Changelog

WAPT-2.4 Serie

WAPT-2.4.0.14143 (2023-08-08)

hash : 9847ee8b

This is a bugfix release for WAPT 2.4.0. Notable fixes are fixes are :

  • better handling of scrolling in SelfService on macOS

  • fix network error on macOS m1

  • better support for authentication on WAPT Store Enterprise when downloading packages in the WAPT Console

Console WAPT

  • [IMP] waptconsole import packages: avoid flickering when clicking on rows.

  • [FIX] waptconsole / external repositories settings: renamed user and password fields to mention explicitly Store and token.

  • [IMP] waptconsole import packages from store: handle 401 and 403 proactively to suggest user to authenticate to WAPT Store Enterprise and validate licences for proprietary software

  • [IMP] better handling of icons list WAPT Self-service

  • [FIX] fix waptconsole download waptagent for linux and mac (symlink for waptagent gui not properly handled)

WAPT Core

  • [FIX] better handling of current path when starting wapt: determine default_waptservice_ini with waptutils__file__, not from sys.argv[0] to handle

  • [FIX] add use random uuid in json agent configurations

WAPT on Linux and macOS

  • [FIX] Fix running_on_ac setuphelpers function on Linux

  • [FIX] fix older macOS support specify --platform macosx_10_9_x86_64 and --platform macosx_11_0_arm64 when run pip compilation for backward compatibility

  • [FIX] macOS : fix app startup icon not working on macos ventura and above

  • [FIX] Debian : add dependency on rsyslog OR syslog-ng in server and service deb package

  • [FIX] fixed socket ioctl() on some POSIX targets (e.g. macOS on M1 architecture)

  • [FIX] fix scrolling WAPT Self-service under MacOS with magic mouse or macbook trackpad

Serveur WAPT

  • [FIX] edit order check_auh for get_wads_config

  • [FIX] fix db upgrade bug when upgrading from WAPT 1.8.2

WAPT-2.4.0.14080 (2023-06-22)

hash : 25f00c3f

This is a bugfix release for WAPT 2.4. Notable fixes are fix a for issues when building and uploading package from PyScripter due to __pycache__ and .pyc files, and a fix for the broken WakeOnLan feature.

Console WAPT

  • [FIX] waptconsole: show main_ip of pre wapt 2.4 host before upgrade

  • [FIX] waptconsole gui: splitter position in softwares inventory

  • [FIX] waptconsole : missing data in softwares inventory (host_capabilities)

  • [FIX] waptconsole: label showing KBs usage space

  • [FIX] waptconsole / sendMessage: don’t autosize form as it creates endless layout loop on linux

  • [FIX] waptconsole: MS remote assist is on port 135, not 3389

WAPT Core

  • [FIX] wapt dynamic configuration: hiberboot_enabled is a boolean in json config, but must be set as a dword in registry

  • [FIX] wapt-get build-upload: excluded files are not properly excluded when building the zip file due to __pycache__ and .pyc

  • [FIX] waptagent macox: using launchctl kickstart instead of launchctl unload && load for wapt service under MacOS

Serveur WAPT

  • [FIX] server: reintroduce hosts.gateways extraction from host_networking

  • [FIX] server / trigger wakeonlan: fix for compatibility with old host data.

WAPT WADS

  • [IMP] send a human readable message to ipxe when WADS is disabled while trying to deploy through WADS

  • [IMP] ensure WADS deployment and ipxe still works when djoin is empty

WAPT-2.4.0.14058 (2023-06-09)

hash : ae548d8ab

This is a bugfix release for WAPT 2.4.

Notable changes :

  • Added support for Debian 12 amd64 on client and server

  • Upgrade openssl from 3.0.8 to 3.0.9

  • Upgrade python from 3.8.16 to 3.8.17

Serveur WAPT

  • [NEW] add debian12 for amd64

  • [UPD] no filter by default for importing WUA updates

  • [UPD] adding more update file extension

  • [FIX] handle server side Hosts dataset ordering (when a hosts count limit is given in waptconsole, we expect to get the first n hosts in the grid order)

  • [FIX] waptserver : upload linux waptagent ensure symlink is secure filename

  • [FIX] waptserver model: missing extraction of dnsdomain and mac from host_networking json into plain Hosts columns

WAPT macOS

  • [FIX] direct waptservice restart on MacOS

WAPT Linux

  • [NEW] add debian12 for amd64

  • [NEW] Add new systemd function to setuphelpers for Linux

Console WAPT

  • [FIX] fix waptpython.exe and waptpythonw.exe upgrade through innosetup when version id does not change

  • [FIX] fix waptsetup install when setup file is located in directory with non ascii chars

  • [FIX] Add escape_filter_chars for ldap3 (allow parenthesis and other special char in group names)

  • [FIX] DJoin: fetch ldap search result until no more pages left

  • [FIX] DJoin: Limit ldap search page to 500 results

  • [FIX] showing pending WUA updates

WAPT Core

  • [SEC] sign all dll and exe that are compiled by Tranquil IT during build process

  • [SEC] switch to openssl 3.0.9

  • [SEC] switch to python 3.8.17

WAPT-2.4.0.14031 (2023-05-26)

hash : 1420892a

This is the release of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

Serveur WAPT

  • [NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth

  • [NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN

  • [NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.

  • [NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)

  • [NEW] waptserver licences: be tolerant if no server_uuid yet

  • [NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status

  • [NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages « waptpython -I waptservice/service.py » * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx

  • [NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent

  • [ADD] WAPTWUA missing allow url allow mp.microsoft.com

  • [RM] removed endpoint /api/v2/download_wuredist

  • [IMP] lower case for test rules secondary repo in case of mixed case scenario

  • [IMP] waptservice and wapttftpserver: don’t wait for enter key on error

  • [IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth

  • [IMP] waptserver: add signer_fingerprint db field to Wads models

  • [IMP] adding generic symlink when uploading waptagent to have standard http url for agent download

  • [IMP] waptrepo: hardened handling of multiple concurrent repo cache updates

  • [IMP] server add_configurations : return json config filenames in result.

  • [IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client

  • [IMP] waptserver crls updates for nginx: * merge all known crls into file if « ssl_crls » waptserver.ini is defined

  • [IMP] waptserver model: update Packages table description_localized dict from package entry.

  • [IMP] add psycogreen patching for eventlet / postgresql

  • [IMP] Be sure to fill executable version infos when initializing logger

  • [IMP] cache CASigners in waptrepo

  • [UPD] upgrade to 14.7 postgresql for windows

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount

  • [FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server

  • [FIX] waptserver nginx: add « proxy_request_buffering off; » to the top server nginx config to workaround issues with big iso uploads.

  • [FIX] fix username in log history of actions on waptserver

  • [FIX] newest_only in api/v3/packages api does not compare versions properly.

  • [FIX] fixed regexp in nginx location for conf.d / *.json files (and others).

  • [FIX] waptserver: login initialization of user typo

  • [FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates

  • [FIX] config url on server index landing page.

  • [FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session

  • [FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.

  • [REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis

  • [REF] server: removed legacy url style login

Agent WAPT

  • [NEW] waptsetup: removed the option to trust tranquilit certificates.

  • [NEW] don’t set wapt-templates by default in agent config file wapt-get.ini

  • [IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.

  • [IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently

  • [IMP] logo in WAPT SelfService

  • [IMP] waptself: improve auth error message

  • [IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels

  • [IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default

  • [IMP] WAPT Message adaptive form size to content if no size is set

  • [IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox

  • [IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.

  • [IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case

  • [IMP] waptsetup: add logs of service install exec shell commands.

  • [UPD] wapt-get: add restart-waptservice action. fix add-licence authentication

  • [FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too

  • [FIX] Self Service : DownloadAllPackageIcons after getting a token

  • [FIX] restarting waptservice by scheduler under MacOS

  • [FIX] taking care of display_time in WAPT Service

  • [FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag

  • [FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe

  • [FIX] fix waptsetup trusted_external_certs

WAPT Linux

  • [NEW] add json config url in waptserver homepage to help linux agent config

  • [IMP] waptupgrade : improve command line install for deb base distro

  • [IMP] Debian: add reboot_needed and reboot-required.pkgs info in host info

  • [IMP] force locale C for strptime installed_softwares

  • [FIX] fix datetime.datetime.strptime for installed_softwares in rhel9

WAPT macOS

  • [NEW] WAPT Tray compilation config. for macosx

  • [FIX] fix out of range error when importing waptlicences python module on macosx

Console WAPT

  • [NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user

  • [NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console

  • [NEW] button export pending required WUA KB as curl string list

  • [NEW] import CAB WUA updates

  • [NEW] Showing pending WUA updates to download

  • [NEW] audit info Add asus support button to asus support site with computer ref

  • [NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access

  • [NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading « , » in the list of arguments because of a bug in mormot helpers arg handling.

  • [NEW] add display time for WAPT Message when sending from WAPT Console

  • [NEW] waptconsole: Enable audit data tab by default

  • [ADD] message user friendly for “.exe” signature

  • [ADD] Message to confirm hosts deletion

  • [IMP] package maturity action

  • [IMP] adding url for wsusscn2.cab to download

  • [IMP] fix double click not able to show certificate using shell.

  • [IMP] adding possibility to cancel configuration package creation

  • [IMP] Add Tasks Status for better security and messages

  • [IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.

  • [IMP] WaptConsole: Discover domain controllers from domain dns name

  • [IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin

  • [IMP] User can add username / password for repositories while importing packages for Internet

  • [IMP] better grid status if restart pending

  • [IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined

  • [IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking « Check https certificate ».

  • [IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first

  • [IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.

  • [IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages

  • [IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.

  • [IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth

  • [IMP] waptconsole: Add update package tab in package editor

  • [IMP] waptconsole: Display min/max os version in target_os column if defined.

  • [IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.

  • [IMP] waptconsole: add architectures arm and arm64 to the filters

  • [IMP] new dark view mode for console

  • [UPD] waptconsole: show login dialog if the server session cookies expires

  • [UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.

  • [UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.

  • [UPD] icon on error status in host WUA

  • [UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.

  • [FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.

  • [FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)

  • [FIX] waptconsole reporting : no column displayed when running query outside of query editor

  • [FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console

  • [FIX] waptconsole: propagate licences count to background threads

  • [FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest

  • [FIX] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions

  • [FIX] splitter placement on audit data when showing history

  • [FIX] Better Design for Import from Internet Basket

  • [FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver

  • [FIX] fix basic auth (issue when concatenating user+”:”+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.

  • [FIX] waptconsole: fix local agent configuration based on built agent config

  • [FIX] waptconsole : image showed as inactive on action forget package

  • [FIX] waptconsole: empty server side message when upload error.

  • [FIX] waptconsole import package: restore last used repository

  • [FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.

  • [FIX] waptconsole server login: be sure to not loop if basic auth fails

  • [FIX] waptconsole import packages newer than mine when there are dots in names

  • [FIX] deleting rows from audit data history

  • [FIX] waptconsole regression decrypting old python rsa encrypted data

  • [FIX] waptconsole decrypt of client side encrypted data

  • [FIX] Clearing audit data history view if no data

WAPT Core

  • [SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check

  • [NEW] add wapt-get dmiinfo

  • [NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer

  • [NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.

  • [NEW] improve handling of external repo user/password authentication.

  • [IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.

  • [IMP] wakeonlan: be tolerant if no interface or no macs on a host

  • [IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)

  • [IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status

  • [IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.

  • [IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threds are updating the same repo cache.

  • [IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.

  • [IMP] waptcrypto: be sure to not create an empty stripped down CA file return full bundle path if function fails.

  • [IMP] use mormot instead of tsmbios for get_biosinfos

  • [IMP] mormot2 fix Samba LDAP expectations in its « strong auth = yes » default mode - i.e. allow « signing sealing » of the frames if TLS is not used

  • [IMP] when checking for changed file over http, use a 2s tolerance before or after.

  • [IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.

  • [IMP] waptpackage get_stripped_package: include “update_package.py” in payload for the console.

  • [IMP] Add –only-priorities and –only-if-not-process-running to wapt-get upgrade, install, remove

  • [IMP] logo for WAPT Message

  • [IMP] waptcypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key

  • [IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes

  • [IMP] be sure to get only public cert from TX509Certificate mormot unit

  • [IMP] add pfx and p12 file filter for personal cert file browser

  • [IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup

  • [IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently

  • [IMP] create waptsetup: set verify_cert to “1” instead of path to cabundle if verify cert is checked.

  • [UPD] update vc_redist to version 14.36.32532

  • [UPD] avoid untrapped exception when password can not decrypt key

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [UPD] manage multivalued « architecture » in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf

  • [UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.

  • [UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.

  • [FIX] missing makepath import and syntax fix

  • [FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.

  • [FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)

  • [FIX] allow empty folders in package

  • [FIX] TWaptSignatureChecker.VerifyJsonSignature in case “signed_attributes” is not supplied in the json.

  • [FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using “tcp@1.2.3.4” name server

  • [FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC

  • [FIX] python wget not setting properly the file last-modified date from http header.

  • [FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit whicj breaks console.

  • [FIX] wapt-get.py import waptservice is optionnal

  • [FIX] fix Machine without main_ip are ignored

  • [FIX] bad TTL for CACert bundle on disk cache

  • [FIX] old bug causing removes to fail when software is already uninstalled

  • [FIX] use “1” for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug

  • [REF] breaking change: removed import of PackageEntry from setupdevhelpers.py

  • [REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath

  • [REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers

WAPT WADS

  • [SEC] add iso hash in ipxescript

  • [NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host

  • [NEW] Wads with Graphical Display and Info

  • [NEW] add update driver bundle option

  • [NEW] reset drivers on hosts OSDeploy

  • [NEW] drag and drop .iso on console for upload

  • [NEW] drag and drop of drivers folder on drivers in WADS part

  • [NEW] drag and drop from Host to deploy to drivers or configuration

  • [IMP] Verify WADS hostname on WADS Winpe / Console / Server

  • [IMP] Better login for login_on_wads

  • [IMP] Wapt downloads are now in Graphical WADS

  • [IMP] waptserver: calc sha256 of iso during upload rather than after upload

  • [IMP] TVisPrepareDjoin: Add domain discovery

  • [IMP] TVisPrepareDjoin: sort DC by response time using cldap

  • [IMP] Save prepare djoin form fields in session (domain, username and password)

  • [IMP] Add ubuntu and rhel9 wads template

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [IMP] ipxe add keymap

  • [IMP] sending file to api/v3/upload_deploy_files only if needed

  • [IMP] Default prepare djoin window credentials to current domain’s

  • [IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver

  • [IMP] On WADS conf, a password for superadmin is defined

  • [IMP] Prepare DJoin: Connect through kerberos if possible

  • [IMP] waptconsole PrepareDJoin: allow direct input of Host OU

  • [UPD] wads: wait 30s for an ip address.

  • [UPD] limiting uploading iso files only on WADS part

  • [FIX] Wads fix default dir for iso upload

  • [FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes

  • [FIX] getting ipv4 addresses excluding APIPA

  • [FIX] wads: break loop if 401 login fails.

  • [FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain

  • [FIX] Stop Graphical if WADS is only used to send status

  • [FIX] Retry Wads now reset the status

  • [FIX] avoiding loop showing message if ISO name already exits

  • [FIX] empty error message on refreshing ISO file list

  • [FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName

  • [FIX] fix copy cert in winpe for wads

  • [FIX] empty error message on refreshing drivers file hashes and bundle names

  • [FIX] Warning Removal and reset wads32 binary

  • [FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid

  • [FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter

  • [FIX] TVisPrepareDjoin: Handle sub-domain within forest

  • [FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect

  • [REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)

WAPT-2.4.0.14001-rc3 (2023-05-25)

hash : 1420892a

This is the third release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

Serveur WAPT

  • [FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server

  • [FIX] waptserver nginx: add « proxy_request_buffering off; » to the top server nginx config to workaround issues with big iso uploads.

  • [FIX] fix username in log history of actions on waptserver

  • [FIX] newest_only in api/v3/packages api does not compare versions properly.

  • [IMP] lower case for test rules secondary repo in case of mixed case scenario

  • [IMP] waptservice and wapttftpserver: don’t wait for enter key on error

Agent WAPT

  • [FIX] Self Service : DownloadAllPackageIcons after getting a token

  • [IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.

  • [UPD] wapt-get: add restart-waptservice action. fix add-licence authentication

  • [IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.

  • [FIX] restarting waptservice by scheduler under MacOS

  • [IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case

  • [IMP] waptsetup: add logs of service install exec shell commands.

  • [FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too

  • [IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default

Console WAPT

  • [FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.

  • [IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking « Check https certificate ».

  • [IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first

  • [FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)

WAPT Core

  • [FIX] missing makepath import and syntax fix

  • [FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.

WAPT WADS

  • [FIX] Wads fix default dir for iso upload

WAPT-2.4.0.14001-rc2 (2023-05-17)

hash : 13e724ad

This is the second release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

Console WAPT

  • [FIX] waptconsole reporting : no column displayed when running query outside of query editor

  • [FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console

  • [FIX] waptconsole: propagate licences count to background threads

  • [FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest

  • [FIX] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions

  • [FIX] splitter placement on audit data when showing history

Serveur WAPT

  • [FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount

  • [IMP] adding generic symlink when uploading waptagent to have standard http url for agent download

  • [UPD] upgrade to 14.7 postgresql for windows

  • [FIX] fixed regexp in nginx location for conf.d / *.json files (and others).

WAPT Core

  • [FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)

  • [IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.

  • [UPD] update vc_redist to version 14.36.32532

  • [FIX] allow empty folders in package

WAPT Linux

  • [IMP] waptupgrade : improve command line install for deb base distro

WAPT macOS

  • [FIX] fix out of range error when importing waptlicences python module on macosx

WAPT-2.4.0.13958 RC1 (2023-04-17)

hash : 2cb08262

This is the first release candidate of WAPT 2.4. This new version brings a ton of small improvements and bugfixes along with the following main features:

  • better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management

  • due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8

  • re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe

  • it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares

  • add support for Debian 10 and Debian 11 support on ARM 64 bit platform

  • new WADS graphical interface

  • remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services

CAVEAT:

  • the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1

Console WAPT

  • [FIX] Better Design for Import from Internet Basket

  • [FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver

  • [NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user

  • [IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.

  • [IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages

  • [IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.

  • [IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth

  • [FIX] fix basic auth (issue when concatenating user+”:”+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.

  • [UPD] waptconsole: show login dialog if the server session cookies expires

  • [FIX] waptconsole: fix local agent configuration based on built agent config

  • [NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console

  • [IMP] waptconsole: Display min/max os version in target_os column if defined.

  • [FIX] waptconsole : image showed as inactive on action forget package

  • [FIX] waptconsole: empty server side message when upload error.

  • [IMP] waptconsole: Add update package tab in package editor

  • [FIX] waptconsole import package: restore last used repository

  • [IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.

  • [IMP] waptconsole: add architectures arm and arm64 to the filters

  • [IMP] new dark view mode for console

  • [NEW] button export pending required WUA KB as curl string list

  • [NEW] import CAB WUA updates

  • [IMP] adding url for wsusscn2.cab to download

  • [IMP] fix double click not able to show certificate using shell.

  • [NEW] Showing pending WUA updates to download

  • [UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.

  • [UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.

  • [IMP] package maturity action

  • [IMP] adding possibility to cancel configuration package creation

  • [IMP] Add Tasks Status for better security and messages

  • [IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.

  • [FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.

  • [IMP] WaptConsole: Discover domain controllers from domain dns name

  • [IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin

  • [NEW] audit info Add asus support button to asus support site with computer ref

  • [NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access

  • [NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading « , » in the list of arguments because of a bug in mormot helpers arg handling.

  • [UPD] icon on error status in host WUA

  • [IMP] User can add username / password for repositories while importing packages for Internet

  • [NEW] add display time for WAPT Message when sending from WAPT Console

  • [FIX] waptconsole server login: be sure to not loop if basic auth fails

  • [FIX] waptconsole import packages newer than mine when there are dots in names

  • [UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.

  • [IMP] better grid status if restart pending

  • [FIX] deleting rows from audit data history

  • [FIX] waptconsole regression decrypting old python rsa encrypted data

  • [NEW] waptconsole: Enable audit data tab by default

  • [IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined

  • [FIX] waptconsole decrypt of client side encrypted data

  • [ADD] message user friendly for “.exe” signature

  • [ADD] Message to confirm hosts deletion

  • [FIX] Clearing audit data history view if no data

Agent WAPT

  • [FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe

  • [FIX] fix waptsetup trusted_external_certs

  • [IMP] WAPT Message adaptive form size to content if no size is set

  • [NEW] waptsetup: removed the option to trust tranquilit certificates.

  • [IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox

  • [FIX] taking care of display_time in WAPT Service

  • [NEW] don’t set wapt-templates by default in agent config file wapt-get.ini

  • [FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag

  • [IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently

  • [IMP] logo in WAPT SelfService

  • [IMP] waptself: improve auth error message

  • [IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels

WAPT Core

  • [SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check

  • [FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using “tcp@1.2.3.4” name server

  • [NEW] add wapt-get dmiinfo

  • [IMP] waptcrypto: be sure to not create an empty stripped down CA file return full bundle path if function fails.

  • [IMP] use mormot instead of tsmbios for get_biosinfos

  • [FIX] TWaptSignatureChecker.VerifyJsonSignature in case “signed_attributes” is not supplied in the json.

  • [IMP] mormot2 fix Samba LDAP expectations in its « strong auth = yes » default mode - i.e. allow « signing sealing » of the frames if TLS is not used

  • [FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC

  • [UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.

  • [REF] breaking change: removed import of PackageEntry from setupdevhelpers.py

  • [IMP] when checking for changed file over http, use a 2s tolerance before or after.

  • [FIX] python wget not setting properly the file last-modified date from http header.

  • [IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.

  • [IMP] waptpackage get_stripped_package: include “update_package.py” in payload for the console.

  • [IMP] Add –only-priorities and –only-if-not-process-running to wapt-get upgrade, install, remove

  • [IMP] logo for WAPT Message

  • [IMP] waptcypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key

  • [IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes

  • [IMP] be sure to get only public cert from TX509Certificate mormot unit

  • [IMP] add pfx and p12 file filter for personal cert file browser

  • [UPD] avoid untrapped exception when password can not decrypt key

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup

  • [IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently

  • [FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit whicj breaks console.

  • [UPD] manage multivalued « architecture » in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf

  • [FIX] wapt-get.py import waptservice is optionnal

  • [IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.

  • [IMP] wakeonlan: be tolerant if no interface or no macs on a host

  • [IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)

  • [FIX] fix Machine without main_ip are ignored

  • [FIX] bad TTL for CACert bundle on disk cache

  • [IMP] create waptsetup: set verify_cert to “1” instead of path to cabundle if verify cert is checked.

  • [FIX] old bug causing removes to fail when software is already uninstalled

  • [NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer

  • [NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.

  • [FIX] use “1” for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug

  • [REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath

  • [UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.

  • [IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status

  • [NEW] improve handling of external repo user/password authentication.

  • [IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.

  • [IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threds are updating the same repo cache.

  • [REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers

Serveur WAPT

  • [IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth

  • [NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth

  • [IMP] waptserver: add signer_fingerprint db field to Wads models

  • [NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN

  • [ADD] WAPTWUA missing allow url allow mp.microsoft.com

  • [NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.

  • [REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis

  • [FIX] waptserver: login initialization of user typo

  • [REF] server: removed legacy url style login

  • [NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)

  • [FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates

  • [NEW] waptserver licences: be tolerant if no server_uuid yet

  • [IMP] waptrepo: hardened handling of multiple concurrent repo cache updates

  • [FIX] config url on server index landing page.

  • [FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [IMP] server add_configurations : return json config filenames in result.

  • [IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client

  • [IMP] waptserver crls updates for nginx: * merge all known crls into file if « ssl_crls » waptserver.ini is defined

  • [NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status

  • [NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages « waptpython -I waptservice/service.py » * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx

  • [RM] removed endpoint /api/v2/download_wuredist

  • [NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent

  • [IMP] waptserver model: update Packages table description_localized dict from package entry.

  • [FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.

  • [IMP] add psycogreen patching for eventlet / postgresql

  • [IMP] Be sure to fill executable version infos when initializing logger

  • [IMP] cache CASigners in waptrepo

WAPT WADS

  • [FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes

  • [IMP] waptserver: calc sha256 of iso during upload rather than after upload

  • [FIX] getting ipv4 addresses excluding APIPA

  • [IMP] TVisPrepareDjoin: Add domain discovery

  • [IMP] TVisPrepareDjoin: sort DC by response time using cldap

  • [IMP] Save prepare djoin form fields in session (domain, username and password)

  • [FIX] wads: break loop if 401 login fails.

  • [FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain

  • [NEW] reset drivers on hosts OSDeploy

  • [FIX] Stop Graphical if WADS is only used to send status

  • [FIX] Retry Wads now reset the status

  • [IMP] Verify WADS hostname on WADS Winpe / Console / Server

  • [NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host

  • [IMP] Better login for login_on_wads

  • [IMP] Wapt downloads are now in Graphical WADS

  • [NEW] Wads with Graphical Display and Info

  • [FIX] avoiding loop showing message if ISO name already exits

  • [FIX] empty error message on refreshing ISO file list

  • [SEC] add iso hash in ipxescript

  • [IMP] Add ubuntu and rhel9 wads template

  • [UPD] wads: wait 30s for an ip address.

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [IMP] ipxe add keymap

  • [FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName

  • [FIX] fix copy cert in winpe for wads

  • [FIX] empty error message on refreshing drivers file hashes and bundle names

  • [NEW] add update driver bundle option

  • [UPD] limiting uploading iso files only on WADS part

  • [IMP] sending file to api/v3/upload_deploy_files only if needed

  • [FIX] Warning Removal and reset wads32 binary

  • [NEW] drag and drop .iso on console for upload

  • [NEW] drag and drop of drivers folder on drivers in WADS part

  • [NEW] drag and drop from Host to deploy to drivers or configuration

  • [IMP] Default prepare djoin window credentials to current domain’s

  • [IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver

  • [IMP] On WADS conf, a password for superadmin is defined

  • [REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)

  • [IMP] Prepare DJoin: Connect through kerberos if possible

  • [FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid

  • [IMP] waptconsole PrepareDJoin: allow direct input of Host OU

  • [FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter

  • [FIX] TVisPrepareDjoin: Handle sub-domain within forest

  • [FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect

WAPT Linux

  • [IMP] Debian : add reboot_needed and reboot-required.pkgs info in host info

  • [IMP] force locale C for strptime installed_softwares

  • [FIX] fix datetime.datetime.strptime for installed_softwares in rhel9

  • [NEW] add json config url in waptserver homepage to help linux agent config

WAPT macOS

  • [NEW] WAPT Tray compilation config. for macosx

WAPT-2.3 Serie

WAPT-2.3.0.13516 (2023-02-23)

hash : 69968974

This is a bugfix release for WAPT 2.3.

Attention

When upgrading from WAPT 2.2.3 to WAPT 2.3, when installing the new waptsetup.exe 2.3, if the waptagent.exe 2.2.3 had previously been installed ON the management machine ABOVE the waptsetup.exe 2.2.3, then the org certificate located in wapt\ssl directory of the agent belonged to the waptagent.exe 2.2.3 InnoSetup installation instead of being a local file, and was removed during upgrade to waptsetup.exe 2.3, which handles certificate deployment differently.

Now, in the case a waptagent.exe has been installed above a waptsetup.exe install, the certificates in wapt\ssl will be preserved during upgrade. This should happen only on the managemnent machine that is used to rebuild the agent if the agent has been re-installed above the waptsetup.exe install.

Note

The RHEL9 repository are how signed with a sha256 key/digest

Agent WAPT

  • [IMP] waptsetup.exe : backup <wapt>\ssl\*.crt before upgrading and restore after install

  • [UPD] when building waptagent, check that there is at least one trusted cert for packages and actions

  • [UPD] be more relax on waptagent setup naming: if setup exename « starts » with waptagent, assume we can safely use the configuration inside when running silently

  • [IMP] waptsetup: don’t ask innososetup to close applications using Microsoft Windows RestartManager. Use specific process name instead.

Console WAPT

  • [FIX] fix zip64 for big packages (>2GB) not handled properly in waptconsole

  • [FIX] waptconsole build waptagent certificate issue when both CA and personal cert+CA files are selected

Serveur WAPT

  • [FIX] Debian : fix logrotate on wapt server

WAPT-2.3.0.13505 (2023-02-13)

hash : c7fcb3a7

This is a bugfix release for WAPT 2.3, and has been signed with a new code signing certificate to replace the expired one.

Attention

All the previous version of the 2.3 branch have an issue with the creation of the waptagent.exe due to a expiring code signing certificate. If you need to create a new WAPT Agent, please upgrade to this version.

The error message that you will get is « Error while creating waptagent.exe: Checking hashes of executables on server against Tranquil IT certificate has failed. Please check if waptbinaries.sha256 has not been altered. »

Message in French : « Erreur lors de la création du waptagent.exe : La vérification de la signature Tranquil IT des hashs de contrôle sur le serveur a échoué. Vérifier que le waptbinaries.sha256 n’a pas été altéré sur le serveur. »

WAPT Core

  • [FIX] better handling of filename with “..” and “~” in zip filenames. No need to be paranoid if “..” and “~” are in the middle of the name

  • [FIX] waptservice only_if_no_process_running not taken in account when auto upgrade with waptupdate_task_period is enabled.

  • [UPD] waptservice / core: include packages with install status == error when checking for conflicting packages to remove.

  • [FIX] remote user waptmessage encoding issue

  • [FIX] waptconsole waptpackage manifest add support for file with non ascii chars.

  • [IMP] read Packages index from disk: use mormot function to potentially avoid lock conflicts

  • [FIX] remove or forget packages with spaces in package name. fix RemoveDuplicates when there are spaces in data items.

  • [FIX] closing WAPT Self for Linux/MacOSX

  • [FIX] waptdeploy : update certificate pinning with new code signing certificate

  • [FIX] waptcrypto : takes into account signature_date when checking certificate expiration date vs timestamping time.

  • [SEC] update openssl binaries to 1.1.1t

Serveur WAPT

  • [FIX] waptdeploy on server location: <repodir>/waptagent/waptdeploy.exe

  • [SEC] add server_tokens off to avoid giving nginx server version to non authenticated clients

  • [SEC] delete waptversion in /ping to avoid giving waptserver version to non authenticated clients

  • [IMP] add view acl for get_storage_used_by_kbs

WAPT WADS

  • [FIX] check volume letters before diskpart closes

  • [IMP] waiting network for wgetwads Closes

  • [IMP] install waptagent at end pressed debian

  • [IMP] not force login in ipxescript if login already in ipxescript (for leave the possibility of forcing the language before)

  • [IMP] add keymap on menu register

  • [IMP] add login in pxe for linux deploy

  • [IMP] delete double login wads

WAPT-2.3.0.13470 (2023-01-26)

hash : 4cc5fc06

This is a bugfix release for WAPT 2.3, and add support for Red Hat Enteprise Linux 9 and derivatives (both as server and agent)

WAPT Core

  • [FIX] fix waptdeploy.exe unable to read setup exe version, requiring the use of force flag in GPO

Agent WAPT

  • [FIX] fix datetime display for software inventory on Redhat and derivatives

  • [IMP] better support for Red Hat os version numbering in inventory and tags

  • [NEW] add el9 waptagent and waptserver support

Serveur WAPT

  • [IMP] simplify web interface displayed version values to avoid misunderstanding

  • [UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty

  • [FIX] fix update_hosts_sid_table connexion leaks (to update the reachable column before calling query in reporting tab)

  • [NEW] add el9 waptagent and waptserver support

Console WAPT

  • [FIX] fix package maturity action default value if none chosen

  • [FIX] fix grayed out host packages actions in Discovery mode

  • [UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.

  • [IMP] adding possibility to cancel configuration package creation

WAPT WADS

  • [IMP] add support for keyboard selection in ipxe

  • [FIX] fix template windows 11 wads

  • [UPD] wads: wait 30s for an ip address if dhcp is slow to respond or waiting for 802.1x vlan switch

  • [FIX] fix wads regression where a computer could connect to waptserver instead of local secondary repo

  • [IMP] Upload iso. Deleting file if wrong hash after upload

  • [FIX] fix copy cert in winpe for wads

  • [FIX] fix waptdeploy unable to read setup exe version, requiring the use of force flag

WAPT-2.3.0.13438 (2023-01-19)

hash : 8e580896

This is a bugfix release for WAPT 2.3. Those are mainly fixes and improvements to smooth the upgrade process from older WAPT versions.

WAPT Core

  • [FIX] waptcore: keep install status of previous package if new package upgrade status is ERROR

  • [FIX] Don’t forced install packages which could’t not be installed properly last time (to avoid install loop) a better approach could be to define a maximum retries count and an increasing delay between retries.

Console WAPT

  • [FIX] fix verify waptsetup.exe and waptdeploy.exe hash when creating waptupgrade

  • [UPD] set all search timer to default (300ms)

  • [FIX] waptconsole display correct icon on Linux

  • [UPD] waptconsole: propose to add a licence right after login if none on server.

  • [FIX] waptconsole: fix some tab orders in forms

  • [FIX] waptconsole package wizard: change layout for compatibility with linux.

  • [FIX] waptconsole: quick fix for external repos settings if none is currently defined in waptconsole ini settings. Autoregister wapt-templates.

  • [FIX] waptsetup: don’t create a shortcut for the waptconsole to replicate behavior from older waptsetup…

  • [NEW] waptagent for Windows can be generated on Linux waptconsole

  • [REF] Improved djoin support

  • [NEW] waptconsole: better support for dark mode on Linux / MacOS

Agent WAPT

  • [IMP] macOS: use sw_vers -productVersion for mac os version

  • [FIX] windows: waptwua client: fix issue when main repo url ends with a slash

  • [FIX] fix wapt-signpackage compatibility error : removes mds argument

  • [FIX] fix waptupgrade package for centos

  • [FIX] fix application version on MacOsx

  • [FIX] switch DisableSkipWindowsUpdates to waptwua section

  • [NEW] Add ForceUnsigned for add drivers in winpe

  • [FIX] add defaultInterpreterPath for vscode support

  • [FIX] waptexit self-kill if machine has been started for too much time

WAPT WADS

  • [IMP] wads: removing mounted drive letters before diskpart for better support of machine without any installed OS

  • [NEW] Add script compile_ipxe.py to integrate waptserver url directly in ipxe binary

  • [FIX] fix acl wads_admin on upload_winpe

  • [FIX] wads: fix wads skip_login_wads and acl

Serveur WAPT

  • [FIX] waptserver: don’t try to convert jsonb boolean to raw boolean as it fails for postgresql <= 10

  • [FIX] better support for postgres upgrade for Debian / Ubuntu in postconf.py

  • [FIX] waptserver: path to waptdeploy on windows server to fix link

  • [FIX] during upgrade, run /opt/wapt/wapt-scanpackages.sh when run postconf.py

  • [NEW] waptserver: new option to set nginx port from waptserver.ini

WAPT-2.3.0.13356 (2023-01-10)

hash : fd590589

This is the first release of WAPT 2.3. This release does not have any new big feature, but brings a ton of little bugfixes and improvements to make WAPT usage more lean and smooth.

What’s New?

  • 1000+ bugfixes

  • Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.

  • WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.

  • Improved Websocket connexion. Disconnects and reconnects have be made more robust.

  • Improved support on macOS.

  • Improved support on Linux.

  • Update of WAPT external components.

  • WAPT Console support on Linux (Debian and derivatives, Redhat and derivatives).

  • Tech Preview : WAPT Console support on macOS (Mojave and above).

Upgrade details

WAPT Server 2.3 needs PostgreSQL 10 or above. Please be sur to have the correct version running, especially if your server is running Debian and has been upgraded from Stretch:

  • If the WAPT Server is running on Debian or Ubuntu, if you have upgrade from Debian Stretch to Buster to Bullseye, please check that the running instance of PostgreSQL has been upgraded when the OS has been upgraded;

  • If you are on Redhat 7, upgrade is taken care of in the postconf script, and it should upgrade from 9.6 to 14;

  • If the WAPT Server is running on Redhat 8 or derivative, then the DB is already in a good version;

  • If the WAPT Server is running on Windows the DB upgrade is done during the upgrade from 9.6 to 14.

WAPT Core

  • [SEC] When checking exe certificate, first check that the signature is OK.

  • [SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.

  • [FIX] Fixed handling properly utf8 chars in certificate subject.

  • [FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.

  • [FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.

  • [IMP] remove client library dependency for command line progress bar.

  • [SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)

  • [REF] Removed unused functions.

  • [REF] Removed unused headers.

  • [IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s « created_by » attributes which were not not set.

  • [FIX] Windows setuphelpers: missing service_list in _all__.

  • [FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.

  • [NEW] Added armhf as a valid package architecture.

  • [FIX] Fixed scan_package issue when there are packages without package_uuid. Packages table was growing at each scan_packages.

  • [IMP] wapt-get: Added some help for build-waptagent and add-config / reset-config/ set-config -from-url.

  • [IMP] wapt-get reset-config-from-url: removes dynamic configs from conf.d too.

  • [IMP] Re-include empty folders in zipped WAPT packages.

  • [FIX] Update for zip empty folder entries.

  • [FIX] When checking files and directories from package manifest, create empty directories from the manifest file if thet do not exist yet.

  • [UPD] wapt-get update-package-sources: Implicit transparent import of all functions from packagesdevhelpers.py.

  • [FIX] Do not audit packages with install_status <> “OK”.

  • [SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.

  • [NEW] waptconsole: Stuff waptsetup with json config for embedding into waptupgrade package.

  • [FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.

  • [UPD] wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.

  • [FIX] Fixed regression in python _sign_control (encoding issue).

  • [UPG] Upgraded python to 3.8.16.

  • [IMP] waptutils.py cleanup and small fix in user_is_member_of.

  • [REF] waptserver: Cleanup code with pyflakes.

  • [IMP] Allow none loglevel.

  • [NEW] Introduced wapt-get reset-config-from-url.

  • [FIX] Fixed json_load_file() by adding encoding option. Default is « utf-8 ».

  • [IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()

  • [FIX] Fixed wapt-get add-config-from-url in pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.

  • [REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.

  • [FIX] Shows the proper logged user after login.

  • [IMP] Fallback other method for get domain in get_hostname.

  • [REF] jsonconfig data embedded in setup exe.

  • [FIX] Default value for check verify cert.

  • [UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).

  • [UPD] wapt-get: Added a command to list the initial configs available on server (in wapt/conf.d).

  • [UPD] waptsetuputil: Added UnzipConfigFromExe.

  • [FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.

  • [IMP] buildlib: Do not remove unittest from python lib when creating the build environment.

  • [FIX] remove_file() was unable to remove symlinks.

  • [FIX] wapt core: Regression on uuid retrieval from WMI. “System_Information” key is an array.

  • [NEW] wapt core: added « wapt_temp_dir » wapt-get.ini parameter to specify the directory wher packages are unzipped at installation (for wyse terminal).

  • [REF] Introduced packagesdevhelpers python module to remove helpers useful only for « packages source update » and reduce import time of setuphelpers.

  • [IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with « winver » command, adding windows_version_full in hardware inventory

  • [IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.

  • [FIX] waptpackage: trim attributes value in control data. (“all” was retrieved as “all “ ).

  • [IMP] twaptpackage: Always set architecture and priority default.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.

  • [FIX] Fixed issue with in path in zipped files created with CreateRecursiveZip.

  • [FIX] Fixed file not found when calling GetServerCertificate.

  • [FIX] Fixed editing zipped package inplace (hosts packages).

  • [FIX] Added call to mormot2 RegisterOpenssl for Access violation in waptlicences.

  • [IMP] Grid editor: Show which column is currently focused even if grid has not the focus.

  • [IMP] Use UTC time for expiration check of ACLs.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.

  • [IMP] Default grid order set to descending signature date.

  • [FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).

  • [FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed using particular characters in passwords.

  • [FIX] Fixed waptcore: Fixed the type for dynamic configuration.

  • [FIX] copytree2 replace_at_next_reboot.

  • [REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).

  • [UPD] Created a full version 1.2.3.rev-hash into file wapt/version-full.

Agent WAPT

  • [FIX] force create random uuid if bios uuid is not correct.

  • [FIX] Do not check wsusscn2.cab if not Enterprise.

  • [IMP] add host_capabilities inventory.

  • [IMP] Better JSON format (Human Readable) for Audit Data.

  • [FIX] Use parameter IncludeCA on ListSOCertificatesFromFolder.

  • [FIX] Fixed translation issues in graphical components.

  • [FIX] Fixed last version, checks the minimal OS version

  • [FIX] edit waptwua if install_delay has value.

  • [IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.

  • [FIX] Popping wrong license message on new installation.

  • [FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.

  • [FIX] Fixed add new rule missing import for isenterprise.

  • [NEW] Added disk drives to host overview template.

  • [IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.

  • [IMP] Improved local waptservice auth feedback.

  • [REF] Refactored waptservice code.

  • [FIX] Enable custom CA file for websockets certificate checking.

  • [FIX] Fixed WAPT Agent websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.

  • [IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.

  • [IMP] waptdeploy: Do not check wapt-get working condition.

  • [FIX] Fixed waptdeloy argument parsing.

  • [UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.

  • [NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.

  • [FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.

  • [FIX] Fixed wapt-get build-waptagent: empty configuration name.

  • [ADD] Check all rules signatures before doing anything else.

  • [IMP] The agent version is obtained from the exe, not the server.

  • [FIX] waptsetup auto json config: should accept waptsetup-1.2.3_<confname>_<confhash>.exe.

  • [FIX] Fixed remote WakeOnLAN.

  • [IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.

  • [FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.

  • [FIX] wapt-get: Set password callbacks after reloading config.

  • [FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.

  • [FIX] Stuffed waptsetup: Append waptwua settings to json.

  • [FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.

  • [NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded « default ».

  • [IMP] waptservice: Can start right after install even if no wapt-get.ini.

  • [NEW] Added nopassword to config wizard for service_auth_type.

  • [UPD] Added wapt-get reset-config-from-url and set-config-from-url json configuration.

  • [FIX] Do not delete the files if the signature has failed.

  • [IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.

  • [FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.

  • [FIX] remove_user_appx was not initialized from setuphelpers.

  • [UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of conf.d dynamic configuration.

  • [IMP] waptsetup: Do not update wapt-get.ini when using dynamic json configuration.

  • [UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When allow_unauthenticated_connect = True on the WAPT Server, the WAPT agents should be able to connect without getting a token.

  • [FIX] waptself: Fixed next page button unavailable on last page.

  • [UPD] waptexit: Add waptexit_disable_skip_windows_updates parameter in wapt-get.ini file and commandline argument to disable the checkbox for skipping Windows Updates.

  • [UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.

  • [UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.

  • [UPD] Enable waptservice_allow_all_packages only for nopassword service_auth_type.

  • [NEW] Added a waptservice parameter waptservice_allow_all_packages which allow all user to install / remove all packages as if they were part of the waptselfservice group.

  • [NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.

  • [FIX] Improved error message and wait cursor when waptselfservice is starting.

  • [FIX] Fixed selfservice missing common module for self_service_rules when using the nopassword argument with the WAPT Enterprise version.

  • [FIX] Changed Icon for Add Dependencies ‣ Trashcan to Plus.

  • [IMP] User is now informed when self service can not get a token (service not started).

  • [FIX] Remove double slahs in url //Packages.

  • [NEW] Added Ubuntu22 in waptsetup package.

  • [FIX] Fixed waptmessage ambiguous “-s” option (use stdout and set window size), replaced by -c for init console.

  • [FIX] Fixed tasks list on host.

  • [FIX] Normalized view (lowercase) in grid for target_os from control part.

  • [FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).

  • [FIX] Use cached trusted signer certificates store instead of recreating it each time.

  • [FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.

  • [IMP] use --not-interactive with register if the installation runs in silent mode.

  • [FIX] waptservice: Do not ignore broadcast for WaptUpdateServerStatus to avoid the WAPT Tray sticking upon sending data to the WAPT Server.

  • [FIX] Fixed unable to synchronize remote repository.

  • [IMP] waptmessage: No autosize if a size is specified on the command line.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).

  • [IMP] install_scheduling work if not in PENDING_UPDATES status.

  • [FIX] Fixed waptexit compilation: Removed specific WaptIniFilename function.

  • [FIX] Fixed waptmessage unable to load sqlite.

  • [IMP] Updated waptwua status to “NEED-SCAN” on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [NEW] wapt core: Added as_dict and descending parameters to Wapt.read_audit_data_set.

  • [IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.

  • [FIX] Fixed configuration package template setup_package_template_conf.py.

  • [FIX] Fixed waptservice configuration: Set the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice “start_waptexit” with arguments Faulty arguments boolean value decoding.

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with only_priorities and only_if_not_process_running.

  • [FIX] Fixed Wapt.write_audit_data_if_changed: Write data if previous data has expired.

  • [FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.

  • [NEW] Option include_potentially_superseded_updates in configuration wizard.

  • [FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from wapt-get.ini.

  • [FIX] Fixed waptservice: Make sure we have a random secret_key for local waptservice session.

  • [NEW] WAPTWUA superseded support.

  • [IMP] wapt-get edit now opens update_package.py too.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed waptself: Set focus on search when opening.

  • [IMP] Ignore history for waptwua status.

  • [FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.

  • [FIX] Fixed wapt-get update-package-sources: use devdirupdate_package.py to call update_package() hook if this file exists. Else use setup.py.

  • [IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.

  • [FIX] Workaround fix when pyscripter is put as editor for packages. params_vscod_list fixed when space in parameters. Reupdated description.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now opens control file too. wapt-get edit can now be run as user with VSCod* updating wapt_sources_edit() description.

  • [UPD] Changed default log path to wapt/log if writable.

  • [UPD] Same logging initialization code for all UI executables with waptcommon.InitLoggingFromCommandLine.

  • [IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.

Console WAPT

  • [FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.

  • [IMP] Process application messages when performing file hash/zip actions.

  • [FIX] Fixed waptconsole copy cert to wapt/ssl: handle properly spaces in target directory name.

  • [FIX] Place cursor at end of line instead of point of click in textareas.

  • [ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.

  • [FIX] Fixed proper images on actions buttons.

  • [FIX] Fixed OU icon when OU name contains an empty character.

  • [FIX] Fixed Out of bound error : add verification on condition check in specific cases.

  • [FIX] Fixed missing error message on secondary repositories.

  • [IMP] Improve usability of copying new certificate in <WAPT>\ssl directory

  • [FIX] Fixed icon on action ActWUAGetUnusedKB.

  • [FIX] Fixed actions caption on toolbar in Windows Update.

  • [FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.

  • [FIX] Fixed popup menus on toolbar in OS Deployment.

  • [FIX] Fixed actions on toolbar in Software Inventory.

  • [NEW] waptconsole / waptserver: Added a specific ACL for update_audit_data.

  • [UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.

  • [FIX] Fixed locking some actions on non Enterprise versions.

  • [FIX] Fixed waptconsole package zip build: CreateRecursiveZip.

  • [IMP] cleanup of HTML templates on waptservice. Removed unused js.

  • [IMP] Showing icons for target_os.

  • [FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.

  • [FIX] Fixed waptconsole waptcrypto: implement TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.

  • [FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style) control files.

  • [IMP] Basic POC for Auto Completion on Reporting Queries.

  • [FIX] Fixed viewing TechPreview Features does not take care of display preferences.

  • [FIX] Fixed the downloaded packages have now the chosen maturity.

  • [IMP] Show *.cmd files in post install script selector.

  • [NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.

  • [FIX] Fixed the button Type for update package warning.

  • [ADD] Confirm button before Update from the WAPT store.

  • [FIX] Fixed waptconsole update from the WAPT store Introduced StripPrefix in TPackageRequest to allow searching in the repository on package name without prefix.

  • [FIX] Include min_os_version and max_os_version in WAPT package identification to check which WAPT package is newest.

  • [FIX] When building customized waptsetup, sometimes missing trusted certificate.

  • [FIX] Fixed the copy of wapt-get.ini if there is no waptconsole.ini.

  • [NEW] Menu item for restoring toolbars to default.

  • [FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.

  • [FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.

  • [FIX] Fixed buttons links with actions on WSUS.

  • [FIX] Fixed encoding problem for WSUS.

  • [IMP] Removed GUI interface for the Update from the store action.

  • [ADD] Added a warning message before updating a WAPT package.

  • [ADD] Updated from the store button in private repository done.

  • [IMP] Added Updated part for the Store Update Action.

  • [IMP] Update from the store button (visual part).

  • [FIX] Fixed regression on creating new wuagroup package.

  • [UPD] waptconsole build agent -> named with version, config and hash instead of waptagent.exe/.

  • [FIX] Fixed __pycache__ included in zipped package when built from waptconsole.

  • [ADD] reporting: Added Unique save for each query.

  • [FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.

  • [FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.

  • [IMP] Use system font for html viewers.

  • [IMP] Allow package wizard without installer path.

  • [NEW] Added « keys » mustache helper for html templates.

  • [IMP] waptconsole: Do not try to ping servers before login dialog.

  • [FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.

  • [UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.

  • [IMP] Addied listening to ipv6 only if ipv6 is available.

  • [FIX] Fixed waptconsole crash if custom column with empty size cell.

  • [IMP] Added a warning when no DNS record is found (Remote repository).

  • [FIX] Fixed call if app is currently closing (login cancelled).

  • [IMP] Opening configuration by double-clicking on grid.

  • [IMP] Package wizard for portable apps.

  • [IMP] waptconsole, display bytes size in human readable format in grid.

  • [FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.

  • [IMP] Improved asking credentials on http error 401.

  • [FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.

  • [FIX] Fixed WAPT package creation for OUs.

  • [ADD] Link to the official documentation for the Config Package Wizard.

  • [IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.

  • [IMP] Improved warning before deleting a valid licence.

  • [FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.

  • [FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in repositories setting in waptconsole.ini.

  • [FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.

  • [REF] waptserver model upgrade: removed unused database migration steps.

  • [UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed error editing same OU package in one session.

  • [ADD] ACL Edit Repo on Index for secondary repos

  • [FIX] Fixed missing editing ACL Edit Repo.

  • [FIX] Fixed waptconsole access violation when checking unzipped package signature.

  • [FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).

  • [IMP] Improved the interpretation of checkbox states due to label description.

  • [IMP] Improved search when importing queries.

  • [FIX] Fixed host configuration package that are not editable right after creating them.

  • [FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.

  • [IMP] Removed Python dependency in the WAPT Console.

  • [UPD] waptconsole: Added popup menu to Json hardware treeview.

  • [IMP] Improved reporting import, now select all queries by default + some code improvement

  • [IMP] Improved enabling or disabling ACL by double click.

  • [FIX] Fixed waptconsole: html audit templates. Bad search order.

  • [FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.

  • [FIX] Fixed waptconsole: empty success message for some actions. Updated translations.

  • [FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.

  • [UPD] Fixed waptconsole: Added Edit html template popup menu action.

  • [FIX] Fixed no logo resizing if smaller size.

  • [UPD] Load html templates for host_overview and host_audit from user’s appdata directory if it exists, else from wapt.

  • [REF] waptconsole: Refactored TFrmHtmlViewer to lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in default wapt installation directory (%WAPTBASEDIR%templates).

  • [UPD] waptconsole: Improved drag & drop of columns into GridHosts.

  • [FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.

  • [FIX] Fixed waptconsole drag & drop audit values.

  • [FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.

  • [IMP] waptconsole: Load AD Groups in thread.

  • [FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.

  • [REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store

  • [FIX] Fixed waptconsole: fixed host overview layout if no html template.

  • [UPD] waptconsole: host details layout changes: introduced html templates based overview if templateshost_overview.html file exists (mustache template).

  • [FIX] Fixed waptconsole sendmessage gui splitter.

  • [IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.

  • [FIX] Fixed autosearch in ttissearch component.

  • [NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.

  • [IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.

  • [NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).

  • [FIX] Fixed reporting queries grid layout not saved properly.

  • [UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).

  • [FIX] Fixed avoiding exception if no user was selected before adding ACL rights.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).

  • [UPD] Updated icons on windows update status for WUA.

  • [FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.

  • [FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.

  • [FIX] Fixed waptconsole: Avoid error message of no repo_url for last used package template section.

  • [FIX] Fixed modifying a password if old password was empty.

  • [ADD] Hide / show all columns in grids.

  • [NEW] new option check_package_version in waptconsole.ini.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.

  • [UPD] Host menu for upgrading hosts part.

  • [REF] waptconsole multiserver: Refactored TriggerActionOnHosts to send multiples actions to the right servers.

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [UPD] Deleted host popup.

  • [NEW] Possibility to download WAPT packages when asking hosts for updates.

  • [UPD] trigger_host_update adding possibility to download the WAPT package after update.

  • [FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.

  • [FIX] Fixed saving configuration when new configuration was created.

  • [FIX] Fixed saving language parameter.

  • [FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.

  • [FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.

  • [FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.

  • [FIX] patched setup_package_template_cert.py.tmpl.

  • [FIX] Fixed not adding « cn » in OU.

  • [FIX] Fixed layout on Windows Update part.

  • [FIX] Fixed the flow layout.

  • [IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.

  • [FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.

  • [NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).

  • [REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.

  • [REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in DMWaptConsole.ReloadConfigFile. All sections with a wapt_server key are taken in account. Shares the WaptServerSession across all waptserver connections.

  • [FIX] Fixed bad port for veyon.

Serveur WAPT

  • [SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.

  • [SEC] Send minimal information on /ping api call.

  • [IMP] Set session cookie to 3 days

  • [IMP] waptserversetup: Check if there is a CRITICAL log entry during winsetup.py and exit with an exitcode 1000 if it is the case.

  • [IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).

  • [FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.

  • [REF] Server python code cleanup.

  • [IMP] wapttasks: use environment variable on linux to pass config file path.

  • [NEW] waptserver: reduced lifetime of session cookie to default 12h. session_lifetime can be changed in waptserver.ini using session_lifetime seconds parameter.

  • [UPD] Updated to python 3.8.16 for all supported operating systems.

  • [FIX] Fixed stuffed setup exe naming on the WAPT Server.

  • [NEW] new parameter list_subnet_skip_login_wads.

  • [FIX] Fixed waptserver: shorten SQL columns aliases for long get_hosts json queries.

  • [SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.

  • [NEW] waptservice websocket: Enabled certificate checking on websockets.

  • [IMP] waptserver: Added index on computer_ad_ou.

  • [FIX] Fixed waptserver: by default, do not create stuffed waptsetup when a dynamic config is uploaded.

  • [FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.

  • [NEW] model.py: Added upgrade-db action and --overwrite-version=1.2.3 option to force the replay of upgrade db.

  • [FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.

  • [NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.

  • [NEW] If licences json data is empty, assume an empty list.

  • [IMP] Getting storage used by KBs.

  • [NEW] 22H2 build numbers in WindowsVersions class.

  • [NEW] Added hosts_sid endpoint routing to uwsgi in nginx configuration templates.

  • [FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.

  • [FIX] Fixed waptserver: ignore null bytes in audit data string values.

  • [FIX] Fixed waptserver: allow access to agent download without client certificate auth.

  • [FIX] Fixed waptserver model: remove references to unused HostExtData table.

  • [FIX] Fixed waptserver multiinstance with uwsgi: takes in account application_root for interprocess get_ws_connections /api/v3/hosts_sid calls.

  • [UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.

  • [UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the wapt/waptagent folder to be consistent with other agents location Same for waptdeploy.exe.

  • [DEL] waptserver: Removed « enable_store » setting.

  • [UPD] waptconsole multiserver: display unreachable servers.

  • [FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.

  • [FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.

  • [FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.

  • [UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.

  • [UPD] waptconsole multi servers: Do not try to update / merge repo if repo_url is empty.

  • [IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.

  • [IMP] allow_unauthenticated_registration is now like use_kerberos.

  • [FIX] Postconf, current config is now autoselected.

  • [UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.

  • [UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.

  • [UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.

  • [FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.

  • [FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.

  • [REF] Removed enterprise_common.py.

  • [UPD] Upgrade nginx on Windows.

  • [UPD] Upgraded DB to postgresql v14 for windows.

  • [UPG] upgraded postgresql 9.6 to v14 on CentOS7.

  • [FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).

  • [FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.

  • [FIX] Fixed waptserver: Improved message when triggering action.

  • [IMP] Added HTST header to nginx template.

  • [FIX] Fixed waptserver update_hosts_audit_data: Updated values with same global key (host_id,value_id).

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).

  • [IMP] waptserver websocket auth: Put host certificates in cache.

  • [UPD] waptserver websocket: Do not cache UUID twice.

  • [REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.

  • [FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).

  • [IMP] waptserver: WIP endpoint update_hosts_audit_data to bulk insert hosts related data.

  • [IMP] waptserver: update api/v3/get_agents_info to match the online wapt_agent_list.json.

  • [FIX] Fixed glpi sync: simplified glpi_upload_hosts.py script.

  • [FIX] Fixed waptserver huey tasks: licences_list not properly initialized when not using default waptserver.ini.

  • [FIX] Fixed waptserver audit table structure upgrade: typo

  • [FIX] Fixed avoiding GET method limits on hosts_for_wua.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.

  • [FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.

  • [UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.

  • [FIX] Fixed update_server_status with dynamic configuration.

  • [IMP] Include waptsetup.exe in waptserversetup.exe.

WADS

  • [FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.

  • [IMP] Check whether winpe.wim and 7z.exe files exist when creating the WADS WinPE.

  • [FIX] Added missing “/” in wgetwads error messages.

  • [IMP] WADS: Added session login type and acl.

  • [IMP] WADS: Login to server only one time instead of for each request.

  • [IMP] WADS: Added flags: unchecked for wads login on Windows Server.

  • [IMP] Use of latest mormot function for WgetWads to fix DNS check.

  • [IMP] Improved error messages for WADS and WGETWADS.

  • [IMP] Added option wads in Windows Server installer.

  • [IMP] get_wads_secondary_repo –> follow protocol of the server connection.

  • [FIX] Fixed list_subnet_skip_login_wads read configuration.

  • [IMP] WinPE creation key

  • [REF] Remove useless code on get_wads_config (Login WADS).

  • [IMP] WgetWads does not require python to work.

  • [FIX] Be more indulgent on json rules for WADS.

  • [FIX] Fixed WADS working when no logging required.

  • [ADD] Login in IPXE, more tests needed.

  • [IMP] Proper way to secure wads_get_config.

  • [ADD] Login on WADS register host and get wads configuration.

  • [NEW] include hostname in debian.ipxe for OS deployment.

  • [FIX] Fixed djoin with given domainuser parameter.

  • [IMP] Added back support GET method on /api/v3/get_wads_config.

  • [NEW] Added asset tag in HostOSDeploy.

  • [IMP] Ask for a new hostname when starting to deploy if hostname equals to “autoregister”.

  • [IMP] Improved filtering keyboard faster + french translation in Make WinPE.

  • [FIX] Fixed missing glob import in WADS get_iso_config.

  • [NEW] Adding drivers in WinPE from WADS drivers.

  • [IMP] Improved feedback when the djoin fails (already existing machine).

  • [WADS] <Value> format in XML was incorrect and not complete for password definition.

  • [IMP] Last error message added for failed djoin.

  • [FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.

  • [IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.

  • [NEW] Added customized WinPE export to zip file.

  • [IMP] Improved showing the error message on upload failure.

  • [IMP] Improved applying default configuration on wads host if no configuration has been set.

  • [IMP] ISO download dialog box.

  • [IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.

  • [IMP] WADS: XML no longer disable UAC by default.

  • [FIX] Fixed mac_address not returned with iPXE.

  • [ADD] Added ipxe_script_jinja_path and two templates.

  • [UPD] Added file type filters for loading the post-install script.

  • [FIX] Restored a progression bar when uploading the ISO and the winpe files.

  • [IMP] kill wapttftpserver and uninstall the service before installing it.

  • [ADD] Added Windows 11 unattend XML template files.

  • [IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).

  • [FIX] Added tftp firewalld port opening.

  • [IMP] Avoid creating WinPE on Windows partition + some ACL added.

  • [UPD] Renamed drivers bundle filenames to sha256(filename).

  • [ADD] Added a template for Debian.

  • [UPD] GridConfigDeploy showing the platform now.

  • [FIX] Fixed saving bundle names.

  • [NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.

  • [FIX] Fixed SELinux rules for wads.

  • [FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).

  • [UPD] WADS grayed when windows update repository is selected.

  • [UPD] Possibility to select an iso file even if not Windows.

  • [FIX] Fixed waptconsole uploadWinPE: regression in upload progress bar and incomplete zip.

  • [FIX] Fixed wads to include non CA certificates for WinPE build.

  • [IMP] Added ipxe_script in DeployConfig table.

WAPT Agent MacOS

  • [UPD] Delete old pkg if available in pkg list.

  • [NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.

  • [FIX] Improved support for macOS MenuBar.

  • [FIX] Added WAPT Console .app plist file for macOS X.

  • [FIX] Fixed some macOS X model and serial number reports.

  • [FIX] Fixed macOS X local_groups key in host_info.

  • [FIX] Updated mormot2 for gssapi on macOS X.

  • [NEW] support WADS security, Network masks.

  • [FIX] Fixed installed_softwares on MacOS.

  • [NEW] Added timestamping to pkg signing.

  • [FIX] Fixed getting agent version in get_wads_config.

  • [NEW] Added entitlements file for macOS signing.

  • [IMP] Force light UI when DarkMode is active on macOS.

  • [FIX] Fixed opening maximized self service on macOS

  • [FIX] Fixed loading hosts on macOS when more options in inventory is checked.

  • [IMP] Better handle on input (utf8 convertion).

  • [IMP] macOS: Updated build script to handle binary file signing and better debugging.

  • [IMP] Patched dmidecode info for macOS.

  • [FIX] Fixed macOS core get_hostname return binary string instead of str -> update_status loop.

  • [IMP] Use system_profiler_info for dmi_info on macOS X.

  • [REF] plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed duplicated macOS code in setuphelpers for get_hostname().

  • [IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.

  • [NEW] Added the WAPT Console to Linux and macOS gui distribution.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed register for macOS.

  • [FIX] Fixed custom waptmessage logo linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [FIX] Fixed restart waptservice for macOS.

  • [IMP] Silently attach dmg file.

  • [FIX] Fixed get_file_type in macOS.

WAPT Agent Linux

  • [FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.

  • [IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.

  • [IMP] Improve support for dark mode on WAPT Console on Linux

  • [IMP] Replaced in /usr/bin/ wapt-get.sh by wapt-get.bin.

  • [IMP] Added Ubuntu and CentOS icons.

  • [IMP] Added icons in ImportPackages window.

  • [FIX] Fixed user_local_appdata for Linux.

  • [IMP] waptagent Debian package: removed system python3 dependency.

  • [IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.

  • [IMP] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).

  • [NEW] Added the WAPT Console to Linux and MacOS gui distribution.

  • [FIX] Fixed configpackage wizard and main form layouts for Linux.

  • [UPD] Updated virtualtreeview for Linux visual grid lines improvements.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [ADD] Added snap software inventory.

  • [FIX] Fixed waptservice linux restart Linux: AttributeError: WaptServiceRestart object has no attribute logger.

  • [NEW] Linux OS deployment.

  • [FIX] Added firewalld rule on RedHat based server for wapttftpserver.

WAPT-2.3.0.13334 RC3 (2023-01-06)

hash : a06031bd

This is the third release candidate of WAPT 2.3.

This is a release candidate for testing that is not intended for production.

This changelog lists the fixes sinces WAPT 2.3 RC2.

WAPT Core

  • [SEC] When checking exe certificate, first check that the signature is OK.

  • [SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.

  • [FIX] Fixed handling properly utf8 chars in certificate subject.

  • [FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.

  • [FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.

  • [IMP] remove client library dependency for command line progress bar.

Agent WAPT

  • [FIX] force create random uuid if bios uuid is not correct.

  • [FIX] Do not check wsusscn2.cab if not Enterprise.

Serveur WAPT

  • [SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.

  • [SEC] Send minimal information on /ping api call.

  • [IMP] Set session cookie to 3 days

Console WAPT

  • [FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.

  • [IMP] Process application messages when performing file hash/zip actions.

  • [FIX] Fixed waptconsole copy cert to wapt/ssl: handle properly spaces in target directory name.

  • [FIX] Place cursor at end of line instead of point of click in textareas.

WADS

  • [FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.

  • [IMP] Check whether winpe.wim and 7z.exe files exist when creating the WADS WinPE.

  • [FIX] Added missing “/” in wgetwads error messages.

WAPT Linux

  • [FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.

  • [IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.

  • [IMP] Improve support for dark mode on WAPT Console on Linux

WAPT-2.3.0.13301 RC2 (2023-01-04)

hash: a2af0e8d

What’s New?

This is second release candidate of WAPT 2.3. This is second release candidate of WAPT 2.3.

This is a release candidate for testing that is not intended for production.

This changelog lists the fixes sinces WAPT 2.3 RC1.

Note : for security reasons in waptpython, Python isolated mode is now enabled by default (Python -I). If you are using the waptpython Python environment outside of WAPT, please be sure to check for the corresponding Python documentation.

WAPT Core

  • [SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)

Console WAPT

  • [ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.

  • [FIX] Fixed proper images on actions buttons.

  • [FIX] Fixed OU icon when OU name contains an empty character.

  • [FIX] Fixed Out of bound error : add verification on condition check in specific cases.

  • [FIX] Fixed missing error message on secondary repositories.

  • [IMP] Improve usability of copying new certificate in <WAPT>\ssl directory

Agent WAPT

  • [IMP] add host_capabilities inventory.

  • [IMP] Better JSON format (Human Readable) for Audit Data.

  • [FIX] Use parameter IncludeCA on ListSOCertificatesFromFolder.

  • [FIX] Fixed translation issues in graphical components.

  • [FIX] Fixed last version, checks the minimal OS version

  • [FIX] edit waptwua if install_delay has value.

WADS

  • [IMP] WADS: Added session login type and acl.

  • [IMP] WADS: Login to server only one time instead of for each request.

  • [IMP] WADS: Added flags: unchecked for wads login on Windows Server.

  • [IMP] Use of latest mormot function for WgetWads to fix DNS check.

  • [IMP] Improved error messages for WADS and WGETWADS.

  • [IMP] Added option wads in Windows Server installer.

  • [IMP] get_wads_secondary_repo –> follow protocol of the server connection.

  • [FIX] Fixed list_subnet_skip_login_wads read configuration.

  • [IMP] WinPE creation key

WAPT Linux Agent

  • [IMP] Replaced in /usr/bin/ wapt-get.sh by wapt-get.bin.

  • [IMP] Added Ubuntu and CentOS icons.

  • [IMP] Added icons in ImportPackages window.

WAPT-2.3.0.13239 RC1 (2022-12-21)

hash: 675d861e

What’s New?

  • 1000+ bugfixes

  • Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.

  • WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.

  • Improved Websocket connexion. Disconnects and reconnects have be made more robust.

  • Improved support on macOS.

  • Improved support on Linux.

  • Update of WAPT external components.

Tech Preview

  • WAPT Console support on Linux (Debian and derivatives, Redhat and derivatives).

  • WAPT Console support on macOS (Mojave and above).

WAPT Core

  • [REF] Removed unused functions.

  • [REF] Removed unused headers.

  • [IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s « created_by » attributes which were not not set.

  • [FIX] Windows setuphelpers: missing service_list in _all__.

  • [FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.

  • [NEW] Added armhf as a valid package architecture.

  • [FIX] Fixed scan_package issue when there are packages without package_uuid. Packages table was growing at each scan_packages.

  • [IMP] wapt-get: Added some help for build-waptagent and add-config / reset-config/ set-config -from-url.

  • [IMP] wapt-get reset-config-from-url: removes dynamic configs from conf.d too.

  • [IMP] Re-include empty folders in zipped WAPT packages.

  • [FIX] Update for zip empty folder entries.

  • [FIX] When checking files and directories from package manifest, create empty directories from the manifest file if thet do not exist yet.

  • [UPD] wapt-get update-package-sources: Implicit transparent import of all functions from packagesdevhelpers.py.

  • [FIX] Do not audit packages with install_status <> “OK”.

  • [SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.

  • [NEW] waptconsole: Stuff waptsetup with json config for embedding into waptupgrade package.

  • [FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.

  • [UPD] wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.

  • [FIX] Fixed regression in python _sign_control (encoding issue).

  • [UPG] Upgraded python to 3.8.16.

  • [IMP] waptutils.py cleanup and small fix in user_is_member_of.

  • [REF] waptserver: Cleanup code with pyflakes.

  • [IMP] Allow none loglevel.

  • [NEW] Introduced wapt-get reset-config-from-url.

  • [FIX] Fixed json_load_file() by adding encoding option. Default is « utf-8 ».

  • [IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()

  • [FIX] Fixed wapt-get add-config-from-url in pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.

  • [REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.

  • [FIX] Shows the proper logged user after login.

  • [IMP] Fallback other method for get domain in get_hostname.

  • [REF] jsonconfig data embedded in setup exe.

  • [FIX] Default value for check verify cert.

  • [UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).

  • [UPD] wapt-get: Added a command to list the initial configs available on server (in wapt/conf.d).

  • [UPD] waptsetuputil: Added UnzipConfigFromExe.

  • [FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.

  • [IMP] buildlib: Do not remove unittest from python lib when creating the build environment.

  • [FIX] remove_file() was unable to remove symlinks.

  • [FIX] wapt core: Regression on uuid retrieval from WMI. “System_Information” key is an array.

  • [NEW] wapt core: added « wapt_temp_dir » wapt-get.ini parameter to specify the directory wher packages are unzipped at installation (for wyse terminal).

  • [REF] Introduced packagesdevhelpers python module to remove helpers useful only for « packages source update » and reduce import time of setuphelpers.

  • [IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with « winver » command, adding windows_version_full in hardware inventory

  • [IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.

  • [FIX] waptpackage: trim attributes value in control data. (“all” was retrieved as “all “ ).

  • [IMP] twaptpackage: Always set architecture and priority default.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.

  • [FIX] Fixed issue with in path in zipped files created with CreateRecursiveZip.

  • [FIX] Fixed file not found when calling GetServerCertificate.

  • [FIX] Fixed editing zipped package inplace (hosts packages).

  • [FIX] Added call to mormot2 RegisterOpenssl for Access violation in waptlicences.

  • [IMP] Grid editor: Show which column is currently focused even if grid has not the focus.

  • [IMP] Use UTC time for expiration check of ACLs.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.

  • [IMP] Default grid order set to descending signature date.

  • [FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).

  • [FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.

  • [UPD] Refactored SSLCABundle usage.

  • [FIX] Fixed using particular characters in passwords.

  • [FIX] Fixed waptcore: Fixed the type for dynamic configuration.

  • [FIX] copytree2 replace_at_next_reboot.

  • [REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).

  • [UPD] Created a full version 1.2.3.rev-hash into file wapt/version-full.

Agent WAPT

  • [IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.

  • [FIX] Popping wrong license message on new installation.

  • [FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.

  • [FIX] Fixed add new rule missing import for isenterprise.

  • [NEW] Added disk drives to host overview template.

  • [IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.

  • [IMP] Improved local waptservice auth feedback.

  • [REF] Refactored waptservice code.

  • [FIX] Enable custom CA file for websockets certificate checking.

  • [FIX] Fixed WAPT Agent websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.

  • [IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.

  • [IMP] waptdeploy: Do not check wapt-get working condition.

  • [FIX] Fixed waptdeloy argument parsing.

  • [UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.

  • [NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.

  • [FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.

  • [FIX] Fixed wapt-get build-waptagent: empty configuration name.

  • [ADD] Check all rules signatures before doing anything else.

  • [IMP] The agent version is obtained from the exe, not the server.

  • [FIX] waptsetup auto json config: should accept waptsetup-1.2.3_<confname>_<confhash>.exe.

  • [FIX] Fixed remote WakeOnLAN.

  • [IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.

  • [FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.

  • [FIX] wapt-get: Set password callbacks after reloading config.

  • [FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.

  • [FIX] Stuffed waptsetup: Append waptwua settings to json.

  • [FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.

  • [NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded « default ».

  • [IMP] waptservice: Can start right after install even if no wapt-get.ini.

  • [NEW] Added nopassword to config wizard for service_auth_type.

  • [UPD] Added wapt-get reset-config-from-url and set-config-from-url json configuration.

  • [FIX] Do not delete the files if the signature has failed.

  • [IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.

  • [FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.

  • [FIX] remove_user_appx was not initialized from setuphelpers.

  • [UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of conf.d dynamic configuration.

  • [IMP] waptsetup: Do not update wapt-get.ini when using dynamic json configuration.

  • [UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When allow_unauthenticated_connect = True on the WAPT Server, the WAPT agents should be able to connect without getting a token.

  • [FIX] waptself: Fixed next page button unavailable on last page.

  • [UPD] waptexit: Add waptexit_disable_skip_windows_updates parameter in wapt-get.ini file and commandline argument to disable the checkbox for skipping Windows Updates.

  • [UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.

  • [UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.

  • [UPD] Enable waptservice_allow_all_packages only for nopassword service_auth_type.

  • [NEW] Added a waptservice parameter waptservice_allow_all_packages which allow all user to install / remove all packages as if they were part of the waptselfservice group.

  • [NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.

  • [FIX] Improved error message and wait cursor when waptselfservice is starting.

  • [FIX] Fixed selfservice missing common module for self_service_rules when using the nopassword argument with the WAPT Enterprise version.

  • [FIX] Changed Icon for Add Dependencies ‣ Trashcan to Plus.

  • [IMP] User is now informed when self service can not get a token (service not started).

  • [FIX] Remove double slahs in url //Packages.

  • [NEW] Added Ubuntu22 in waptsetup package.

  • [FIX] Fixed waptmessage ambiguous “-s” option (use stdout and set window size), replaced by -c for init console.

  • [FIX] Fixed tasks list on host.

  • [FIX] Normalized view (lowercase) in grid for target_os from control part.

  • [FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).

  • [FIX] Use cached trusted signer certificates store instead of recreating it each time.

  • [FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.

  • [IMP] use --not-interactive with register if the installation runs in silent mode.

  • [FIX] waptservice: Do not ignore broadcast for WaptUpdateServerStatus to avoid the WAPT Tray sticking upon sending data to the WAPT Server.

  • [FIX] Fixed unable to synchronize remote repository.

  • [IMP] waptmessage: No autosize if a size is specified on the command line.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).

  • [IMP] install_scheduling work if not in PENDING_UPDATES status.

  • [FIX] Fixed waptexit compilation: Removed specific WaptIniFilename function.

  • [FIX] Fixed waptmessage unable to load sqlite.

  • [IMP] Updated waptwua status to “NEED-SCAN” on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [NEW] wapt core: Added as_dict and descending parameters to Wapt.read_audit_data_set.

  • [IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.

  • [FIX] Fixed configuration package template setup_package_template_conf.py.

  • [FIX] Fixed waptservice configuration: Set the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice “start_waptexit” with arguments Faulty arguments boolean value decoding.

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with only_priorities and only_if_not_process_running.

  • [FIX] Fixed Wapt.write_audit_data_if_changed: Write data if previous data has expired.

  • [FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.

  • [NEW] Option include_potentially_superseded_updates in configuration wizard.

  • [FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from wapt-get.ini.

  • [FIX] Fixed waptservice: Make sure we have a random secret_key for local waptservice session.

  • [NEW] WAPTWUA superseded support.

  • [IMP] wapt-get edit now opens update_package.py too.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed waptself: Set focus on search when opening.

  • [IMP] Ignore history for waptwua status.

  • [FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.

  • [FIX] Fixed wapt-get update-package-sources: use devdirupdate_package.py to call update_package() hook if this file exists. Else use setup.py.

  • [IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.

  • [FIX] Workaround fix when pyscripter is put as editor for packages. params_vscod_list fixed when space in parameters. Reupdated description.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now opens control file too. wapt-get edit can now be run as user with VSCod* updating wapt_sources_edit() description.

  • [UPD] Changed default log path to wapt/log if writable.

  • [UPD] Same logging initialization code for all UI executables with waptcommon.InitLoggingFromCommandLine.

  • [IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.

Console WAPT

  • [FIX] Fixed icon on action ActWUAGetUnusedKB.

  • [FIX] Fixed actions caption on toolbar in Windows Update.

  • [FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.

  • [FIX] Fixed popup menus on toolbar in OS Deployment.

  • [FIX] Fixed actions on toolbar in Software Inventory.

  • [NEW] waptconsole / waptserver: Added a specific ACL for update_audit_data.

  • [UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.

  • [FIX] Fixed locking some actions on non Enterprise versions.

  • [FIX] Fixed waptconsole package zip build: CreateRecursiveZip.

  • [IMP] cleanup of HTML templates on waptservice. Removed unused js.

  • [IMP] Showing icons for target_os.

  • [FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.

  • [FIX] Fixed waptconsole waptcrypto: implement TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.

  • [FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style) control files.

  • [IMP] Basic POC for Auto Completion on Reporting Queries.

  • [FIX] Fixed viewing TechPreview Features does not take care of display preferences.

  • [FIX] Fixed the downloaded packages have now the chosen maturity.

  • [IMP] Show *.cmd files in post install script selector.

  • [NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.

  • [FIX] Fixed the button Type for update package warning.

  • [ADD] Confirm button before Update from the WAPT store.

  • [FIX] Fixed waptconsole update from the WAPT store Introduced StripPrefix in TPackageRequest to allow searching in the repository on package name without prefix.

  • [FIX] Include min_os_version and max_os_version in WAPT package identification to check which WAPT package is newest.

  • [FIX] When building customized waptsetup, sometimes missing trusted certificate.

  • [FIX] Fixed the copy of wapt-get.ini if there is no waptconsole.ini.

  • [NEW] Menu item for restoring toolbars to default.

  • [FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.

  • [FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.

  • [FIX] Fixed buttons links with actions on WSUS.

  • [FIX] Fixed encoding problem for WSUS.

  • [IMP] Removed GUI interface for the Update from the store action.

  • [ADD] Added a warning message before updating a WAPT package.

  • [ADD] Updated from the store button in private repository done.

  • [IMP] Added Updated part for the Store Update Action.

  • [IMP] Update from the store button (visual part).

  • [FIX] Fixed regression on creating new wuagroup package.

  • [UPD] waptconsole build agent -> named with version, config and hash instead of waptagent.exe/.

  • [FIX] Fixed __pycache__ included in zipped package when built from waptconsole.

  • [ADD] reporting: Added Unique save for each query.

  • [FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.

  • [FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.

  • [IMP] Use system font for html viewers.

  • [IMP] Allow package wizard without installer path.

  • [NEW] Added « keys » mustache helper for html templates.

  • [IMP] waptconsole: Do not try to ping servers before login dialog.

  • [FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.

  • [UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.

  • [IMP] Addied listening to ipv6 only if ipv6 is available.

  • [FIX] Fixed waptconsole crash if custom column with empty size cell.

  • [IMP] Added a warning when no DNS record is found (Remote repository).

  • [FIX] Fixed call if app is currently closing (login cancelled).

  • [IMP] Opening configuration by double-clicking on grid.

  • [IMP] Package wizard for portable apps.

  • [IMP] waptconsole, display bytes size in human readable format in grid.

  • [FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.

  • [IMP] Improved asking credentials on http error 401.

  • [FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.

  • [FIX] Fixed WAPT package creation for OUs.

  • [ADD] Link to the official documentation for the Config Package Wizard.

  • [IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.

  • [IMP] Improved warning before deleting a valid licence.

  • [FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.

  • [FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in repositories setting in waptconsole.ini.

  • [FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.

  • [REF] waptserver model upgrade: removed unused database migration steps.

  • [UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed error editing same OU package in one session.

  • [ADD] ACL Edit Repo on Index for secondary repos

  • [FIX] Fixed missing editing ACL Edit Repo.

  • [FIX] Fixed waptconsole access violation when checking unzipped package signature.

  • [FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).

  • [IMP] Improved the interpretation of checkbox states due to label description.

  • [IMP] Improved search when importing queries.

  • [FIX] Fixed host configuration package that are not editable right after creating them.

  • [FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.

  • [IMP] Removed Python dependency in the WAPT Console.

  • [UPD] waptconsole: Added popup menu to Json hardware treeview.

  • [IMP] Improved reporting import, now select all queries by default + some code improvement

  • [IMP] Improved enabling or disabling ACL by double click.

  • [FIX] Fixed waptconsole: html audit templates. Bad search order.

  • [FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.

  • [FIX] Fixed waptconsole: empty success message for some actions. Updated translations.

  • [FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.

  • [UPD] Fixed waptconsole: Added Edit html template popup menu action.

  • [FIX] Fixed no logo resizing if smaller size.

  • [UPD] Load html templates for host_overview and host_audit from user’s appdata directory if it exists, else from wapt.

  • [REF] waptconsole: Refactored TFrmHtmlViewer to lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in default wapt installation directory (%WAPTBASEDIR%templates).

  • [UPD] waptconsole: Improved drag & drop of columns into GridHosts.

  • [FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.

  • [FIX] Fixed waptconsole drag & drop audit values.

  • [FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.

  • [IMP] waptconsole: Load AD Groups in thread.

  • [FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.

  • [REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store

  • [FIX] Fixed waptconsole: fixed host overview layout if no html template.

  • [UPD] waptconsole: host details layout changes: introduced html templates based overview if templateshost_overview.html file exists (mustache template).

  • [FIX] Fixed waptconsole sendmessage gui splitter.

  • [IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.

  • [FIX] Fixed autosearch in ttissearch component.

  • [NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.

  • [IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.

  • [NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).

  • [FIX] Fixed reporting queries grid layout not saved properly.

  • [UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).

  • [FIX] Fixed avoiding exception if no user was selected before adding ACL rights.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).

  • [UPD] Updated icons on windows update status for WUA.

  • [FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.

  • [FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.

  • [FIX] Fixed waptconsole: Avoid error message of no repo_url for last used package template section.

  • [FIX] Fixed modifying a password if old password was empty.

  • [ADD] Hide / show all columns in grids.

  • [NEW] new option check_package_version in waptconsole.ini.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.

  • [UPD] Host menu for upgrading hosts part.

  • [REF] waptconsole multiserver: Refactored TriggerActionOnHosts to send multiples actions to the right servers.

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [UPD] Deleted host popup.

  • [NEW] Possibility to download WAPT packages when asking hosts for updates.

  • [UPD] trigger_host_update adding possibility to download the WAPT package after update.

  • [FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.

  • [FIX] Fixed saving configuration when new configuration was created.

  • [FIX] Fixed saving language parameter.

  • [FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.

  • [FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.

  • [FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.

  • [FIX] patched setup_package_template_cert.py.tmpl.

  • [FIX] Fixed not adding « cn » in OU.

  • [FIX] Fixed layout on Windows Update part.

  • [FIX] Fixed the flow layout.

  • [IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.

  • [FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.

  • [NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).

  • [REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.

  • [REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in DMWaptConsole.ReloadConfigFile. All sections with a wapt_server key are taken in account. Shares the WaptServerSession across all waptserver connections.

  • [FIX] Fixed bad port for veyon.

Serveur WAPT

  • [IMP] waptserversetup: Check if there is a CRITICAL log entry during winsetup.py and exit with an exitcode 1000 if it is the case.

  • [IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).

  • [FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.

  • [REF] Server python code cleanup.

  • [IMP] wapttasks: use environment variable on linux to pass config file path.

  • [NEW] waptserver: reduced lifetime of session cookie to default 12h. session_lifetime can be changed in waptserver.ini using session_lifetime seconds parameter.

  • [UPD] Updated to python 3.8.16 for all supported operating systems.

  • [FIX] Fixed stuffed setup exe naming on the WAPT Server.

  • [NEW] new parameter list_subnet_skip_login_wads.

  • [FIX] Fixed waptserver: shorten SQL columns aliases for long get_hosts json queries.

  • [SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.

  • [NEW] waptservice websocket: Enabled certificate checking on websockets.

  • [IMP] waptserver: Added index on computer_ad_ou.

  • [FIX] Fixed waptserver: by default, do not create stuffed waptsetup when a dynamic config is uploaded.

  • [FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.

  • [NEW] model.py: Added upgrade-db action and --overwrite-version=1.2.3 option to force the replay of upgrade db.

  • [FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.

  • [NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.

  • [NEW] If licences json data is empty, assume an empty list.

  • [IMP] Getting storage used by KBs.

  • [NEW] 22H2 build numbers in WindowsVersions class.

  • [NEW] Added hosts_sid endpoint routing to uwsgi in nginx configuration templates.

  • [FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.

  • [FIX] Fixed waptserver: ignore null bytes in audit data string values.

  • [FIX] Fixed waptserver: allow access to agent download without client certificate auth.

  • [FIX] Fixed waptserver model: remove references to unused HostExtData table.

  • [FIX] Fixed waptserver multiinstance with uwsgi: takes in account application_root for interprocess get_ws_connections /api/v3/hosts_sid calls.

  • [UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.

  • [UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the wapt/waptagent folder to be consistent with other agents location Same for waptdeploy.exe.

  • [DEL] waptserver: Removed « enable_store » setting.

  • [UPD] waptconsole multiserver: display unreachable servers.

  • [FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.

  • [FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.

  • [FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.

  • [UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.

  • [UPD] waptconsole multi servers: Do not try to update / merge repo if repo_url is empty.

  • [IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.

  • [IMP] allow_unauthenticated_registration is now like use_kerberos.

  • [FIX] Postconf, current config is now autoselected.

  • [UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.

  • [UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.

  • [UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.

  • [FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.

  • [FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.

  • [REF] Removed enterprise_common.py.

  • [UPD] Upgrade nginx on Windows.

  • [UPD] Upgraded DB to postgresql v14 for windows.

  • [UPG] upgraded postgresql 9.6 to v14 on CentOS7.

  • [FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).

  • [FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.

  • [FIX] Fixed waptserver: Improved message when triggering action.

  • [IMP] Added HTST header to nginx template.

  • [FIX] Fixed waptserver update_hosts_audit_data: Updated values with same global key (host_id,value_id).

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).

  • [IMP] waptserver websocket auth: Put host certificates in cache.

  • [UPD] waptserver websocket: Do not cache UUID twice.

  • [REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.

  • [FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).

  • [IMP] waptserver: WIP endpoint update_hosts_audit_data to bulk insert hosts related data.

  • [IMP] waptserver: update api/v3/get_agents_info to match the online wapt_agent_list.json.

  • [FIX] Fixed glpi sync: simplified glpi_upload_hosts.py script.

  • [FIX] Fixed waptserver huey tasks: licences_list not properly initialized when not using default waptserver.ini.

  • [FIX] Fixed waptserver audit table structure upgrade: typo

  • [FIX] Fixed avoiding GET method limits on hosts_for_wua.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.

  • [FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.

  • [UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.

  • [FIX] Fixed update_server_status with dynamic configuration.

  • [IMP] Include waptsetup.exe in waptserversetup.exe.

WADS

  • [REF] Remove useless code on get_wads_config (Login WADS).

  • [IMP] WgetWads does not require python to work.

  • [FIX] Be more indulgent on json rules for WADS.

  • [FIX] Fixed WADS working when no logging required.

  • [ADD] Login in IPXE, more tests needed.

  • [IMP] Proper way to secure wads_get_config.

  • [ADD] Login on WADS register host and get wads configuration.

  • [NEW] include hostname in debian.ipxe for OS deployment.

  • [FIX] Fixed djoin with given domainuser parameter.

  • [IMP] Added back support GET method on /api/v3/get_wads_config.

  • [NEW] Added asset tag in HostOSDeploy.

  • [IMP] Ask for a new hostname when starting to deploy if hostname equals to “autoregister”.

  • [IMP] Improved filtering keyboard faster + french translation in Make WinPE.

  • [FIX] Fixed missing glob import in WADS get_iso_config.

  • [NEW] Adding drivers in WinPE from WADS drivers.

  • [IMP] Improved feedback when the djoin fails (already existing machine).

  • [WADS] <Value> format in XML was incorrect and not complete for password definition.

  • [IMP] Last error message added for failed djoin.

  • [FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.

  • [IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.

  • [NEW] Added customized WinPE export to zip file.

  • [IMP] Improved showing the error message on upload failure.

  • [IMP] Improved applying default configuration on wads host if no configuration has been set.

  • [IMP] ISO download dialog box.

  • [IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.

  • [IMP] WADS: XML no longer disable UAC by default.

  • [FIX] Fixed mac_address not returned with iPXE.

  • [ADD] Added ipxe_script_jinja_path and two templates.

  • [UPD] Added file type filters for loading the post-install script.

  • [FIX] Restored a progression bar when uploading the ISO and the winpe files.

  • [IMP] kill wapttftpserver and uninstall the service before installing it.

  • [ADD] Added Windows 11 unattend XML template files.

  • [IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).

  • [FIX] Added tftp firewalld port opening.

  • [IMP] Avoid creating WinPE on Windows partition + some ACL added.

  • [UPD] Renamed drivers bundle filenames to sha256(filename).

  • [ADD] Added a template for Debian.

  • [UPD] GridConfigDeploy showing the platform now.

  • [FIX] Fixed saving bundle names.

  • [NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.

  • [FIX] Fixed SELinux rules for wads.

  • [FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).

  • [UPD] WADS grayed when windows update repository is selected.

  • [UPD] Possibility to select an iso file even if not Windows.

  • [FIX] Fixed waptconsole uploadWinPE: regression in upload progress bar and incomplete zip.

  • [FIX] Fixed wads to include non CA certificates for WinPE build.

  • [IMP] Added ipxe_script in DeployConfig table.

WAPT Agent MacOS

  • [UPD] Delete old pkg if available in pkg list.

  • [NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.

  • [FIX] Improved support for macOS MenuBar.

  • [FIX] Added WAPT Console .app plist file for macOS X.

  • [FIX] Fixed some macOS X model and serial number reports.

  • [FIX] Fixed macOS X local_groups key in host_info.

  • [FIX] Updated mormot2 for gssapi on macOS X.

  • [NEW] support WADS security, Network masks.

  • [FIX] Fixed installed_softwares on MacOS.

  • [NEW] Added timestamping to pkg signing.

  • [FIX] Fixed getting agent version in get_wads_config.

  • [NEW] Added entitlements file for macOS signing.

  • [IMP] Force light UI when DarkMode is active on macOS.

  • [FIX] Fixed opening maximized self service on macOS

  • [FIX] Fixed loading hosts on macOS when more options in inventory is checked.

  • [IMP] Better handle on input (utf8 convertion).

  • [IMP] macOS: Updated build script to handle binary file signing and better debugging.

  • [IMP] Patched dmidecode info for macOS.

  • [FIX] Fixed macOS core get_hostname return binary string instead of str -> update_status loop.

  • [IMP] Use system_profiler_info for dmi_info on macOS X.

  • [REF] plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed duplicated macOS code in setuphelpers for get_hostname().

  • [IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.

  • [NEW] Added the WAPT Console to Linux and macOS gui distribution.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed register for macOS.

  • [FIX] Fixed custom waptmessage logo linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [FIX] Fixed restart waptservice for macOS.

  • [IMP] Silently attach dmg file.

  • [FIX] Fixed get_file_type in macOS.

WAPT Agent Linux

  • [FIX] Fixed user_local_appdata for Linux.

  • [IMP] waptagent Debian package: removed system python3 dependency.

  • [IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.

  • [IMP] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).

  • [NEW] Added the WAPT Console to Linux and MacOS gui distribution.

  • [FIX] Fixed configpackage wizard and main form layouts for Linux.

  • [UPD] Updated virtualtreeview for Linux visual grid lines improvements.

  • [IMP] Fixed keyword and name with installed_softwares in macOS and Linux.

  • [FIX] Fixed harakiri on non Windows kills all running processes.

  • [ADD] Added snap software inventory.

  • [FIX] Fixed waptservice linux restart Linux: AttributeError: WaptServiceRestart object has no attribute logger.

  • [NEW] Linux OS deployment.

  • [FIX] Added firewalld rule on RedHat based server for wapttftpserver.

WAPT-2.2 Serie

WAPT-2.2.3.12481 (2022-11-30)

hash: ad3855c9

This is a security release with a few related bugfixes. All WAPT 2.0 versions below 2.2.3.12481 are affected.

Note: if you are using WAPTAgent deployment via GPO, do not forget to update your waptdeploy binary in the definition of the GPO.

WAPT Core

  • [SEC] Upgraded python from 3.8.13 to 3.8.15.

  • [SEC] Upgraded openssl from 1.1.1k to 1.1.1s.

  • [SEC] Upgraded WAPT Agent kerberos lib from 1.19.3 to 1.20.1 (Linux / macOS).

  • [SEC] Upgraded python modules with CVEs:

    • pylint==2.12.2 -> 2.15.6.

    • ujson==4.0.2 -> 5.5.0.

    • waitress==2.0.0 -> 2.1.2.

Agent WAPT

  • [SEC] waptdeploy.exe: Use only wapt_is1 install location from registry to get the current wapt installation directory.

    Do not run wapt-get to check working condition.

  • [FIX] Added fallback method to get domain in get_hostname.

  • [FIX] Fixed windows, replaced wapt-get.exe --hide by waptpythonw.exe wapt-get.py to run session-setup because --hide does not actually hide the shell window.

  • [FIX] Fixed WakeOnLAN relays.

  • [REF] Cleaned up the WAPT Agent common.py: removed unused imports.

  • [FIX] Fixed waptexit: fix only_priorities argument when starting waptexit from service.

  • [IMP] MacOS: Updated build script to handle binary file signing and better debugging.

Console WAPT

  • [UPD] WADS: Include hostname in template iPXE Debian Linux.

  • [IMP] WAPT Console: Do not display empty confirmation messagebox.

Serveur WAPT

  • [FIX] waptserver postconf: Force path when running psql command in postconf (linux).

WAPT-2.2.3.12463 (2022-09-29)

hash: fc306143

This release is mainly a bugfix release. The main new feature is tech-preview support for MacOS on Apple M1 architecture.

Note :

  • due to EOL and security issue, the PostgreSQL database version has been updated on the WAPT Server for Windows and Redhat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. The upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrading.

Serveur WAPT

  • [UPD] WAPT Server for Redhat7 / Centos7: Upgraded PostgreSQL version from 9.6 to 14.5.

  • [UPD] WAPT Server for Windows: Upgraded nginx to 1.22.0.

  • [UPD] WAPT Server for Windows: Upgraded vcredist to 2022.

  • [UPD] WAPT Server for Windows: Upgraded PostgreSQL version from 9.6 to 14.5.

  • [FIX] WAPT Server for Windows: Fixed icacls for migrate_pg_db.

  • [FIX] WAPT Server for Windows: Allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for installing).

  • [UPD] WAPT Server for Windows: waptserversetup: avoid automatic restart when installing MSVC 2022.

  • [FIX] Fixed upgrade procedure: migrate data text to jsonb only if table hostauditdata in data_type text.

  • [FIX] Patched create_default_users when upgrading from 1.8.2 to 2.2.

  • [FIX] Fixed unhandled redirections in TWaptServer wget.

  • [FIX] Added RedirectMax parameter in WaptServer WGet

  • [UPD] Added ubuntu 22.04 in waptagent bundle.

  • [FIX] Fixed postconf nginx: bad error string format.

Console WAPT

  • [FIX] Fixed host configuration package that were not editable right after creating them.

  • [FIX] Fixed error editing same OU package in one session.

  • [FIX] Fixed CleanupPackagesCache proper unlock even if no assigned package.

  • [FIX] Fixed access violation at startup when no server is defined in waptconsole.ini file.

  • [FIX] Fixed waptconsole: When deleting a package in the private repo page, package is still listed until the WAPT Console is restarted, but the package is actually deleted on the WAPT Server.

  • [FIX] Fixed waptconsole: Random timeout error when running commands from waptconsole

Agent WAPT

  • [FIX] Fixed setuphelpers: reintroduce running_as_system for Linux and macOS (uid==0).

  • [FIX] Fixed start waptservice only if wapt-get.ini configuration exists.

  • [FIX] Fixed remove_file(): Was unable to remove symlinks.

  • [FIX] Reset properly Wapt core settings to default when reloading config from wapt-get.ini.

  • [FIX] Try to create a minimal wapt-get.ini file if it does not exist so that the service can be started without any prior configuration.

  • [FIX] Fixed WAPT Agent for macOS: use system_profiler_info for dmi_info on macOS for support for Apple m1 architecture.

  • [FIX] Fixed WAPT Agent for macOS: plistlib.readPlistFromBytes deprecation fix.

  • [FIX] Fixed WAPT Agent for macOS: core macOS: use UUID from system_profiler_info instead of dmidecode.

  • [FIX] Fixed WAPT Agent for macOS: change postinst script for launchctl compatibility.

  • [FIX] Fixed WAPT Agent for macOS: macOS core: get_hostname returned binary string instead of str -> update_status loop.

  • [IMP] Fixed WAPT Agent for macOS: Rationalize pkg filename.

WAPT-2.2.3.12454-rc2 (2022-09-26)

hash: 64bfc946

This is the second release candidate for WAPT 2.2.3.

The main new feature is tech-preview support for MacOS on Apple M1 architecture. Otherwise it is mainly a bugfix release.

Note :

  • due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and RedHat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrade.

Fixes since WAPT-2.2.3-rc1:

WAPT Server for Windows

  • [FIX] Fixed icacls for migrate_pg_db.

Agent WAPT

  • [FIX] Start waptservice only if wapt-get.ini config is exists

  • [FIX] Added PYTHONNOUSERSITE = True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.

  • [FIX] Fixed remove_file() that was unable to remove symlinks.

  • [FIX] Fixed waptconsole : fix AV at startup when no server is defined in ini file.

WAPT Agent for macOS

  • [FIX] Use system_profiler_info for dmi_info on macOS for support for Apple m1 architecture.

  • [FIX] Fixed plistlib.readPlistFromBytes deprecation.

  • [FIX] Fixed core macOS: use uuid from system_profiler_info instead of dmidecode

  • [FIX] change postinst script for launchctl compatibility

  • [FIX] macOS core get_hostname return binary string instead of str -> update_status loop

  • [IMP] rationalize pkg filename

WAPT-2.2.3.12411-rc1 (2022-09-05)

hash: 29e18f23

This is mainly a bugfix release.

Note :

  • due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and Redhat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrade.

Serveur WAPT

  • [UPD] WAPT Server for Redhat7 / Centos7 ! upgrade PostgreSQL version from 9.6 to 14.5

  • [UPD] WAPT Server for Windows : upgrade nginx to 1.22.0

  • [UPD] WAPT Server for Windows : upgrade vcredist to 2022

  • [UPD] WAPT Server for Windows : upgrade PostgreSQL version from 9.6 to 14.5

  • [FIX] WAPT Server for Windows : allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for install)

  • [UPD] WAPT Server for Windows : waptserversetup: avoid automatic restart when installing MSVC 2022

  • [FIX] fix upgrade procedure : migrate data text to jsonb only if table hostauditdata in data_type text

  • [FIX] patch create_default_users when upgrading from 1.8.2 to 2.2

  • [FIX] Fix unhandled redirections in TWaptServer wget

  • [FIX] Add RedirectMax parameter in WaptServer WGet

  • [UPD] added ubuntu 22.04 in waptagent bundle

Console WAPT

  • [FIX] host config package are not editable right after creating them.

  • [FIX] error editing same OU package in one session

  • [FIX] CleanupPackagesCache proper unlock even if no assigned package

Agent WAPT

  • [FIX] setuphelpers. reintroduce running_as_system for linux and mac (uid==0)

WAPT-2.2.2.12388 (2022-07-22)

hash: 10e35aa7

This is mainly a bugfix release.

Note

  • There is a change in the wapt the wapt->glpi sync is working, please refer to documentation for upgrade.

  • Tech preview: new multiserver console support (connect to multiple wapt server using one console).

  • Added support for ubuntu 22.04 amd64.

  • def update_package() function can now be located in a separate update_package.py file. New packages from wapt store will use this new format to make setup.py simpler and more readable. Older wapt version are not impacted for package import and package install, but may be impacted if one wants to update directly from the WAPT Console using update_package script.

WAPT Deployment Server (WADS)

  • [NEW] injecting oem key by slmgr command

  • [FIX] fix tftpserver window size handling (bug on Dell uefi bios)

  • [FIX] allow djoin with machine in default container CN=computers

  • [FIX] improve error message when using standard user on MS AD for djoin.exe when >10 machine quota join has been reached

  • [FIX] allow saving / renaming bundle names and check for empty names

  • [IMP] add ACL on WADS (before it needed admin level ACL)

  • [NEW] add post_install script windows

  • [NEW] add ignore_ipxescript and move conf file and ipxescript

  • [NEW] Basic Linux OS Deploy support : add Debian ipxe script template

  • [NEW] add {{server_url}} {{secondary_repo}} and {{hostname}} in get_wads_config

  • [NEW] add mustach templating in ipxescript

  • [FIX] waptconsole uploadWinPE : fix regression in upload progress bar and incomplete zip.

  • [FIX] add a progression form when uploading ISO and winpe

  • [IMP] add wapttftpserver service shutdown in upgrade sequence (throught net stop, not only taskkill)

  • [IMP] add tftp firewalld port opening on Redhat

Console WAPT

  • [NEW] techpreview: waptconsole reporting multiservers.

  • [FIX] Fixed check that downloaded waptsetup version is same or newer than server.

  • [NEW] Download from https://wapt.tranquil.it and upload on local waptserver agents for Linux and macOS directly from the WAPT Console.

  • [NEW] Added a popupmenu Copy to clipboard as json for audit data.

  • [NEW] Display audit history audit data explorer (treeview + html template) + allow drag/drop of a audit json value subkey from value tree explorer.

  • [IMP] waptwua: update waptwua status to NEED-SCAN on hosts when download_wsusscan is triggered and wsusscn2.cab file is downloaded.

  • [IMP] Package import: Don’t take care anymore of maturity for version when it’s compared to store version.

  • [FIX] Added licence validity check tolerance +1 day.

  • [FIX] Fixed trigger downloads when triggering updates from the WAPT Console.

  • [FIX] Allow ~ in package names (for spaces in Organizational Unit packages).

  • [UPD] Updated icons on windows update status for WUA.

  • [NEW] New option check_package_version in waptconsole.ini.

  • [FIX] Fixed saving empty value in Editor for packages.

  • [UPD] waptconsole reporting: Added a quick search filtering zone for the query result.

  • [FIX] Wrong message when no admin rights and waptagent need upgrade or not present.

  • [UPD] When going outside modified rules. A popup will ask to save or not the rules.

  • [UPD] Delete host popup.

  • [NEW] Added feature to download packages when asking hosts for update.

  • [UPD] trigger_host_update adding possibility to download the package after update.

  • [FIX] Saving language parameter.

  • [UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.

  • [FIX] Fixed layout on Windows Update form.

  • [NEW] waptconsole: multiserver: manage packages repositories by server.

  • [FIX] waptconsole: re-enable dataexport to csv for grids.

  • [NEW] Explicit hint on number version when the package is not up to date (GridPackages)

  • [UPD] waptconsole: Improved drag drop of columns into GridHosts

  • [NEW] waptconsole: New Htmlviewer for audit data and Html auditdataview template filename (wapttemplates ) calculated from section and key, or section.

  • [FIX] waptconsole drag/drop audit values.

  • [IMP] waptconsole: Load Active Directory Groups in thread.

  • [FIX] waptserver: Improved message when triggering action.

Serveur WAPT

  • [FIX] glpi sync: simplified glpi_upload_hosts.py script.

  • [NEW] techpreview waptserver: endpoint update_hosts_audit_data to bulk insert hosts related data (for third party data integration).

  • [NEW] Added multiserver endpoint for multiserver WAPT Console.

  • [FIX] waptserver update_audit_data fix on_conflicts for value_id.

  • [IMP] waptserversetup: take in account wapt_folder parameter in waptserver.ini when upgrading a setup.

  • [IMP] Use utc time for acls expiration check.

  • [FIX] Fixed waptserver unable to delete some hosts when CRL is enabled.

  • [IMP] waptserver db install: try to register jsquery extension to make json query more powerful for reporting (this is not yet mandatory).

  • [IMP] Renamed waptsetup-tis.exe to waptsetup.exe on the WAPT Server.

  • [IMP] Include waptsetup.exe in waptserversetup.exe on Windows.

  • [IMP] Download from TIS / upload to the WAPT Server of the installation packages of the WAPT Agents.

  • [UPD] Create a full version 1.2.3.rev-hash into file wapt/version-full

  • [IMP] Added HTST header to nginx template.

  • [DEL] Removed direct integration of GLPI sync into WAPT. Now switched to plugin sync

  • [FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan)

  • [IMP] Force calc_md5 if new filename in server.

  • [IMP] Improved websockets performance and reliability. Now websocket ids are stored in memory instead being written in the database.

Agent WAPT

  • [FIX] Fixed threading exception in WAPTExit and WAPTTray that could prevent status updates.

  • [NEW] WAPTWUA superseded support. option include_potentially_superseded_updates in configuration wizard.

  • [NEW] Added snap software inventory.

  • [FIX] waptmessage unable to load sqlite on Linux and macOS.

  • [FIX] Fixed custom waptmessage logo on Linux.

  • [FIX] Fixed waptservice configuration: sets the configs_dir relative to wapt-get.ini full path.

  • [FIX] Fixed waptservice “start_waptexit” with arguments

  • [FIX] Fixed bad arguments sent to waptservice triggering upgrades with “only_priorities” and “only_if_not_process_running”

  • [FIX] Wapt.write_audit_data_if_changed: writes data if previous data has expired.

  • [IMP] wapt-get add-config-from-url: provides a meaningful message when hash is not provided.

  • [FIX] Updated the template of dynamic json configuration packages to match the new location and the naming of json config related functions.

  • [IMP] Improved dynamic configuration handling for the WAPT Agent.

  • [FIX] waptservice: ensure a random secret_key for local waptservice session.

  • [FIX] wapt-get update-package-sources: handles properly relative path to package sources.

  • [IMP] wapt-get edit now opens changelog.txt, VSCod* now open control file too.

  • [UPD] Changed default log path to wapt/log if writable.

  • [IMP] waptservice waptself: local authentication with file token (ie. nopassword), handling of local groups.

  • [NEW] use --not-interactive with register if install run in silent mode and not run update if install service.

  • [IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.

  • [FIX] Linux: waptservice restart Linux: AttributeError: “WaptServiceRestart” object has no attribute “logger”.

  • [IMP] macOS: normalize macos wapt install package name format.

  • [FIX] macOS: Fixed registration failing in some cases.

  • [IMP] macOS: Added mpkg support.

  • [FIX] Fixed no hash in clipboard, added missing helper for add-config-from-url in wapt-get.

  • [IMP] Limit access right to admins to log directory (in case non public stuff get written to log)

WAPT Core

  • [IMP] Patched with_md5sum in make_package_filename.

  • [IMP] Added options for update-package-sources.

  • [UPD] wapt core: use datetime in UTC for audit_data.

  • [NEW] wapt core: allow usage of an environment variable « waptbasedir » to specify the location of root waptbasedir.

  • [FIX] configuration package template setup_package_template_conf.py.

  • [IMP] Support for def update_package in file update_package.py instead of setup.py for better readability.

  • [UPG] Upgraded openssl to 1.1.1o.

  • [NEW] core: define path Wapt.configs_dir relative to Wapt.config_filename if the dir Wapt.config_filename..conf.f exists.

  • [FIX] Fixed waptcrypto: certificate filename attribute was not set when loading a certificate chain.

  • [FIX] Fixed new option copytree2 replace_at_next_reboot.

  • [FIX] Avoid errors on get_version_from_binary() getting params.

  • [FIX] Fixed keyword and name with installed_softwares in macOS and Linux.

WAPT-2.2.1.11957 (2022-06-02)

WAPT Deployment Server (WADS)

  • [FIX] Fixed wapttftpserver restart on Linux.

  • [IMP] Added xml template for windows 11 deployment.

  • [FIX] if verify_cert is empty, then verify_cert = False.

Console WAPT

  • [FIX] CheckLicence => licence is now valid one day before the real beginning.

WAPT Agents

  • [FIX] Fixed harakiri on Linux.

WAPT-2.2.1.11949 (2022-05-18)

hash: 1b2dfbee

This is a bugfix release.

WAPT Deployment Server (WADS)

  • [FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with verify_cert = True.

  • [FIX] Fixed selinux rules for WADS.

  • [FIX] Fixed non ascii character support in passwords.

  • [IMP] wgetwads: add more logging data (wget). Disable exe signature certificate as this could be blocking if CRL can not be checked in winpe environment for example.

  • [UPD] add a timer to wait for network in WADS.

  • [UPD] Update openssl to 1.1.1n for WADS.

Other fixes

  • [FIX] fix wrong GPO link on waptserver start page

  • [FIX] fix some translation messages in console

  • [FIX] wrong element order in message in ACL GUI

  • [FIX] allow change password if user password has been cleared

  • [UPD] update mormot2 for bug in TSynDictionary.AddOrUpdate()

  • [UPD] update mormot statics for sqlite to 3.38.5 (required for mormot compatibility)

WAPT-2.2.1.11932 (2022-05-05)

hash: 6522dccb

This is a bugfix release.

WAPT Deployment Server (WADS)

  • [FIX] wapttftpserver : better handling of UEFI PXE/TFTP boot

  • [FIX] wads now include non CA certificates for winpe build

  • [FIX] Not adding « cn » in OU

  • [FIX] wapttftpserver : add firewalld rule on redhat based server for wapttftpserver

  • [FIX] WADS : improve feed back on upload WinPE

  • [FIX] wapttftpserver : kill wapttftpserver and uninstall service before installing it

  • [IMP] waptserversetup: add wapttftpserver configuration for windows

Serveur WAPT

  • [FIX] fix typo for rocky support as server

  • [FIX] waptservice websocket reconnection: disable by default low level reconnect feature

Console WAPT

  • [FIX] fix bad port configuration for veyon remote assistance support

  • [FIX] Define default package prefix when creating empty package

  • [FIX] patch setup_package_template_cert.py.tmpl

  • [FIX] waptconsole: fix access violation when access to external repo is blocked or need a proxy.

  • [IMP] package version in bold red if obsolete version compared to external repo for better accessibility

Agent WAPT

  • [FIX] waptservice websocket reconnection: disable by default low level reconnect feature

  • [FIX] add conf.d to rpm agent installers for the new agent configuration management

  • [FIX] macOS: fix get_file_type in macos

  • [IMP] macOS: silently attach dmg file

  • [IMP] waptwua : improve consistancy between WUA history and WUA status

  • [FIX] waptself: bad char case for png file (issue for linux)

  • [IMP] add dummy running_on_ac for linux and mac for compatibility

  • [FIX] waptutils.user_config_directory() did not work under system account.

WAPT Core

WAPT-2.2.1.11899 (2022-04-06)

hash: 2d82654e

This is mainly a bugfix release.

A new tftpserver has been introduced and it will ease WADS installation and configuration as it will be directly integrated into WAPT.

WAPT Deployment Server (WADS)

  • [NEW] add a wapttftpserver binary on windows and linux to act as a tftp server for WADS

  • [FIX] WADS : don’t use redirect

  • [FIX] WADS : be tolerant if sendstatus can not be sent.

  • [IMP] WADS : handle https for drivers (continued)

  • [UPD] wads : get windows system certificates for WADS server bundle

  • [UPD] implement https verifyCert in wads and wgetwads

  • [IMP] add serial_number arg when calling server get_wads_config in wads

  • [UPD] waptconsole wads: add audit columns (created/updated) in grids.

  • [NEW] Add an action to prepare a host package in WADS OS Deploy grid

  • [NEW] wgetwads : use code signing cert of TIS to check signature of json hashes file if no signer_certificate in json file

Console WAPT

  • [UPD] OU « All » fixed to not editable on GridOrgUnits

  • [FIX] waptconsole: wrong client https key password used for task polling thread.

  • [FIX] waptwua packages : ALLOWED status in winupdates grid is kept between form display.

  • [FIX] Package creation did not take silent flags in account

  • [FIX] memory leak when refreshing packages list

  • [FIX] waptconsole packages list: Showing all versions when « Last version only » is not checked

  • [FIX] « property not found » in some grids when refreshing data.

  • [FIX] running plugins on multiple hosts.

  • [FIX] taking in account the platform when lookig for TIS store package version

  • [FIX] nested progress notifications in uwaptserverconnection TWaptServer

  • [FIX] Disabled pysources check at waptconsole startup.

  • [FIX] external repo ini settings dialog when importing.

  • [FIX] waptconsole. some ui elements are not disabled when switching to discovery on login.

Serveur WAPT

  • [NEW] add support for postgresql 14 on centos7

  • [UPD] wapt windows server: update to nginx 1.20.2

  • [IMP] server postinstall : put nginx backups in a different dir than nginx config

  • [FIX] waptserver: fix empty error message when trying to activate an existing licence

Agent WAPT

  • [NEW] added new waptguihelpers : grid_dialog, filename_dialog, input_dialog, combo_dialog

  • [FIX] waptdeploy multiple setupargs raise « Invalid variant operation »

  • [FIX] missing root certificates when exporting system store certificates in lazarus app (GetSystemCABundlePath). Must trust CA + ROOT stores

  • [FIX] setuphelpers: regression in maintaining backward compatibility for some const which are functions too (programfiles etc..)

  • [FIX] be tolerant if uuid can not be regenerated (on linux, dmidecode can’t be run as normal user in session-setup)

  • [FIX] fix wget waptdeploy.exe waptagent.exe in wads and detect mismatch drivers config

  • [FIX] waptagent regression : Revert « [UPD] waptservice : tasks don’t notify server by default to avoid too frequent updates of database. »

  • [FIX] wapt-get : try to fix get service password on unix.

  • [NEW] splitting remove_appx() with new function remove_user_appx() to avoid unexpected behavior

  • [NEW] Add restart-waptservice action in wapt-get.py

  • [FIX] fix publisher and version in installed_softwares macos

  • [FIX] use waptservice to check if is_enterprise in waptexit (avoid direct access to local waptdb) (fix unable to access sqlite db on linux / mac)

WAPT to GPLI connector

  • [FIX] glpi fix install_date

  • [FIX] regression in glpi export (Softwares)

WAPT-2.2.0.11720 (2022-03-15)

hash: 8e07f388

This is the first release of the 2.2 serie of WAPT.

WAPT Core

  • [NEW] Discovery mode for the WAPT Console

    • when checking acls, the licencing status is taken in account to enable or not actions.

    • maximum number of 300 managed hosts in discovery mode.

WAPT Deployment Server (WADS)

  • [NEW] tech preview Automated Windows OS deployment called WADS Fonctionnalité WAPT Enterprise uniquement:

    • Using a winpe image (network boot or usb key boot).

    • Shipping wimboot, ipxe.efi, undionly.kpxe, 7z.dll.

    • Added openssl win64 binaries for WADS

    • Added wads.exe and wgetads custom binaries in distribution.

    • Added WADS repo option in repo rules.

    • Added a WAPT Console page to list raw registered hosts, upload winpe images, define default config, uplaod drivers bundles.

    • On WAPT Server: added /var/www/wads/ add a non protected /wads in nginx config.

Console WAPT

  • [NEW] add columns in private repo to display newest software version (Tranquil IT effort to parse softwares providers download sites) and newest package version (from Tranquil IT store database).

  • [NEW] Dynamic Agent configuration using .json files stored on the WAPT Server:

    • Added a last_update_config_fingerprint local param to keep track of current config.

    • Added “configurations” (merged config overview) data when uploading host status to the WAPT Server.

  • [NEW] Dynamic Agent configuration using config packages:

    • Added templates/setup_package_template_conf.py.tmpl package template.

    • Added a wapt/conf.d directory on the WAPT Agent to hold the installed .json configuration files.

  • [NEW] New in the WAPT Console: added option to show the host WAPT Agent configurations overview.

  • [NEW] New in the WAPT Console: option to display a graph of host packages dependencies.

  • [NEW] New in the WAPT Console reporting: tabbed interface to displays multiple query results.

  • [NEW] New in the WAPT Console: option to filter host inventory based on the result of a SQL query:

    • In reporting, right click on column which represent a host UUID and « choose as Host UUID » abnd save.

    • The query is then available in the combobos « Filter hosts on SQL query » in hosts inventory.

  • [NEW] New in the WAPT Console: add a Tech preview Tab for packages development workflow:

    • Create from template;

    • Displays waptdev directory sources package status;

    • Basic git commands.

  • [IMP] Improved the WAPT Console send message : enable use of HTML (copy & paste). HTML Preview.

  • [IMP] Do not clear selection on mouse right-click when selecting package names in package edits.

  • [IMP] refactored the WAPT Console code to remove most python calls:

    • removed waptdevutils.py, removed calls to WaptRemoteRepo, replaced by pure fpc code.

  • [UPD] Updated the WAPT Console: merged selected hosts add/remove depends, add/remove conflicts in a single action/form

  • [UPD] Updated the WAPT Console update package source: add a checkbox to enable package version increment.

  • [UPD] Updated the WAPT Console “plugins” config: warn user if not saved.

  • [UPD] Updated the WAPT Console: removed obsolete Add ADS Groups to selected host action.

  • [UPD] Updated the WAPT Console action Refresh Host Inventory triggers a update_server_status instead of a full computer register.

  • [UPD] Updated the WAPT Console: host additional tools (rdp, vnc, etc) which requires to look for a connected IP are now run in a thread to avoid freezing the UI.

  • [UPD] Start of use of mormot2 for X509 and RSA crypto instead of python bindings in the WAPT Console

  • [FIX] waptconsole : store executable signature with new key name format (xxx.exe keys)

  • [FIX] duplicated panels in initial configuration package wizard.

WAPT Self-Service

  • [IMP] waptself: add logger.

Serveur WAPT

  • [IMP] Improved the WAPT Server authentication: try ldap authentication only if ldap_auth_server is defined.

  • [UPD] Updated the WAPT Server licencing: use waptlicences.pyd instead of pure python code.

  • [UPD] Updated the WAPT Server: add config options wads_folder and agent_folder.

  • [UPD] Updated the WAPT Server: improve GLPI export, add “smodel” on GLPI exports and add “monitors”.

  • [IMP] force en_US.utf8 locale for linux services.

  • [IMP] add /api/v3/latest_installed_package_version.

  • [UPD] upgraded jquery to v3.6.0.

WAPT Service

  • [NEW] Added /opt/wapt/wapt-get.bin to linux distributions.

  • [NEW] New in the WAPT service: added a WaptUnregisterComputer task and unregister_computer socketio action.

  • [IMP] Improved the WAPT service: improved logger.

  • [IMP] Improved the WAPT service and the WAPT Agent take into account the licencing status:

    • Added a licences local params to store the current registered licences retrieved from the WAPT Server during the last update.

  • [UPD] waptcrypto.py: made optional the joining of signer certificate when signing claims.

  • [UPD] Updated the WAPT Deployment utility: increased timeout from 4s to 15s when pinging the current http WAPT service.

  • [UPD] Upgraded dmidecode to v3.3 on windows.

  • [UPD] Updated the WAPT service: do not check battery level for WaptAuditPackage task.

  • [REF] Installers : merged wapt.iss and common.iss.

  • [FIX] wapttasks: took in account non default config filename.

  • [FIX] Fixed the WAPT service: reporting properly the user which created a task (either locally or using websockets).

  • [FIX] Fixed the WAPT service: fixed icons in package local webpage.

wapt-get

  • [IMP] wapt-get new config actions. Added actions:

    • add-config-from-file;

    • add-config-from-base64;

    • add-config-from-url;

    with parameters:

    • --not-interactive: Disables dialog to ask credential users (for batch mode);

    • --waptbasedir: Forces a different wapt-base-dir then default dir of waptutils.py;

    • --devmode: Enables devmode. dbpath is set to memory and certificate/key paths are in userappdata;

    • --json-config-name: The name of the .json file given with the action json-config-from-file/base64/url;

    • --json-config-priority: The priority of the json file given with the action json-config-from-file/base64/url.

  • [UPD] Removed update-packages action synonym for scan-packages.

  • [IMP] wapt-get added update-status action in service mode wapt-get -S update-status.

  • [IMP] Enabled --CAKeyFilename and --CACertFilename wapt-get options Fonctionnalité WAPT Enterprise uniquement

  • [IMP] Added logger for waptguihelper pyd module. if --loglevel = debug in commandline, logger is activated.

  • [IMP] Reporting the use_repo_rules flag to the WAPT Server in wapt_status

    • Report is_enterprise flag to the WAPT Server

    • Report installed antivirus and monitors in host inventory

  • [IMP] Audit loop granularity based on actual installed packages:

    • Added get_next_audit_datetime() on Wapt class.

    • waptaudit_task_period attribute is now in the Wapt class instead of the WAPT service.

  • [UPD] Removed the not functional --dry-run wapt-get option.

  • [IMP] Improved register computer fallback from kerberos to password based authentication:

    • Do not send audit data when registering to limit workload.

  • [IMP] Try registering computer if update_server_status fails because of authentication.

  • [IMP] waptpython.exe, waptpythonw.exe, and nssm.exe are now signed with Tranquil code signing key.

  • [NEW] added pylint and black modules. Added black configuration to vscode project template.

  • [NEW] Added setuphelpers.getscreens.

  • [IMP] Improved SetupHelpers unzip : new extract_with_full_paths argument (default True).

  • [NEW] New SetupHelpers listening_sockets().

  • [IMP] Added templates/setup_package_template_portable_exe.py.tmpl and templates/setup_package_template_portable_zip.py.tmpl package templates.

Others stuff

  • [IMP] Added windows_version_prettyname and windows_version_releaseid in host_info.

  • [IMP] Always use RunAsAdminWait to copy package certificate to the local WAPT service waptssl directory.

  • [IMP] Improved the WAPT Console config: stores WAPT Server certificate in AppUser folder (roamingwaptconsolesslserver).

  • [IMP] Reset TLS client key password in the WAPT Console config if connection error.

  • [UPD] Retire python GetPrivateKeyPath, raise exception if GetPrivateKey does not succeed.

  • [FIX] Clear cached TLS client key password when validating the the WAPT Console config dialog.

  • [IMP] Improve GLPIlpi settings windows.

  • [IMP] Clean up the html error page from the WAPT Server when checking the WAPT Server and WAPT repository URL.

  • [FIX] Don’t reenter the private key password dialog if already asking the user. This issue can be triggered if several therad are using a key, or if cooperative multitasking like TAction messages (OnUpdate) triggers a Get with client side certificate authentication.

  • [SEC] Fix dhparam on the WAPT Server postconf.

  • [FIX] Fix failover on file version with remove_outdated_binaries().

  • [IMP] Add asset_tag to sysinfo api.

  • [FIX] Get_antivirus_info: test if timestamp attribute exists.

  • [IMP] New getscreens function.

  • [IMP] Added columns uuid manufacturer and product serialnumber in database.

  • [UPD] Added mac_addresses to LocalSysinfo.

  • [UPD] Expanded LocalSysinfo with uuid, serial_number and sku_number, fixed keys with underscore.

  • [IMP] Improved matching of reachable IPs of client using new GetReachableIP from mormot2.

  • [UPD] GetReachableIP: connection tests are performed in parallel using mormot GetReachableAddr instead of one after the other to reduce delay when launching IP based command to remote hosts from the WAPT Console.

  • [FIX] Take --config option in account for wapt-get fpc code.

  • [UPD] waptcrypto: implemented TX509Certificate.CN, removed TX509Certificate.DN.

  • [UPD] Updated SetupHelpers need_install: now comparing software versions with 4 members. Assumes that 1.2 == 1.2.0.0 and 1.2.3.4.5 == 1.2.3.4, remove_previous_version: use version with 4 members.

WAPT-2.1 Serie

WAPT-2.1.2.10652 (2022-01-10)

hash: 7dd63b61

  • [UPD] shorten the default package filename. If target_os is alnum, do not include md5sum in the filename. If target_os is in tags, do not duplicate it in filename

  • [FIX] disable debug data for linux

  • [FIX] try to circumvent issue with Trend antivirus blocking the WaptTaskManager. Looks like the issue is with platform.win32_ver using win32api.GetVersionEx…

  • [FIX] Installed softwares invalid conditions

  • [FIX] fix local_user and local_group on macOS

  • [FIX] removed workaround on 60s delay for websocket disconnect

  • [FIX] use CompressGZip instead of CompressZLib on the WAPT Server, compression is GZip

  • [FIX] Allow “~” in package filenames

  • [FIX] try to not update records in database if data has not changed

  • [FIX] Wake on lan relay now equals is remote repository

  • [FIX] fix group members

  • [FIX] return only local and user group (ignore nsswitch)

  • [FIX] backported the WAPT Exit utility (improved detailed logging) from 2.2

  • [FIX] backport waptlicences py module from 2.2

  • [SEC] check that hostname matches https certificate in the WAPT Console http client.

  • [FIX] backport uwaptlicencing: allow empty json licencing data

  • [FIX] fix WaptHttpPostData

  • [FIX] check valid uri in wapthttputils waptwget WaptWget_Try

  • [FIX] init LastModifiedDate to “” if not found in THttpResponse

  • [FIX] add a 50ms report delay for httpprogressnotification

  • isolate wapt python engine: PyFlags:= [pfNoUserSiteDirectory, pfIsolatedFlag];

  • [FIX] Fixed SetupHelpers: backported changes from 2.2 is_linux64 type_rhel fix installed_softwares for type_redhat upd uninstall_apt with autoremove

  • [FIX] user_appdata = user_local_appdata for unix

  • [IMP] introduced get_powershell_str, get_default_app remove_appx

  • [IMP] introduce InitLogger for the WAPT Exit utility

  • [FIX] Fixed the WAPT Console: generalize the use of a fallback package_uuid in case of old packages without package_uuid field.

  • [FIX] Fixed the WAPT Console: use editable dropdown in frmpackagedetails for maturity

  • [FIX] backport issue with inc version of some group packages when importing

  • [FIX] Disable client side ssl authentication on root WAPT Server url (regression)

  • [FIX] isolate from user python env when building binary packages

  • [UPD] improved feedback message for license activation on the WAPT Server.

  • [UPD] wapt-scanpackages.py: add option -d to disable update of database Packages table.

  • [FIX] The -b switch is True by defaut, so there were no way to disable update of database table.

  • [UPD] Updated the WAPT Console: be tolerant for old package without package_uuid

  • [UPD] strip ending slash in {{data.wapt.hostname}} server template properties to avoid double slashes in templates result

  • [UPD] backport openssl build parameter from 2.2

  • [FIX] Fixed the WAPT Agent url link in the WAPT Server index page.

  • [FIX] setproctitle only for unix

  • [FIX] locate packages in host packages grid using package_uuid instead of id, so that refreshing grid works properly with a multiselection of hosts.

  • [UPG][SEC] upgrade python version from 3.8.11 to 3.8.12

  • [FIX] remove python3 dependencie. Now python3 is included in wapt

WAPT-2.1.2.10605 (2021-11-30)

hash: e2a0e2a0

  • [FIX] Fixed the WAPT Console: backport edit multiple hosts add/remove depends/conflicts (issue « no password available yet » when kerberos enabled) backport IpExecute from 2.2

  • [FIX] unable to edit stripped down package with integrated package editor. (setup.py file hash issue) update package size

  • [FIX] bad path for nginx dhparam for Windows server

  • [FIX] upgrade mormot2

  • [FIX] waptself local admin NOPASSWORD setting did not work anymore log authentication user when task is triggered from local wapt webservice don ot raise exception in check_auth_groups but return (None, None) instead to avoid Error 500 in browser backport fix for integer attributes in packages index backport fix for loading ssl libraries

  • [FIX] Update wake on lan with broadcasts

  • [FIX] Error « Add: Unexpected [%] object property in an array » for old package with empty package uuid

  • [FIX] Acl handle boolean as global ACL

  • [FIX][SEC] issue with acls : action is enabled when acl is set to json false

WAPT-2.1.2.10588-rc1 (2021-11-22)

hash: e70d9039

  • [FIX] fix installed_softwares for older debian and improve inventory performance

  • [FIX] fix glpi inventory failure (exception on int conversion)

  • [SEC] [FIX] invalid condition on package hash check

  • [SEC] [FIX] cleanup nginx config templates

  • [NEW] add uwsgi support for Debian server

  • [FIX] add user information in audit

  • [FIX] Improve lazarus ini parser to support other values than “1”/”0” as boolean values (True, true, 1, 01, etc. same behavior as python iniparse)

  • [IMP] support for message previsualisation and templates in waptmessage editor and better multiline support

  • [UPD] waptsetup : do not use kerberos by default

  • [NEW] show certificate when double click in acl tab

  • [IMP] Do not propose to start the WAPT Console after install (due to different user context)

WAPT-2.1.1.10568 (2021-11-08)

hash: 978c00ae

This is a bugfix version with some small improvements. The main fix is for websocket issue.

  • [IMP] Prevent multiple websockets connections from same host uuid on the WAPT Server (bugged wapt clients can maintain multiple websockets, which leads to a lack of avalable connections on the WAPT Server)

  • [FIX] Fixed restart of the WAPT service with exit code 10 (managed by the nssm service manager)

  • [FIX] Fixed case on the WAPT service where different threads access simultaneously to a shared Wapt instance

  • [IMP] Introduced some randomness when the WAPT service reconnects its websocket.

  • [IMP] Checking more cases to determine if token for websocket has to be updated.

  • [IMP] Introducted a wait in the socket client until it is actually disconnected before trying to reconnect to avoid multiple websocket threads from same client.

  • [IMP] Do not re-create a new SocketIOClient at each reconnection, but reuse existing one to minimize risk of multiple connections.

  • [FIX] Do not consider “%” char as unsafe in filenames

  • [IMP] Improved logging of the WAPT service (logger wapttasks report main actions triggered by the service in waptlogwaptservice.log). Removed “flask.app” logger config.

  • [IMP] Remove the WAPT packages’s persistent directory on the WAPT client when a WAPT package is forgotten

  • [IMP] Added ignore_empty_names argument to SetupHelpers.installed_softwares

  • [IMP] Improved display of package_uuid with command wapt-get list

  • [IMP] Added redhat_based tag for WAPT package operating system tags

  • [FIX] Fixed decrypt_fernet / fernet_encrypt functions

  • [IMP] Improved the reporting of key as name in softwares inventory for softwares without a descriptive name

  • [FIX] The server_uuid column in hosts database updates properly.

  • [FIX] Fixed the removal of packages when only_if_not_process_running = True.

Known issues:

  • When the websocket is reconnecting, if the IP adrress has changed, the main IP adrress is not updated in IP adrress column in the WAPT Console.

WAPT-2.1.0.10550 (2021-10-08)

hash: 953c9552

This is a bugfix version with some small improvements.

  • [FIX] Fixed mass add / remove on multiple host at once.

  • [FIX] Fixed issue when editing a package without a « description_en » attribute in control file.

  • [FIX] Fixed drag drop when editing selfservice package.

  • [IMP] Improved feedback when uploading WAPT packages.

  • [IMP] Improved handling of the list of wakeonlan relay.

  • [IMP] Improved remote repository is now by default a wakeonlan relay.

  • [FIX] Fixed access violation error when viewing certificate list.

  • [FIX] Fixed do not enable verbose logging by default on the WAPT Console, the WAPT Exit utility and waptselfservice (might fill up %APPDATA% …).

  • [FIX] Fixed use templates/wapt-logo.png in the WAPT Exit utility if it exists.

  • [IMP] Improved login error message.

WAPT-2.1.0.10517 (2021-09-30)

hash: fa2af298

This is the first release of the 2.1 branch. It is mainly a incremental improvement with many small but worthy fixes on the 2.0 branch.

The WAPT service

  • [IMP] During upgrade, wapt-get session_setup is not run if no userspace configuration is defined for the installed WAPT packages.

The WAPT Deployment utility

  • [IMP] Improved automatic proxy detection and configuration possible with the new --http_proxy = True / False parameter or explicit url command line parameter.

  • [IMP] Disabled https verification when downloading waptagent.exe if a fingerprint is provided (allows installation with on out-of-date computer with expired certificate store).

  • [IMP] Do nothing if no –waptsetupurl argument is provided (it reduces the probability of false positive on antivirus check).

  • [IMP] Double check WAPT installed version after install and report error message if it does not match (allow detection of installation that have been blocked by a misconfigured antivirus for example).

The WAPT Console

  • [NEW] tech preview: new tab to provide basic package editing functionnality directly in the WAPT Console without having to open Pyscripter or VSCode.

  • [NEW] New tech preview: new tab to browse the developement directory directly from the WAPT console.

  • [NEW] Single Sign On with Kerberos authentication (if service_auth_type = waptserver-ldap and use_kerberos = True).

  • [NEW] New button to display WAPT packages that have a specific WAPT package as a dependency in the private repository tab.

  • [NEW] New message box to decrypt message sent by the WAPT Agents (using encrypted_data_str / print_encrypted_data in waptcrypto). This allows an admin to upload sensitive information from desktop that will be asymetrically signed by the Administrator’s public key.

  • [NEW] New set of icons and many small visual improvments.

  • [NEW] New software inventory tab to display installed software (not packages) and see which hosts have that specific software.

  • [NEW] New button to delete Windows Update KB files that are not used anymore by any computers. This allows to keep the Windows Update storage volume under control.

  • [NEW] New tab to have a user-friendly display of the certificates that are deployed on a specific host.

  • [NEW] New tab to display the certificates that are available on a WAPT repository.

  • [NEW] New warning icons on the hosts tab when the computer needs a restart (after a windows update for example).

  • [NEW] New filter by OS option.

  • [NEW] New icons in the OU tree view if a OU package exists for that Organizational Unit.

  • [NEW] New information message about the choice of maturity when creating new WAPT Agent and by default uploading in DEV maturity (to avoid being directly deployed to all client computers, this allow to test the new WAP Agent on a subset of computer before full scale deployment).

  • [IMP] Made GLPI export configuration more intuitive.

  • [IMP] Improved the WAPT Console plugin versatility. All inventory attribute can now be used in command lines (it use the « mustache » template syntax, eg. {{ main_ip }} {{ computer_fqdn }} {{ host_capabilities.os_version }} « {{#host_capabilities.tags}}{{.}},{{/host_capabilities.tags}} » etc.

  • [IMP] Allow non standard port in the WAPT Console configuration.

waptself

  • [NEW] allow custom logo in waptselfservice

  • [NEW] Single Sign On using Kerberos (needs service_auth_type = waptserver-ldap and use_kerberos = True)

  • [IMP] allow customisation of package details view using template engine

WAPT Exit utility

  • [IMP] allow custom logo (on Windows, Linux and macOS)

wapt-get

  • [NEW] better handling of licence information. Now the licence is uploaded on the WAPT Server and it is not necessary to install it on every admin WAPT Console computer

  • [IMP] propagate ExitCode from Python calls for better error handling

  • [IMP] better handling of websocket reconnection (check of socket status every 120s)

  • [IMP] periodic check of the UUID and the current certificate of the WAPT Agent for consistency between the WAPT Agent and the client computer

  • [NEW] waptsetup et waptserversetup new parameters: set_verify_cert and set_kerberos

WAPT-2.0 Serie

WAPT-2.0.0.9470 (2021-10-07)

hash: 5065cb57

This is a security release with a few related bugfixes. All Wapt 2.0 version below 2.0.0.9467 are affected.

  • [SEC] fix for vuln in urllib3 CVE-2021-33503 (CVSS Score: 7.5 High, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

  • [SEC] Sanitize filename used when downloading files on local client. (CVSS Score : 7.5 High, CVSS;3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C). Enforced on wget and local filenames for downloaded packages (chars “\” “..” @ | ( ) : / , [ ] < > * ? ; ` n are removed or replaced).

  • [SEC] Do not use PackageEntry filename attribute to build target package filename as it is not signed.

  • [UPD] wapt-get remove: reraise exception if there is exception in uninstall script return traceback in “errors” key return code 3 if there are errors when removing packages in wapt-get remove.

  • [FIX] handles wildcards in certificates in the WAPT Console config and create waptsetup update UI in external repositories config when setting CA bundle.

  • [FIX] use PackageEntry.localpath only for local status of a package.

  • [UPD] split PackageEntry non_control_attributes into repo_attributes and local_attributes. local_attributes are not put into Packages index as they are not relevant for remote access.

  • [UPD] update python modules requirements following urllib3 upgrade idna==3.2 (from 2.10) certifi==2021.5.30 (from 2020.12.5) requests==2.26.0 (from 2.25) urllib3==1.26.6 (from 1.26.5)

WAPT-2.0.0.9450 (2021-08-10)

hash: 7bc6920c

This is a security fix version affected by CVE-2021-38608.

Please visit the security bulletin to learn more.

WAPT-2.0.0.9449 (2021-06-22)

hash: 70283a14

This is a bugfix version with some small improvements.

WAPT Agent

  • [FIX] Fixed Windows Update fix in the progress bar.

  • [IMP] Allow the WAPT Agent to upgrade even when on batteries.

The WAPT Server

  • [IMP] Many fixes in GLPI sync.

  • [FIX] Better handling of service_delete exception cases.

  • [FIX] Fixed database migration handling with create_defaults_users procedure.

  • [FIX] Fixed on windows skip the WAPT Agent build if there is no available certificate for signing.

The WAPT Core

  • [IMP] Improved the compatibility of Packages file for easing upgrade from WAPT 1.8.2.

  • [IMP] Improved the WAPT Deployment utility: behavior to avoid wrong red flag from AV softwares.

Caveat

For macOS support one should use the WAPT Agent 2.1 version available in nightly channel.

WAPT-2.0.0.9428 (2021-05-06)

hash: 4b33cf96

This is a bugfix version with many small improvements.

WAPT Console:

  • [IMP] Improve CreateWaptSetup form layout.

  • [IMP] Restore focused column visibility when refreshing grid data.

  • [FIX] Fix wrong path for wapt-get.py in vscode project.

  • [UPD] Update No fallback in rules to true by default.

  • [FIX] enable-check-certificate with wildcard.

  • [FIX] take into account the use_http_proxy_for_repo ini setting (if not present, assume False).

  • [FIX] Fix setup_package_template_msu.py.tmpl for package Wizard.

  • [IMP] Add new template for creating package with certificate.

  • [IMP] Add option to check downloaded package with VirusTotal in package import GUI.

  • [IMP] Add update-package source action directly in Private repository in the WAPT Console.

WAPT Agent:

  • [IMP] Use task queue for the forced installs instead of running them inline.

  • [FIX] Database not opened when we check Hosts who are secondary repositories.

  • [IMP] Restart partial download of Windows Update files.

  • [IMP] Improved icons handling in WaptSelfService.

  • [IMP] On macOS use host certificate store by default for https certificate validation.

  • [IMP] reload_config_if_updated now reload config if public_certs_dir has changed.

  • [FIX] WUA: better handling of return code « does not apply to this computer ».

WAPT Server:

  • [FIX] Fixed bad migration of PGSQL databse server side.

  • [FIX] Improved database upgrade in corner cases.

SetupHelpers

  • [FIX] Fixed register_windows_uninstall calculation and using correct x86_64 environment with register_uninstall and unregister_uninstall.

  • [IMP] Improved inline function description for documentation.

WAPT-2.0.0.9343 (2021-04-08)

hash: 117d62b8

This is mainly a bugfix release after the initial 2.0.0 release.

WAPT Console:

  • [IMP] Show an explicit message if the user can not build a customized WAPT Agent.

  • [IMP] Enabled remote repo sync if there are repo configured (making remove_repo_support parameter obsolete).

  • [IMP] Better filtering on maturities.

  • [FIX] Fixed templates for vscode

WAPT Server:

  • [IMP] Include certificates from WaptUsers table in result of /api/v3/known_signers_certificates.

WAPT ACL handling:

  • [UPD] ACL: added an action to show the user certificate.

  • [UPD] Creates default (empty) WaptUserAcls record on user login even for non ldap logins.

  • [IMP] Better naming for ACL domains.

SetupHelpers

  • [FIX] Fixed register_uninstall.

  • [FIX] Do not change silently maturity and locale in check_package_attributes.

  • [FIX] Fixed regression in wget resume.

Other technical stuff:

  • [IMP] Added support for installation on OracleLinux.

  • [FIX] Tightened files ACLs on Linux + fixes + SELinux fixes in postconf.

  • [IMP] Introduced mORMot2 framework in Lazarus code.

  • [FIX] Fixed datetime conversion in the WAPT Console.

WAPT-2.0.0.9300 (2021-03-30)

hash: 018b8b57

This is the first release of the 2.0 series. After one year in development and more than 1600 commits it brings a bunch of new features and enhancement to the last major update of WAPT 1.8.2. On the technical side WAPT 2.0 now embed Python3 and now support 8 new platforms (some of them backported to 1.8.2).

The switch to Python3 may require minor adjustment to the existing package that may have been development in-house (refer to the corresponding doc page). The packages offered by Tranquil IT through the WAPT Store are already compatible with WAPT 2.0.

From a sysadmin point of view

  • [NEW] ACLs.

  • [IMP] WAPT Server side ACLs in addition to certificate validation.

  • [IMP] User management interface with certificate listing.

  • WAPT Console:

  • [IMP] gui: change maturity directly from the WAPT Console.

  • [IMP] gui: all WAPT package types are grouped in one tab.

  • [IMP] helpers: build and upload locally development package from the WAPT Console.

  • [IMP] helpers: import default reporting queries from internet.

  • [IMP] helpers: restart the WAPT Agent and restart client computer from the WAPT Console.

  • [IMP] Package wizard: support for RPM/DEB/PKG/DMG.

  • [IMP] Remote repositories: status bar for progression of creation/ update of sync.json for repo sync.

  • [IMP] Windows Updates: new search bar, view host with specific KB.

  • [IMP] Faster import and resigning of package, change of maturity, etc.

  • [IMP] waptmessage: better handling of user oriented notification.

  • [IMP] Better logging of WAPT Console actions and WAPT Agent activity.

  • Performance improvements for larger installations:

  • [IMP] Better handling of insert / update of inventory.

  • [IMP] Better handling of websocket updates.

  • [IMP] GLPI integration: synchronize WAPT inventory to GLPI server.

  • Better OS integration:

  • [IMP] TLS certificate handling: certifi uses local OS certificate store instead of Python certifi integrated certificate store.

  • [IMP] Increased the number of supported platform, improved packaging for Linux (deb and rpm) with support for a WAPT Agent running on arm64 and macOS BigSur 64bit.

  • Package development:

  • [IMP] Improved package wizard.

  • [IMP] Many small fixes and improvements to SetupHelpers and better support for Linux and macOS.

  • [IMP] Improve os targeting now you can specify targeted OS and specific version of OS : eg. Debian(>=9,<=10).

From a technical point of view

  • Python: switch from Python2.7 to Python3:

  • Linux: use of venv by default with distrib python 3 version.

  • Windows: switch python3 install to embedded edition 3.8.7.

  • Different installer for WinXP / WinVista / Win2k3r2 / win2k8 (nonr2) (recent CPython version does not support older Windows systems anymore).

  • Better handling of passwords with special chars.

  • Upgraded WAPT core libs and scripting environment.

  • Upgraded to Python3 and Python libraries, changed kerberos and websocket libraries.

  • Upgraded to Lazarus 3.0.10 and FPC 3.2.

Caveat

  • Support for non supported Windows version (WinXP, WinVista, Win2k8 (non-R2) and Win2k3) is still baking in the oven and should be ready shortly after the 2.0 release date.

  • Redhat8 and derivative distributions: for upgrade it is necessary to remove WAPT SELinux rules before using postconf again.