.

  • [NEW] waptserver / postconf: add automtic initilization of keytab if kerberos is enabled in postconf.py.

  • [SEC] waptserver / postconf: check password complexity.

  • [UPD] waptserver / wua: disable waptwua periodic tasks wit waptwua_enable is False.

  • [FIX] waptserver / auth: removed unuseful allow_unauthenticated_registration test in add_host_kerberos.

  • [FIX] waptserver: improve postconf.py –secure mode server side.

  • [UPD] waptserver: returns secure_mode, waptwua_enable and wads_enable in /api/v3/global_config endpoint.

  • [UPD] waptserver / postconf: removed the apache key/certificate migration.

  • [UPD] waptserver: use only lowercase login.

  • [FIX] waptserver: add acl admin or edit_wsus_package on WUA part.

  • [FIX] waptserver: return 404 for *_kerberos and *_wads endpoints when disabled.

  • [FIX] waptserver: postconf crash if /var/www/html/wapt/ssl/ not exist on Linux.

  • [NEW] waptserver: add reporting_enable parameter on wapt server windows install and linux install and in the console.

  • [FIX] waptserver: removed unused html and javascript files.

  • [UPD] waptserver: increate nginx large_client_header_buffers to 16k for Self service kerberos SSO to handle ticket with large group counts

  • [NEW] waptserver: add homepage_enable in config waptserver

  • [UPD] waptserver: disable repo_sync tasks if repo_sync_enable is False

  • [UPD] waptserver postconf: displays a summary message to donwload agent installer

  • [UPD] waptserver: returns a content type with text when 401 or 403 in nnginx SSL auth.

  • [UPD] waptserver: disable nginx rules.json and sync.json when disabled in server config

  • [NEW] waptserver: add enable_repo_sync and enable_repo_rules options

  • [FIX] waptserver: update all crls when deleteing host

  • [UPD] waptserver: update all crls on scan-packages

  • [FIX] waptserver / postconf: update crls immediately on postconf to allow nginx to start properky.

  • [UPD] waptserver : in secure mode, add a default value for ‘ssl_client_crls’ to /opt/wapt/conf/ca-check-clients.crl

  • [NEW] waptserver / postconf: add option to enable / disable waptwua_enable option

  • [UPD] waptserver / postconf: displays https server certificate fingerprint.

  • [FIX] waptserver : set check_auth_groups token_lifetime is in Wapt properties

  • [UPD] waptserver: removed jsquery and other JS from server index page

  • [FIX] waptserver / postconf : known_certificates_folder in /var/www/[html]/ssl by default

WAPT Agent

  • [FIX] waptagent / waptwua : bad arg in datetime.datetime.utcnow() when handling is_delayed parameter.

  • [IMP] waptagent: wapt-get reset-uuid: add extra argument to give an explicit uuid to set.

  • [FIX] waptagent: waptsetup : unable to load stuffed configurations if it is downloaded in a folder with non ascii characters.

  • [UPD] waptagent: wapt-get build-waptagent: take in account include_dmi_inventory and include_wmi_inventory settings.

  • [IMP] waptagent / Linux: add en_us.utf8 env variable to service file.

  • [UPD] waptagent / wapt-get : add check-package and check-json commands.

  • [FIX] waptagent: wapt-get reset-uuid and wapt-get generate-uuid for random uuid management.

  • [FIX] waptagent: waptsetup for use_random_uuid with stuffed waptagent.

  • [FIX] waptagent: fix warning in debian agent postinst.

  • [FIX] waptagent: wapt session-setup : remove session-setup for non standard interactive users (uid <1000).

  • [FIX] waptagent: update Agent: Ensure wget output directory exists.

  • [FIX] waptagent: wapt-get could ask for server password even if –wapt-server-passwd option is provided.

  • [SEC] waptagent: use dmidecode.exe from wapt directory on windows instead of first one in path.

  • [FIX] waptagent: improve disable windows update when Windows would try to re-enable it by itself.

  • [FIX] waptagent: macOS : add correct WAPT version in Info.plist.

  • [FIX] waptagent: waptwua can’t compare offset-naive and offset-aware datetimes.

  • [FIX] waptagent: Create waptsetup: server cert verify improvement.

  • [IMP] waptagent: update_server_status: add explicit include_dmi_inventory and include_wmi_inventory arguments (default to True).

  • [FIX] waptagent: wapt-get waptcrypto: workaround to be sure to load ssl before cryptography.

  • [FIX] waptagent: fix first package status upload after compute registration.

  • [UPD] waptagent / waptself: add an explicit get_token argument to login_kerberos / login in kerberos ldap-server authentication.

  • [FIX] waptagent: wapt-get.ini include_wmi_inventory and include_dmi_inventory not taken in account.

  • [UPD] waptagent: after editing host package, when applying, don’t kill running applications.

  • [FIX] waptagent / waptsetup: write use_kerberos to inifile.

  • [REF] waptagent: refactor waptsetup settings on windows, check use_kerberos in install gui if already checked in wapt-get.ini.

  • [NEW] waptagent: noborder option to WAPTMessage.

  • [UPD] waptagent: update mormot2 for SMI UUID handling on Linux.

  • [FIX] waptagent: on Windows, add mklink for libcrypto-3.dll and libssl-3.dll for cryptography lib to avoid improper openssl dll search.

  • [FIX] waptagent: set RedirectLogRotateFiles to 2 for angelize services to avoid filling the local log directory.

WAPT WADS

  • [REF] waptwads: TFTP server logging.

  • [FIX] waptwads: testing dnslookup before getting wads executable.

  • [FIX] waptwads: taking care of verify ssl server parameter.

  • [IMP] waptwads: add an history for the status log of the os deployment New action on the OS deployment page, right click on the main grid.

  • [IMP] waptwads / djoin: Allow to move or delete (with children) host if it already exist.

  • [FIX] waptwads / djoin: Handle special characters in djoin OU treeview.

  • [FIX] waptwads / djoin: Use pagination in ldap search for groups.

  • [FIX] waptwads / djoin: fix djoin subdomain handling in Active Directory forest.

  • [FIX] waptwads djoin: prepare djoin: force use of tls if ldap connection on port 636 allow using password on unencrypted channel.

  • [IMP] waptwads: add a version file for the WinPe It warns the user if the WinPe is not up to date with the current console version Linked #6501.

  • [FIX] waptwads: mormot2 TLdapClient.AddComputer don’t escape DN.

  • [FIX] waptwads: infinite loop if canceling creation host in OS Deploy.

  • [FIX] waptwads: encoding issue when executing diskpart command on WADS.

  • [UPD] waptwads: Allow to create winpe on non empty external drive after double warning.

  • [NEW] waptwads: host configuration selection on OS deploy like drivers bundle selection.

  • [NEW] waptwads: configurations property storing all Configurations on frame Tfrmmanagedeploymentconfiguration.

  • [NEW] waptwads: selection of driver bundle in OS deploy.

  • [NEW] waptwads: function to hide buttons Add, Delete and Delete unused on TFrmManageDeploymentDrivers.

  • [IMP] waptwads: colorizing cell in red when ISO does not exists anymore on WADS configuration.

  • [FIX] waptwads: rights issues when creating WinPE with other elevated user credentials.

  • [IMP] waptwads: getting IsoConfig when requesting DeployConfig and HostOSDeploy data insertion values.

  • [IMP] waptwads: improvements, better logs, visual for iso decompression, delete the log after the start of a new deployment Linked.

  • [IMP] waptwads / wapttftpserver: add option session_port_min and session_port_max to specify the range of ports to use for ephemeral session UDP port. Useful if limit on firewalls must be set. Defaults to 0 to use system defined ephemeral ports.

  • [FIX] waptwads: prepare Host Packages: packages specific to one target OS are filtered out.

  • [IMP] waptwads: replace the use of 7-Zip.exe on Wads with mormot2 7-Zip Mormot2 uses 7-Zip dll to copy the behavior of 7-Zip No linked ticket.

  • [NEW] waptwads / wapttftpserver: if loglevel=debug, add ttoLowLevelLog option to get more debug details.

  • [FIX] waptwads: remove constraints for Graphical WADS window, allowing the binary to adapt to screen size.

WAPT Setuphelpers / SetupDevHelpers

  • [ADD] devhelpers:

    • get_public_persistent_dir(),

    • get_public_persistent_file(),

    • get_private_persistent_package_dir(),

    • get_private_persistent_package_file(),

    • remove_tree_for_all_users(),

    • get_file_extension(),

    • complete_control_*() are GUI helpers for “template” packages.

  • [UPD] setuphelpers: update detect_file_encoding doctring class MacOSVersions in CamelCase.

  • [IMP] devhelpers: reduce unexpected behaviors on vscode_launch.json: –no-ide “justMyCode”: false, pythonArgs”: “-I”.

  • [ADD] setuphelpers: adding new WindowsVersions.

  • [ADD] setuphelpers: add new macOSVersions class.

  • [ADD] setuphelpers: get_release_name(lower=False) for original case but stays lower() by default.

  • [IMP] devhelpers: add newline flag to json_write_file().

  • [FIX] setuphelpers: wrong log on unmount_dmg.

  • [FIX] devhelpers: remove_outdated_binaries() productversion check.

  • [IMP] setuphelpers: adds REG_QWORD in setuphelpers symbols default import.

  • [IMP] setuphelpers: setuphelpers_windows.py: be tolerant if dmidecode.exe does not exist.

  • [IMP] devhelpers: waptguihelper: add form’s height/width info on grid’s metadata that was returned, when copy to clipboard.

  • [FIX] devhelpers: setuphelpers_windows get_app_path() returns always None.

  • [IMP] devhelpers: BeautifulSoup functions can now parse string content of a page or reparse a “bs_result”. It is now possible to parse a specific attribute.

  • [FIX] devhelpers: setuphelpers_windows get_app_path() returns always None.

  • [FIX] devhelpers: copytree2 better symlink handling.

  • [IMP] devhelpers: complete_control_package now avoid triple hyphens “—“.

  • [FIX] devhelpers: get_control_dict() was not returning a dict when detected as PackageEntry.

  • [ADD] devhelpers: new function complete_control_min_wapt_version().

  • [FIX] devhelpers: waptguihelper import was crashing WAPT for non-GUI systems in setupdevhelpers.py.

WAPT Core

  • [UPD] wapt core: add FailIfFileExists argument to GetPeerCertChainFromServerPath.

  • [UPD] wapt core / waptcrypto: in TX509Certificate, introduce IsSelfSigned and use short field names for DN.

  • [UPD] wapt core / waptcrypto: in TX509Certificate.Generate, add IsServerAuth and Usages arguments.

  • [FIX] wapt core: use LAZVER300 define instead of VER300 for version of lazarus.

  • [FIX] wapt core: ISO8601UtcToLocalDateTimeStr: handle 9999-12-31 as NULL date.

  • [FIX] wapt core: UpdateSOCertFromCert missing ‘not_before’ property.

  • [UPD] wapt core: small improvement in certificate HTML templates.

  • [FIX] wapt core: waptsetuputil ApplyJsonConfigToIniFile: update [default_global] section if it exists instead of [global].

  • [IMP] wapt core: be tolerant for ISO8601UtcToLocalDateTimeStr with date in far future.

  • [IMP] wapt core: Be tolerant if datetime string has no date and time separators.

  • [FIX] wapt core: explicit failure if package.localpath is None or empty.

  • [FIX] wapt core: check hosts limit only if we got at least one host.

  • [FIX] wapt core: waptpackage.py PackageEntry sign_package.

  • [REF] wapt core: host uuid calc to keep existing uuid but use hardware uuid in lowercase in cas eof new hardware.

  • [IMP] wapt core: reduce amount of data sent to server when update_server_status don’t update server status too often dont’t send wmi and dmi by default send only delta of packages install status.

  • [FIX] wapt core: python pyd module initialization: by default, revert to use Py_Initialize for engine initilization which keeps sys.argv as in caller process python engine.

  • [REF] wapt core: use IWaptSignatureChecker interface instead of IX509Store when it is needed to check a package.

  • [IMP] wapt core: TX509Store IsTrustedCert : take in account the AllowSelfSigned argument.

  • [IMP] wapt core: waptpackage: remove duplicated certificate chain checks.

  • [SEC] wapt core: enable ASLR and DEP on all wapt binaries. Enable debug infos on Default on projects disable run in debugger for release modes.

  • [SEC] wapt core: make wapt_base_dir handling more deterministic in both python and freepascal modules. Waptlicences waptbasedir: use new GetExecutableName func from mormot2 introduce WAPT_BASE_DIR environment variable to override default guessed wapt base dir (based on pyd location) introduce WAPT_LIBCRYPTO_BASE_DIR environment variable to override guessed location of libcrypto and libssl modules.

  • [REF] wapt core: replaces GetWaptFullVersion function by WaptBuildVersion constant from wapt-get/build_version.inc.

  • [IMP] wapt core: add GetTerminalWidth for commandline.

  • [FIX] wapt core: FrmPackageDetails: Missing condition when saving local files.

  • [IMP] wapt core: angelize waptsvc: add wapt_base_dir and config commandline parameter for tests.

  • [FIX] wapt core: CSR fixed version number as generated by NewCertificateRequest - should be 0 as stated by the RFC.

  • [SEC] wapt core / waptcrypto : add X509_V_FLAG_POLICY_CHECK when checking certificate chains.

  • [FIX] wapt core: waptsigner TWaptSignatureChecker.VerifyJsonSignature: unable to check signature if cert is not the trusted CA.

  • [IMP] wapt core / waptguihelper: system language based.

  • [NEW] wapt core: Add new errors_list output variable for HostCapabilities / PackageRequest.is_matching functions.

  • [SEC] wapt core: sign and check the “get_tasks_status” action from console to agents.

  • [UPD] wapt core: log (info) Openssl version at startup of server.py and wapt-get.py.

  • [FIX] wapt core: don’t set client_certificate and client_private_key for repo and server if they are empty strings in wapt-get.ini.

  • [FIX] wapt core: patch for cryptography to avoid the error when trying to load legacy provider with openssl >= 3.0.0 which has been removed.

  • [FIX] wapt core: TimedJSONWebSignatureSerializer is replaced by URLSafeTimedSerializer in latest itsdangerous python module.

  • [FIX] wapt core: waptcrypto SSLCertificate subject_dn and issuer_dn to return short names rfc4514_string

WAPT-2.4 Serie

WAPT-2.4.0.14143 (2023-08-08)

hash : 9847ee8b

This is a bugfix release for WAPT 2.4.0. Notable fixes are fixes are :

  • better handling of scrolling in SelfService on macOS

  • fix network error on macOS m1

  • better support for authentication on WAPT Store Enterprise when downloading packages in the WAPT Console

WAPT Console

  • [IMP] waptconsole import packages: avoid flickering when clicking on rows.

  • [FIX] waptconsole / external repositories settings: renamed user and password fields to mention explicitly Store and token.

  • [IMP] waptconsole import packages from store: handle 401 and 403 proactively to suggest user to authenticate to WAPT Store Enterprise and validate licences for proprietary software

  • [IMP] better handling of icons list WAPT Self-service

  • [FIX] fix waptconsole download waptagent for linux and mac (symlink for waptagent gui not properly handled)

WAPT core

  • [FIX] better handling of current path when starting wapt: determine default_waptservice_ini with waptutils__file__, not from sys.argv[0] to handle

  • [FIX] add use random uuid in json agent configurations

WAPT on Linux and macOS

  • [FIX] Fix running_on_ac setuphelpers function on Linux

  • [FIX] fix older macOS support specify --platform macosx_10_9_x86_64 and --platform macosx_11_0_arm64 when run pip compilation for backward compatibility

  • [FIX] macOS : fix app startup icon not working on macos ventura and above

  • [FIX] Debian : add dependency on rsyslog OR syslog-ng in server and service deb package

  • [FIX] fixed socket ioctl() on some POSIX targets (e.g. macOS on M1 architecture)

  • [FIX] fix scrolling WAPT Self-service under MacOS with magic mouse or macbook trackpad

WAPT Server

  • [FIX] edit order check_auh for get_wads_config

  • [FIX] fix db upgrade bug when upgrading from WAPT 1.8.2

WAPT-2.4.0.14080 (2023-06-22)

hash : 25f00c3f

This is a bugfix release for WAPT 2.4. Notable fixes are fix a for issues when building and uploading package from PyScripter due to __pycache__ and .pyc files, and a fix for the broken WakeOnLan feature.

WAPT Console

  • [FIX] waptconsole: show main_ip of pre wapt 2.4 host before upgrade

  • [FIX] waptconsole gui: splitter position in softwares inventory

  • [FIX] waptconsole : missing data in softwares inventory (host_capabilities)

  • [FIX] waptconsole: label showing KBs usage space

  • [FIX] waptconsole / sendMessage: don’t autosize form as it creates endless layout loop on linux

  • [FIX] waptconsole: MS remote assist is on port 135, not 3389

WAPT Core

  • [FIX] wapt dynamic configuration: hiberboot_enabled is a boolean in json config, but must be set as a dword in registry

  • [FIX] wapt-get build-upload: excluded files are not properly excluded when building the zip file due to __pycache__ and .pyc

  • [FIX] waptagent macox: using launchctl kickstart instead of launchctl unload && load for wapt service under MacOS

WAPT Server

  • [FIX] server: reintroduce hosts.gateways extraction from host_networking

  • [FIX] server / trigger wakeonlan: fix for compatibility with old host data.

WAPT WADS

  • [IMP] send a human readable message to ipxe when WADS is disabled while trying to deploy through WADS

  • [IMP] ensure WADS deployment and ipxe still works when djoin is empty

WAPT-2.4.0.14058 (2023-06-09)

hash : ae548d8ab

This is a bugfix release for WAPT 2.4.

Notable changes :

  • Added support for Debian 12 amd64 on client and server

  • Upgrade openssl from 3.0.8 to 3.0.9

  • Upgrade python from 3.8.16 to 3.8.17

WAPT Server

  • [NEW] add debian12 for amd64

  • [UPD] no filter by default for importing WUA updates

  • [UPD] adding more update file extension

  • [FIX] handle server side Hosts dataset ordering (when a hosts count limit is given in waptconsole, we expect to get the first n hosts in the grid order)

  • [FIX] waptserver : upload linux waptagent ensure symlink is secure filename

  • [FIX] waptserver model: missing extraction of dnsdomain and mac from host_networking json into plain Hosts columns

WAPT macOS

  • [FIX] direct waptservice restart on MacOS

WAPT Linux

  • [NEW] add debian12 for amd64

  • [NEW] Add new systemd function to setuphelpers for Linux

WAPT Console

  • [FIX] fix waptpython.exe and waptpythonw.exe upgrade through innosetup when version id does not change

  • [FIX] fix waptsetup install when setup file is located in directory with non ascii chars

  • [FIX] Add escape_filter_chars for ldap3 (allow parenthesis and other special char in group names)

  • [FIX] DJoin: fetch ldap search result until no more pages left

  • [FIX] DJoin: Limit ldap search page to 500 results

  • [FIX] showing pending WUA updates

WAPT Core

  • [SEC] sign all dll and exe that are compiled by Tranquil IT during build process

  • [SEC] switch to openssl 3.0.9

  • [SEC] switch to python 3.8.17

WAPT-2.4.0.14031 (2023-05-26)

hash : 1420892a

This is the release of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

WAPT Server

  • [NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth

  • [NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN

  • [NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.

  • [NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)

  • [NEW] waptserver licences: be tolerant if no server_uuid yet

  • [NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status

  • [NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages “waptpython -I waptservice/service.py” * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx

  • [NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent

  • [ADD] WAPTWUA missing allow url allow mp.microsoft.com

  • [RM] removed endpoint /api/v2/download_wuredist

  • [IMP] lower case for test rules secondary repo in case of mixed case scenario

  • [IMP] waptservice and wapttftpserver: don’t wait for enter key on error

  • [IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth

  • [IMP] waptserver: add signer_fingerprint db field to Wads models

  • [IMP] adding generic symlink when uploading waptagent to have standard http url for agent download

  • [IMP] waptrepo: hardened handling of multiple concurrent repo cache updates

  • [IMP] server add_configurations : return json config filenames in result.

  • [IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client

  • [IMP] waptserver crls updates for nginx: * merge all known crls into file if “ssl_crls” waptserver.ini is defined

  • [IMP] waptserver model: update Packages table description_localized dict from package entry.

  • [IMP] add psycogreen patching for eventlet / postgresql

  • [IMP] Be sure to fill executable version infos when initializing logger

  • [IMP] cache CASigners in waptrepo

  • [UPD] upgrade to 14.7 postgresql for windows

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount

  • [FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server

  • [FIX] waptserver nginx: add “proxy_request_buffering off;” to the top server nginx config to workaround issues with big iso uploads.

  • [FIX] fix username in log history of actions on waptserver

  • [FIX] newest_only in api/v3/packages api does not compare versions properly.

  • [FIX] fixed regexp in nginx location for conf.d / *.json files (and others).

  • [FIX] waptserver: login initialization of user typo

  • [FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates

  • [FIX] config url on server index landing page.

  • [FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session

  • [FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.

  • [REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis

  • [REF] server: removed legacy url style login

WAPT Agent

  • [NEW] waptsetup: removed the option to trust tranquilit certificates.

  • [NEW] don’t set wapt-templates by default in agent config file wapt-get.ini

  • [IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.

  • [IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently

  • [IMP] logo in WAPT SelfService

  • [IMP] waptself: improve auth error message

  • [IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels

  • [IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default

  • [IMP] WAPT Message adaptive form size to content if no size is set

  • [IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox

  • [IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.

  • [IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case

  • [IMP] waptsetup: add logs of service install exec shell commands.

  • [UPD] wapt-get: add restart-waptservice action. fix add-licence authentication

  • [FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too

  • [FIX] Self Service : DownloadAllPackageIcons after getting a token

  • [FIX] restarting waptservice by scheduler under MacOS

  • [FIX] taking care of display_time in WAPT Service

  • [FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag

  • [FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe

  • [FIX] fix waptsetup trusted_external_certs

WAPT Linux

  • [NEW] add json config url in waptserver homepage to help linux agent config

  • [IMP] waptupgrade : improve command line install for deb base distro

  • [IMP] Debian: add reboot_needed and reboot-required.pkgs info in host info

  • [IMP] force locale C for strptime installed_softwares

  • [FIX] fix datetime.datetime.strptime for installed_softwares in rhel9

WAPT macOS

  • [NEW] WAPT Tray compilation config. for macosx

  • [FIX] fix out of range error when importing waptlicences python module on macosx

WAPT Console

  • [NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user

  • [NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console

  • [NEW] button export pending required WUA KB as curl string list

  • [NEW] import CAB WUA updates

  • [NEW] Showing pending WUA updates to download

  • [NEW] audit info Add asus support button to asus support site with computer ref

  • [NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access

  • [NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading “,” in the list of arguments because of a bug in mormot helpers arg handling.

  • [NEW] add display time for WAPT Message when sending from WAPT Console

  • [NEW] waptconsole: Enable audit data tab by default

  • [ADD] message user friendly for ‘.exe’ signature

  • [ADD] Message to confirm hosts deletion

  • [IMP] package maturity action

  • [IMP] adding url for wsusscn2.cab to download

  • [IMP] fix double click not able to show certificate using shell.

  • [IMP] adding possibility to cancel configuration package creation

  • [IMP] Add Tasks Status for better security and messages

  • [IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.

  • [IMP] WaptConsole: Discover domain controllers from domain dns name

  • [IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin

  • [IMP] User can add username / password for repositories while importing packages for Internet

  • [IMP] better grid status if restart pending

  • [IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined

  • [IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking “Check https certificate”.

  • [IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first

  • [IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.

  • [IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages

  • [IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.

  • [IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth

  • [IMP] waptconsole: Add update package tab in package editor

  • [IMP] waptconsole: Display min/max os version in target_os column if defined.

  • [IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.

  • [IMP] waptconsole: add architectures arm and arm64 to the filters

  • [IMP] new dark view mode for console

  • [UPD] waptconsole: show login dialog if the server session cookies expires

  • [UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.

  • [UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.

  • [UPD] icon on error status in host WUA

  • [UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.

  • [FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.

  • [FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)

  • [FIX] waptconsole reporting : no column displayed when running query outside of query editor

  • [FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console

  • [FIX] waptconsole: propagate licences count to background threads

  • [FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest

  • [FIX] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions

  • [FIX] splitter placement on audit data when showing history

  • [FIX] Better Design for Import from Internet Basket

  • [FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver

  • [FIX] fix basic auth (issue when concatenating user+’:’+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.

  • [FIX] waptconsole: fix local agent configuration based on built agent config

  • [FIX] waptconsole : image showed as inactive on action forget package

  • [FIX] waptconsole: empty server side message when upload error.

  • [FIX] waptconsole import package: restore last used repository

  • [FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.

  • [FIX] waptconsole server login: be sure to not loop if basic auth fails

  • [FIX] waptconsole import packages newer than mine when there are dots in names

  • [FIX] deleting rows from audit data history

  • [FIX] waptconsole regression decrypting old python rsa encrypted data

  • [FIX] waptconsole decrypt of client side encrypted data

  • [FIX] Clearing audit data history view if no data

WAPT Core

  • [SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check

  • [NEW] add command line action “wapt-get dmiinfo”

  • [NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer

  • [NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.

  • [NEW] improve handling of external repo user/password authentication.

  • [IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.

  • [IMP] wakeonlan: be tolerant if no interface or no macs on a host

  • [IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)

  • [IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status

  • [IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.

  • [IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threads are updating the same repo cache.

  • [IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.

  • [IMP] waptcrypto: be sure to not create an empty stripped down CA file. return full bundle path if function fails.

  • [IMP] use mormot instead of tsmbios for get_biosinfos

  • [IMP] mormot2 fix Samba LDAP expectations in its “strong auth = yes” default mode - i.e. allow “signing sealing” of the frames if TLS is not used

  • [IMP] when checking for changed file over http, use a 2s tolerance before or after.

  • [IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.

  • [IMP] waptpackage get_stripped_package: include ‘update_package.py’ in payload for the console.

  • [IMP] Add “–only-priorities” and “–only-if-not-process-running” options to wapt-get upgrade, install, remove actions

  • [IMP] logo for WAPT Message

  • [IMP] waptcrypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key

  • [IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes

  • [IMP] be sure to get only public cert from TX509Certificate mormot unit

  • [IMP] add pfx and p12 file filter for personal cert file browser

  • [IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup

  • [IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently

  • [IMP] create waptsetup: set verify_cert to ‘1’ instead of path to cabundle if verify cert is checked.

  • [UPD] update vc_redist to version 14.36.32532

  • [UPD] avoid untrapped exception when password can not decrypt key

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [UPD] manage multivalued “architecture” in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf

  • [UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.

  • [UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.

  • [FIX] missing makepath import and syntax fix

  • [FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.

  • [FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)

  • [FIX] allow empty folders in package

  • [FIX] TWaptSignatureChecker.VerifyJsonSignature in case ‘signed_attributes’ is not supplied in the json.

  • [FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using ‘tcp@1.2.3.4’ name server

  • [FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC

  • [FIX] python wget not setting properly the file last-modified date from http header.

  • [FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit which breaks console.

  • [FIX] wapt-get.py import waptservice is optionnal

  • [FIX] fix Machine without main_ip are ignored

  • [FIX] bad TTL for CACert bundle on disk cache

  • [FIX] old bug causing removes to fail when software is already uninstalled

  • [FIX] use ‘1’ for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug

  • [REF] breaking change: removed import of PackageEntry from setupdevhelpers.py

  • [REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath

  • [REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers

WAPT WADS

  • [SEC] add iso hash in ipxescript

  • [NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host

  • [NEW] Wads with Graphical Display and Info

  • [NEW] add update driver bundle option

  • [NEW] reset drivers on hosts OSDeploy

  • [NEW] drag and drop .iso on console for upload

  • [NEW] drag and drop of drivers folder on drivers in WADS part

  • [NEW] drag and drop from Host to deploy to drivers or configuration

  • [IMP] Verify WADS hostname on WADS Winpe / Console / Server

  • [IMP] Better login for login_on_wads

  • [IMP] Wapt downloads are now in Graphical WADS

  • [IMP] waptserver: calc sha256 of iso during upload rather than after upload

  • [IMP] TVisPrepareDjoin: Add domain discovery

  • [IMP] TVisPrepareDjoin: sort DC by response time using cldap

  • [IMP] Save prepare djoin form fields in session (domain, username and password)

  • [IMP] Add ubuntu and rhel9 wads template

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [IMP] ipxe add keymap

  • [IMP] sending file to api/v3/upload_deploy_files only if needed

  • [IMP] Default prepare djoin window credentials to current domain’s

  • [IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver

  • [IMP] On WADS conf, a password for superadmin is defined

  • [IMP] Prepare DJoin: Connect through kerberos if possible

  • [IMP] waptconsole PrepareDJoin: allow direct input of Host OU

  • [UPD] wads: wait 30s for an ip address.

  • [UPD] limiting uploading iso files only on WADS part

  • [FIX] Wads fix default dir for iso upload

  • [FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes

  • [FIX] getting ipv4 addresses excluding APIPA

  • [FIX] wads: break loop if 401 login fails.

  • [FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain

  • [FIX] Stop Graphical if WADS is only used to send status

  • [FIX] Retry Wads now reset the status

  • [FIX] avoiding loop showing message if ISO name already exits

  • [FIX] empty error message on refreshing ISO file list

  • [FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName

  • [FIX] fix copy cert in winpe for wads

  • [FIX] empty error message on refreshing drivers file hashes and bundle names

  • [FIX] Warning Removal and reset wads32 binary

  • [FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid

  • [FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter

  • [FIX] TVisPrepareDjoin: Handle sub-domain within forest

  • [FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect

  • [REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)

WAPT-2.4.0.14001-rc3 (2023-05-25)

hash : 1420892a

This is the third release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

WAPT Server

  • [FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server

  • [FIX] waptserver nginx: add “proxy_request_buffering off;” to the top server nginx config to workaround issues with big iso uploads.

  • [FIX] fix username in log history of actions on waptserver

  • [FIX] newest_only in api/v3/packages api does not compare versions properly.

  • [IMP] lower case for test rules secondary repo in case of mixed case scenario

  • [IMP] waptservice and wapttftpserver: don’t wait for enter key on error

WAPT Agent

  • [FIX] Self Service : DownloadAllPackageIcons after getting a token

  • [IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.

  • [UPD] wapt-get: add restart-waptservice action. fix add-licence authentication

  • [IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.

  • [FIX] restarting waptservice by scheduler under MacOS

  • [IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case

  • [IMP] waptsetup: add logs of service install exec shell commands.

  • [FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too

  • [IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default

WAPT Console

  • [FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.

  • [IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking “Check https certificate”.

  • [IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first

  • [FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)

WAPT Core

  • [FIX] missing makepath import and syntax fix

  • [FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.

WAPT WADS

  • [FIX] Wads fix default dir for iso upload

WAPT-2.4.0.14001-rc2 (2023-05-17)

hash : 13e724ad

This is the second release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

WAPT Console

  • [FIX] waptconsole reporting : no column displayed when running query outside of query editor

  • [FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console

  • [FIX] waptconsole: propagate licences count to background threads

  • [FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest

  • [FIX] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions

  • [FIX] splitter placement on audit data when showing history

WAPT Server

  • [FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount

  • [IMP] adding generic symlink when uploading waptagent to have standard http url for agent download

  • [UPD] upgrade to 14.7 postgresql for windows

  • [FIX] fixed regexp in nginx location for conf.d / *.json files (and others).

WAPT Core

  • [FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)

  • [IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.

  • [UPD] update vc_redist to version 14.36.32532

  • [FIX] allow empty folders in package

WAPT Linux

  • [IMP] waptupgrade : improve command line install for deb base distro

WAPT macOS

  • [FIX] fix out of range error when importing waptlicences python module on macosx

WAPT-2.4.0.13958 RC1 (2023-04-17)

hash : 2cb08262

This is the first release candidate of WAPT 2.4. This new version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

WAPT Console

  • [FIX] Better Design for Import from Internet Basket

  • [FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver

  • [NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user

  • [IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.

  • [IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages

  • [IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.

  • [IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth

  • [FIX] fix basic auth (issue when concatenating user+’:’+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.

  • [UPD] waptconsole: show login dialog if the server session cookies expires

  • [FIX] waptconsole: fix local agent configuration based on built agent config

  • [NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console

  • [IMP] waptconsole: Display min/max os version in target_os column if defined.

  • [FIX] waptconsole : image showed as inactive on action forget package

  • [FIX] waptconsole: empty server side message when upload error.

  • [IMP] waptconsole: Add update package tab in package editor

  • [FIX] waptconsole import package: restore last used repository

  • [IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.

  • [IMP] waptconsole: add architectures arm and arm64 to the filters

  • [IMP] new dark view mode for console

  • [NEW] button export pending required WUA KB as curl string list

  • [NEW] import CAB WUA updates

  • [IMP] adding url for wsusscn2.cab to download

  • [IMP] fix double click not able to show certificate using shell.

  • [NEW] Showing pending WUA updates to download

  • [UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.

  • [UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.

  • [IMP] package maturity action

  • [IMP] adding possibility to cancel configuration package creation

  • [IMP] Add Tasks Status for better security and messages

  • [IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.

  • [FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.

  • [IMP] WaptConsole: Discover domain controllers from domain dns name

  • [IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin

  • [NEW] audit info Add asus support button to asus support site with computer ref

  • [NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access

  • [NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading “,” in the list of arguments because of a bug in mormot helpers arg handling.

  • [UPD] icon on error status in host WUA

  • [IMP] User can add username / password for repositories while importing packages for Internet

  • [NEW] add display time for WAPT Message when sending from WAPT Console

  • [FIX] waptconsole server login: be sure to not loop if basic auth fails

  • [FIX] waptconsole import packages newer than mine when there are dots in names

  • [UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.

  • [IMP] better grid status if restart pending

  • [FIX] deleting rows from audit data history

  • [FIX] waptconsole regression decrypting old python rsa encrypted data

  • [NEW] waptconsole: Enable audit data tab by default

  • [IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined

  • [FIX] waptconsole decrypt of client side encrypted data

  • [ADD] message user friendly for ‘.exe’ signature

  • [ADD] Message to confirm hosts deletion

  • [FIX] Clearing audit data history view if no data

WAPT Agent

  • [FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe

  • [FIX] fix waptsetup trusted_external_certs

  • [IMP] WAPT Message adaptive form size to content if no size is set

  • [NEW] waptsetup: removed the option to trust tranquilit certificates.

  • [IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox

  • [FIX] taking care of display_time in WAPT Service

  • [NEW] don’t set wapt-templates by default in agent config file wapt-get.ini

  • [FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag

  • [IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently

  • [IMP] logo in WAPT SelfService

  • [IMP] waptself: improve auth error message

  • [IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels

WAPT Core

  • [SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check

  • [FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using ‘tcp@1.2.3.4’ name server

  • [NEW] add wapt-get dmiinfo

  • [IMP] waptcrypto: be sure to not create an empty stripped down CA file return full bundle path if function fails.

  • [IMP] use mormot instead of tsmbios for get_biosinfos

  • [FIX] TWaptSignatureChecker.VerifyJsonSignature in case ‘signed_attributes’ is not supplied in the json.

  • [IMP] mormot2 fix Samba LDAP expectations in its “strong auth = yes” default mode - i.e. allow “signing sealing” of the frames if TLS is not used

  • [FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC

  • [UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.

  • [REF] breaking change: removed import of PackageEntry from setupdevhelpers.py

  • [IMP] when checking for changed file over http, use a 2s tolerance before or after.

  • [FIX] python wget not setting properly the file last-modified date from http header.

  • [IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.

  • [IMP] waptpackage get_stripped_package: include ‘update_package.py’ in payload for the console.

  • [IMP] Add –only-priorities and –only-if-not-process-running to wapt-get upgrade, install, remove

  • [IMP] logo for WAPT Message

  • [IMP] waptcypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key

  • [IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes

  • [IMP] be sure to get only public cert from TX509Certificate mormot unit

  • [IMP] add pfx and p12 file filter for personal cert file browser

  • [UPD] avoid untrapped exception when password can not decrypt key

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup

  • [IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently

  • [FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit whicj breaks console.

  • [UPD] manage multivalued “architecture” in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf

  • [FIX] wapt-get.py import waptservice is optionnal

  • [IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.

  • [IMP] wakeonlan: be tolerant if no interface or no macs on a host

  • [IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)

  • [FIX] fix Machine without main_ip are ignored

  • [FIX] bad TTL for CACert bundle on disk cache

  • [IMP] create waptsetup: set verify_cert to ‘1’ instead of path to cabundle if verify cert is checked.

  • [FIX] old bug causing removes to fail when software is already uninstalled

  • [NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer

  • [NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.

  • [FIX] use ‘1’ for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug

  • [REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath

  • [UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.

  • [IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status

  • [NEW] improve handling of external repo user/password authentication.

  • [IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.

  • [IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threds are updating the same repo cache.

  • [REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers

WAPT Server

  • [IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth

  • [NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth

  • [IMP] waptserver: add signer_fingerprint db field to Wads models

  • [NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN

  • [ADD] WAPTWUA missing allow url allow mp.microsoft.com

  • [NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.

  • [REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis

  • [FIX] waptserver: login initialization of user typo

  • [REF] server: removed legacy url style login

  • [NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)

  • [FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates

  • [NEW] waptserver licences: be tolerant if no server_uuid yet

  • [IMP] waptrepo: hardened handling of multiple concurrent repo cache updates

  • [FIX] config url on server index landing page.

  • [FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [IMP] server add_configurations : return json config filenames in result.

  • [IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client

  • [IMP] waptserver crls updates for nginx: * merge all known crls into file if “ssl_crls” waptserver.ini is defined

  • [NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status

  • [NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages “waptpython -I waptservice/service.py” * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx

  • [RM] removed endpoint /api/v2/download_wuredist

  • [NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent

  • [IMP] waptserver model: update Packages table description_localized dict from package entry.

  • [FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.

  • [IMP] add psycogreen patching for eventlet / postgresql

  • [IMP] Be sure to fill executable version infos when initializing logger

  • [IMP] cache CASigners in waptrepo

WAPT WADS

  • [FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes

  • [IMP] waptserver: calc sha256 of iso during upload rather than after upload

  • [FIX] getting ipv4 addresses excluding APIPA

  • [IMP] TVisPrepareDjoin: Add domain discovery

  • [IMP] TVisPrepareDjoin: sort DC by response time using cldap

  • [IMP] Save prepare djoin form fields in session (domain, username and password)

  • [FIX] wads: break loop if 401 login fails.

  • [FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain

  • [NEW] reset drivers on hosts OSDeploy

  • [FIX] Stop Graphical if WADS is only used to send status

  • [FIX] Retry Wads now reset the status

  • [IMP] Verify WADS hostname on WADS Winpe / Console / Server

  • [NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host

  • [IMP] Better login for login_on_wads

  • [IMP] Wapt downloads are now in Graphical WADS

  • [NEW] Wads with Graphical Display and Info

  • [FIX] avoiding loop showing message if ISO name already exits

  • [FIX] empty error message on refreshing ISO file list

  • [SEC] add iso hash in ipxescript

  • [IMP] Add ubuntu and rhel9 wads template

  • [UPD] wads: wait 30s for an ip address.

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [IMP] ipxe add keymap

  • [FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName

  • [FIX] fix copy cert in winpe for wads

  • [FIX] empty error message on refreshing drivers file hashes and bundle names

  • [NEW] add update driver bundle option

  • [UPD] limiting uploading iso files only on WADS part

  • [IMP] sending file to api/v3/upload_deploy_files only if needed

  • [FIX] Warning Removal and reset wads32 binary

  • [NEW] drag and drop .iso on console for upload

  • [NEW] drag and drop of drivers folder on drivers in WADS part

  • [NEW] drag and drop from Host to deploy to drivers or configuration

  • [IMP] Default prepare djoin window credentials to current domain’s

  • [IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver

  • [IMP] On WADS conf, a password for superadmin is defined

  • [REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)

  • [IMP] Prepare DJoin: Connect through kerberos if possible

  • [FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid

  • [IMP] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter

  • [FIX] TVisPrepareDjoin: Handle sub-domain within forest

  • [FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect

WAPT Linux

  • [IMP] Debian : add reboot_needed and reboot-required.pkgs info in host info

  • [IMP] force locale C for strptime installed_softwares

  • [FIX] fix datetime.datetime.strptime for installed_softwares in rhel9

  • [NEW] add json config url in waptserver homepage to help linux agent config

WAPT macOS

  • [NEW] WAPT Tray compilation config. for macosx

WAPT-2.3 Serie

WAPT-2.3.0.13516 (2023-02-23)

hash : 69968974

This is a bugfix release for WAPT 2.3.

Attention

When upgrading from WAPT 2.2.3 to WAPT 2.3, when installing the new waptsetup.exe 2.3, if the waptagent.exe 2.2.3 had previously been installed ON the management machine ABOVE the waptsetup.exe 2.2.3, then the org certificate located in wapt\ssl directory of the agent belonged to the waptagent.exe 2.2.3 InnoSetup installation instead of being a local file, and was removed during upgrade to waptsetup.exe 2.3, which handles certificate deployment differently.

Now, in the case a waptagent.exe has been installed above a waptsetup.exe install, the certificates in wapt\ssl will be preserved during upgrade. This should happen only on the managemnent machine that is used to rebuild the agent if the agent has been re-installed above the waptsetup.exe install.

Note

The RHEL9 repository are how signed with a sha256 key/digest

WAPT Agent

  • [IMP] waptsetup.exe : backup <wapt>\ssl\*.crt before upgrading and restore after install

  • [UPD] when building waptagent, check that there is at least one trusted cert for packages and actions

  • [UPD] be more relax on waptagent setup naming: if setup exename “starts” with waptagent, assume we can safely use the configuration inside when running silently

  • [IMP] waptsetup: don’t ask innososetup to close applications using Microsoft Windows RestartManager. Use specific process name instead.

WAPT Console

  • [FIX] fix zip64 for big packages (>2GB) not handled properly in waptconsole

  • [FIX] waptconsole build waptagent certificate issue when both CA and personal cert+CA files are selected

WAPT Server

  • [FIX] Debian : fix logrotate on wapt server

WAPT-2.3.0.13505 (2023-02-13)

hash : c7fcb3a7

This is a bugfix release for WAPT 2.3, and has been signed with a new code signing certificate to replace the expired one.

Attention

All the previous version of the 2.3 branch have an issue with the creation of the waptagent.exe due to a expiring code signing certificate. If you need to create a new WAPT Agent, please upgrade to this version.

The error message that you will get is “Error while creating waptagent.exe: Checking hashes of executables on server against Tranquil IT certificate has failed. Please check if waptbinaries.sha256 has not been altered.”

Message in French : “Erreur lors de la création du waptagent.exe : La vérification de la signature Tranquil IT des hashs de contrôle sur le serveur a échoué. Vérifier que le waptbinaries.sha256 n’a pas été altéré sur le serveur.”

WAPT core

  • [FIX] better handling of filename with ‘..’ and ‘~’ in zip filenames. No need to be paranoid if ‘..’ and ‘~’ are in the middle of the name

  • [FIX] waptservice only_if_no_process_running not taken in account when auto upgrade with waptupdate_task_period is enabled.

  • [UPD] waptservice / core: include packages with install status == error when checking for conflicting packages to remove.

  • [FIX] remote user waptmessage encoding issue

  • [FIX] waptconsole waptpackage manifest add support for file with non ascii chars.

  • [IMP] read Packages index from disk: use mormot function to potentially avoid lock conflicts

  • [FIX] remove or forget packages with spaces in package name. fix RemoveDuplicates when there are spaces in data items.

  • [FIX] closing WAPT Self for Linux/MacOSX

  • [FIX] waptdeploy : update certificate pinning with new code signing certificate

  • [FIX] waptcrypto : takes into account signature_date when checking certificate expiration date vs timestamping time.

  • [SEC] update openssl binaries to 1.1.1t

WAPT Server

  • [FIX] waptdeploy on server location: <repodir>/waptagent/waptdeploy.exe

  • [SEC] add server_tokens off to avoid giving nginx server version to non authenticated clients

  • [SEC] delete waptversion in /ping to avoid giving waptserver version to non authenticated clients

  • [IMP] add view acl for get_storage_used_by_kbs

WAPT WADS

  • [FIX] check volume letters before diskpart closes

  • [IMP] waiting network for wgetwads Closes

  • [IMP] install waptagent at end pressed debian

  • [IMP] not force login in ipxescript if login already in ipxescript (for leave the possibility of forcing the language before)

  • [IMP] add keymap on menu register

  • [IMP] add login in pxe for linux deploy

  • [IMP] delete double login wads

WAPT-2.3.0.13470 (2023-01-26)

hash : 4cc5fc06

This is a bugfix release for WAPT 2.3, and add support for Red Hat Enteprise Linux 9 and derivatives (both as server and agent)

WAPT Core

  • [FIX] fix waptdeploy.exe unable to read setup exe version, requiring the use of force flag in GPO

WAPT Agent

  • [FIX] fix datetime display for software inventory on RedHat and derivatives

  • [IMP] better support for Red Hat os version numbering in inventory and tags

  • [NEW] add el9 waptagent and waptserver support

WAPT Server

  • [IMP] simplify web interface displayed version values to avoid misunderstanding

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [FIX] fix update_hosts_sid_table connexion leaks (to update the reachable column before calling query in reporting tab)

  • [NEW] add el9 waptagent and waptserver support

WAPT Console

  • [FIX] fix package maturity action default value if none chosen

  • [FIX] fix grayed out host packages actions in Discovery mode

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [IMP] adding possibility to cancel configuration package creation

WAPT WADS

  • [IMP] add support for keyboard selection in ipxe

  • [FIX] fix template windows 11 wads

  • [UPD] wads: wait 30s for an ip address if dhcp is slow to respond or waiting for 802.1x vlan switch

  • [FIX] fix wads regression where a computer could connect to waptserver instead of local secondary repo

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [FIX] fix copy cert in winpe for wads

  • [FIX] fix waptdeploy unable to read setup exe version, requiring the use of force flag

WAPT-2.3.0.13438 (2023-01-19)

hash : 8e580896

This is a bugfix release for WAPT 2.3. Those are mainly fixes and improvements to smooth the upgrade process from older WAPT versions.

WAPT Core

  • [FIX] waptcore: keep install status of previous package if new package upgrade status is ERROR

  • [FIX] Don’t forced install packages which could’t not be installed properly last time (to avoid install loop) a better approach could be to define a maximum retries count and an increasing delay between retries.

WAPT Console

  • [FIX] fix verify waptsetup.exe and waptdeploy.exe hash when creating waptupgrade

  • [UPD] set all search timer to default (300ms)

  • [FIX] waptconsole display correct icon on Linux

  • [UPD] waptconsole: propose to add a licence right after login if none on server.

  • [FIX] waptconsole: fix some tab orders in forms

  • [FIX] waptconsole package wizard: change layout for compatibility with linux.

  • [FIX] waptconsole: quick fix for external repos settings if none is currently defined in waptconsole ini settings. Autoregister wapt-templates.

  • [FIX] waptsetup: don’t create a shortcut for the waptconsole to replicate behavior from older waptsetup…

  • [NEW] waptagent for Windows can be generated on Linux waptconsole

  • [REF] Improved djoin support

  • [NEW] waptconsole: better support for dark mode on Linux / MacOS

WAPT Agent

  • [IMP] macOS: use sw_vers -productVersion for mac os version

  • [FIX] windows: waptwua client: fix issue when main repo url ends with a slash

  • [FIX] fix wapt-signpackage compatibility error : removes mds argument

  • [FIX] fix waptupgrade package for centos

  • [FIX] fix application version on MacOsx

  • [FIX] switch DisableSkipWindowsUpdates to waptwua section

  • [NEW] Add ForceUnsigned for add drivers in winpe

  • [FIX] add defaultInterpreterPath for vscode support

  • [FIX] waptexit self-kill if machine has been started for too much time

WAPT WADS

  • [IMP] wads: removing mounted drive letters before diskpart for better support of machine without any installed OS

  • [NEW] Add script compile_ipxe.py to integrate waptserver url directly in ipxe binary

  • [FIX] fix acl wads_admin on upload_winpe

  • [FIX] wads: fix wads skip_login_wads and acl

WAPT Server

  • [FIX] waptserver: don’t try to convert jsonb boolean to raw boolean as it fails for postgresql <= 10

  • [FIX] better support for postgres upgrade for Debian / Ubuntu in postconf.py

  • [FIX] waptserver: path to waptdeploy on windows server to fix link

  • [FIX] during upgrade, run /opt/wapt/wapt-scanpackages.sh when run postconf.py

  • [NEW] waptserver: new option to set nginx port from waptserver.ini

WAPT-2.3.0.13356 (2023-01-10)

hash : fd590589

This is the first release of WAPT 2.3. This release does not have any new big feature, but brings a ton of little bugfixes and improvements to make WAPT usage more lean and smooth.

What’s New?

  • 1000+ bugfixes

  • Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.

  • WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.

  • Improved Websocket connexion. Disconnects and reconnects have be made more robust.

  • Improved support on macOS.

  • Improved support on Linux.

  • Update of WAPT external components.

  • Tech Preview : WAPT Console support on Linux (Debian and derivatives, RedHat and derivatives)

  • Tech Preview : WAPT Console support on macOS (Mojave and above).

Upgrade details

WAPT Server 2.3 needs PostgreSQL 10 or above. Please be sur to have the correct version running, especially if your server is running Debian and has been upgraded from Stretch:

  • If the WAPT Server is running on Debian or Ubuntu, if you have upgrade from Debian Stretch to Buster to Bullseye, please check that the running instance of PostgreSQL has been upgraded when the OS has been upgraded;

  • If you are on RedHat 7, upgrade is taken care of in the postconf script, and it should upgrade from 9.6 to 14;

  • If the WAPT Server is running on RedHat 8 or derivative, then the DB is already in a good version;

  • If the WAPT Server is running on Windows the DB upgrade is done during the upgrade from 9.6 to 14.

WAPT Core

  • [SEC] When checking exe certificate, first check that the signature is OK.

  • [SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.

  • [FIX] Fixed handling properly utf8 chars in certificate subject.

  • [FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.

  • [FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.

  • [IMP] remove client library dependency for command line progress bar.

  • [SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)

  • [REF] Removed unused functions.

  • [REF] Removed unused headers.

  • [IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s “created_by” attributes which were not not set.

  • [FIX] Windows setuphelpers: missing service_list in _all__.

  • [FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.

  • [NEW] Added armhf as a valid package architecture.

  • [FIX] Fixed scan_package issue when there are packages without package_uuid. Packages table was growing at each scan_packages.

  • [IMP] wapt-get: Added some help for build-waptagent and add-config / reset-config/ set-config -from-url.

  • [IMP] wapt-get reset-config-from-url: removes dynamic configs from conf.d too.

  • [IMP] Re-include empty folders in zipped WAPT packages.

  • [FIX] Update for zip empty folder entries.

  • [FIX] When checking files and directories from package manifest, create empty directories from the manifest file if thet do not exist yet.

  • [UPD] wapt-get update-package-sources: Implicit transparent import of all functions from packagesdevhelpers.py.

  • [FIX] Do not audit packages with install_status <> ‘OK’.

  • [SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.

  • [NEW] waptconsole: Stuff waptsetup with json config for embedding into waptupgrade package.

  • [FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.

  • [UPD] wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.

  • [FIX] Fixed regression in python _sign_control (encoding issue).

  • [UPG] Upgraded python to 3.8.16.

  • [IMP] waptutils.py cleanup and small fix in user_is_member_of.

  • [REF] waptserver: Cleanup code with pyflakes.

  • [IMP] Allow none loglevel.

  • [NEW] Introduced wapt-get reset-config-from-url.

  • [FIX] Fixed json_load_file() by adding encoding option. Default is “utf-8”.

  • [IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()

  • [FIX] Fixed wapt-get add-config-from-url in pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.

  • [REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.

  • [FIX] Shows the proper logged user after login.

  • [IMP] Fallback other method for get domain in get_hostname.

  • [REF] jsonconfig data embedded in setup exe.

  • [FIX] Default value for check verify cert.

  • [UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).

  • [UPD] wapt-get: Added a command to list the initial configs available on server (in wapt/conf.d).

  • [UPD] waptsetuputil: Added UnzipConfigFromExe.

  • [FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.

  • [IMP] buildlib: Do not remove unittest from python lib when creating the build environment.

  • [FIX] remove_file() was unable to remove symlinks.

  • [FIX] wapt core: Regression on uuid retrieval from WMI. ‘System_Information’ key is an array.

  • [NEW] wapt core: added “wapt_temp_dir” wapt-get.ini parameter to specify the directory wher packages are unzipped at installation (for wyse terminal).

  • [REF] Introduced packagesdevhelpers python module to remove helpers useful only for “packages source update” and reduce import time of setuphelpers.

  • [IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with “winver” command, adding windows_version_full in hardware inventory

  • [IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.

  • [FIX] waptpackage: trim attributes value in control data. (‘all’ was retrieved as ‘all ‘ ).

  • [IMP] twaptpackage: Always set architecture and priority default.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.

  • [FIX] Fixed issue with in path in zipped files created with CreateRecursiveZip.

  • [FIX] Fixed file not found when calling GetServerCertificate.

  • [FIX] Fixed editing zipped package inplace (hosts packages).

  • [FIX] Added call to mormot2 RegisterOpenssl for Access violation in waptlicences.

  • [IMP] Grid editor: Show which column is currently focused even if grid has not the focus.

  • [IMP] Use UTC time for expiration check of ACLs.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.

  • [IMP] Default grid order set to descending signature date.

  • [FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).

  • [FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed using particular characters in passwords.

  • [FIX] Fixed waptcore: Fixed the type for dynamic configuration.

  • [FIX] copytree2 replace_at_next_reboot.

  • [REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).

  • [UPD] Created a full version 1.2.3.rev-hash into file wapt/version-full.

WAPT Agent

  • [FIX] force create random uuid if bios uuid is not correct.

  • [FIX] Do not check wsusscn2.cab if not Enterprise.

  • [IMP] add host_capabilities inventory.

  • [IMP] Better JSON format (Human Readable) for Audit Data.

  • [FIX] Use parameter IncludeCA on ListSOCertificatesFromFolder.

  • [FIX] Fixed translation issues in graphical components.

  • [FIX] Fixed last version, checks the minimal OS version

  • [FIX] edit waptwua if install_delay has value.

  • [IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.

  • [FIX] Popping wrong license message on new installation.

  • [FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.

  • [FIX] Fixed add new rule missing import for isenterprise.

  • [NEW] Added disk drives to host overview template.

  • [IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.

  • [IMP] Improved local waptservice auth feedback.

  • [REF] Refactored waptservice code.

  • [FIX] Enable custom CA file for websockets certificate checking.

  • [FIX] Fixed WAPT Agent websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.

  • [IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.

  • [IMP] waptdeploy: Do not check wapt-get working condition.

  • [FIX] Fixed waptdeloy argument parsing.

  • [UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.

  • [NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.

  • [FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.

  • [FIX] Fixed wapt-get build-waptagent: empty configuration name.

  • [ADD] Check all rules signatures before doing anything else.

  • [IMP] The agent version is obtained from the exe, not the server.

  • [FIX] waptsetup auto json config: should accept waptsetup-1.2.3_<confname>_<confhash>.exe.

  • [FIX] Fixed remote WakeOnLAN.

  • [IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.

  • [FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.

  • [FIX] wapt-get: Set password callbacks after reloading config.

  • [FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.

  • [FIX] Stuffed waptsetup: Append waptwua settings to json.

  • [FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.

  • [NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded “default”.

  • [IMP] waptservice: Can start right after install even if no wapt-get.ini.

  • [NEW] Added nopassword to config wizard for service_auth_type.

  • [UPD] Added wapt-get reset-config-from-url and set-config-from-url json configuration.

  • [FIX] Do not delete the files if the signature has failed.

  • [IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.

  • [FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.

  • [FIX] remove_user_appx was not initialized from setuphelpers.

  • [UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of conf.d dynamic configuration.

  • [IMP] waptsetup: Do not update wapt-get.ini when using dynamic json configuration.

  • [UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When allow_unauthenticated_connect = True on the WAPT Server, the WAPT agents should be able to connect without getting a token.

  • [FIX] waptself: Fixed next page button unavailable on last page.

  • [UPD] waptexit: Add waptexit_disable_skip_windows_updates parameter in wapt-get.ini file and commandline argument to disable the checkbox for skipping Windows Updates.

  • [UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.

  • [UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.

  • [UPD] Enable waptservice_allow_all_packages only for nopassword service_auth_type.

  • [NEW] Added a waptservice parameter waptservice_allow_all_packages which allow all user to install / remove all packages as if they were part of the waptselfservice group.

  • [NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.

  • [FIX] Improved error message and wait cursor when waptselfservice is starting.

  • [FIX] Fixed selfservice missing common module for self_service_rules when using the nopassword argument with the WAPT Enterprise version.

  • [FIX] Changed Icon for Add Dependencies ‣ Trashcan to Plus.

  • [IMP] User is now informed when self service can not get a token (service not started).

  • [FIX] Remove double slahs in url //Packages.

  • [NEW] Added Ubuntu22 in waptsetup package.

  • [FIX] Fixed waptmessage ambiguous ‘-s’ option (use stdout and set window size), replaced by -c for init console.

  • [FIX] Fixed tasks list on host.

  • [FIX] Normalized view (lowercase) in grid for target_os from control part.

  • [FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).

  • [FIX] Use cached trusted signer certificates store instead of recreating it each time.

  • [FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.

  • [IMP] use --not-interactive with register if the installation runs in silent mode.

  • [FIX] waptservice: Do not ignore broadcast for WaptUpdateServerStatus to avoid the WAPT Tray sticking upon sending data to the WAPT Server.

  • [FIX] Fixed unable to synchronize remote repository.

  • [IMP] waptmessage: No autosize if a size is specified on the command line.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).

  • [IMP] install_scheduling work if not in PENDING_UPDATES status.

  • [FIX] Fixed waptexit compilation: Removed specific WaptIniFilename function.

  • [FIX] Fixed waptmessage unable to load sqlite.

  • [IMP] Updated waptwua status to ‘NEED-SCAN’ on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [NEW] wapt core: Added as_dict and descending parameters to Wapt.read_audit_data_set.

  • [IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.

  • [FIX] Fixed configuration package template setup_package_template_conf.py.

  • [FIX] Fixed waptservice configuration: Set the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice ‘start_waptexit’ with arguments Faulty arguments boolean value decoding.

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with only_priorities and only_if_not_process_running.

  • [FIX] Fixed Wapt.write_audit_data_if_changed: Write data if previous data has expired.

  • [FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.

  • [NEW] Option include_potentially_superseded_updates in configuration wizard.

  • [FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from wapt-get.ini.

  • [FIX] Fixed waptservice: Make sure we have a random secret_key for local waptservice session.

  • [NEW] WAPTWUA superseded support.

  • [IMP] wapt-get edit now opens update_package.py too.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed waptself: Set focus on search when opening.

  • [IMP] Ignore history for waptwua status.

  • [FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.

  • [FIX] Fixed wapt-get update-package-sources: use devdirupdate_package.py to call update_package() hook if this file exists. Else use setup.py.

  • [IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.

  • [FIX] Workaround fix when pyscripter is put as editor for packages. params_vscod_list fixed when space in parameters. Reupdated description.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now opens control file too. wapt-get edit can now be run as user with VSCod* updating wapt_sources_edit() description.

  • [UPD] Changed default log path to wapt/log if writable.

  • [UPD] Same logging initialization code for all UI executables with waptcommon.InitLoggingFromCommandLine.

  • [IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.

WAPT Console

  • [FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.

  • [IMP] Process application messages when performing file hash/zip actions.

  • [FIX] Fixed waptconsole copy cert to wapt/ssl: handle properly spaces in target directory name.

  • [FIX] Place cursor at end of line instead of point of click in textareas.

  • [ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.

  • [FIX] Fixed proper images on actions buttons.

  • [FIX] Fixed OU icon when OU name contains an empty character.

  • [FIX] Fixed Out of bound error : add verification on condition check in specific cases.

  • [FIX] Fixed missing error message on secondary repositories.

  • [IMP] Improve usability of copying new certificate in <WAPT>\ssl directory

  • [FIX] Fixed icon on action ActWUAGetUnusedKB.

  • [FIX] Fixed actions caption on toolbar in Windows Update.

  • [FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.

  • [FIX] Fixed popup menus on toolbar in OS Deployment.

  • [FIX] Fixed actions on toolbar in Software Inventory.

  • [NEW] waptconsole / waptserver: Added a specific ACL for update_audit_data.

  • [UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.

  • [FIX] Fixed locking some actions on non Enterprise versions.

  • [FIX] Fixed waptconsole package zip build: CreateRecursiveZip.

  • [IMP] cleanup of HTML templates on waptservice. Removed unused js.

  • [IMP] Showing icons for target_os.

  • [FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.

  • [FIX] Fixed waptconsole waptcrypto: implement TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.

  • [FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style) control files.

  • [IMP] Basic POC for Auto Completion on Reporting Queries.

  • [FIX] Fixed viewing TechPreview Features does not take care of display preferences.

  • [FIX] Fixed the downloaded packages have now the chosen maturity.

  • [IMP] Show *.cmd files in post install script selector.

  • [NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.

  • [FIX] Fixed the button Type for update package warning.

  • [ADD] Confirm button before Update from the WAPT store.

  • [FIX] Fixed waptconsole update from the WAPT store Introduced StripPrefix in TPackageRequest to allow searching in the repository on package name without prefix.

  • [FIX] Include min_os_version and max_os_version in WAPT package identification to check which WAPT package is newest.

  • [FIX] When building customized waptsetup, sometimes missing trusted certificate.

  • [FIX] Fixed the copy of wapt-get.ini if there is no waptconsole.ini.

  • [NEW] Menu item for restoring toolbars to default.

  • [FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.

  • [FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.

  • [FIX] Fixed buttons links with actions on WSUS.

  • [FIX] Fixed encoding problem for WSUS.

  • [IMP] Removed GUI interface for the Update from the store action.

  • [ADD] Added a warning message before updating a WAPT package.

  • [ADD] Updated from the store button in private repository done.

  • [IMP] Added Updated part for the Store Update Action.

  • [IMP] Update from the store button (visual part).

  • [FIX] Fixed regression on creating new wuagroup package.

  • [UPD] waptconsole build agent -> named with version, config and hash instead of waptagent.exe/.

  • [FIX] Fixed __pycache__ included in zipped package when built from waptconsole.

  • [ADD] reporting: Added Unique save for each query.

  • [FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.

  • [FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.

  • [IMP] Use system font for html viewers.

  • [IMP] Allow package wizard without installer path.

  • [NEW] Added “keys” mustache helper for html templates.

  • [IMP] waptconsole: Do not try to ping servers before login dialog.

  • [FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.

  • [UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.

  • [IMP] Addied listening to ipv6 only if ipv6 is available.

  • [FIX] Fixed waptconsole crash if custom column with empty size cell.

  • [IMP] Added a warning when no DNS record is found (Remote repository).

  • [FIX] Fixed call if app is currently closing (login cancelled).

  • [IMP] Opening configuration by double-clicking on grid.

  • [IMP] Package wizard for portable apps.

  • [IMP] waptconsole, display bytes size in human readable format in grid.

  • [FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.

  • [IMP] Improved asking credentials on http error 401.

  • [FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.

  • [FIX] Fixed WAPT package creation for OUs.

  • [ADD] Link to the official documentation for the Config Package Wizard.

  • [IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.

  • [IMP] Improved warning before deleting a valid licence.

  • [FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.

  • [FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in repositories setting in waptconsole.ini.

  • [FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.

  • [REF] waptserver model upgrade: removed unused database migration steps.

  • [UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed error editing same OU package in one session.

  • [ADD] ACL Edit Repo on Index for secondary repos

  • [FIX] Fixed missing editing ACL Edit Repo.

  • [FIX] Fixed waptconsole access violation when checking unzipped package signature.

  • [FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).

  • [IMP] Improved the interpretation of checkbox states due to label description.

  • [IMP] Improved search when importing queries.

  • [FIX] Fixed host configuration package that are not editable right after creating them.

  • [FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.

  • [IMP] Removed Python dependency in the WAPT Console.

  • [UPD] waptconsole: Added popup menu to Json hardware treeview.

  • [IMP] Improved reporting import, now select all queries by default + some code improvement

  • [IMP] Improved enabling or disabling ACL by double click.

  • [FIX] Fixed waptconsole: html audit templates. Bad search order.

  • [FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.

  • [FIX] Fixed waptconsole: empty success message for some actions. Updated translations.

  • [FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.

  • [UPD] Fixed waptconsole: Added Edit html template popup menu action.

  • [FIX] Fixed no logo resizing if smaller size.

  • [UPD] Load html templates for host_overview and host_audit from user’s appdata directory if it exists, else from wapt.

  • [REF] waptconsole: Refactored TFrmHtmlViewer to lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in default wapt installation directory (%WAPTBASEDIR%templates).

  • [UPD] waptconsole: Improved drag & drop of columns into GridHosts.

  • [FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.

  • [FIX] Fixed waptconsole drag & drop audit values.

  • [FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.

  • [IMP] waptconsole: Load AD Groups in thread.

  • [FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.

  • [REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store

  • [FIX] Fixed waptconsole: fixed host overview layout if no html template.

  • [UPD] waptconsole: host details layout changes: introduced html templates based overview if templateshost_overview.html file exists (mustache template).

  • [FIX] Fixed waptconsole sendmessage gui splitter.

  • [IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.

  • [FIX] Fixed autosearch in ttissearch component.

  • [NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.

  • [IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.

  • [NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).

  • [FIX] Fixed reporting queries grid layout not saved properly.

  • [UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).

  • [FIX] Fixed avoiding exception if no user was selected before adding ACL rights.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).

  • [UPD] Updated icons on windows update status for WUA.

  • [FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.

  • [FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.

  • [FIX] Fixed waptconsole: Avoid error message of no repo_url for last used package template section.

  • [FIX] Fixed modifying a password if old password was empty.

  • [ADD] Hide / show all columns in grids.

  • [NEW] new option check_package_version in waptconsole.ini.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.

  • [UPD] Host menu for upgrading hosts part.

  • [REF] waptconsole multiserver: Refactored TriggerActionOnHosts to send multiples actions to the right servers.

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [UPD] Deleted host popup.

  • [NEW] Possibility to download WAPT packages when asking hosts for updates.

  • [UPD] trigger_host_update adding possibility to download the WAPT package after update.

  • [FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.

  • [FIX] Fixed saving configuration when new configuration was created.

  • [FIX] Fixed saving language parameter.

  • [FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.

  • [FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.

  • [FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.

  • [FIX] patched setup_package_template_cert.py.tmpl.

  • [FIX] Fixed not adding “cn” in OU.

  • [FIX] Fixed layout on Windows Update part.

  • [FIX] Fixed the flow layout.

  • [IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.

  • [FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.

  • [NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).

  • [REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.

  • [REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in DMWaptConsole.ReloadConfigFile. All sections with a wapt_server key are taken in account. Shares the WaptServerSession across all waptserver connections.

  • [FIX] Fixed bad port for veyon.

WAPT Server

  • [SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.

  • [SEC] Send minimal information on /ping api call.

  • [IMP] Set session cookie to 3 days

  • [IMP] waptserversetup: Check if there is a CRITICAL log entry during winsetup.py and exit with an exitcode 1000 if it is the case.

  • [IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).

  • [FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.

  • [REF] Server python code cleanup.

  • [IMP] wapttasks: use environment variable on linux to pass config file path.

  • [NEW] waptserver: reduced lifetime of session cookie to default 12h. session_lifetime can be changed in waptserver.ini using session_lifetime seconds parameter.

  • [UPD] Updated to python 3.8.16 for all supported operating systems.

  • [FIX] Fixed stuffed setup exe naming on the WAPT Server.

  • [NEW] new parameter list_subnet_skip_login_wads.

  • [FIX] Fixed waptserver: shorten SQL columns aliases for long get_hosts json queries.

  • [SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.

  • [NEW] waptservice websocket: Enabled certificate checking on websockets.

  • [IMP] waptserver: Added index on computer_ad_ou.

  • [FIX] Fixed waptserver: by default, do not create stuffed waptsetup when a dynamic config is uploaded.

  • [FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.

  • [NEW] model.py: Added upgrade-db action and --overwrite-version=1.2.3 option to force the replay of upgrade db.

  • [FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.

  • [NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.

  • [NEW] If licences json data is empty, assume an empty list.

  • [IMP] Getting storage used by KBs.

  • [NEW] 22H2 build numbers in WindowsVersions class.

  • [NEW] Added hosts_sid endpoint routing to uwsgi in nginx configuration templates.

  • [FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.

  • [FIX] Fixed waptserver: ignore null bytes in audit data string values.

  • [FIX] Fixed waptserver: allow access to agent download without client certificate auth.

  • [FIX] Fixed waptserver model: remove references to unused HostExtData table.

  • [FIX] Fixed waptserver multiinstance with uwsgi: takes in account application_root for interprocess get_ws_connections /api/v3/hosts_sid calls.

  • [UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.

  • [UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the wapt/waptagent folder to be consistent with other agents location Same for waptdeploy.exe.

  • [DEL] waptserver: Removed “enable_store” setting.

  • [UPD] waptconsole multiserver: display unreachable servers.

  • [FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.

  • [FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.

  • [FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.

  • [UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.

  • [UPD] waptconsole multi servers: Do not try to update / merge repo if repo_url is empty.

  • [IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.

  • [IMP] allow_unauthenticated_registration is now like use_kerberos.

  • [FIX] Postconf, current config is now autoselected.

  • [UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.

  • [UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.

  • [UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.

  • [FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.

  • [FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.

  • [REF] Removed enterprise_common.py.

  • [UPD] Upgrade nginx on Windows.

  • [UPD] Upgraded DB to postgresql v14 for windows.

  • [UPG] upgraded postgresql 9.6 to v14 on CentOS7.

  • [FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).

  • [FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.

  • [FIX] Fixed waptserver: Improved message when triggering action.

  • [IMP] Added HTST header to nginx template.

  • [FIX] Fixed waptserver update_hosts_audit_data: Updated values with same global key (host_id,value_id).

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).

  • [IMP] waptserver websocket auth: Put host certificates in cache.

  • [UPD] waptserver websocket: Do not cache UUID twice.

  • [REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.

  • [FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).

  • [IMP] waptserver: WIP endpoint update_hosts_audit_data to bulk insert hosts related data.

  • [IMP] waptserver: update api/v3/get_agents_info to match the online wapt_agent_list.json.

  • [FIX] Fixed glpi sync: simplified glpi_upload_hosts.py script.

  • [FIX] Fixed waptserver huey tasks: licences_list not properly initialized when not using default waptserver.ini.

  • [FIX] Fixed waptserver audit table structure upgrade: typo

  • [FIX] Fixed avoiding GET method limits on hosts_for_wua.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.

  • [FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.

  • [UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.

  • [FIX] Fixed update_server_status with dynamic configuration.

  • [IMP] Include waptsetup.exe in waptserversetup.exe.

WADS

  • [FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.

  • [IMP] Check whether winpe.wim and 7z.exe files exist when creating the WADS WinPE.

  • [FIX] Added missing ‘/’ in wgetwads error messages.

  • [IMP] WADS: Added session login type and acl.

  • [IMP] WADS: Login to server only one time instead of for each request.

  • [IMP] WADS: Added flags: unchecked for wads login on Windows Server.

  • [IMP] Use of latest mormot function for WgetWads to fix DNS check.

  • [IMP] Improved error messages for WADS and WGETWADS.

  • [IMP] Added option wads in Windows Server installer.

  • [IMP] get_wads_secondary_repo –> follow protocol of the server connection.

  • [FIX] Fixed list_subnet_skip_login_wads read configuration.

  • [IMP] WinPE creation key

  • [REF] Remove useless code on get_wads_config (Login WADS).

  • [IMP] WgetWads does not require python to work.

  • [FIX] Be more indulgent on json rules for WADS.

  • [FIX] Fixed WADS working when no logging required.

  • [ADD] Login in IPXE, more tests needed.

  • [IMP] Proper way to secure wads_get_config.

  • [ADD] Login on WADS register host and get wads configuration.

  • [NEW] include hostname in debian.ipxe for OS deployment.

  • [FIX] Fixed djoin with given domainuser parameter.

  • [IMP] Added back support GET method on /api/v3/get_wads_config.

  • [NEW] Added asset tag in HostOSDeploy.

  • [IMP] Ask for a new hostname when starting to deploy if hostname equals to ‘autoregister’.

  • [IMP] Improved filtering keyboard faster + french translation in Make WinPE.

  • [FIX] Fixed missing glob import in WADS get_iso_config.

  • [NEW] Adding drivers in WinPE from WADS drivers.

  • [IMP] Improved feedback when the djoin fails (already existing machine).

  • [WADS] <Value> format in XML was incorrect and not complete for password definition.

  • [IMP] Last error message added for failed djoin.

  • [FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.

  • [IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.

  • [NEW] Added customized WinPE export to zip file.

  • [IMP] Improved showing the error message on upload failure.

  • [IMP] Improved applying default configuration on wads host if no configuration has been set.

  • [IMP] ISO download dialog box.

  • [IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.

  • [IMP] WADS: XML no longer disable UAC by default.

  • [FIX] Fixed mac_address not returned with iPXE.

  • [ADD] Added ipxe_script_jinja_path and two templates.

  • [UPD] Added file type filters for loading the post-install script.

  • [FIX] Restored a progression bar when uploading the ISO and the winpe files.

  • [IMP] kill wapttftpserver and uninstall the service before installing it.

  • [ADD] Added Windows 11 unattend XML template files.

  • [IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).

  • [FIX] Added tftp firewalld port opening.

  • [IMP] Avoid creating WinPE on Windows partition + some ACL added.

  • [UPD] Renamed drivers bundle filenames to sha256(filename).

  • [ADD] Added a template for Debian.

  • [UPD] GridConfigDeploy showing the platform now.

  • [FIX] Fixed saving bundle names.

  • [NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.

  • [FIX] Fixed SELinux rules for wads.

  • [FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).

  • [UPD] WADS grayed when windows update repository is selected.

  • [UPD] Possibility to select an iso file even if not Windows.

  • [FIX] Fixed waptconsole uploadWinPE: regression in upload progress bar and incomplete zip.

  • [FIX] Fixed wads to include non CA certificates for WinPE build.

  • [IMP] Added ipxe_script in DeployConfig table.

WAPT Agent MacOS

  • [UPD] Delete old pkg if available in pkg list.

  • [NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.

  • [FIX] Improved support for macOS MenuBar.

  • [FIX] Added WAPT Console .app plist file for macOS X.

  • [FIX] Fixed some macOS X model and serial number reports.

  • [FIX] Fixed macOS X local_groups key in host_info.

  • [FIX] Updated mormot2 for gssapi on macOS X.

  • [NEW] support WADS security, Network masks.

  • [FIX] Fixed installed_softwares on MacOS.

  • [NEW] Added timestamping to pkg signing.

  • [FIX] Fixed getting agent version in get_wads_config.

  • [NEW] Added entitlements file for macOS signing.

  • [IMP] Force light UI when DarkMode is active on macOS.

  • [FIX] Fixed opening maximized self service on macOS

  • [FIX] Fixed loading hosts on macOS when more options in inventory is checked.

  • [IMP] Better handle on input (utf8 convertion).

  • [IMP] macOS: Updated build script to handle binary file signing and better debugging.

  • [IMP] Patched dmidecode info for macOS.

  • [FIX] Fixed macOS core get_hostname return binary string instead of str -> update_status loop.

  • [IMP] Use system_profiler_info for dmi_info on macOS X.

  • [REF] plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed duplicated macOS code in setuphelpers for get_hostname().

  • [IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.

  • [NEW] Added the WAPT Console to Linux and macOS gui distribution.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed register for macOS.

  • [FIX] Fixed custom waptmessage logo linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [FIX] Fixed restart waptservice for macOS.

  • [IMP] Silently attach dmg file.

  • [FIX] Fixed get_file_type in macOS.

WAPT Agent Linux

  • [FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.

  • [IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.

  • [IMP] Improve support for dark mode on WAPT Console on Linux

  • [IMP] Replaced in /usr/bin/ wapt-get.sh by wapt-get.bin.

  • [IMP] Added Ubuntu and CentOS icons.

  • [IMP] Added icons in ImportPackages window.

  • [FIX] Fixed user_local_appdata for Linux.

  • [IMP] waptagent Debian package: removed system python3 dependency.

  • [IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.

  • [IMP] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).

  • [NEW] Added the WAPT Console to Linux and MacOS gui distribution.

  • [FIX] Fixed configpackage wizard and main form layouts for Linux.

  • [UPD] Updated virtualtreeview for Linux visual grid lines improvements.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [ADD] Added snap software inventory.

  • [FIX] Fixed waptservice linux restart Linux: AttributeError: WaptServiceRestart object has no attribute logger.

  • [NEW] Linux OS deployment.

  • [FIX] Added firewalld rule on RedHat based server for wapttftpserver.

WAPT-2.3.0.13334 RC3 (2023-01-06)

hash : a06031bd

This is the third release candidate of WAPT 2.3.

This is a release candidate for testing that is not intended for production.

This changelog lists the fixes sinces WAPT 2.3 RC2.

WAPT Core

  • [SEC] When checking exe certificate, first check that the signature is OK.

  • [SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.

  • [FIX] Fixed handling properly utf8 chars in certificate subject.

  • [FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.

  • [FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.

  • [IMP] remove client library dependency for command line progress bar.

WAPT Agent

  • [FIX] force create random uuid if bios uuid is not correct.

  • [FIX] Do not check wsusscn2.cab if not Enterprise.

WAPT Server

  • [SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.

  • [SEC] Send minimal information on /ping api call.

  • [IMP] Set session cookie to 3 days

WAPT Console

  • [FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.

  • [IMP] Process application messages when performing file hash/zip actions.

  • [FIX] Fixed waptconsole copy cert to wapt/ssl: handle properly spaces in target directory name.

  • [FIX] Place cursor at end of line instead of point of click in textareas.

WADS

  • [FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.

  • [IMP] Check whether winpe.wim and 7z.exe files exist when creating the WADS WinPE.

  • [FIX] Added missing ‘/’ in wgetwads error messages.

WAPT Linux

  • [FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.

  • [IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.

  • [IMP] Improve support for dark mode on WAPT Console on Linux

WAPT-2.3.0.13301 RC2 (2023-01-04)

hash: a2af0e8d

What’s New?

This is second release candidate of WAPT 2.3. This is second release candidate of WAPT 2.3.

This is a release candidate for testing that is not intended for production.

This changelog lists the fixes sinces WAPT 2.3 RC1.

Note : for security reasons in waptpython, Python isolated mode is now enabled by default (Python -I). If you are using the waptpython Python environment outside of WAPT, please be sure to check for the corresponding Python documentation.

WAPT Core

  • [SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)

WAPT Console

  • [ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.

  • [FIX] Fixed proper images on actions buttons.

  • [FIX] Fixed OU icon when OU name contains an empty character.

  • [FIX] Fixed Out of bound error : add verification on condition check in specific cases.

  • [FIX] Fixed missing error message on secondary repositories.

  • [IMP] Improve usability of copying new certificate in <WAPT>\ssl directory

WAPT Agent

  • [IMP] add host_capabilities inventory.

  • [IMP] Better JSON format (Human Readable) for Audit Data.

  • [FIX] Use parameter IncludeCA on ListSOCertificatesFromFolder.

  • [FIX] Fixed translation issues in graphical components.

  • [FIX] Fixed last version, checks the minimal OS version

  • [FIX] edit waptwua if install_delay has value.

WADS

  • [IMP] WADS: Added session login type and acl.

  • [IMP] WADS: Login to server only one time instead of for each request.

  • [IMP] WADS: Added flags: unchecked for wads login on Windows Server.

  • [IMP] Use of latest mormot function for WgetWads to fix DNS check.

  • [IMP] Improved error messages for WADS and WGETWADS.

  • [IMP] Added option wads in Windows Server installer.

  • [IMP] get_wads_secondary_repo –> follow protocol of the server connection.

  • [FIX] Fixed list_subnet_skip_login_wads read configuration.

  • [IMP] WinPE creation key

WAPT Linux Agent

  • [IMP] Replaced in /usr/bin/ wapt-get.sh by wapt-get.bin.

  • [IMP] Added Ubuntu and CentOS icons.

  • [IMP] Added icons in ImportPackages window.

WAPT-2.3.0.13239 RC1 (2022-12-21)

hash: 675d861e

What’s New?

  • 1000+ bugfixes

  • Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.

  • WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.

  • Improved Websocket connexion. Disconnects and reconnects have be made more robust.

  • Improved support on macOS.

  • Improved support on Linux.

  • Update of WAPT external components.

Tech Preview

  • WAPT Console support on Linux (Debian and derivatives, RedHat and derivatives).

  • WAPT Console support on macOS (Mojave and above).

WAPT Core

  • [REF] Removed unused functions.

  • [REF] Removed unused headers.

  • [IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s “created_by” attributes which were not not set.

  • [FIX] Windows setuphelpers: missing service_list in _all__.

  • [FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.

  • [NEW] Added armhf as a valid package architecture.

  • [FIX] Fixed scan_package issue when there are packages without package_uuid. Packages table was growing at each scan_packages.

  • [IMP] wapt-get: Added some help for build-waptagent and add-config / reset-config/ set-config -from-url.

  • [IMP] wapt-get reset-config-from-url: removes dynamic configs from conf.d too.

  • [IMP] Re-include empty folders in zipped WAPT packages.

  • [FIX] Update for zip empty folder entries.

  • [FIX] When checking files and directories from package manifest, create empty directories from the manifest file if thet do not exist yet.

  • [UPD] wapt-get update-package-sources: Implicit transparent import of all functions from packagesdevhelpers.py.

  • [FIX] Do not audit packages with install_status <> ‘OK’.

  • [SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.

  • [NEW] waptconsole: Stuff waptsetup with json config for embedding into waptupgrade package.

  • [FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.

  • [UPD] wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.

  • [FIX] Fixed regression in python _sign_control (encoding issue).

  • [UPG] Upgraded python to 3.8.16.

  • [IMP] waptutils.py cleanup and small fix in user_is_member_of.

  • [REF] waptserver: Cleanup code with pyflakes.

  • [IMP] Allow none loglevel.

  • [NEW] Introduced wapt-get reset-config-from-url.

  • [FIX] Fixed json_load_file() by adding encoding option. Default is “utf-8”.

  • [IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()

  • [FIX] Fixed wapt-get add-config-from-url in pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.

  • [REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.

  • [FIX] Shows the proper logged user after login.

  • [IMP] Fallback other method for get domain in get_hostname.

  • [REF] jsonconfig data embedded in setup exe.

  • [FIX] Default value for check verify cert.

  • [UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).

  • [UPD] wapt-get: Added a command to list the initial configs available on server (in wapt/conf.d).

  • [UPD] waptsetuputil: Added UnzipConfigFromExe.

  • [FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.

  • [IMP] buildlib: Do not remove unittest from python lib when creating the build environment.

  • [FIX] remove_file() was unable to remove symlinks.

  • [FIX] wapt core: Regression on uuid retrieval from WMI. ‘System_Information’ key is an array.

  • [NEW] wapt core: added “wapt_temp_dir” wapt-get.ini parameter to specify the directory wher packages are unzipped at installation (for wyse terminal).

  • [REF] Introduced packagesdevhelpers python module to remove helpers useful only for “packages source update” and reduce import time of setuphelpers.

  • [IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with “winver” command, adding windows_version_full in hardware inventory

  • [IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.

  • [FIX] waptpackage: trim attributes value in control data. (‘all’ was retrieved as ‘all ‘ ).

  • [IMP] twaptpackage: Always set architecture and priority default.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.

  • [FIX] Fixed issue with in path in zipped files created with CreateRecursiveZip.

  • [FIX] Fixed file not found when calling GetServerCertificate.

  • [FIX] Fixed editing zipped package inplace (hosts packages).

  • [FIX] Added call to mormot2 RegisterOpenssl for Access violation in waptlicences.

  • [IMP] Grid editor: Show which column is currently focused even if grid has not the focus.

  • [IMP] Use UTC time for expiration check of ACLs.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.

  • [IMP] Default grid order set to descending signature date.

  • [FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).

  • [FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed using particular characters in passwords.

  • [FIX] Fixed waptcore: Fixed the type for dynamic configuration.

  • [FIX] copytree2 replace_at_next_reboot.

  • [REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).

  • [UPD] Created a full version 1.2.3.rev-hash into file wapt/version-full.

WAPT Agent

  • [IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.

  • [FIX] Popping wrong license message on new installation.

  • [FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.

  • [FIX] Fixed add new rule missing import for isenterprise.

  • [NEW] Added disk drives to host overview template.

  • [IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.

  • [IMP] Improved local waptservice auth feedback.

  • [REF] Refactored waptservice code.

  • [FIX] Enable custom CA file for websockets certificate checking.

  • [FIX] Fixed WAPT Agent websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.

  • [IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.

  • [IMP] waptdeploy: Do not check wapt-get working condition.

  • [FIX] Fixed waptdeloy argument parsing.

  • [UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.

  • [NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.

  • [FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.

  • [FIX] Fixed wapt-get build-waptagent: empty configuration name.

  • [ADD] Check all rules signatures before doing anything else.

  • [IMP] The agent version is obtained from the exe, not the server.

  • [FIX] waptsetup auto json config: should accept waptsetup-1.2.3_<confname>_<confhash>.exe.

  • [FIX] Fixed remote WakeOnLAN.

  • [IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.

  • [FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.

  • [FIX] wapt-get: Set password callbacks after reloading config.

  • [FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.

  • [FIX] Stuffed waptsetup: Append waptwua settings to json.

  • [FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.

  • [NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded “default”.

  • [IMP] waptservice: Can start right after install even if no wapt-get.ini.

  • [NEW] Added nopassword to config wizard for service_auth_type.

  • [UPD] Added wapt-get reset-config-from-url and set-config-from-url json configuration.

  • [FIX] Do not delete the files if the signature has failed.

  • [IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.

  • [FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.

  • [FIX] remove_user_appx was not initialized from setuphelpers.

  • [UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of conf.d dynamic configuration.

  • [IMP] waptsetup: Do not update wapt-get.ini when using dynamic json configuration.

  • [UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When allow_unauthenticated_connect = True on the WAPT Server, the WAPT agents should be able to connect without getting a token.

  • [FIX] waptself: Fixed next page button unavailable on last page.

  • [UPD] waptexit: Add waptexit_disable_skip_windows_updates parameter in wapt-get.ini file and commandline argument to disable the checkbox for skipping Windows Updates.

  • [UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.

  • [UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.

  • [UPD] Enable waptservice_allow_all_packages only for nopassword service_auth_type.

  • [NEW] Added a waptservice parameter waptservice_allow_all_packages which allow all user to install / remove all packages as if they were part of the waptselfservice group.

  • [NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.

  • [FIX] Improved error message and wait cursor when waptselfservice is starting.

  • [FIX] Fixed selfservice missing common module for self_service_rules when using the nopassword argument with the WAPT Enterprise version.

  • [FIX] Changed Icon for Add Dependencies ‣ Trashcan to Plus.

  • [IMP] User is now informed when self service can not get a token (service not started).

  • [FIX] Remove double slahs in url //Packages.

  • [NEW] Added Ubuntu22 in waptsetup package.

  • [FIX] Fixed waptmessage ambiguous ‘-s’ option (use stdout and set window size), replaced by -c for init console.

  • [FIX] Fixed tasks list on host.

  • [FIX] Normalized view (lowercase) in grid for target_os from control part.

  • [FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).

  • [FIX] Use cached trusted signer certificates store instead of recreating it each time.

  • [FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.

  • [IMP] use --not-interactive with register if the installation runs in silent mode.

  • [FIX] waptservice: Do not ignore broadcast for WaptUpdateServerStatus to avoid the WAPT Tray sticking upon sending data to the WAPT Server.

  • [FIX] Fixed unable to synchronize remote repository.

  • [IMP] waptmessage: No autosize if a size is specified on the command line.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).

  • [IMP] install_scheduling work if not in PENDING_UPDATES status.

  • [FIX] Fixed waptexit compilation: Removed specific WaptIniFilename function.

  • [FIX] Fixed waptmessage unable to load sqlite.

  • [IMP] Updated waptwua status to ‘NEED-SCAN’ on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [NEW] wapt core: Added as_dict and descending parameters to Wapt.read_audit_data_set.

  • [IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.

  • [FIX] Fixed configuration package template setup_package_template_conf.py.

  • [FIX] Fixed waptservice configuration: Set the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice ‘start_waptexit’ with arguments Faulty arguments boolean value decoding.

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with only_priorities and only_if_not_process_running.

  • [FIX] Fixed Wapt.write_audit_data_if_changed: Write data if previous data has expired.

  • [FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.

  • [NEW] Option include_potentially_superseded_updates in configuration wizard.

  • [FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from wapt-get.ini.

  • [FIX] Fixed waptservice: Make sure we have a random secret_key for local waptservice session.

  • [NEW] WAPTWUA superseded support.

  • [IMP] wapt-get edit now opens update_package.py too.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed waptself: Set focus on search when opening.

  • [IMP] Ignore history for waptwua status.

  • [FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.

  • [FIX] Fixed wapt-get update-package-sources: use devdirupdate_package.py to call update_package() hook if this file exists. Else use setup.py.

  • [IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.

  • [FIX] Workaround fix when pyscripter is put as editor for packages. params_vscod_list fixed when space in parameters. Reupdated description.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now opens control file too. wapt-get edit can now be run as user with VSCod* updating wapt_sources_edit() description.

  • [UPD] Changed default log path to wapt/log if writable.

  • [UPD] Same logging initialization code for all UI executables with waptcommon.InitLoggingFromCommandLine.

  • [IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.

WAPT Console

  • [FIX] Fixed icon on action ActWUAGetUnusedKB.

  • [FIX] Fixed actions caption on toolbar in Windows Update.

  • [FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.

  • [FIX] Fixed popup menus on toolbar in OS Deployment.

  • [FIX] Fixed actions on toolbar in Software Inventory.

  • [NEW] waptconsole / waptserver: Added a specific ACL for update_audit_data.

  • [UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.

  • [FIX] Fixed locking some actions on non Enterprise versions.

  • [FIX] Fixed waptconsole package zip build: CreateRecursiveZip.

  • [IMP] cleanup of HTML templates on waptservice. Removed unused js.

  • [IMP] Showing icons for target_os.

  • [FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.

  • [FIX] Fixed waptconsole waptcrypto: implement TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.

  • [FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style) control files.

  • [IMP] Basic POC for Auto Completion on Reporting Queries.

  • [FIX] Fixed viewing TechPreview Features does not take care of display preferences.

  • [FIX] Fixed the downloaded packages have now the chosen maturity.

  • [IMP] Show *.cmd files in post install script selector.

  • [NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.

  • [FIX] Fixed the button Type for update package warning.

  • [ADD] Confirm button before Update from the WAPT store.

  • [FIX] Fixed waptconsole update from the WAPT store Introduced StripPrefix in TPackageRequest to allow searching in the repository on package name without prefix.

  • [FIX] Include min_os_version and max_os_version in WAPT package identification to check which WAPT package is newest.

  • [FIX] When building customized waptsetup, sometimes missing trusted certificate.

  • [FIX] Fixed the copy of wapt-get.ini if there is no waptconsole.ini.

  • [NEW] Menu item for restoring toolbars to default.

  • [FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.

  • [FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.

  • [FIX] Fixed buttons links with actions on WSUS.

  • [FIX] Fixed encoding problem for WSUS.

  • [IMP] Removed GUI interface for the Update from the store action.

  • [ADD] Added a warning message before updating a WAPT package.

  • [ADD] Updated from the store button in private repository done.

  • [IMP] Added Updated part for the Store Update Action.

  • [IMP] Update from the store button (visual part).

  • [FIX] Fixed regression on creating new wuagroup package.

  • [UPD] waptconsole build agent -> named with version, config and hash instead of waptagent.exe/.

  • [FIX] Fixed __pycache__ included in zipped package when built from waptconsole.

  • [ADD] reporting: Added Unique save for each query.

  • [FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.

  • [FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.

  • [IMP] Use system font for html viewers.

  • [IMP] Allow package wizard without installer path.

  • [NEW] Added “keys” mustache helper for html templates.

  • [IMP] waptconsole: Do not try to ping servers before login dialog.

  • [FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.

  • [UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.

  • [IMP] Addied listening to ipv6 only if ipv6 is available.

  • [FIX] Fixed waptconsole crash if custom column with empty size cell.

  • [IMP] Added a warning when no DNS record is found (Remote repository).

  • [FIX] Fixed call if app is currently closing (login cancelled).

  • [IMP] Opening configuration by double-clicking on grid.

  • [IMP] Package wizard for portable apps.

  • [IMP] waptconsole, display bytes size in human readable format in grid.

  • [FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.

  • [IMP] Improved asking credentials on http error 401.

  • [FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.

  • [FIX] Fixed WAPT package creation for OUs.

  • [ADD] Link to the official documentation for the Config Package Wizard.

  • [IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.

  • [IMP] Improved warning before deleting a valid licence.

  • [FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.

  • [FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in repositories setting in waptconsole.ini.

  • [FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.

  • [REF] waptserver model upgrade: removed unused database migration steps.

  • [UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed error editing same OU package in one session.

  • [ADD] ACL Edit Repo on Index for secondary repos

  • [FIX] Fixed missing editing ACL Edit Repo.

  • [FIX] Fixed waptconsole access violation when checking unzipped package signature.

  • [FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).

  • [IMP] Improved the interpretation of checkbox states due to label description.

  • [IMP] Improved search when importing queries.

  • [FIX] Fixed host configuration package that are not editable right after creating them.

  • [FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.

  • [IMP] Removed Python dependency in the WAPT Console.

  • [UPD] waptconsole: Added popup menu to Json hardware treeview.

  • [IMP] Improved reporting import, now select all queries by default + some code improvement

  • [IMP] Improved enabling or disabling ACL by double click.

  • [FIX] Fixed waptconsole: html audit templates. Bad search order.

  • [FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.

  • [FIX] Fixed waptconsole: empty success message for some actions. Updated translations.

  • [FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.

  • [UPD] Fixed waptconsole: Added Edit html template popup menu action.

  • [FIX] Fixed no logo resizing if smaller size.

  • [UPD] Load html templates for host_overview and host_audit from user’s appdata directory if it exists, else from wapt.

  • [REF] waptconsole: Refactored TFrmHtmlViewer to lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in default wapt installation directory (%WAPTBASEDIR%templates).

  • [UPD] waptconsole: Improved drag & drop of columns into GridHosts.

  • [FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.

  • [FIX] Fixed waptconsole drag & drop audit values.

  • [FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.

  • [IMP] waptconsole: Load AD Groups in thread.

  • [FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.

  • [REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store

  • [FIX] Fixed waptconsole: fixed host overview layout if no html template.

  • [UPD] waptconsole: host details layout changes: introduced html templates based overview if templateshost_overview.html file exists (mustache template).

  • [FIX] Fixed waptconsole sendmessage gui splitter.

  • [IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.

  • [FIX] Fixed autosearch in ttissearch component.

  • [NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.

  • [IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.

  • [NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).

  • [FIX] Fixed reporting queries grid layout not saved properly.

  • [UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).

  • [FIX] Fixed avoiding exception if no user was selected before adding ACL rights.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).

  • [UPD] Updated icons on windows update status for WUA.

  • [FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.

  • [FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.

  • [FIX] Fixed waptconsole: Avoid error message of no repo_url for last used package template section.

  • [FIX] Fixed modifying a password if old password was empty.

  • [ADD] Hide / show all columns in grids.

  • [NEW] new option check_package_version in waptconsole.ini.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.

  • [UPD] Host menu for upgrading hosts part.

  • [REF] waptconsole multiserver: Refactored TriggerActionOnHosts to send multiples actions to the right servers.

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [UPD] Deleted host popup.

  • [NEW] Possibility to download WAPT packages when asking hosts for updates.

  • [UPD] trigger_host_update adding possibility to download the WAPT package after update.

  • [FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.

  • [FIX] Fixed saving configuration when new configuration was created.

  • [FIX] Fixed saving language parameter.

  • [FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.

  • [FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.

  • [FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.

  • [FIX] patched setup_package_template_cert.py.tmpl.

  • [FIX] Fixed not adding “cn” in OU.

  • [FIX] Fixed layout on Windows Update part.

  • [FIX] Fixed the flow layout.

  • [IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.

  • [FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.

  • [NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).

  • [REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.

  • [REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in DMWaptConsole.ReloadConfigFile. All sections with a wapt_server key are taken in account. Shares the WaptServerSession across all waptserver connections.

  • [FIX] Fixed bad port for veyon.

WAPT Server

  • [IMP] waptserversetup: Check if there is a CRITICAL log entry during winsetup.py and exit with an exitcode 1000 if it is the case.

  • [IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).

  • [FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.

  • [REF] Server python code cleanup.

  • [IMP] wapttasks: use environment variable on linux to pass config file path.

  • [NEW] waptserver: reduced lifetime of session cookie to default 12h. session_lifetime can be changed in waptserver.ini using session_lifetime seconds parameter.

  • [UPD] Updated to python 3.8.16 for all supported operating systems.

  • [FIX] Fixed stuffed setup exe naming on the WAPT Server.

  • [NEW] new parameter list_subnet_skip_login_wads.

  • [FIX] Fixed waptserver: shorten SQL columns aliases for long get_hosts json queries.

  • [SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.

  • [NEW] waptservice websocket: Enabled certificate checking on websockets.

  • [IMP] waptserver: Added index on computer_ad_ou.

  • [FIX] Fixed waptserver: by default, do not create stuffed waptsetup when a dynamic config is uploaded.

  • [FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.

  • [NEW] model.py: Added upgrade-db action and --overwrite-version=1.2.3 option to force the replay of upgrade db.

  • [FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.

  • [NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.

  • [NEW] If licences json data is empty, assume an empty list.

  • [IMP] Getting storage used by KBs.

  • [NEW] 22H2 build numbers in WindowsVersions class.

  • [NEW] Added hosts_sid endpoint routing to uwsgi in nginx configuration templates.

  • [FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.

  • [FIX] Fixed waptserver: ignore null bytes in audit data string values.

  • [FIX] Fixed waptserver: allow access to agent download without client certificate auth.

  • [FIX] Fixed waptserver model: remove references to unused HostExtData table.

  • [FIX] Fixed waptserver multiinstance with uwsgi: takes in account application_root for interprocess get_ws_connections /api/v3/hosts_sid calls.

  • [UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.

  • [UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the wapt/waptagent folder to be consistent with other agents location Same for waptdeploy.exe.

  • [DEL] waptserver: Removed “enable_store” setting.

  • [UPD] waptconsole multiserver: display unreachable servers.

  • [FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.

  • [FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.

  • [FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.

  • [UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.

  • [UPD] waptconsole multi servers: Do not try to update / merge repo if repo_url is empty.

  • [IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.

  • [IMP] allow_unauthenticated_registration is now like use_kerberos.

  • [FIX] Postconf, current config is now autoselected.

  • [UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.

  • [UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.

  • [UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.

  • [FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.

  • [FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.

  • [REF] Removed enterprise_common.py.

  • [UPD] Upgrade nginx on Windows.

  • [UPD] Upgraded DB to postgresql v14 for windows.

  • [UPG] upgraded postgresql 9.6 to v14 on CentOS7.

  • [FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).

  • [FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.

  • [FIX] Fixed waptserver: Improved message when triggering action.

  • [IMP] Added HTST header to nginx template.

  • [FIX] Fixed waptserver update_hosts_audit_data: Updated values with same global key (host_id,value_id).

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).

  • [IMP] waptserver websocket auth: Put host certificates in cache.

  • [UPD] waptserver websocket: Do not cache UUID twice.

  • [REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.

  • [FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).

  • [IMP] waptserver: WIP endpoint update_hosts_audit_data to bulk insert hosts related data.

  • [IMP] waptserver: update api/v3/get_agents_info to match the online wapt_agent_list.json.

  • [FIX] Fixed glpi sync: simplified glpi_upload_hosts.py script.

  • [FIX] Fixed waptserver huey tasks: licences_list not properly initialized when not using default waptserver.ini.

  • [FIX] Fixed waptserver audit table structure upgrade: typo

  • [FIX] Fixed avoiding GET method limits on hosts_for_wua.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.

  • [FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.

  • [UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.

  • [FIX] Fixed update_server_status with dynamic configuration.

  • [IMP] Include waptsetup.exe in waptserversetup.exe.

WADS

  • [REF] Remove useless code on get_wads_config (Login WADS).

  • [IMP] WgetWads does not require python to work.

  • [FIX] Be more indulgent on json rules for WADS.

  • [FIX] Fixed WADS working when no logging required.

  • [ADD] Login in IPXE, more tests needed.

  • [IMP] Proper way to secure wads_get_config.

  • [ADD] Login on WADS register host and get wads configuration.

  • [NEW] include hostname in debian.ipxe for OS deployment.

  • [FIX] Fixed djoin with given domainuser parameter.

  • [IMP] Added back support GET method on /api/v3/get_wads_config.

  • [NEW] Added asset tag in HostOSDeploy.

  • [IMP] Ask for a new hostname when starting to deploy if hostname equals to ‘autoregister’.

  • [IMP] Improved filtering keyboard faster + french translation in Make WinPE.

  • [FIX] Fixed missing glob import in WADS get_iso_config.

  • [NEW] Adding drivers in WinPE from WADS drivers.

  • [IMP] Improved feedback when the djoin fails (already existing machine).

  • [WADS] <Value> format in XML was incorrect and not complete for password definition.

  • [IMP] Last error message added for failed djoin.

  • [FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.

  • [IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.

  • [NEW] Added customized WinPE export to zip file.

  • [IMP] Improved showing the error message on upload failure.

  • [IMP] Improved applying default configuration on wads host if no configuration has been set.

  • [IMP] ISO download dialog box.

  • [IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.

  • [IMP] WADS: XML no longer disable UAC by default.

  • [FIX] Fixed mac_address not returned with iPXE.

  • [ADD] Added ipxe_script_jinja_path and two templates.

  • [UPD] Added file type filters for loading the post-install script.

  • [FIX] Restored a progression bar when uploading the ISO and the winpe files.

  • [IMP] kill wapttftpserver and uninstall the service before installing it.

  • [ADD] Added Windows 11 unattend XML template files.

  • [IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).

  • [FIX] Added tftp firewalld port opening.

  • [IMP] Avoid creating WinPE on Windows partition + some ACL added.

  • [UPD] Renamed drivers bundle filenames to sha256(filename).

  • [ADD] Added a template for Debian.

  • [UPD] GridConfigDeploy showing the platform now.

  • [FIX] Fixed saving bundle names.

  • [NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.

  • [FIX] Fixed SELinux rules for wads.

  • [FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).

  • [UPD] WADS grayed when windows update repository is selected.

  • [UPD] Possibility to select an iso file even if not Windows.

  • [FIX] Fixed waptconsole uploadWinPE: regression in upload progress bar and incomplete zip.

  • [FIX] Fixed wads to include non CA certificates for WinPE build.

  • [IMP] Added ipxe_script in DeployConfig table.

WAPT Agent MacOS

  • [UPD] Delete old pkg if available in pkg list.

  • [NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.

  • [FIX] Improved support for macOS MenuBar.

  • [FIX] Added WAPT Console .app plist file for macOS X.

  • [FIX] Fixed some macOS X model and serial number reports.

  • [FIX] Fixed macOS X local_groups key in host_info.

  • [FIX] Updated mormot2 for gssapi on macOS X.

  • [NEW] support WADS security, Network masks.

  • [FIX] Fixed installed_softwares on MacOS.

  • [NEW] Added timestamping to pkg signing.

  • [FIX] Fixed getting agent version in get_wads_config.

  • [NEW] Added entitlements file for macOS signing.

  • [IMP] Force light UI when DarkMode is active on macOS.

  • [FIX] Fixed opening maximized self service on macOS

  • [FIX] Fixed loading hosts on macOS when more options in inventory is checked.

  • [IMP] Better handle on input (utf8 convertion).

  • [IMP] macOS: Updated build script to handle binary file signing and better debugging.

  • [IMP] Patched dmidecode info for macOS.

  • [FIX] Fixed macOS core get_hostname return binary string instead of str -> update_status loop.

  • [IMP] Use system_profiler_info for dmi_info on macOS X.

  • [REF] plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed duplicated macOS code in setuphelpers for get_hostname().

  • [IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.

  • [NEW] Added the WAPT Console to Linux and macOS gui distribution.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed register for macOS.

  • [FIX] Fixed custom waptmessage logo linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [FIX] Fixed restart waptservice for macOS.

  • [IMP] Silently attach dmg file.

  • [FIX] Fixed get_file_type in macOS.

WAPT Agent Linux

  • [FIX] Fixed user_local_appdata for Linux.

  • [IMP] waptagent Debian package: removed system python3 dependency.

  • [IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.

  • [IMP] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).

  • [NEW] Added the WAPT Console to Linux and MacOS gui distribution.

  • [FIX] Fixed configpackage wizard and main form layouts for Linux.

  • [UPD] Updated virtualtreeview for Linux visual grid lines improvements.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [ADD] Added snap software inventory.

  • [FIX] Fixed waptservice linux restart Linux: AttributeError: WaptServiceRestart object has no attribute logger.

  • [NEW] Linux OS deployment.

  • [FIX] Added firewalld rule on RedHat based server for wapttftpserver.

WAPT-2.2 Serie

WAPT-2.2.3.12481 (2022-11-30)

hash: ad3855c9

This is a security release with a few related bugfixes. All WAPT 2.0 versions below 2.2.3.12481 are affected.

Note: if you are using WAPTAgent deployment via GPO, do not forget to update your waptdeploy binary in the definition of the GPO.

WAPT Core

  • [SEC] Upgraded python from 3.8.13 to 3.8.15.

  • [SEC] Upgraded openssl from 1.1.1k to 1.1.1s.

  • [SEC] Upgraded WAPT Agent kerberos lib from 1.19.3 to 1.20.1 (Linux / macOS).

  • [SEC] Upgraded python modules with CVEs:

    • pylint==2.12.2 -> 2.15.6.

    • ujson==4.0.2 -> 5.5.0.

    • waitress==2.0.0 -> 2.1.2.

WAPT Agent

  • [SEC] waptdeploy.exe: Use only wapt_is1 install location from registry to get the current wapt installation directory.

    Do not run wapt-get to check working condition.

  • [FIX] Added fallback method to get domain in get_hostname.

  • [FIX] Fixed windows, replaced wapt-get.exe --hide by waptpythonw.exe wapt-get.py to run session-setup because --hide does not actually hide the shell window.

  • [FIX] Fixed WakeOnLAN relays.

  • [REF] Cleaned up the WAPT Agent common.py: removed unused imports.

  • [FIX] Fixed waptexit: fix only_priorities argument when starting waptexit from service.

  • [IMP] MacOS: Updated build script to handle binary file signing and better debugging.

WAPT Console

  • [UPD] WADS: Include hostname in template iPXE Debian Linux.

  • [IMP] WAPT Console: Do not display empty confirmation messagebox.

WAPT Server

  • [FIX] waptserver postconf: Force path when running psql command in postconf (linux).

WAPT-2.2.3.12463 (2022-09-29)

hash: fc306143

This release is mainly a bugfix release. The main new feature is tech-preview support for MacOS on Apple M1 architecture.

Note :

  • due to EOL and security issue, the PostgreSQL database version has been updated on the WAPT Server for Windows and RedHat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. The upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on RedHat7. Be sure to run the postconf.sh script after upgrading.

WAPT Server

  • [UPD] WAPT Server for RedHat7 / Centos7: Upgraded PostgreSQL version from 9.6 to 14.5.

  • [UPD] WAPT Server for Windows: Upgraded nginx to 1.22.0.

  • [UPD] WAPT Server for Windows: Upgraded vcredist to 2022.

  • [UPD] WAPT Server for Windows: Upgraded PostgreSQL version from 9.6 to 14.5.

  • [FIX] WAPT Server for Windows: Fixed icacls for migrate_pg_db.

  • [FIX] WAPT Server for Windows: Allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for installing).

  • [UPD] WAPT Server for Windows: waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed upgrade procedure: migrate data text to jsonb only if table hostauditdata in data_type text.

  • [FIX] Patched create_default_users when upgrading from 1.8.2 to 2.2.

  • [FIX] Fixed unhandled redirections in TWaptServer wget.

  • [FIX] Added RedirectMax parameter in WaptServer WGet

  • [UPD] Added ubuntu 22.04 in waptagent bundle.

  • [FIX] Fixed postconf nginx: bad error string format.

WAPT Console

  • [FIX] Fixed host configuration package that were not editable right after creating them.

  • [FIX] Fixed error editing same OU package in one session.

  • [FIX] Fixed CleanupPackagesCache proper unlock even if no assigned package.

  • [FIX] Fixed access violation at startup when no server is defined in waptconsole.ini file.

  • [FIX] Fixed waptconsole: When deleting a package in the private repo page, package is still listed until the WAPT Console is restarted, but the package is actually deleted on the WAPT Server.

  • [FIX] Fixed waptconsole: Random timeout error when running commands from waptconsole

WAPT Agent

  • [FIX] Fixed setuphelpers: reintroduce running_as_system for Linux and macOS (uid==0).

  • [FIX] Fixed start waptservice only if wapt-get.ini configuration exists.

  • [FIX] Fixed remove_file(): Was unable to remove symlinks.

  • [FIX] Reset properly Wapt core settings to default when reloading config from wapt-get.ini.

  • [FIX] Try to create a minimal wapt-get.ini file if it does not exist so that the service can be started without any prior configuration.

  • [FIX] Fixed WAPT Agent for macOS: use system_profiler_info for dmi_info on macOS for support for Apple m1 architecture.

  • [FIX] Fixed WAPT Agent for macOS: plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed WAPT Agent for macOS: core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed WAPT Agent for macOS: change postinst script for launchctl compatibility.

  • [FIX] Fixed WAPT Agent for macOS: macOS core: get_hostname returned binary string instead of str -> update_status loop.

  • [IMP] Fixed WAPT Agent for macOS: Rationalize pkg filename.

WAPT-2.2.3.12454-rc2 (2022-09-26)

hash: 64bfc946

This is the second release candidate for WAPT 2.2.3.

The main new feature is tech-preview support for MacOS on Apple M1 architecture. Otherwise it is mainly a bugfix release.

Note :

  • due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and RedHat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on RedHat7. Be sure to run the postconf.sh script after upgrade.

Fixes since WAPT-2.2.3-rc1:

WAPT Server for Windows

  • [FIX] Fixed icacls for migrate_pg_db.

WAPT Agent

  • [FIX] Start waptservice only if wapt-get.ini config is exists

  • [FIX] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [FIX] Fixed remove_file() that was unable to remove symlinks.

  • [FIX] Fixed waptconsole : fix AV at startup when no server is defined in ini file.

WAPT Agent for macOS

  • [FIX] Use system_profiler_info for dmi_info on macOS for support for Apple m1 architecture.

  • [FIX] Fixed plistlib.readPlistFromBytes deprecation.

  • [FIX] Fixed core macOS: use uuid from system_profiler_info instead of dmidecode

  • [FIX] change postinst script for launchctl compatibility

  • [FIX] macOS core get_hostname return binary string instead of str -> update_status loop

  • [IMP] rationalize pkg filename

WAPT-2.2.3.12411-rc1 (2022-09-05)

hash: 29e18f23

This is mainly a bugfix release.

Note :

  • due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and RedHat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on RedHat7. Be sure to run the postconf.sh script after upgrade.

WAPT Server

  • [UPD] WAPT Server for RedHat7 / Centos7 ! upgrade PostgreSQL version from 9.6 to 14.5

  • [UPD] WAPT Server for Windows : upgrade nginx to 1.22.0

  • [UPD] WAPT Server for Windows : upgrade vcredist to 2022

  • [UPD] WAPT Server for Windows : upgrade PostgreSQL version from 9.6 to 14.5

  • [FIX] WAPT Server for Windows : allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for install)

  • [UPD] WAPT Server for Windows : waptserversetup: avoid automatic restart when installing MSVC 2022

  • [FIX] fix upgrade procedure : migrate data text to jsonb only if table hostauditdata in data_type text

  • [FIX] patch create_default_users when upgrading from 1.8.2 to 2.2

  • [FIX] Fix unhandled redirections in TWaptServer wget

  • [FIX] Add RedirectMax parameter in WaptServer WGet

  • [UPD] added ubuntu 22.04 in waptagent bundle

WAPT Console

  • [FIX] host config package are not editable right after creating them.

  • [FIX] error editing same OU package in one session

  • [FIX] CleanupPackagesCache proper unlock even if no assigned package

WAPT Agent

  • [FIX] setuphelpers. reintroduce running_as_system for linux and mac (uid==0)

WAPT-2.2.2.12388 (2022-07-22)

hash: 10e35aa7

This is mainly a bugfix release.

Note

  • There is a change in the wapt the wapt->glpi sync is working, please refer to documentation for upgrade.

  • Tech preview: new multiserver console support (connect to multiple wapt server using one console).

  • Added support for ubuntu 22.04 amd64.

  • def update_package() function can now be located in a separate update_package.py file. New packages from wapt store will use this new format to make setup.py simpler and more readable. Older wapt version are not impacted for package import and package install, but may be impacted if one wants to update directly from the WAPT Console using update_package script.

WAPT Deployment Server (WADS)

  • [NEW] injecting oem key by slmgr command

  • [FIX] fix tftpserver window size handling (bug on Dell uefi bios)

  • [FIX] allow djoin with machine in default container CN=computers

  • [FIX] improve error message when using standard user on MS AD for djoin.exe when >10 machine quota join has been reached

  • [FIX] allow saving / renaming bundle names and check for empty names

  • [IMP] add ACL on WADS (before it needed admin level ACL)

  • [NEW] add post_install script windows

  • [NEW] add ignore_ipxescript and move conf file and ipxescript

  • [NEW] Basic Linux OS Deploy support : add Debian ipxe script template

  • [NEW] add {{server_url}} {{secondary_repo}} and {{hostname}} in get_wads_config

  • [NEW] add mustach templating in ipxescript

  • [FIX] waptconsole uploadWinPE : fix regression in upload progress bar and incomplete zip.

  • [FIX] add a progression form when uploading ISO and winpe

  • [IMP] add wapttftpserver service shutdown in upgrade sequence (throught net stop, not only taskkill)

  • [IMP] add tftp firewalld port opening on RedHat

WAPT Console

  • [NEW] techpreview: waptconsole reporting multiservers.

  • [FIX] Fixed check that downloaded waptsetup version is same or newer than server.

  • [NEW] Download from https://wapt.tranquil.it and upload on local waptserver agents for Linux and macOS directly from the WAPT Console.

  • [NEW] Added a popupmenu Copy to clipboard as json for audit data.

  • [NEW] Display audit history audit data explorer (treeview + html template) + allow drag/drop of a audit json value subkey from value tree explorer.

  • [IMP] waptwua: update waptwua status to NEED-SCAN on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [IMP] Package import: Don’t take care anymore of maturity for version when it’s compared to store version.

  • [FIX] Added licence validity check tolerance +1 day.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console.

  • [FIX] Allow ~ in package names (for spaces in Organizational Unit packages).

  • [UPD] Updated icons on windows update status for WUA.

  • [NEW] New option check_package_version in waptconsole.ini.

  • [FIX] Fixed saving empty value in Editor for packages.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Wrong message when no admin rights and waptagent need upgrade or not present.

  • [UPD] When going outside modified rules. A popup will ask to save or not the rules.

  • [UPD] Delete host popup.

  • [NEW] Added feature to download packages when asking hosts for update.

  • [UPD] trigger_host_update adding possibility to download the package after update.

  • [FIX] Saving language parameter.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed layout on Windows Update form.

  • [NEW] waptconsole: multiserver: manage packages repositories by server.

  • [FIX] waptconsole: re-enable dataexport to csv for grids.

  • [NEW] Explicit hint on number version when the package is not up to date (GridPackages)

  • [UPD] waptconsole: Improved drag drop of columns into GridHosts

  • [NEW] waptconsole: New Htmlviewer for audit data and Html auditdataview template filename (wapttemplates ) calculated from section and key, or section.

  • [FIX] waptconsole drag/drop audit values.

  • [IMP] waptconsole: Load Active Directory Groups in thread.

  • [FIX] waptserver: Improved message when triggering action.

WAPT Server

  • [FIX] glpi sync: simplified glpi_upload_hosts.py script.

  • [NEW] techpreview waptserver: endpoint update_hosts_audit_data to bulk insert hosts related data (for third party data integration).

  • [NEW] Added multiserver endpoint for multiserver WAPT Console.

  • [FIX] waptserver update_audit_data fix on_conflicts for value_id.

  • [IMP] waptserversetup: take in account wapt_folder parameter in waptserver.ini when upgrading a setup.

  • [IMP] Use utc time for acls expiration check.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled.

  • [IMP] waptserver db install: try to register jsquery extension to make json query more powerful for reporting (this is not yet mandatory).

  • [IMP] Renamed waptsetup-tis.exe to waptsetup.exe on the WAPT Server.

  • [IMP] Include waptsetup.exe in waptserversetup.exe on Windows.

  • [IMP] Download from TIS / upload to the WAPT Server of the installation packages of the WAPT Agents.

  • [UPD] Create a full version 1.2.3.rev-hash into file wapt/version-full

  • [IMP] Added HTST header to nginx template.

  • [DEL] Removed direct integration of GLPI sync into WAPT. Now switched to plugin sync

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan)

  • [IMP] Force calc_md5 if new filename in server.

  • [IMP] Improved websockets performance and reliability. Now websocket ids are stored in memory instead being written in the database.

WAPT Agent

  • [FIX] Fixed threading exception in WAPTExit and WAPTTray that could prevent status updates.

  • [NEW] WAPTWUA superseded support. option include_potentially_superseded_updates in configuration wizard.

  • [NEW] Added snap software inventory.

  • [FIX] waptmessage unable to load sqlite on Linux and macOS.

  • [FIX] Fixed custom waptmessage logo on Linux.

  • [FIX] Fixed waptservice configuration: sets the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice ‘start_waptexit’ with arguments

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with ‘only_priorities’ and ‘only_if_not_process_running’

  • [FIX] Wapt.write_audit_data_if_changed: writes data if previous data has expired.

  • [IMP] wapt-get add-config-from-url: provides a meaningful message when hash is not provided.

  • [FIX] Updated the template of dynamic json configuration packages to match the new location and the naming of json config related functions.

  • [IMP] Improved dynamic configuration handling for the WAPT Agent.

  • [FIX] waptservice: ensure a random secret_key for local waptservice session.

  • [FIX] wapt-get update-package-sources: handles properly relative path to package sources.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now open control file too.

  • [UPD] Changed default log path to wapt/log if writable.

  • [IMP] waptservice waptself: local authentication with file token (ie. nopassword), handling of local groups.

  • [NEW] use --not-interactive with register if install run in silent mode and not run update if install service.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [FIX] Linux: waptservice restart Linux: AttributeError: ‘WaptServiceRestart’ object has no attribute ‘logger’.

  • [IMP] macOS: normalize macos wapt install package name format.

  • [FIX] macOS: Fixed registration failing in some cases.

  • [IMP] macOS: Added mpkg support.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to admins to log directory (in case non public stuff get written to log)

WAPT Core

  • [IMP] Patched with_md5sum in make_package_filename.

  • [IMP] Added options for update-package-sources.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [NEW] wapt core: allow usage of an environment variable “waptbasedir” to specify the location of root waptbasedir.

  • [FIX] configuration package template setup_package_template_conf.py.

  • [IMP] Support for def update_package in file update_package.py instead of setup.py for better readability.

  • [UPG] Upgraded openssl to 1.1.1o.

  • [NEW] core: define path Wapt.configs_dir relative to Wapt.config_filename if the dir Wapt.config_filename..conf.f exists.

  • [FIX] Fixed waptcrypto: certificate filename attribute was not set when loading a certificate chain.

  • [FIX] Fixed new option copytree2 replace_at_next_reboot.

  • [FIX] Avoid errors on get_version_from_binary() getting params.

  • [FIX] Fixed keyword and name with installed_softwares in macOS and Linux.

WAPT-2.2.1.11957 (2022-06-02)

WAPT Deployment Server (WADS)

  • [FIX] Fixed wapttftpserver restart on Linux.

  • [IMP] Added xml template for windows 11 deployment.

  • [FIX] if verify_cert is empty, then verify_cert = False.

WAPT Console

  • [FIX] CheckLicence => licence is now valid one day before the real beginning.

WAPT Agents

  • [FIX] Fixed harakiri on Linux.

WAPT-2.2.1.11949 (2022-05-18)

hash: 1b2dfbee

This is a bugfix release.

WAPT Deployment Server (WADS)

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [FIX] Fixed selinux rules for WADS.

  • [FIX] Fixed non ascii character support in passwords.

  • [IMP] wgetwads: add more logging data (wget). Disable exe signature certificate as this could be blocking if CRL can not be checked in winpe environment for example.

  • [UPD] add a timer to wait for network in WADS.

  • [UPD] Update openssl to 1.1.1n for WADS.

Other fixes

  • [FIX] fix wrong GPO link on waptserver start page

  • [FIX] fix some translation messages in console

  • [FIX] wrong element order in message in ACL GUI

  • [FIX] allow change password if user password has been cleared

  • [UPD] update mormot2 for bug in TSynDictionary.AddOrUpdate()

  • [UPD] update mormot statics for sqlite to 3.38.5 (required for mormot compatibility)

WAPT-2.2.1.11932 (2022-05-05)

hash: 6522dccb

This is a bugfix release.

WAPT Deployment Server (WADS)

  • [FIX] wapttftpserver : better handling of UEFI PXE/TFTP boot

  • [FIX] wads now include non CA certificates for winpe build

  • [FIX] Not adding “cn” in OU

  • [FIX] wapttftpserver : add firewalld rule on redhat based server for wapttftpserver

  • [FIX] WADS : improve feed back on upload WinPE

  • [FIX] wapttftpserver : kill wapttftpserver and uninstall service before installing it

  • [IMP] waptserversetup: add wapttftpserver configuration for windows

WAPT Server

  • [FIX] fix typo for rocky support as server

  • [FIX] waptservice websocket reconnection: disable by default low level reconnect feature

WAPT Console

  • [FIX] fix bad port configuration for veyon remote assistance support

  • [FIX] Define default package prefix when creating empty package

  • [FIX] patch setup_package_template_cert.py.tmpl

  • [FIX] waptconsole: fix access violation when access to external repo is blocked or need a proxy.

  • [IMP] package version in bold red if obsolete version compared to external repo for better accessibility

WAPT Agent

  • [FIX] waptservice websocket reconnection: disable by default low level reconnect feature

  • [FIX] add conf.d to rpm agent installers for the new agent configuration management

  • [FIX] macOS: fix get_file_type in macos

  • [IMP] macOS: silently attach dmg file

  • [IMP] waptwua : improve consistancy between WUA history and WUA status

  • [FIX] waptself: bad char case for png file (issue for linux)

  • [IMP] add dummy running_on_ac for linux and mac for compatibility

  • [FIX] waptutils.user_config_directory() did not work under system account.

WAPT Core

WAPT-2.2.1.11899 (2022-04-06)

hash: 2d82654e

This is mainly a bugfix release.

A new tftpserver has been introduced and it will ease WADS installation and configuration as it will be directly integrated into WAPT.

WAPT Deployment Server (WADS)

  • [NEW] add a wapttftpserver binary on windows and linux to act as a tftp server for WADS

  • [FIX] WADS : don’t use redirect

  • [FIX] WADS : be tolerant if sendstatus can not be sent.

  • [IMP] WADS : handle https for drivers (continued)

  • [UPD] wads : get windows system certificates for WADS server bundle

  • [UPD] implement https verifyCert in wads and wgetwads

  • [IMP] add serial_number arg when calling server get_wads_config in wads

  • [UPD] waptconsole wads: add audit columns (created/updated) in grids.

  • [NEW] Add an action to prepare a host package in WADS OS Deploy grid

  • [NEW] wgetwads : use code signing cert of TIS to check signature of json hashes file if no signer_certificate in json file

WAPT Console

  • [UPD] OU “All” fixed to not editable on GridOrgUnits

  • [FIX] waptconsole: wrong client https key password used for task polling thread.

  • [FIX] waptwua packages : ALLOWED status in winupdates grid is kept between form display.

  • [FIX] Package creation did not take silent flags in account

  • [FIX] memory leak when refreshing packages list

  • [FIX] waptconsole packages list: Showing all versions when “Last version only” is not checked

  • [FIX] “property not found” in some grids when refreshing data.

  • [FIX] running plugins on multiple hosts.

  • [FIX] taking in account the platform when lookig for TIS store package version

  • [FIX] nested progress notifications in uwaptserverconnection TWaptServer

  • [FIX] Disabled pysources check at waptconsole startup.

  • [FIX] external repo ini settings dialog when importing.

  • [FIX] waptconsole. some ui elements are not disabled when switching to discovery on login.

WAPT Server

  • [NEW] add support for postgresql 14 on centos7

  • [UPD] wapt windows server: update to nginx 1.20.2

  • [IMP] server postinstall : put nginx backups in a different dir than nginx config

  • [FIX] waptserver: fix empty error message when trying to activate an existing licence

WAPT Agent

  • [NEW] added new waptguihelpers : grid_dialog, filename_dialog, input_dialog, combo_dialog

  • [FIX] waptdeploy multiple setupargs raise “Invalid variant operation”

  • [FIX] missing root certificates when exporting system store certificates in lazarus app (GetSystemCABundlePath). Must trust CA + ROOT stores

  • [FIX] setuphelpers: regression in maintaining backward compatibility for some const which are functions too (programfiles etc..)

  • [FIX] be tolerant if uuid can not be regenerated (on linux, dmidecode can’t be run as normal user in session-setup)

  • [FIX] fix wget waptdeploy.exe waptagent.exe in wads and detect mismatch drivers config

  • [FIX] waptagent regression : Revert “[UPD] waptservice : tasks don’t notify server by default to avoid too frequent updates of database.”

  • [FIX] wapt-get : try to fix get service password on unix.

  • [NEW] splitting remove_appx() with new function remove_user_appx() to avoid unexpected behavior

  • [NEW] Add restart-waptservice action in wapt-get.py

  • [FIX] fix publisher and version in installed_softwares macos

  • [FIX] use waptservice to check if is_enterprise in waptexit (avoid direct access to local waptdb) (fix unable to access sqlite db on linux / mac)

WAPT to GPLI connector

  • [FIX] glpi fix install_date

  • [FIX] regression in glpi export (Softwares)

WAPT-2.2.0.11720 (2022-03-15)

hash: 8e07f388

This is the first release of the 2.2 serie of WAPT.

WAPT Core

  • [NEW] Discovery mode for the WAPT Console

    • when checking acls, the licencing status is taken in account to enable or not actions.

    • maximum number of 300 managed hosts in discovery mode.

WAPT Deployment Server (WADS)

  • [NEW] tech preview Automated Windows OS deployment called WADS WAPT Enterprise feature only:

    • Using a winpe image (network boot or usb key boot).

    • Shipping wimboot, ipxe.efi, undionly.kpxe, 7z.dll.

    • Added openssl win64 binaries for WADS

    • Added wads.exe and wgetads custom binaries in distribution.

    • Added WADS repo option in repo rules.

    • Added a WAPT Console page to list raw registered hosts, upload winpe images, define default config, uplaod drivers bundles.

    • On WAPT Server: added /var/www/wads/ add a non protected /wads in nginx config.

WAPT Console

  • [NEW] add columns in private repo to display newest software version (Tranquil IT effort to parse softwares providers download sites) and newest package version (from Tranquil IT store database).

  • [NEW] Dynamic Agent configuration using .json files stored on the WAPT Server:

    • Added a last_update_config_fingerprint local param to keep track of current config.

    • Added ‘configurations’ (merged config overview) data when uploading host status to the WAPT Server.

  • [NEW] Dynamic Agent configuration using config packages:

    • Added templates/setup_package_template_conf.py.tmpl package template.

    • Added a wapt/conf.d directory on the WAPT Agent to hold the installed .json configuration files.

  • [NEW] New in the WAPT Console: added option to show the host WAPT Agent configurations overview.

  • [NEW] New in the WAPT Console: option to display a graph of host packages dependencies.

  • [NEW] New in the WAPT Console reporting: tabbed interface to displays multiple query results.

  • [NEW] New in the WAPT Console: option to filter host inventory based on the result of a SQL query:

    • In reporting, right click on column which represent a host UUID and “choose as Host UUID” abnd save.

    • The query is then available in the combobos “Filter hosts on SQL query” in hosts inventory.

  • [NEW] New in the WAPT Console: add a Tech preview Tab for packages development workflow:

    • Create from template;

    • Displays waptdev directory sources package status;

    • Basic git commands.

  • [IMP] Improved the WAPT Console send message : enable use of HTML (copy & paste). HTML Preview.

  • [IMP] Do not clear selection on mouse right-click when selecting package names in package edits.

  • [IMP] refactored the WAPT Console code to remove most python calls:

    • removed waptdevutils.py, removed calls to WaptRemoteRepo, replaced by pure fpc code.

  • [UPD] Updated the WAPT Console: merged selected hosts add/remove depends, add/remove conflicts in a single action/form

  • [UPD] Updated the WAPT Console update package source: add a checkbox to enable package version increment.

  • [UPD] Updated the WAPT Console ‘plugins’ config: warn user if not saved.

  • [UPD] Updated the WAPT Console: removed obsolete Add ADS Groups to selected host action.

  • [UPD] Updated the WAPT Console action Refresh Host Inventory triggers a update_server_status instead of a full computer register.

  • [UPD] Updated the WAPT Console: host additional tools (rdp, vnc, etc) which requires to look for a connected IP are now run in a thread to avoid freezing the UI.

  • [UPD] Start of use of mormot2 for X509 and RSA crypto instead of python bindings in the WAPT Console

  • [FIX] waptconsole : store executable signature with new key name format (xxx.exe keys)

  • [FIX] duplicated panels in initial configuration package wizard.

WAPT Self-Service

  • [IMP] waptself: add logger.

WAPT Server

  • [IMP] Improved the WAPT Server authentication: try ldap authentication only if ldap_auth_server is defined.

  • [UPD] Updated the WAPT Server licencing: use waptlicences.pyd instead of pure python code.

  • [UPD] Updated the WAPT Server: add config options wads_folder and agent_folder.

  • [UPD] Updated the WAPT Server: improve GLPI export, add ‘smodel’ on GLPI exports and add ‘monitors’.

  • [IMP] force en_US.utf8 locale for linux services.

  • [IMP] add /api/v3/latest_installed_package_version.

  • [UPD] upgraded jquery to v3.6.0.

WAPT Service

  • [NEW] Added /opt/wapt/wapt-get.bin to linux distributions.

  • [NEW] New in the WAPT service: added a WaptUnregisterComputer task and unregister_computer socketio action.

  • [IMP] Improved the WAPT service: improved logger.

  • [IMP] Improved the WAPT service and the WAPT Agent take into account the licencing status:

    • Added a licences local params to store the current registered licences retrieved from the WAPT Server during the last update.

  • [UPD] waptcrypto.py: made optional the joining of signer certificate when signing claims.

  • [UPD] Updated the WAPT Deployment utility: increased timeout from 4s to 15s when pinging the current http WAPT service.

  • [UPD] Upgraded dmidecode to v3.3 on windows.

  • [UPD] Updated the WAPT service: do not check battery level for WaptAuditPackage task.

  • [REF] Installers : merged wapt.iss and common.iss.

  • [FIX] wapttasks: took in account non default config filename.

  • [FIX] Fixed the WAPT service: reporting properly the user which created a task (either locally or using websockets).

  • [FIX] Fixed the WAPT service: fixed icons in package local webpage.

wapt-get

  • [IMP] wapt-get new config actions. Added actions:

    • add-config-from-file;

    • add-config-from-base64;

    • add-config-from-url;

    with parameters:

    • --not-interactive: Disables dialog to ask credential users (for batch mode);

    • --waptbasedir: Forces a different wapt-base-dir then default dir of waptutils.py;

    • --devmode: Enables devmode. dbpath is set to memory and certificate/key paths are in userappdata;

    • --json-config-name: The name of the .json file given with the action json-config-from-file/base64/url;

    • --json-config-priority: The priority of the json file given with the action json-config-from-file/base64/url.

  • [UPD] Removed update-packages action synonym for scan-packages.

  • [IMP] wapt-get added update-status action in service mode wapt-get -S update-status.

  • [IMP] Enabled --CAKeyFilename and --CACertFilename wapt-get options WAPT Enterprise feature only

  • [IMP] Added logger for waptguihelper pyd module. if --loglevel = debug in commandline, logger is activated.

  • [IMP] Reporting the use_repo_rules flag to the WAPT Server in wapt_status

    • Report is_enterprise flag to the WAPT Server

    • Report installed antivirus and monitors in host inventory

  • [IMP] Audit loop granularity based on actual installed packages:

    • Added get_next_audit_datetime() on Wapt class.

    • waptaudit_task_period attribute is now in the Wapt class instead of the WAPT service.

  • [UPD] Removed the not functional --dry-run wapt-get option.

  • [IMP] Improved register computer fallback from kerberos to password based authentication:

    • Do not send audit data when registering to limit workload.

  • [IMP] Try registering computer if update_server_status fails because of authentication.

  • [IMP] waptpython.exe, waptpythonw.exe, and nssm.exe are now signed with Tranquil code signing key.

  • [NEW] added pylint and black modules. Added black configuration to vscode project template.

  • [NEW] Added setuphelpers.getscreens.

  • [IMP] Improved SetupHelpers unzip : new extract_with_full_paths argument (default True).

  • [NEW] New SetupHelpers listening_sockets().

  • [IMP] Added templates/setup_package_template_portable_exe.py.tmpl and templates/setup_package_template_portable_zip.py.tmpl package templates.

Others stuff

  • [IMP] Added windows_version_prettyname and windows_version_releaseid in host_info.

  • [IMP] Always use RunAsAdminWait to copy package certificate to the local WAPT service waptssl directory.

  • [IMP] Improved the WAPT Console config: stores WAPT Server certificate in AppUser folder (roamingwaptconsolesslserver).

  • [IMP] Reset TLS client key password in the WAPT Console config if connection error.

  • [UPD] Retire python GetPrivateKeyPath, raise exception if GetPrivateKey does not succeed.

  • [FIX] Clear cached TLS client key password when validating the the WAPT Console config dialog.

  • [IMP] Improve GLPIlpi settings windows.

  • [IMP] Clean up the html error page from the WAPT Server when checking the WAPT Server and WAPT repository URL.

  • [FIX] Don’t reenter the private key password dialog if already asking the user. This issue can be triggered if several therad are using a key, or if cooperative multitasking like TAction messages (OnUpdate) triggers a Get with client side certificate authentication.

  • [SEC] Fix dhparam on the WAPT Server postconf.

  • [FIX] Fix failover on file version with remove_outdated_binaries().

  • [IMP] Add asset_tag to sysinfo api.

  • [FIX] Get_antivirus_info: test if timestamp attribute exists.

  • [IMP] New getscreens function.

  • [IMP] Added columns uuid manufacturer and product serialnumber in database.

  • [UPD] Added mac_addresses to LocalSysinfo.

  • [UPD] Expanded LocalSysinfo with uuid, serial_number and sku_number, fixed keys with underscore.

  • [IMP] Improved matching of reachable IPs of client using new GetReachableIP from mormot2.

  • [UPD] GetReachableIP: connection tests are performed in parallel using mormot GetReachableAddr instead of one after the other to reduce delay when launching IP based command to remote hosts from the WAPT Console.

  • [FIX] Take --config option in account for wapt-get fpc code.

  • [UPD] waptcrypto: implemented TX509Certificate.CN, removed TX509Certificate.DN.

  • [UPD] Updated SetupHelpers need_install: now comparing software versions with 4 members. Assumes that 1.2 == 1.2.0.0 and 1.2.3.4.5 == 1.2.3.4, remove_previous_version: use version with 4 members.

WAPT-2.1 Serie

WAPT-2.1.2.10652 (2022-01-10)

hash: 7dd63b61

  • [UPD] shorten the default package filename. If target_os is alnum, do not include md5sum in the filename. If target_os is in tags, do not duplicate it in filename

  • [FIX] disable debug data for linux

  • [FIX] try to circumvent issue with Trend antivirus blocking the WaptTaskManager. Looks like the issue is with platform.win32_ver using win32api.GetVersionEx…

  • [FIX] Installed softwares invalid conditions

  • [FIX] fix local_user and local_group on macOS

  • [FIX] removed workaround on 60s delay for websocket disconnect

  • [FIX] use CompressGZip instead of CompressZLib on the WAPT Server, compression is GZip

  • [FIX] Allow ‘~’ in package filenames

  • [FIX] try to not update records in database if data has not changed

  • [FIX] Wake on lan relay now equals is remote repository

  • [FIX] fix group members

  • [FIX] return only local and user group (ignore nsswitch)

  • [FIX] backported the WAPT Exit utility (improved detailed logging) from 2.2

  • [FIX] backport waptlicences py module from 2.2

  • [SEC] check that hostname matches https certificate in the WAPT Console http client.

  • [FIX] backport uwaptlicencing: allow empty json licencing data

  • [FIX] fix WaptHttpPostData

  • [FIX] check valid uri in wapthttputils waptwget WaptWget_Try

  • [FIX] init LastModifiedDate to ‘’ if not found in THttpResponse

  • [FIX] add a 50ms report delay for httpprogressnotification

  • isolate wapt python engine: PyFlags:= [pfNoUserSiteDirectory, pfIsolatedFlag];

  • [FIX] Fixed SetupHelpers: backported changes from 2.2 is_linux64 type_rhel fix installed_softwares for type_redhat upd uninstall_apt with autoremove

  • [FIX] user_appdata = user_local_appdata for unix

  • [IMP] introduced get_powershell_str, get_default_app remove_appx

  • [IMP] introduce InitLogger for the WAPT Exit utility

  • [FIX] Fixed the WAPT Console: generalize the use of a fallback package_uuid in case of old packages without package_uuid field.

  • [FIX] Fixed the WAPT Console: use editable dropdown in frmpackagedetails for maturity

  • [FIX] backport issue with inc version of some group packages when importing

  • [FIX] Disable client side ssl authentication on root WAPT Server url (regression)

  • [FIX] isolate from user python env when building binary packages

  • [UPD] improved feedback message for license activation on the WAPT Server.

  • [UPD] wapt-scanpackages.py: add option -d to disable update of database Packages table.

  • [FIX] The -b switch is True by defaut, so there were no way to disable update of database table.

  • [UPD] Updated the WAPT Console: be tolerant for old package without package_uuid

  • [UPD] strip ending slash in {{data.wapt.hostname}} server template properties to avoid double slashes in templates result

  • [UPD] backport openssl build parameter from 2.2

  • [FIX] Fixed the WAPT Agent url link in the WAPT Server index page.

  • [FIX] setproctitle only for unix

  • [FIX] locate packages in host packages grid using package_uuid instead of id, so that refreshing grid works properly with a multiselection of hosts.

  • [UPG][SEC] upgrade python version from 3.8.11 to 3.8.12

  • [FIX] remove python3 dependencie. Now python3 is included in wapt

WAPT-2.1.2.10605 (2021-11-30)

hash: e2a0e2a0

  • [FIX] Fixed the WAPT Console: backport edit multiple hosts add/remove depends/conflicts (issue “no password available yet” when kerberos enabled) backport IpExecute from 2.2

  • [FIX] unable to edit stripped down package with integrated package editor. (setup.py file hash issue) update package size

  • [FIX] bad path for nginx dhparam for Windows server

  • [FIX] upgrade mormot2

  • [FIX] waptself local admin NOPASSWORD setting did not work anymore log authentication user when task is triggered from local wapt webservice don ot raise exception in check_auth_groups but return (None, None) instead to avoid Error 500 in browser backport fix for integer attributes in packages index backport fix for loading ssl libraries

  • [FIX] Update wake on lan with broadcasts

  • [FIX] Error “Add: Unexpected [%] object property in an array” for old package with empty package uuid

  • [FIX] Acl handle boolean as global ACL

  • [FIX][SEC] issue with acls : action is enabled when acl is set to json false

WAPT-2.1.2.10588-rc1 (2021-11-22)

hash: e70d9039

  • [FIX] fix installed_softwares for older debian and improve inventory performance

  • [FIX] fix glpi inventory failure (exception on int conversion)

  • [SEC] [FIX] invalid condition on package hash check

  • [SEC] [FIX] cleanup nginx config templates

  • [NEW] add uwsgi support for Debian server

  • [FIX] add user information in audit

  • [FIX] Improve lazarus ini parser to support other values than ‘1’/’0’ as boolean values (True, true, 1, 01, etc. same behavior as python iniparse)

  • [IMP] support for message previsualisation and templates in waptmessage editor and better multiline support

  • [UPD] waptsetup : do not use kerberos by default

  • [NEW] show certificate when double click in acl tab

  • [IMP] Do not propose to start the WAPT Console after install (due to different user context)

WAPT-2.1.1.10568 (2021-11-08)

hash: 978c00ae

This is a bugfix version with some small improvements. The main fix is for websocket issue.

  • [IMP] Prevent multiple websockets connections from same host uuid on the WAPT Server (bugged wapt clients can maintain multiple websockets, which leads to a lack of avalable connections on the WAPT Server)

  • [FIX] Fixed restart of the WAPT service with exit code 10 (managed by the nssm service manager)

  • [FIX] Fixed case on the WAPT service where different threads access simultaneously to a shared Wapt instance

  • [IMP] Introduced some randomness when the WAPT service reconnects its websocket.

  • [IMP] Checking more cases to determine if token for websocket has to be updated.

  • [IMP] Introducted a wait in the socket client until it is actually disconnected before trying to reconnect to avoid multiple websocket threads from same client.

  • [IMP] Do not re-create a new SocketIOClient at each reconnection, but reuse existing one to minimize risk of multiple connections.

  • [FIX] Do not consider ‘%’ char as unsafe in filenames

  • [IMP] Improved logging of the WAPT service (logger wapttasks report main actions triggered by the service in waptlogwaptservice.log). Removed ‘flask.app’ logger config.

  • [IMP] Remove the WAPT packages’s persistent directory on the WAPT client when a WAPT package is forgotten

  • [IMP] Added ignore_empty_names argument to SetupHelpers.installed_softwares

  • [IMP] Improved display of package_uuid with command wapt-get list

  • [IMP] Added redhat_based tag for WAPT package operating system tags

  • [FIX] Fixed decrypt_fernet / fernet_encrypt functions

  • [IMP] Improved the reporting of key as name in softwares inventory for softwares without a descriptive name

  • [FIX] The server_uuid column in hosts database updates properly.

  • [FIX] Fixed the removal of packages when only_if_not_process_running = True.

Known issues:

  • When the websocket is reconnecting, if the IP adrress has changed, the main IP adrress is not updated in IP adrress column in the WAPT Console.

WAPT-2.1.0.10550 (2021-10-08)

hash: 953c9552

This is a bugfix version with some small improvements.

  • [FIX] Fixed mass add / remove on multiple host at once.

  • [FIX] Fixed issue when editing a package without a “description_en” attribute in control file.

  • [FIX] Fixed drag drop when editing selfservice package.

  • [IMP] Improved feedback when uploading WAPT packages.

  • [IMP] Improved handling of the list of wakeonlan relay.

  • [IMP] Improved remote repository is now by default a wakeonlan relay.

  • [FIX] Fixed access violation error when viewing certificate list.

  • [FIX] Fixed do not enable verbose logging by default on the WAPT Console, the WAPT Exit utility and waptselfservice (might fill up %APPDATA% …).

  • [FIX] Fixed use templates/wapt-logo.png in the WAPT Exit utility if it exists.

  • [IMP] Improved login error message.

WAPT-2.1.0.10517 (2021-09-30)

hash: fa2af298

This is the first release of the 2.1 branch. It is mainly a incremental improvement with many small but worthy fixes on the 2.0 branch.

The WAPT service

  • [IMP] During upgrade, wapt-get session_setup is not run if no userspace configuration is defined for the installed WAPT packages.

The WAPT Deployment utility

  • [IMP] Improved automatic proxy detection and configuration possible with the new --http_proxy = True / False parameter or explicit url command line parameter.

  • [IMP] Disabled https verification when downloading waptagent.exe if a fingerprint is provided (allows installation with on out-of-date computer with expired certificate store).

  • [IMP] Do nothing if no –waptsetupurl argument is provided (it reduces the probability of false positive on antivirus check).

  • [IMP] Double check WAPT installed version after install and report error message if it does not match (allow detection of installation that have been blocked by a misconfigured antivirus for example).

The WAPT Console

  • [NEW] tech preview: new tab to provide basic package editing functionnality directly in the WAPT Console without having to open Pyscripter or VSCode.

  • [NEW] New tech preview: new tab to browse the developement directory directly from the WAPT console.

  • [NEW] Single Sign On with Kerberos authentication (if service_auth_type = waptserver-ldap and use_kerberos = True).

  • [NEW] New button to display WAPT packages that have a specific WAPT package as a dependency in the private repository tab.

  • [NEW] New message box to decrypt message sent by the WAPT Agents (using encrypted_data_str / print_encrypted_data in waptcrypto). This allows an admin to upload sensitive information from desktop that will be asymetrically signed by the Administrator’s public key.

  • [NEW] New set of icons and many small visual improvments.

  • [NEW] New software inventory tab to display installed software (not packages) and see which hosts have that specific software.

  • [NEW] New button to delete Windows Update KB files that are not used anymore by any computers. This allows to keep the Windows Update storage volume under control.

  • [NEW] New tab to have a user-friendly display of the certificates that are deployed on a specific host.

  • [NEW] New tab to display the certificates that are available on a WAPT repository.

  • [NEW] New warning icons on the hosts tab when the computer needs a restart (after a windows update for example).

  • [NEW] New filter by OS option.

  • [NEW] New icons in the OU tree view if a OU package exists for that Organizational Unit.

  • [NEW] New information message about the choice of maturity when creating new WAPT Agent and by default uploading in DEV maturity (to avoid being directly deployed to all client computers, this allow to test the new WAP Agent on a subset of computer before full scale deployment).

  • [IMP] Made GLPI export configuration more intuitive.

  • [IMP] Improved the WAPT Console plugin versatility. All inventory attribute can now be used in command lines (it use the “mustache” template syntax, eg. {{ main_ip }} {{ computer_fqdn }} {{ host_capabilities.os_version }} “{{#host_capabilities.tags}}{{.}},{{/host_capabilities.tags}}” etc.

  • [IMP] Allow non standard port in the WAPT Console configuration.

waptself

  • [NEW] allow custom logo in waptselfservice

  • [NEW] Single Sign On using Kerberos (needs service_auth_type = waptserver-ldap and use_kerberos = True)

  • [IMP] allow customisation of package details view using template engine

WAPT Exit utility

  • [IMP] allow custom logo (on Windows, Linux and macOS)

wapt-get

  • [NEW] better handling of licence information. Now the licence is uploaded on the WAPT Server and it is not necessary to install it on every admin WAPT Console computer

  • [IMP] propagate ExitCode from Python calls for better error handling

  • [IMP] better handling of websocket reconnection (check of socket status every 120s)

  • [IMP] periodic check of the UUID and the current certificate of the WAPT Agent for consistency between the WAPT Agent and the client computer

  • [NEW] waptsetup et waptserversetup new parameters: set_verify_cert and set_kerberos

WAPT-2.0 Serie

WAPT-2.0.0.9470 (2021-10-07)

hash: 5065cb57

This is a security release with a few related bugfixes. All Wapt 2.0 version below 2.0.0.9467 are affected.

  • [SEC] fix for vuln in urllib3 CVE-2021-33503 (CVSS Score: 7.5 High, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

  • [SEC] Sanitize filename used when downloading files on local client. (CVSS Score : 7.5 High, CVSS;3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C). Enforced on wget and local filenames for downloaded packages (chars ‘\’ ‘..’ @ | ( ) : / , [ ] < > * ? ; ` n are removed or replaced).

  • [SEC] Do not use PackageEntry filename attribute to build target package filename as it is not signed.

  • [UPD] wapt-get remove: reraise exception if there is exception in uninstall script return traceback in ‘errors’ key return code 3 if there are errors when removing packages in wapt-get remove.

  • [FIX] handles wildcards in certificates in the WAPT Console config and create waptsetup update UI in external repositories config when setting CA bundle.

  • [FIX] use PackageEntry.localpath only for local status of a package.

  • [UPD] split PackageEntry non_control_attributes into repo_attributes and local_attributes. local_attributes are not put into Packages index as they are not relevant for remote access.

  • [UPD] update python modules requirements following urllib3 upgrade idna==3.2 (from 2.10) certifi==2021.5.30 (from 2020.12.5) requests==2.26.0 (from 2.25) urllib3==1.26.6 (from 1.26.5)

WAPT-2.0.0.9450 (2021-08-10)

hash: 7bc6920c

This is a security fix version affected by CVE-2021-38608.

Please visit the security bulletin to learn more.

WAPT-2.0.0.9449 (2021-06-22)

hash: 70283a14

This is a bugfix version with some small improvements.

WAPT Agent

  • [FIX] Fixed Windows Update fix in the progress bar.

  • [IMP] Allow the WAPT Agent to upgrade even when on batteries.

The WAPT Server

  • [IMP] Many fixes in GLPI sync.

  • [FIX] Better handling of service_delete exception cases.

  • [FIX] Fixed database migration handling with create_defaults_users procedure.

  • [FIX] Fixed on windows skip the WAPT Agent build if there is no available certificate for signing.

The WAPT Core

  • [IMP] Improved the compatibility of Packages file for easing upgrade from WAPT 1.8.2.

  • [IMP] Improved the WAPT Deployment utility: behavior to avoid wrong red flag from AV softwares.

Caveat

For macOS support one should use the WAPT Agent 2.1 version available in nightly channel.

WAPT-2.0.0.9428 (2021-05-06)

hash: 4b33cf96

This is a bugfix version with many small improvements.

WAPT Console:

  • [IMP] Improve CreateWaptSetup form layout.

  • [IMP] Restore focused column visibility when refreshing grid data.

  • [FIX] Fix wrong path for wapt-get.py in vscode project.

  • [UPD] Update No fallback in rules to true by default.

  • [FIX] enable-check-certificate with wildcard.

  • [FIX] take into account the use_http_proxy_for_repo ini setting (if not present, assume False).

  • [FIX] Fix setup_package_template_msu.py.tmpl for package Wizard.

  • [IMP] Add new template for creating package with certificate.

  • [IMP] Add option to check downloaded package with VirusTotal in package import GUI.

  • [IMP] Add update-package source action directly in Private repository in the WAPT Console.

WAPT Agent:

  • [IMP] Use task queue for the forced installs instead of running them inline.

  • [FIX] Database not opened when we check Hosts who are secondary repositories.

  • [IMP] Restart partial download of Windows Update files.

  • [IMP] Improved icons handling in WaptSelfService.

  • [IMP] On macOS use host certificate store by default for https certificate validation.

  • [IMP] reload_config_if_updated now reload config if public_certs_dir has changed.

  • [FIX] WUA: better handling of return code “does not apply to this computer”.

WAPT Server:

  • [FIX] Fixed bad migration of PGSQL databse server side.

  • [FIX] Improved database upgrade in corner cases.

SetupHelpers

  • [FIX] Fixed register_windows_uninstall calculation and using correct x86_64 environment with register_uninstall and unregister_uninstall.

  • [IMP] Improved inline function description for documentation.

WAPT-2.0.0.9343 (2021-04-08)

hash: 117d62b8

This is mainly a bugfix release after the initial 2.0.0 release.

WAPT Console:

  • [IMP] Show an explicit message if the user can not build a customized WAPT Agent.

  • [IMP] Enabled remote repo sync if there are repo configured (making remove_repo_support parameter obsolete).

  • [IMP] Better filtering on maturities.

  • [FIX] Fixed templates for vscode

WAPT Server:

  • [IMP] Include certificates from WaptUsers table in result of /api/v3/known_signers_certificates.

WAPT ACL handling:

  • [UPD] ACL: added an action to show the user certificate.

  • [UPD] Creates default (empty) WaptUserAcls record on user login even for non ldap logins.

  • [IMP] Better naming for ACL domains.

SetupHelpers

  • [FIX] Fixed register_uninstall.

  • [FIX] Do not change silently maturity and locale in check_package_attributes.

  • [FIX] Fixed regression in wget resume.

Other technical stuff:

  • [IMP] Added support for installation on OracleLinux.

  • [FIX] Tightened files ACLs on Linux + fixes + SELinux fixes in postconf.

  • [IMP] Introduced mORMot2 framework in Lazarus code.

  • [FIX] Fixed datetime conversion in the WAPT Console.

WAPT-2.0.0.9300 (2021-03-30)

hash: 018b8b57

This is the first release of the 2.0 series. After one year in development and more than 1600 commits it brings a bunch of new features and enhancement to the last major update of WAPT 1.8.2. On the technical side WAPT 2.0 now embed Python3 and now support 8 new platforms (some of them backported to 1.8.2).

The switch to Python3 may require minor adjustment to the existing package that may have been development in-house (refer to the corresponding doc page). The packages offered by Tranquil IT through the WAPT Store are already compatible with WAPT 2.0.

From a sysadmin point of view

  • [NEW] ACLs.

  • [IMP] WAPT Server side ACLs in addition to certificate validation.

  • [IMP] User management interface with certificate listing.

  • WAPT Console:

  • [IMP] gui: change maturity directly from the WAPT Console.

  • [IMP] gui: all WAPT package types are grouped in one tab.

  • [IMP] helpers: build and upload locally development package from the WAPT Console.

  • [IMP] helpers: import default reporting queries from internet.

  • [IMP] helpers: restart the WAPT Agent and restart client computer from the WAPT Console.

  • [IMP] Package wizard: support for RPM/DEB/PKG/DMG.

  • [IMP] Remote repositories: status bar for progression of creation/ update of sync.json for repo sync.

  • [IMP] Windows Updates: new search bar, view host with specific KB.

  • [IMP] Faster import and resigning of package, change of maturity, etc.

  • [IMP] waptmessage: better handling of user oriented notification.

  • [IMP] Better logging of WAPT Console actions and WAPT Agent activity.

  • Performance improvements for larger installations:

  • [IMP] Better handling of insert / update of inventory.

  • [IMP] Better handling of websocket updates.

  • [IMP] GLPI integration: synchronize WAPT inventory to GLPI server.

  • Better OS integration:

  • [IMP] TLS certificate handling: certifi uses local OS certificate store instead of Python certifi integrated certificate store.

  • [IMP] Increased the number of supported platform, improved packaging for Linux (deb and rpm) with support for a WAPT Agent running on arm64 and macOS BigSur 64bit.

  • Package development:

  • [IMP] Improved package wizard.

  • [IMP] Many small fixes and improvements to SetupHelpers and better support for Linux and macOS.

  • [IMP] Improve os targeting now you can specify targeted OS and specific version of OS : eg. Debian(>=9,<=10).

From a technical point of view

  • Python: switch from Python2.7 to Python3:

  • Linux: use of venv by default with distrib python 3 version.

  • Windows: switch python3 install to embedded edition 3.8.7.

  • Different installer for WinXP / WinVista / Win2k3r2 / win2k8 (nonr2) (recent CPython version does not support older Windows systems anymore).

  • Better handling of passwords with special chars.

  • Upgraded WAPT core libs and scripting environment.

  • Upgraded to Python3 and Python libraries, changed kerberos and websocket libraries.

  • Upgraded to Lazarus 3.0.10 and FPC 3.2.

Caveat

  • Support for non supported Windows version (WinXP, WinVista, Win2k8 (non-R2) and Win2k3) is still baking in the oven and should be ready shortly after the 2.0 release date.

  • RedHat8 and derivative distributions: for upgrade it is necessary to remove WAPT SELinux rules before using postconf again.