Attention : support for WAPT 1.8.2 ended on June the 30th 2022.

There are known vulnerabilities in WAPT dependencies in WAPT 1.8.2 branch. Please upgrade to the latest supported version. CVE listing (non exhaustive) :

• * python engine : python 2.7 (CVE-2020-10735, CVE-2015-20107, CVE-2022-0391, CVE-2021-23336, CVE-2021-3177, CVE-2020-27619, CVE-2020-26116, CVE-2019-20907, CVE-2020-8492, etc.)
• * cryptography : openssl : CVE-2022-2068, CVE-2022-1292, CVE-2022-0778, CVE-2021-4160, CVE-2021-3712, CVE-2021-23841, CVE-2021-23840, CVE-2021-23839, CVE-2020-1971, CVE-2020-1968, CVE-2019-1551
• * python dependencies : cryptography (CVE-2020-36242, CVE-2020-25659), eventlet (CVE-2021-21419), jinja2 (CVE-2020-28493), psutil (CVE-2019-18874), waitress (CVE-2022-31015), lxml (CVE-2021-4381, CVE-2021-28957, CVE-2020-27783, CVE-2018-19787), ujson (CVE-2022-31117, CVE-2022-31116, CVE-2021-45958), python-ldap (CVE-2021-46823)

Upgrading the Operating System

Upgrading from Debian 9 Stretch to Debian 10 Buster

In order to upgrade your WAPT server from Stretch to Buster you have to follow the standard procedure for Debian. You first modify the apt source files /etc/apt/sources.list and /etc/apt/sources.list.d/wapt.list, then start the upgrade.

By default the PostgreSQL is not upgraded to PostgreSQL 11. One needs to manually request the upgrade. After upgrading, it is possible to remove the old PostgreSQL 9.6 database.

sed -i 's/stretch/buster/g'  /etc/apt/sources.list
sed -i 's/stretch/buster/g'  /etc/apt/sources.list.d/wapt.list
apt update
apt update && apt dist-upgrade
pg_dropcluster --stop 11 main
pg_upgradecluster -v 11 9.6 main
apt remove postgresql*-9.6
apt autoremove
/opt/wapt/waptserver/scripts/postconf.sh

Upgrading from CentOS 7 to CentOS 8

WAPT does not yet support CentOS 8. This section will be updated accordingly when support will be added.