Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :
  • * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
  • * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
  • * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Using WAPTExit

waptexit allows to upgrade and install WAPT packages when a host is shutting down, at the user’s request, or at a scheduled time.

The mechanism is simple. If packages are waiting to be upgraded, they’ll be installed.

Hint

When to use WAPTexit?

The WAPTexit method is very effective in most situation because it does not require the intervention of the User or the Administrator.

WAPTexit window

WAPTexit window

WAPTexit

waptexit executes by default on shutdown; it is installed by default with the WAPT agent.

The behavior of waptexit is customizable in C:\Program Files (x86)\wapt\wapt-get.ini.

Manually triggering the execution of WAPTexit

By creating a desktop shortcut, one can allow users to launch upgrades by themselves at a time that is convenient to them simply by clicking the WAPTexit icon.

The behavior of waptexit is customizable in C:\Program Files (x86)\wapt\wapt-get.ini.

Triggering WAPTexit with a scheduled task

One can deploy a GPO or a WAPT package that will trigger WAPTexit at a pre-scheduled time.

Triggering WAPTexit with a scheduled task is best suited for servers that are not shutdown frequently.

You may adapt the procedure describing how to deploy the WAPT agent to trigger the WAPTexit.exe script at the time of your choosing.

Hint

You can use the following script for your scheduled task, adapted to your need (Enterprise only):

waptpython -c "from waptenterprise.waptservice.enterprise import start_waptexit;
start_waptexit('',{'only_priorities':False,'only_if_not_process_running':True,
'install_wua_updates':False,'countdown':300},'schtask')"

Warning

All running software that are upgraded may be killed with possible loss of data. WAPTexit may fail to upgrade a software program if a software that you are upgrading is in the impacted_process list of the control file of one of the software you are trying to upgrade. See below for more information.

The method of trigerring WAPTexit at a scheduled time is the least recommended method for desktops. It is better to let WAPTexit execute at shutdown or on user request.

Avoiding the cancellation of upgrades

To disable the interruption of the installation of updates you can run waptexit with the argument:

waptexit.exe -allow_cancel_upgrade = True

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
allow_cancel_upgrade = False

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be 10.

Increase the trigger time in waptexit

To specify the wait time before the automatic start of the installations you can start waptexit with the argument:

waptexit.exe -waptexit_countdown = 10000

Otherwise waptexit will take the value indicated in the configuration C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
waptexit_countdown = 25

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be 1.

Do not interrupt user activity

To tell WAPT not to run an upgrade of running software on the machine (impacted_process attribute of the package), you can run waptexit with the argument:

waptexit.exe -only_if_not_process_running=True

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
upgrade_only_if_not_process_running = True

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be False.

Launching the installation of packages with a special level of priority

To tell WAPT to only upgrade high priority packages, you can run waptexit with the argument:

waptexit.exe -priorities = high

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
upgrade_priorities = high

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be Empty (no filter on priority).

Customizing WAPTexit

It is possible to customize waptexit by placing the image you want in C:\Program Files (x86)\wapt\templates\waptexit-logo.png.

Registering/ unregistering WAPTexit

To register or unregister waptexit in local shutdown group strategy scripts, use:

  • to enable waptexit at host shutdown:

wapt-get add-upgrade-shutdown

  • to disable waptexit at host shutdown:

wapt-get remove-upgrade-shutdown