Changelog¶
WAPT-2.4 Serie¶
WAPT-2.4.0.14143 (2023-08-08)¶
hash : 9847ee8b
This is a bugfix release for WAPT 2.4.0. Notable fixes are fixes are :
better handling of scrolling in SelfService on macOS
fix network error on macOS m1
better support for authentication on WAPT Store Enterprise when downloading packages in the WAPT Console
Console WAPT¶
[IMP] waptconsole import packages: avoid flickering when clicking on rows.
[FIX] waptconsole / external repositories settings: renamed user and password fields to mention explicitly Store and token.
[IMP] waptconsole import packages from store: handle 401 and 403 proactively to suggest user to authenticate to WAPT Store Enterprise and validate licences for proprietary software
[IMP] better handling of icons list WAPT Self-service
[FIX] fix waptconsole download waptagent for linux and mac (symlink for waptagent gui not properly handled)
WAPT Core¶
[FIX] better handling of current path when starting wapt: determine default_waptservice_ini with waptutils__file__, not from sys.argv[0] to handle
[FIX] add use random uuid in json agent configurations
WAPT on Linux and macOS¶
[FIX] Fix running_on_ac setuphelpers function on Linux
[FIX] fix older macOS support specify --platform macosx_10_9_x86_64 and --platform macosx_11_0_arm64 when run pip compilation for backward compatibility
[FIX] macOS : fix app startup icon not working on macos ventura and above
[FIX] Debian : add dependency on rsyslog OR syslog-ng in server and service deb package
[FIX] fixed socket ioctl() on some POSIX targets (e.g. macOS on M1 architecture)
[FIX] fix scrolling WAPT Self-service under MacOS with magic mouse or macbook trackpad
Serveur WAPT¶
[FIX] edit order check_auh for get_wads_config
[FIX] fix db upgrade bug when upgrading from WAPT 1.8.2
WAPT-2.4.0.14080 (2023-06-22)¶
hash : 25f00c3f
This is a bugfix release for WAPT 2.4. Notable fixes are fix a for issues when building and uploading package from PyScripter due to __pycache__ and .pyc files,
and a fix for the broken WakeOnLan feature.
Console WAPT¶
[FIX] waptconsole: show main_ip of pre wapt 2.4 host before upgrade
[FIX] waptconsole gui: splitter position in softwares inventory
[FIX] waptconsole : missing data in softwares inventory (host_capabilities)
[FIX] waptconsole: label showing KBs usage space
[FIX] waptconsole / sendMessage: don’t autosize form as it creates endless layout loop on linux
[FIX] waptconsole: MS remote assist is on port 135, not 3389
WAPT Core¶
[FIX] wapt dynamic configuration: hiberboot_enabled is a boolean in json config, but must be set as a dword in registry
[FIX] wapt-get build-upload: excluded files are not properly excluded when building the zip file due to
__pycache__and.pyc[FIX] waptagent macox: using launchctl kickstart instead of launchctl unload && load for wapt service under MacOS
Serveur WAPT¶
[FIX] server: reintroduce hosts.gateways extraction from host_networking
[FIX] server / trigger wakeonlan: fix for compatibility with old host data.
WAPT WADS¶
[IMP] send a human readable message to ipxe when WADS is disabled while trying to deploy through WADS
[IMP] ensure WADS deployment and ipxe still works when djoin is empty
WAPT-2.4.0.14058 (2023-06-09)¶
hash : ae548d8ab
This is a bugfix release for WAPT 2.4.
Notable changes :
Added support for Debian 12 amd64 on client and server
Upgrade openssl from 3.0.8 to 3.0.9
Upgrade python from 3.8.16 to 3.8.17
Serveur WAPT¶
[NEW] add debian12 for amd64
[UPD] no filter by default for importing WUA updates
[UPD] adding more update file extension
[FIX] handle server side Hosts dataset ordering (when a hosts count limit is given in waptconsole, we expect to get the first n hosts in the grid order)
[FIX] waptserver : upload linux waptagent ensure symlink is secure filename
[FIX] waptserver model: missing extraction of dnsdomain and mac from host_networking json into plain Hosts columns
WAPT macOS¶
[FIX] direct waptservice restart on MacOS
WAPT Linux¶
[NEW] add debian12 for amd64
[NEW] Add new systemd function to setuphelpers for Linux
Console WAPT¶
[FIX] fix waptpython.exe and waptpythonw.exe upgrade through innosetup when version id does not change
[FIX] fix waptsetup install when setup file is located in directory with non ascii chars
[FIX] Add escape_filter_chars for ldap3 (allow parenthesis and other special char in group names)
[FIX] DJoin: fetch ldap search result until no more pages left
[FIX] DJoin: Limit ldap search page to 500 results
[FIX] showing pending WUA updates
WAPT Core¶
[SEC] sign all dll and exe that are compiled by Tranquil IT during build process
[SEC] switch to openssl 3.0.9
[SEC] switch to python 3.8.17
WAPT-2.4.0.14031 (2023-05-26)¶
hash : 1420892a
This is the release of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:
better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management
due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8
re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains
it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares
add support for Debian 10 and Debian 11 support on ARM 64 bit platform
new WADS graphical interface
remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services
CAVEAT:
the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1
WADS WinPE format has changed and it needs to be recreated . Please refer to https://www.wapt.fr/en/doc-2.4/wapt-wads.html#adding-the-winpe-files
Serveur WAPT¶
[NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth
[NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN
[NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.
[NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)
[NEW] waptserver licences: be tolerant if no server_uuid yet
[NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status
[NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages « waptpython -I waptservice/service.py » * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx
[NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent
[ADD] WAPTWUA missing allow url allow mp.microsoft.com
[RM] removed endpoint /api/v2/download_wuredist
[IMP] lower case for test rules secondary repo in case of mixed case scenario
[IMP] waptservice and wapttftpserver: don’t wait for enter key on error
[IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth
[IMP] waptserver: add signer_fingerprint db field to Wads models
[IMP] adding generic symlink when uploading waptagent to have standard http url for agent download
[IMP] waptrepo: hardened handling of multiple concurrent repo cache updates
[IMP] server add_configurations : return json config filenames in result.
[IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client
[IMP] waptserver crls updates for nginx: * merge all known crls into file if « ssl_crls » waptserver.ini is defined
[IMP] waptserver model: update Packages table description_localized dict from package entry.
[IMP] add psycogreen patching for eventlet / postgresql
[IMP] Be sure to fill executable version infos when initializing logger
[IMP] cache CASigners in waptrepo
[UPD] upgrade to 14.7 postgresql for windows
[UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty
[FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount
[FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server
[FIX] waptserver nginx: add « proxy_request_buffering off; » to the top server nginx config to workaround issues with big iso uploads.
[FIX] fix username in log history of actions on waptserver
[FIX] newest_only in api/v3/packages api does not compare versions properly.
[FIX] fixed regexp in nginx location for
conf.d/*.jsonfiles (and others).[FIX] waptserver: login initialization of user typo
[FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates
[FIX] config url on server index landing page.
[FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session
[FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.
[REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis
[REF] server: removed legacy url style login
Agent WAPT¶
[NEW] waptsetup: removed the option to trust tranquilit certificates.
[NEW] don’t set wapt-templates by default in agent config file wapt-get.ini
[IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.
[IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently
[IMP] logo in WAPT SelfService
[IMP] waptself: improve auth error message
[IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels
[IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default
[IMP] WAPT Message adaptive form size to content if no size is set
[IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox
[IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.
[IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case
[IMP] waptsetup: add logs of service install exec shell commands.
[UPD] wapt-get: add restart-waptservice action. fix add-licence authentication
[FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too
[FIX] Self Service : DownloadAllPackageIcons after getting a token
[FIX] restarting waptservice by scheduler under MacOS
[FIX] taking care of display_time in WAPT Service
[FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag
[FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe
[FIX] fix waptsetup trusted_external_certs
WAPT Linux¶
[NEW] add json config url in waptserver homepage to help linux agent config
[IMP] waptupgrade : improve command line install for deb base distro
[IMP] Debian: add reboot_needed and reboot-required.pkgs info in host info
[IMP] force locale C for strptime installed_softwares
[FIX] fix datetime.datetime.strptime for installed_softwares in rhel9
WAPT macOS¶
[NEW] WAPT Tray compilation config. for macosx
[FIX] fix out of range error when importing waptlicences python module on macosx
Console WAPT¶
[NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user
[NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console
[NEW] button export pending required WUA KB as curl string list
[NEW] import CAB WUA updates
[NEW] Showing pending WUA updates to download
[NEW] audit info Add asus support button to asus support site with computer ref
[NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access
[NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading « , » in the list of arguments because of a bug in mormot helpers arg handling.
[NEW] add display time for WAPT Message when sending from WAPT Console
[NEW] waptconsole: Enable audit data tab by default
[ADD] message user friendly for “.exe” signature
[ADD] Message to confirm hosts deletion
[IMP] package maturity action
[IMP] adding url for wsusscn2.cab to download
[IMP] fix double click not able to show certificate using shell.
[IMP] adding possibility to cancel configuration package creation
[IMP] Add Tasks Status for better security and messages
[IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.
[IMP] WaptConsole: Discover domain controllers from domain dns name
[IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin
[IMP] User can add username / password for repositories while importing packages for Internet
[IMP] better grid status if restart pending
[IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined
[IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking « Check https certificate ».
[IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first
[IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.
[IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages
[IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.
[IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth
[IMP] waptconsole: Add update package tab in package editor
[IMP] waptconsole: Display min/max os version in target_os column if defined.
[IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.
[IMP] waptconsole: add architectures arm and arm64 to the filters
[IMP] new dark view mode for console
[UPD] waptconsole: show login dialog if the server session cookies expires
[UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.
[UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.
[UPD] icon on error status in host WUA
[UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.
[FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.
[FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)
[FIX] waptconsole reporting : no column displayed when running query outside of query editor
[FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console
[FIX] waptconsole: propagate licences count to background threads
[FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest
[FIX] waptconsole PrepareDJoin: allow direct input of Host OU
[FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions
[FIX] splitter placement on audit data when showing history
[FIX] Better Design for Import from Internet Basket
[FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver
[FIX] fix basic auth (issue when concatenating user+”:”+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.
[FIX] waptconsole: fix local agent configuration based on built agent config
[FIX] waptconsole : image showed as inactive on action forget package
[FIX] waptconsole: empty server side message when upload error.
[FIX] waptconsole import package: restore last used repository
[FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.
[FIX] waptconsole server login: be sure to not loop if basic auth fails
[FIX] waptconsole import packages newer than mine when there are dots in names
[FIX] deleting rows from audit data history
[FIX] waptconsole regression decrypting old python rsa encrypted data
[FIX] waptconsole decrypt of client side encrypted data
[FIX] Clearing audit data history view if no data
WAPT Core¶
[SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check
[NEW] add wapt-get dmiinfo
[NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer
[NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.
[NEW] improve handling of external repo user/password authentication.
[IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.
[IMP] wakeonlan: be tolerant if no interface or no macs on a host
[IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)
[IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status
[IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.
[IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threds are updating the same repo cache.
[IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.
[IMP] waptcrypto: be sure to not create an empty stripped down CA file return full bundle path if function fails.
[IMP] use mormot instead of tsmbios for get_biosinfos
[IMP] mormot2 fix Samba LDAP expectations in its « strong auth = yes » default mode - i.e. allow « signing sealing » of the frames if TLS is not used
[IMP] when checking for changed file over http, use a 2s tolerance before or after.
[IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.
[IMP] waptpackage get_stripped_package: include “update_package.py” in payload for the console.
[IMP] Add –only-priorities and –only-if-not-process-running to wapt-get upgrade, install, remove
[IMP] logo for WAPT Message
[IMP] waptcypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key
[IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes
[IMP] be sure to get only public cert from TX509Certificate mormot unit
[IMP] add pfx and p12 file filter for personal cert file browser
[IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup
[IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently
[IMP] create waptsetup: set verify_cert to “1” instead of path to cabundle if verify cert is checked.
[UPD] update vc_redist to version 14.36.32532
[UPD] avoid untrapped exception when password can not decrypt key
[UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.
[UPD] manage multivalued « architecture » in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf
[UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.
[UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.
[FIX] missing makepath import and syntax fix
[FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.
[FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)
[FIX] allow empty folders in package
[FIX] TWaptSignatureChecker.VerifyJsonSignature in case “signed_attributes” is not supplied in the json.
[FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using “tcp@1.2.3.4” name server
[FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC
[FIX] python wget not setting properly the file last-modified date from http header.
[FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit whicj breaks console.
[FIX] wapt-get.py import waptservice is optionnal
[FIX] fix Machine without main_ip are ignored
[FIX] bad TTL for CACert bundle on disk cache
[FIX] old bug causing removes to fail when software is already uninstalled
[FIX] use “1” for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug
[REF] breaking change: removed import of PackageEntry from setupdevhelpers.py
[REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath
[REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers
WAPT WADS¶
[SEC] add iso hash in ipxescript
[NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host
[NEW] Wads with Graphical Display and Info
[NEW] add update driver bundle option
[NEW] reset drivers on hosts OSDeploy
[NEW] drag and drop .iso on console for upload
[NEW] drag and drop of drivers folder on drivers in WADS part
[NEW] drag and drop from Host to deploy to drivers or configuration
[IMP] Verify WADS hostname on WADS Winpe / Console / Server
[IMP] Better login for login_on_wads
[IMP] Wapt downloads are now in Graphical WADS
[IMP] waptserver: calc sha256 of iso during upload rather than after upload
[IMP] TVisPrepareDjoin: Add domain discovery
[IMP] TVisPrepareDjoin: sort DC by response time using cldap
[IMP] Save prepare djoin form fields in session (domain, username and password)
[IMP] Add ubuntu and rhel9 wads template
[IMP] Upload iso. Deleting file if wrong hash after upload
[IMP] ipxe add keymap
[IMP] sending file to api/v3/upload_deploy_files only if needed
[IMP] Default prepare djoin window credentials to current domain’s
[IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver
[IMP] On WADS conf, a password for superadmin is defined
[IMP] Prepare DJoin: Connect through kerberos if possible
[IMP] waptconsole PrepareDJoin: allow direct input of Host OU
[UPD] wads: wait 30s for an ip address.
[UPD] limiting uploading iso files only on WADS part
[FIX] Wads fix default dir for iso upload
[FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes
[FIX] getting ipv4 addresses excluding APIPA
[FIX] wads: break loop if 401 login fails.
[FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain
[FIX] Stop Graphical if WADS is only used to send status
[FIX] Retry Wads now reset the status
[FIX] avoiding loop showing message if ISO name already exits
[FIX] empty error message on refreshing ISO file list
[FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName
[FIX] fix copy cert in winpe for wads
[FIX] empty error message on refreshing drivers file hashes and bundle names
[FIX] Warning Removal and reset wads32 binary
[FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid
[FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter
[FIX] TVisPrepareDjoin: Handle sub-domain within forest
[FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect
[REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)
WAPT-2.4.0.14001-rc3 (2023-05-25)¶
hash : 1420892a
This is the third release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:
better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management
due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8
re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains
it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares
add support for Debian 10 and Debian 11 support on ARM 64 bit platform
new WADS graphical interface
remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services
CAVEAT:
the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1
Serveur WAPT¶
[FIX] waptserversetup: missing dir=in in firewall rules for wapttftpserver on Windows Server
[FIX] waptserver nginx: add « proxy_request_buffering off; » to the top server nginx config to workaround issues with big iso uploads.
[FIX] fix username in log history of actions on waptserver
[FIX] newest_only in api/v3/packages api does not compare versions properly.
[IMP] lower case for test rules secondary repo in case of mixed case scenario
[IMP] waptservice and wapttftpserver: don’t wait for enter key on error
Agent WAPT¶
[FIX] Self Service : DownloadAllPackageIcons after getting a token
[IMP] waptsetup: don’t configure URL in waptsetup by default as it it proposed later on in waptconsole.
[UPD] wapt-get: add restart-waptservice action. fix add-licence authentication
[IMP] wapt-get fpc: use agent key/cert client auth if none is defined in config inifile.
[FIX] restarting waptservice by scheduler under MacOS
[IMP] add double quotes around waptservice executable filename for ImagePath in services windows registry. If not quoted, and there are spaces in file path, service can not start in certain case
[IMP] waptsetup: add logs of service install exec shell commands.
[FIX] waptself: after hitting task panel hide button, packages flowpanel is hidden too
[IMP] waptdeploy: useWaptServer task does not exist anymore. Enable installService task by default
Console WAPT¶
[FIX] waptconsole: fix potential AV when getting isEnterprise status if no waptserver is defined yet.
[IMP] waptconsole configuration: set verify_cert to 1 instead of path to certifi bundle when checking « Check https certificate ».
[IMP] waptconsole: on first login, when no server is defined in waptconsole.ini, show the configuration dialog first
[FIX] adding a password in Acls raise an exception about missing arg. fix decoding of utf8 when building SO and SA from Array of const (valid for lazatus only where String=Utf8String)
WAPT Core¶
[FIX] missing makepath import and syntax fix
[FIX] waptpackage: remove references to old signature and manifest.sha1 files. delete them when unzipping package so that they are not considered as corruption.
WAPT WADS¶
[FIX] Wads fix default dir for iso upload
WAPT-2.4.0.14001-rc2 (2023-05-17)¶
hash : 13e724ad
This is the second release candidate of WAPT 2.4. WAPT 2.4 version brings a ton of small improvements and bugfixes along with the following main features:
better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management
due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8
re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe, now with support of Active Direcotry Forrest and subdomains
it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares
add support for Debian 10 and Debian 11 support on ARM 64 bit platform
new WADS graphical interface
remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services
CAVEAT:
the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1
Console WAPT¶
[FIX] waptconsole reporting : no column displayed when running query outside of query editor
[FIX] waptconsole acls: small fix console acls signature display when deleting a certificate in console
[FIX] waptconsole: propagate licences count to background threads
[FIX] TVisPrepareDjoin: Handle properly subdomains in AD Forrest
[FIX] waptconsole PrepareDJoin: allow direct input of Host OU
[FIX] give modal status to driver download windows when creating winPE to avoid other conflicting actions
[FIX] splitter placement on audit data when showing history
Serveur WAPT¶
[FIX] waptserver: fix startup issue when calling waptlicences.CheckValidLicencesCount
[IMP] adding generic symlink when uploading waptagent to have standard http url for agent download
[UPD] upgrade to 14.7 postgresql for windows
[FIX] fixed regexp in nginx location for
conf.d/*.jsonfiles (and others).
WAPT Core¶
[FIX] fix python WaptRepo packages_matching when condition is a PackageRequest (this is actually unused. The method packages_matching of Wapt class is used instead)
[IMP] wapt-get waptdeploy waptlicences lpi wads wgetwads waptsvc: disable -Wg win32 app mode for win32 and win64 target to force stdout open.
[UPD] update vc_redist to version 14.36.32532
[FIX] allow empty folders in package
WAPT Linux¶
[IMP] waptupgrade : improve command line install for deb base distro
WAPT macOS¶
[FIX] fix out of range error when importing waptlicences python module on macosx
WAPT-2.4.0.13958 RC1 (2023-04-17)¶
hash : 2cb08262
This is the first release candidate of WAPT 2.4. This new version brings a ton of small improvements and bugfixes along with the following main features:
better co-existence with antivirus due to removal of NSSM service manager which was often wrongly flagged as suspicious. WAPT Agent now uses mORMot Angelize for service management
due to OpenSSL 1.1.1 being eol’ed next september, WAPT has switch to embedded OpenSSL 3.0.8
re-implemented Active Directory offline join in WADS (djoin.exe) to work around many bug and limitation in the Microsoft version of djoin.exe
it is now possible to have a use a user/password credentials when importing packages from the store. Authentification will be required for the WAPT Enterprise Store that provides educational softwares
add support for Debian 10 and Debian 11 support on ARM 64 bit platform
new WADS graphical interface
remove usage of Microsoft Windows RestartManager during upgrade to avoid unecessary killing of services
CAVEAT:
the new OpenSSL 3.0 has a huge performance issue when loading large certificate bundle. If you have verify_cert and want to use the Operating System bundle, please set verify_cert=1
Console WAPT¶
[FIX] Better Design for Import from Internet Basket
[FIX] FrmLdapSearch: Fallback on OS DNS nameservers if no domain controller found using domain as nameserver
[NEW] waptconsole acls form: fix the check signature action. add some icons to show when a certificate or password is assigned to a user
[IMP] waptconsole: manage reloading of ini config if file is updated externally add public_certs_dir setting.
[IMP] waptconsole: trust always own waptconsole’s user certificate when processing / resiggning packages
[IMP] missing changes for waptconsole build waptsetup: don’t include ssl dir in waptupgrade package.
[IMP] waptconsole: try to get a new session cookie if 401 and there is cached password for user instead of switching to basic auth
[FIX] fix basic auth (issue when concatenating user+”:”+password), prevent recursive call to login dialog, clear private key password if password is not OK on login.
[UPD] waptconsole: show login dialog if the server session cookies expires
[FIX] waptconsole: fix local agent configuration based on built agent config
[NEW] add HttpGet and HttpPost helpers for mustache templates to create custom html display in console
[IMP] waptconsole: Display min/max os version in target_os column if defined.
[FIX] waptconsole : image showed as inactive on action forget package
[FIX] waptconsole: empty server side message when upload error.
[IMP] waptconsole: Add update package tab in package editor
[FIX] waptconsole import package: restore last used repository
[IMP] waptconsole waptgent: allow to double click on certificates to open them with os shell.
[IMP] waptconsole: add architectures arm and arm64 to the filters
[IMP] new dark view mode for console
[NEW] button export pending required WUA KB as curl string list
[NEW] import CAB WUA updates
[IMP] adding url for wsusscn2.cab to download
[IMP] fix double click not able to show certificate using shell.
[NEW] Showing pending WUA updates to download
[UPD] add support for pkcs#12 file for private key and certificate in waptconsole and wapt-get.
[UPD] waptconsole private key password change : try to change P12 file password too if same base filename and same old password.
[IMP] package maturity action
[IMP] adding possibility to cancel configuration package creation
[IMP] Add Tasks Status for better security and messages
[IMP] waptconsole edit package form: show always files tab. add a message for user if package does not exist anymore.
[FIX] waptconsole create waptsetup: handle the host_profiles config attribute * removed unused organisation.
[IMP] WaptConsole: Discover domain controllers from domain dns name
[IMP] WaptConsole: Load available OU from AD in TVisPrepareDjoin
[NEW] audit info Add asus support button to asus support site with computer ref
[NEW] WaptHttpGetString and WaptHttpPostData: add a default referer with root of URL to pass some basic access API authentication * applied as example for HP support access
[NEW] add lenovo got to support button as an example of HttpGet mustache helper. * note the leading « , » in the list of arguments because of a bug in mormot helpers arg handling.
[UPD] icon on error status in host WUA
[IMP] User can add username / password for repositories while importing packages for Internet
[NEW] add display time for WAPT Message when sending from WAPT Console
[FIX] waptconsole server login: be sure to not loop if basic auth fails
[FIX] waptconsole import packages newer than mine when there are dots in names
[UPD] filter out packages having a untrusted signer certificate when loading Packages index note that this is only to avoid processing or listing packages which will not be trusted anyway. But we dont check the signature at this point, so package control signature must still be checked later.
[IMP] better grid status if restart pending
[FIX] deleting rows from audit data history
[FIX] waptconsole regression decrypting old python rsa encrypted data
[NEW] waptconsole: Enable audit data tab by default
[IMP] external repositories settings: removed the checkbox for signature certificates directory. Check is enforced if cert is defined
[FIX] waptconsole decrypt of client side encrypted data
[ADD] message user friendly for “.exe” signature
[ADD] Message to confirm hosts deletion
[FIX] Clearing audit data history view if no data
Agent WAPT¶
[FIX] waptsetup: add waptconsole start shortcut only if not running a stuffed waptsetup.exe
[FIX] fix waptsetup trusted_external_certs
[IMP] WAPT Message adaptive form size to content if no size is set
[NEW] waptsetup: removed the option to trust tranquilit certificates.
[IMP] waptstarter: fix some waptstarter default settings removed kerberos checkbox
[FIX] taking care of display_time in WAPT Service
[NEW] don’t set wapt-templates by default in agent config file wapt-get.ini
[FIX] fix again regression on waptmessage impersonification from Agl waptservice. child processes are launched inside a job to control their termination. so for impersonification, we need CREATE_BREAKAWAY_FROM_JOB creation flag
[IMP] waptsetup: don’t ask innosetup to close applications using RestartManager as sometimes, it kills vital services (network) when launched as silently
[IMP] logo in WAPT SelfService
[IMP] waptself: improve auth error message
[IMP] waptself: removed shadows to lower redraw workload removed some visual overrides to panels
WAPT Core¶
[SEC] waptcrypto: don’t try to guess signed_attributes. this attribute in mandatory. signer is mandatory for python waptcrypto verify_claim check
[FIX] DNS fallback to TCP on truncated UDP response - and also allow direct TCP query by using “tcp@1.2.3.4” name server
[NEW] add wapt-get dmiinfo
[IMP] waptcrypto: be sure to not create an empty stripped down CA file return full bundle path if function fails.
[IMP] use mormot instead of tsmbios for get_biosinfos
[FIX] TWaptSignatureChecker.VerifyJsonSignature in case “signed_attributes” is not supplied in the json.
[IMP] mormot2 fix Samba LDAP expectations in its « strong auth = yes » default mode - i.e. allow « signing sealing » of the frames if TLS is not used
[FIX] waptutils python fileutcmtime and httpdatetime2time. Convert all dates to UTC
[UPD] python waptpackage make_package_filename include os version in package filename for waptupgrade packages.
[REF] breaking change: removed import of PackageEntry from setupdevhelpers.py
[IMP] when checking for changed file over http, use a 2s tolerance before or after.
[FIX] python wget not setting properly the file last-modified date from http header.
[IMP] waptutils copytree2 : don’t follow symlinks to avoid copying entire disks.
[IMP] waptpackage get_stripped_package: include “update_package.py” in payload for the console.
[IMP] Add –only-priorities and –only-if-not-process-running to wapt-get upgrade, install, remove
[IMP] logo for WAPT Message
[IMP] waptcypto: TRSAPrivateKey: allow loading unencrypted PEM RSA key
[IMP] fixed OpenSSL UTF-8 encoding flags for certificates closes
[IMP] be sure to get only public cert from TX509Certificate mormot unit
[IMP] add pfx and p12 file filter for personal cert file browser
[UPD] avoid untrapped exception when password can not decrypt key
[UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.
[IMP] waptdeploy: retry up to 30s to be able to get version on waptsetup
[IMP] waptsetup/waptstarter: install /StartPackages=xx if runningSilently
[FIX] wapt-get / commandline : user RawReadKey from keyboard unit to avoid crt unit whicj breaks console.
[UPD] manage multivalued « architecture » in wapt packages control.architecture attribuet is now a csv of x64, x86, arm, arm64, armhf
[FIX] wapt-get.py import waptservice is optionnal
[IMP] waptsetup: don’t change server and repo config by default if repo is already defined in wapt-get.ini.
[IMP] wakeonlan: be tolerant if no interface or no macs on a host
[IMP] fix get_net_ips() if not address on an interface (eg. CAN bus)
[FIX] fix Machine without main_ip are ignored
[FIX] bad TTL for CACert bundle on disk cache
[IMP] create waptsetup: set verify_cert to “1” instead of path to cabundle if verify cert is checked.
[FIX] old bug causing removes to fail when software is already uninstalled
[NEW] showing countdown on WAPT Message + stopping countdown when entering in message viewer
[NEW] GetStrippedDownServerCABundlePath : stores only issuer CA cert chain, not server chain. keep file cache for 1 hour.
[FIX] use “1” for system CA in external repositories to force use of stripped down CA bundles due to openssl 3.0 perf bug
[REF] refactor the http client to handle all requests the same way. handle user:password embedded in Urls renamed proc InitTlsContext to func InitHttpTlsContext. Returns a PTlsContext moved GetServerCertificate to waptcrypto GetPeerCertChainFromServerPath
[UPD] separate networking information from host_info to lower pressure on database when hosts update their status put host’s audit_status in last_update_status key.
[IMP] store networking infos as a separate field in hosts table. removed list_services and listening_sockets from host’s status data moved audit_status into wapt_status
[NEW] improve handling of external repo user/password authentication.
[IMP] waptcrypto python: add arguments for certificates’s not_before and not_after constraints add option to specify date of claim’s signature for testing purpose.
[IMP] waptrepo: Protect repo cache packages directory when updating. In case several process or threds are updating the same repo cache.
[REF] move get_host_architecture from common to setuphelpers, move unzip_with_7zip from setuphelpers to setupdevhelpers
Serveur WAPT¶
[IMP] waptserver nginx: add api/v3/login specific section to forward client SSL auth
[NEW] waptserver: when login with ssl auth, check that the sha1 of the client certificate matches the sha1 of the user account in database for client cert auth
[IMP] waptserver: add signer_fingerprint db field to Wads models
[NEW] waptserver: accept empty username when using ssl auth. if username is provide, it must match the CN part of the certificate DN
[ADD] WAPTWUA missing allow url allow mp.microsoft.com
[NEW] use http status 403 instead of 401 when client side auth does not succeed to avoid a user/password popup in console.
[REF] waptserver: add a config parameter to change globally the default enabled auth methods default_auth_methods defaults to session,admin,passwd,ldap this can be overriden on per endpoint basis
[FIX] waptserver: login initialization of user typo
[REF] server: removed legacy url style login
[NEW] waptserver: add login_auth_methods configuration parameter in waptserver.ini defaults to admin,ldap,passwd,token,kerb (format : csv)
[FIX] configurations repositiories repo wapt/conf.d should not be protected by client side certificates
[NEW] waptserver licences: be tolerant if no server_uuid yet
[IMP] waptrepo: hardened handling of multiple concurrent repo cache updates
[FIX] config url on server index landing page.
[FIX] twaptserver auth callbacks. use OnHttpClientAuthorize if password in session, then OnAuthorize if defined and no password is available session
[UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty
[IMP] server add_configurations : return json config filenames in result.
[IMP] waptserver: get_ad_ou_split : be tolerant to malformed OU sent by client
[IMP] waptserver crls updates for nginx: * merge all known crls into file if « ssl_crls » waptserver.ini is defined
[NEW] wapserversession: share waptserveruser across all waptserver connection * to make it easer to relogin after token expiration. * retry to get a token if http 401 status
[NEW] waptserver, waptservice on Windows: removed nssm service manager, replaced by waptsvc * waptsvc service supervisor is based on mormot agl. * waptservice.exe is a symlink to waptsvc.exe and manages « waptpython -I waptservice/service.py » * waptserver is a symlink to waptsvc and manages server.py, wapttasks huey queue, and nginx
[RM] removed endpoint /api/v2/download_wuredist
[NEW] waptserversetup: don’t set repo_url and wapt_server url during setup as this done now later when building waptagent
[IMP] waptserver model: update Packages table description_localized dict from package entry.
[FIX] StripCertificateComments endless loop is Pem bundle ends with 2 CR NextPem does’t not set input pointer P to nil if end of file.
[IMP] add psycogreen patching for eventlet / postgresql
[IMP] Be sure to fill executable version infos when initializing logger
[IMP] cache CASigners in waptrepo
WAPT WADS¶
[FIX] osdeploy data signature. signer_fingerprint is not saved into db, so must not be included in signed attributes
[IMP] waptserver: calc sha256 of iso during upload rather than after upload
[FIX] getting ipv4 addresses excluding APIPA
[IMP] TVisPrepareDjoin: Add domain discovery
[IMP] TVisPrepareDjoin: sort DC by response time using cldap
[IMP] Save prepare djoin form fields in session (domain, username and password)
[FIX] wads: break loop if 401 login fails.
[FIX] Fix VisPrepareDJoin: Reset ldap kerberos SPN before connecting to the domain
[NEW] reset drivers on hosts OSDeploy
[FIX] Stop Graphical if WADS is only used to send status
[FIX] Retry Wads now reset the status
[IMP] Verify WADS hostname on WADS Winpe / Console / Server
[NEW] IP address and details of DISKPART info (volumes and disks) on wads_register_host
[IMP] Better login for login_on_wads
[IMP] Wapt downloads are now in Graphical WADS
[NEW] Wads with Graphical Display and Info
[FIX] avoiding loop showing message if ISO name already exits
[FIX] empty error message on refreshing ISO file list
[SEC] add iso hash in ipxescript
[IMP] Add ubuntu and rhel9 wads template
[UPD] wads: wait 30s for an ip address.
[IMP] Upload iso. Deleting file if wrong hash after upload
[IMP] ipxe add keymap
[FIX] waptdeploy unable to read setup exe version same potential issue in wads missing call to RetrieveInformationFromFileName
[FIX] fix copy cert in winpe for wads
[FIX] empty error message on refreshing drivers file hashes and bundle names
[NEW] add update driver bundle option
[UPD] limiting uploading iso files only on WADS part
[IMP] sending file to api/v3/upload_deploy_files only if needed
[FIX] Warning Removal and reset wads32 binary
[NEW] drag and drop .iso on console for upload
[NEW] drag and drop of drivers folder on drivers in WADS part
[NEW] drag and drop from Host to deploy to drivers or configuration
[IMP] Default prepare djoin window credentials to current domain’s
[IMP] Prepare Djoin: Retrieve domain controller using mormot dns resolver
[IMP] On WADS conf, a password for superadmin is defined
[REF] Prepare djoin fixes and form rework - Allow to configure ldap port - Don’t load OU on show - Split DC load and ldap connect buttons - Forbid to modify existing machine password (force to overwrite)
[IMP] Prepare DJoin: Connect through kerberos if possible
[FIX] Fix TVisPrepareDjoin GetDJoinBlob method - Fix verification of computer existence in the domain - Set computer password in AD even if we’re not creating it - Parse the created djoin blob after creation and set an error if the format is invalid
[IMP] waptconsole PrepareDJoin: allow direct input of Host OU
[FIX] TVisPrepareDjoin: Call to CldapSortHosts missing a parameter
[FIX] TVisPrepareDjoin: Handle sub-domain within forest
[FIX] waptconsole wads osdeploy grid: popupmenu clears multiselect
WAPT Linux¶
[IMP] Debian : add reboot_needed and reboot-required.pkgs info in host info
[IMP] force locale C for strptime installed_softwares
[FIX] fix datetime.datetime.strptime for installed_softwares in rhel9
[NEW] add json config url in waptserver homepage to help linux agent config
WAPT macOS¶
[NEW] WAPT Tray compilation config. for macosx
WAPT-2.3 Serie¶
WAPT-2.3.0.13516 (2023-02-23)¶
hash : 69968974
This is a bugfix release for WAPT 2.3.
Attention
When upgrading from WAPT 2.2.3 to WAPT 2.3, when installing the new waptsetup.exe 2.3, if the waptagent.exe 2.2.3 had previously been installed ON the management
machine ABOVE the waptsetup.exe 2.2.3, then the org certificate located in wapt\ssl directory of the agent belonged to the
waptagent.exe 2.2.3 InnoSetup installation instead of being a local file, and was removed during upgrade to waptsetup.exe 2.3, which handles certificate deployment differently.
Now, in the case a waptagent.exe has been installed above a waptsetup.exe install, the certificates in wapt\ssl will be preserved during upgrade.
This should happen only on the managemnent machine that is used to rebuild the agent if the agent has been re-installed above the waptsetup.exe install.
Note
The RHEL9 repository are how signed with a sha256 key/digest
Agent WAPT¶
[IMP] waptsetup.exe : backup
<wapt>\ssl\*.crtbefore upgrading and restore after install[UPD] when building waptagent, check that there is at least one trusted cert for packages and actions
[UPD] be more relax on waptagent setup naming: if setup exename « starts » with waptagent, assume we can safely use the configuration inside when running silently
[IMP] waptsetup: don’t ask innososetup to close applications using Microsoft Windows RestartManager. Use specific process name instead.
Console WAPT¶
[FIX] fix zip64 for big packages (>2GB) not handled properly in waptconsole
[FIX] waptconsole build waptagent certificate issue when both CA and personal cert+CA files are selected
Serveur WAPT¶
[FIX] Debian : fix logrotate on wapt server
WAPT-2.3.0.13505 (2023-02-13)¶
hash : c7fcb3a7
This is a bugfix release for WAPT 2.3, and has been signed with a new code signing certificate to replace the expired one.
Attention
All the previous version of the 2.3 branch have an issue with the creation of the waptagent.exe due to a expiring code signing certificate. If you need to create a new WAPT Agent, please upgrade to this version.
The error message that you will get is « Error while creating waptagent.exe: Checking hashes of executables on server against Tranquil IT certificate has failed. Please check if waptbinaries.sha256 has not been altered. »
Message in French : « Erreur lors de la création du waptagent.exe : La vérification de la signature Tranquil IT des hashs de contrôle sur le serveur a échoué. Vérifier que le waptbinaries.sha256 n’a pas été altéré sur le serveur. »
WAPT Core¶
[FIX] better handling of filename with “..” and “~” in zip filenames. No need to be paranoid if “..” and “~” are in the middle of the name
[FIX] waptservice only_if_no_process_running not taken in account when auto upgrade with waptupdate_task_period is enabled.
[UPD] waptservice / core: include packages with install status == error when checking for conflicting packages to remove.
[FIX] remote user waptmessage encoding issue
[FIX] waptconsole waptpackage manifest add support for file with non ascii chars.
[IMP] read Packages index from disk: use mormot function to potentially avoid lock conflicts
[FIX] remove or forget packages with spaces in package name. fix RemoveDuplicates when there are spaces in data items.
[FIX] closing WAPT Self for Linux/MacOSX
[FIX] waptdeploy : update certificate pinning with new code signing certificate
[FIX] waptcrypto : takes into account signature_date when checking certificate expiration date vs timestamping time.
[SEC] update openssl binaries to 1.1.1t
Serveur WAPT¶
[FIX] waptdeploy on server location: <repodir>/waptagent/waptdeploy.exe
[SEC] add server_tokens off to avoid giving nginx server version to non authenticated clients
[SEC] delete waptversion in /ping to avoid giving waptserver version to non authenticated clients
[IMP] add view acl for get_storage_used_by_kbs
WAPT WADS¶
[FIX] check volume letters before diskpart closes
[IMP] waiting network for wgetwads Closes
[IMP] install waptagent at end pressed debian
[IMP] not force login in ipxescript if login already in ipxescript (for leave the possibility of forcing the language before)
[IMP] add keymap on menu register
[IMP] add login in pxe for linux deploy
[IMP] delete double login wads
WAPT-2.3.0.13470 (2023-01-26)¶
hash : 4cc5fc06
This is a bugfix release for WAPT 2.3, and add support for Red Hat Enteprise Linux 9 and derivatives (both as server and agent)
WAPT Core¶
[FIX] fix waptdeploy.exe unable to read setup exe version, requiring the use of force flag in GPO
Agent WAPT¶
[FIX] fix datetime display for software inventory on Redhat and derivatives
[IMP] better support for Red Hat os version numbering in inventory and tags
[NEW] add el9 waptagent and waptserver support
Serveur WAPT¶
[IMP] simplify web interface displayed version values to avoid misunderstanding
[UPD] waptserver autocreate console ldap authenticated users if default_ldap_users_acls config is not empty
[FIX] fix update_hosts_sid_table connexion leaks (to update the reachable column before calling query in reporting tab)
[NEW] add el9 waptagent and waptserver support
Console WAPT¶
[FIX] fix package maturity action default value if none chosen
[FIX] fix grayed out host packages actions in Discovery mode
[UPD] Strip comments in pem encoded certificates to reduce size and try to fit into the 32kb limit of stuffed exe.
[IMP] adding possibility to cancel configuration package creation
WAPT WADS¶
[IMP] add support for keyboard selection in ipxe
[FIX] fix template windows 11 wads
[UPD] wads: wait 30s for an ip address if dhcp is slow to respond or waiting for 802.1x vlan switch
[FIX] fix wads regression where a computer could connect to waptserver instead of local secondary repo
[IMP] Upload iso. Deleting file if wrong hash after upload
[FIX] fix copy cert in winpe for wads
[FIX] fix waptdeploy unable to read setup exe version, requiring the use of force flag
WAPT-2.3.0.13438 (2023-01-19)¶
hash : 8e580896
This is a bugfix release for WAPT 2.3. Those are mainly fixes and improvements to smooth the upgrade process from older WAPT versions.
WAPT Core¶
[FIX] waptcore: keep install status of previous package if new package upgrade status is ERROR
[FIX] Don’t forced install packages which could’t not be installed properly last time (to avoid install loop) a better approach could be to define a maximum retries count and an increasing delay between retries.
Console WAPT¶
[FIX] fix verify waptsetup.exe and waptdeploy.exe hash when creating waptupgrade
[UPD] set all search timer to default (300ms)
[FIX] waptconsole display correct icon on Linux
[UPD] waptconsole: propose to add a licence right after login if none on server.
[FIX] waptconsole: fix some tab orders in forms
[FIX] waptconsole package wizard: change layout for compatibility with linux.
[FIX] waptconsole: quick fix for external repos settings if none is currently defined in waptconsole ini settings. Autoregister
wapt-templates.[FIX] waptsetup: don’t create a shortcut for the waptconsole to replicate behavior from older waptsetup…
[NEW] waptagent for Windows can be generated on Linux waptconsole
[REF] Improved djoin support
[NEW] waptconsole: better support for dark mode on Linux / MacOS
Agent WAPT¶
[IMP] macOS: use sw_vers -productVersion for mac os version
[FIX] windows: waptwua client: fix issue when main repo url ends with a slash
[FIX] fix wapt-signpackage compatibility error : removes mds argument
[FIX] fix waptupgrade package for centos
[FIX] fix application version on MacOsx
[FIX] switch
DisableSkipWindowsUpdatestowaptwuasection[NEW] Add ForceUnsigned for add drivers in winpe
[FIX] add defaultInterpreterPath for vscode support
[FIX] waptexit self-kill if machine has been started for too much time
WAPT WADS¶
[IMP] wads: removing mounted drive letters before diskpart for better support of machine without any installed OS
[NEW] Add script compile_ipxe.py to integrate waptserver url directly in ipxe binary
[FIX] fix acl wads_admin on upload_winpe
[FIX] wads: fix wads skip_login_wads and acl
Serveur WAPT¶
[FIX] waptserver: don’t try to convert jsonb boolean to raw boolean as it fails for postgresql <= 10
[FIX] better support for postgres upgrade for Debian / Ubuntu in postconf.py
[FIX] waptserver: path to waptdeploy on windows server to fix link
[FIX] during upgrade, run /opt/wapt/wapt-scanpackages.sh when run postconf.py
[NEW] waptserver: new option to set nginx port from waptserver.ini
WAPT-2.3.0.13356 (2023-01-10)¶
hash : fd590589
This is the first release of WAPT 2.3. This release does not have any new big feature, but brings a ton of little bugfixes and improvements to make WAPT usage more lean and smooth.
What’s New?¶
1000+ bugfixes
Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.
WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.
Improved Websocket connexion. Disconnects and reconnects have be made more robust.
Improved support on macOS.
Improved support on Linux.
Update of WAPT external components.
WAPT Console support on Linux (Debian and derivatives, Redhat and derivatives).
Tech Preview : WAPT Console support on macOS (Mojave and above).
Upgrade details¶
WAPT Server 2.3 needs PostgreSQL 10 or above. Please be sur to have the correct version running, especially if your server is running Debian and has been upgraded from Stretch:
If the WAPT Server is running on Debian or Ubuntu, if you have upgrade from Debian Stretch to Buster to Bullseye, please check that the running instance of PostgreSQL has been upgraded when the OS has been upgraded;
If you are on Redhat 7, upgrade is taken care of in the postconf script, and it should upgrade from 9.6 to 14;
If the WAPT Server is running on Redhat 8 or derivative, then the DB is already in a good version;
If the WAPT Server is running on Windows the DB upgrade is done during the upgrade from 9.6 to 14.
WAPT Core¶
[SEC] When checking exe certificate, first check that the signature is OK.
[SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.
[FIX] Fixed handling properly utf8 chars in certificate subject.
[FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.
[FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.
[IMP] remove client library dependency for command line progress bar.
[SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)
[REF] Removed unused functions.
[REF] Removed unused headers.
[IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s « created_by » attributes which were not not set.
[FIX] Windows setuphelpers: missing service_list in _all__.
[FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.
[NEW] Added armhf as a valid package architecture.
[FIX] Fixed
scan_packageissue when there are packages withoutpackage_uuid. Packages table was growing at eachscan_packages.[IMP] wapt-get: Added some help for
build-waptagentandadd-config/reset-config/set-config-from-url.[IMP]
wapt-get reset-config-from-url: removes dynamic configs fromconf.dtoo.[IMP] Re-include empty folders in zipped WAPT packages.
[FIX] Update for zip empty folder entries.
[FIX] When checking files and directories from package manifest, create empty directories from the
manifestfile if thet do not exist yet.[UPD]
wapt-get update-package-sources: Implicit transparent import of all functions frompackagesdevhelpers.py.[FIX] Do not audit packages with
install_status<> “OK”.[SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.
[NEW] waptconsole: Stuff
waptsetupwith json config for embedding into waptupgrade package.[FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.
[UPD]
wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.[FIX] Fixed regression in python _sign_control (encoding issue).
[UPG] Upgraded python to 3.8.16.
[IMP]
waptutils.pycleanup and small fix inuser_is_member_of.[REF] waptserver: Cleanup code with pyflakes.
[IMP] Allow none loglevel.
[NEW] Introduced
wapt-get reset-config-from-url.[FIX] Fixed json_load_file() by adding encoding option. Default is « utf-8 ».
[IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()
[FIX] Fixed
wapt-get add-config-from-urlin pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.[REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.
[FIX] Shows the proper logged user after login.
[IMP] Fallback other method for get domain in get_hostname.
[REF]
jsonconfigdata embedded in setup exe.[FIX] Default value for check verify cert.
[UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).
[UPD] wapt-get: Added a command to list the initial configs available on server (in
wapt/conf.d).[UPD] waptsetuputil: Added UnzipConfigFromExe.
[FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.
[IMP] buildlib: Do not remove unittest from python lib when creating the build environment.
[FIX]
remove_file()was unable to remove symlinks.[FIX] wapt core: Regression on uuid retrieval from WMI. “System_Information” key is an array.
[NEW] wapt core: added « wapt_temp_dir »
wapt-get.iniparameter to specify the directory wher packages are unzipped at installation (for wyse terminal).[REF] Introduced packagesdevhelpers python module to remove helpers useful only for « packages source update » and reduce import time of setuphelpers.
[IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with « winver » command, adding windows_version_full in hardware inventory
[IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.
[FIX] waptpackage: trim attributes value in
controldata. (“all” was retrieved as “all “ ).[IMP] twaptpackage: Always set architecture and priority default.
[UPD] Refactored SSLCABundle usage.
[FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.
[FIX] Fixed issue with in path in zipped files created with
CreateRecursiveZip.[FIX] Fixed file not found when calling
GetServerCertificate.[FIX] Fixed editing zipped package inplace (hosts packages).
[FIX] Added call to mormot2
RegisterOpensslfor Access violation in waptlicences.[IMP] Grid editor: Show which column is currently focused even if grid has not the focus.
[IMP] Use UTC time for expiration check of ACLs.
[UPD] wapt core: use datetime in UTC for
audit_data.[IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.
[IMP] Default grid order set to descending signature date.
[FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).
[FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.
[UPD] Refactored
SSLCABundleusage.[FIX] Fixed using particular characters in passwords.
[FIX] Fixed waptcore: Fixed the type for dynamic configuration.
[FIX] copytree2
replace_at_next_reboot.[REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).
[UPD] Created a full version 1.2.3.rev-hash into file
wapt/version-full.
Agent WAPT¶
[FIX] force create random uuid if bios uuid is not correct.
[FIX] Do not check
wsusscn2.cabif not Enterprise.[IMP] add host_capabilities inventory.
[IMP] Better JSON format (Human Readable) for Audit Data.
[FIX] Use parameter
IncludeCAonListSOCertificatesFromFolder.[FIX] Fixed translation issues in graphical components.
[FIX] Fixed last version, checks the minimal OS version
[FIX] edit waptwua if
install_delayhas value.[IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.
[FIX] Popping wrong license message on new installation.
[FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.
[FIX] Fixed add new rule missing import for
isenterprise.[NEW] Added disk drives to host overview template.
[IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.
[IMP] Improved local waptservice auth feedback.
[REF] Refactored waptservice code.
[FIX] Enable custom CA file for websockets certificate checking.
[FIX] Fixed WAPT Agent
websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.[IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.
[IMP] waptdeploy: Do not check wapt-get working condition.
[FIX] Fixed waptdeloy argument parsing.
[UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.
[NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.
[FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.
[FIX] Fixed
wapt-get build-waptagent: empty configuration name.[ADD] Check all rules signatures before doing anything else.
[IMP] The agent version is obtained from the exe, not the server.
[FIX] waptsetup auto json config: should accept
waptsetup-1.2.3_<confname>_<confhash>.exe.[FIX] Fixed remote WakeOnLAN.
[IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.
[FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.
[FIX] wapt-get: Set password callbacks after reloading config.
[FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.
[FIX] Stuffed waptsetup: Append waptwua settings to json.
[FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.
[NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded « default ».
[IMP] waptservice: Can start right after install even if no
wapt-get.ini.[NEW] Added nopassword to config wizard for
service_auth_type.[UPD] Added
wapt-get reset-config-from-urlandset-config-from-urljson configuration.[FIX] Do not delete the files if the signature has failed.
[IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.
[FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.
[FIX]
remove_user_appxwas not initialized from setuphelpers.[UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of
conf.ddynamic configuration.[IMP] waptsetup: Do not update
wapt-get.iniwhen using dynamic json configuration.[UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When
allow_unauthenticated_connect= True on the WAPT Server, the WAPT agents should be able to connect without getting a token.[FIX] waptself: Fixed next page button unavailable on last page.
[UPD] waptexit: Add
waptexit_disable_skip_windows_updatesparameter inwapt-get.inifile and commandline argument to disable the checkbox for skipping Windows Updates.[UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.
[UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.
[UPD] Enable
waptservice_allow_all_packagesonly for nopasswordservice_auth_type.[NEW] Added a waptservice parameter
waptservice_allow_all_packageswhich allow all user to install / remove all packages as if they were part of the waptselfservice group.[NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.
[FIX] Improved error message and wait cursor when waptselfservice is starting.
[FIX] Fixed selfservice missing common module for
self_service_ruleswhen using the nopassword argument with the WAPT Enterprise version.[FIX] Changed Icon for to Plus.
[IMP] User is now informed when self service can not get a token (service not started).
[FIX] Remove double slahs in url //Packages.
[NEW] Added Ubuntu22 in waptsetup package.
[FIX] Fixed waptmessage ambiguous “-s” option (use stdout and set window size), replaced by -c for init console.
[FIX] Fixed tasks list on host.
[FIX] Normalized view (lowercase) in grid for target_os from control part.
[FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).
[FIX] Use cached trusted signer certificates store instead of recreating it each time.
[FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.
[IMP] use --not-interactive with register if the installation runs in silent mode.
[FIX] waptservice: Do not ignore broadcast for
WaptUpdateServerStatusto avoid the WAPT Tray sticking upon sending data to the WAPT Server.[FIX] Fixed unable to synchronize remote repository.
[IMP] waptmessage: No autosize if a size is specified on the command line.
[FIX] Fixed no hash in clipboard, added missing helper for
add-config-from-urlin wapt-get.[IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).
[IMP]
install_schedulingwork if not in PENDING_UPDATES status.[FIX] Fixed waptexit compilation: Removed specific
WaptIniFilenamefunction.[FIX] Fixed waptmessage unable to load sqlite.
[IMP] Updated waptwua status to “NEED-SCAN” on hosts when
download_wsusscanis triggered andwsusscn2.cabfile is downloaded.[NEW] wapt core: Added
as_dictand descending parameters toWapt.read_audit_data_set.[IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.
[FIX] Fixed configuration package template
setup_package_template_conf.py.[FIX] Fixed waptservice configuration: Set the
configs_dirrelative towapt-get.inifull path.[FIX] Fixed waptservice “start_waptexit” with arguments Faulty arguments boolean value decoding.
[FIX] Fixed bad arguments sent to waptservice triggering upgrades with
only_prioritiesandonly_if_not_process_running.[FIX] Fixed
Wapt.write_audit_data_if_changed: Write data if previous data has expired.[FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.
[NEW] Option
include_potentially_superseded_updatesin configuration wizard.[FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from
wapt-get.ini.[FIX] Fixed waptservice: Make sure we have a random
secret_keyfor local waptservice session.[NEW] WAPTWUA superseded support.
[IMP] wapt-get edit now opens
update_package.pytoo.[UPD] Added a NEED-SCAN waptwua.status, updated when
Wapt.update()is called.[FIX] Fixed waptself: Set focus on search when opening.
[IMP] Ignore history for waptwua status.
[FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.
[FIX] Fixed wapt-get update-package-sources: use
devdirupdate_package.pyto callupdate_package()hook if this file exists. Else usesetup.py.[IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.
[FIX] Workaround fix when pyscripter is put as editor for packages.
params_vscod_listfixed when space in parameters. Reupdated description.[IMP] wapt-get edit now opens
changelog.txt, VSCod* now openscontrolfile too. wapt-get edit can now be run as user with VSCod* updatingwapt_sources_edit()description.[UPD] Changed default log path to
wapt/logif writable.[UPD] Same logging initialization code for all UI executables with
waptcommon.InitLoggingFromCommandLine.[IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.
Console WAPT¶
[FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.
[IMP] Process application messages when performing file hash/zip actions.
[FIX] Fixed waptconsole copy cert to
wapt/ssl: handle properly spaces in target directory name.[FIX] Place cursor at end of line instead of point of click in textareas.
[ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.
[FIX] Fixed proper images on actions buttons.
[FIX] Fixed OU icon when OU name contains an empty character.
[FIX] Fixed Out of bound error : add verification on condition check in specific cases.
[FIX] Fixed missing error message on secondary repositories.
[IMP] Improve usability of copying new certificate in
<WAPT>\ssldirectory[FIX] Fixed icon on action
ActWUAGetUnusedKB.[FIX] Fixed actions caption on toolbar in Windows Update.
[FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.
[FIX] Fixed popup menus on toolbar in OS Deployment.
[FIX] Fixed actions on toolbar in Software Inventory.
[NEW] waptconsole / waptserver: Added a specific ACL for
update_audit_data.[UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.
[FIX] Fixed locking some actions on non Enterprise versions.
[FIX] Fixed waptconsole package zip build:
CreateRecursiveZip.[IMP] cleanup of HTML templates on waptservice. Removed unused js.
[IMP] Showing icons for target_os.
[FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.
[FIX] Fixed waptconsole waptcrypto: implement
TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.[FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style)
controlfiles.[IMP] Basic POC for Auto Completion on Reporting Queries.
[FIX] Fixed viewing TechPreview Features does not take care of display preferences.
[FIX] Fixed the downloaded packages have now the chosen maturity.
[IMP] Show
*.cmdfiles in post install script selector.[NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.
[FIX] Fixed the button Type for update package warning.
[ADD] Confirm button before Update from the WAPT store.
[FIX] Fixed waptconsole update from the WAPT store Introduced
StripPrefixinTPackageRequestto allow searching in the repository on package name without prefix.[FIX] Include
min_os_versionandmax_os_versionin WAPT package identification to check which WAPT package is newest.[FIX] When building customized waptsetup, sometimes missing trusted certificate.
[FIX] Fixed the copy of
wapt-get.iniif there is nowaptconsole.ini.[NEW] Menu item for restoring toolbars to default.
[FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.
[FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.
[FIX] Fixed buttons links with actions on WSUS.
[FIX] Fixed encoding problem for WSUS.
[IMP] Removed GUI interface for the Update from the store action.
[ADD] Added a warning message before updating a WAPT package.
[ADD] Updated from the store button in private repository done.
[IMP] Added Updated part for the Store Update Action.
[IMP] Update from the store button (visual part).
[FIX] Fixed regression on creating new wuagroup package.
[UPD] waptconsole , config and hash instead of waptagent.exe/.
[FIX] Fixed __pycache__ included in zipped package when built from waptconsole.
[ADD] reporting: Added Unique save for each query.
[FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.
[FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.
[IMP] Use system font for html viewers.
[IMP] Allow package wizard without installer path.
[NEW] Added « keys » mustache helper for html templates.
[IMP] waptconsole: Do not try to ping servers before login dialog.
[FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.
[UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.
[IMP] Addied listening to ipv6 only if ipv6 is available.
[FIX] Fixed waptconsole crash if custom column with empty size cell.
[IMP] Added a warning when no DNS record is found (Remote repository).
[FIX] Fixed call if app is currently closing (login cancelled).
[IMP] Opening configuration by double-clicking on grid.
[IMP] Package wizard for portable apps.
[IMP] waptconsole, display bytes size in human readable format in grid.
[FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.
[IMP] Improved asking credentials on http error 401.
[FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.
[FIX] Fixed WAPT package creation for OUs.
[ADD] Link to the official documentation for the Config Package Wizard.
[IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.
[IMP] Improved warning before deleting a valid licence.
[FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.
[FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in
repositoriessetting inwaptconsole.ini.[FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.
[REF] waptserver model upgrade: removed unused database migration steps.
[UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.
[FIX] Fixed error editing same OU package in one session.
[ADD] ACL Edit Repo on Index for secondary repos
[FIX] Fixed missing editing ACL Edit Repo.
[FIX] Fixed waptconsole access violation when checking unzipped package signature.
[FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.
[IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.
[UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused
uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).[IMP] Improved the interpretation of checkbox states due to label description.
[IMP] Improved search when importing queries.
[FIX] Fixed host configuration package that are not editable right after creating them.
[FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.
[IMP] Removed Python dependency in the WAPT Console.
[UPD] waptconsole: Added popup menu to Json hardware treeview.
[IMP] Improved reporting import, now select all queries by default + some code improvement
[IMP] Improved enabling or disabling ACL by double click.
[FIX] Fixed waptconsole: html audit templates. Bad search order.
[FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.
[FIX] Fixed waptconsole: empty success message for some actions. Updated translations.
[FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.
[UPD] Fixed waptconsole: Added Edit html template popup menu action.
[FIX] Fixed no logo resizing if smaller size.
[UPD] Load html templates for
host_overviewandhost_auditfrom user’sappdatadirectory if it exists, else fromwapt.[REF] waptconsole: Refactored
TFrmHtmlViewerto lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in defaultwaptinstallation directory (%WAPTBASEDIR%templates).[UPD] waptconsole: Improved drag & drop of columns into GridHosts.
[FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.
[FIX] Fixed waptconsole drag & drop audit values.
[FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.
[IMP] waptconsole: Load AD Groups in thread.
[FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.
[REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store
[FIX] Fixed waptconsole: fixed host overview layout if no html template.
[UPD] waptconsole: host details layout changes: introduced html templates based overview if
templateshost_overview.htmlfile exists (mustache template).[FIX] Fixed waptconsole sendmessage gui splitter.
[IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.
[FIX] Fixed autosearch in
ttissearchcomponent.[NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.
[IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.
[NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).
[FIX] Fixed reporting queries grid layout not saved properly.
[UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).
[FIX] Fixed avoiding exception if no user was selected before adding ACL rights.
[FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).
[UPD] Updated icons on windows update status for WUA.
[FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.
[FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.
[FIX] Fixed waptconsole: Avoid error message of no
repo_urlfor last used package template section.[FIX] Fixed modifying a password if old password was empty.
[ADD] Hide / show all columns in grids.
[NEW] new option
check_package_versioninwaptconsole.ini.[UPD] waptconsole reporting: Added a quick search filtering zone for the query result.
[FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.
[UPD] Host menu for upgrading hosts part.
[REF] waptconsole multiserver: Refactored
TriggerActionOnHoststo send multiples actions to the right servers.[FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with
verify_cert= True.[UPD] Deleted host popup.
[NEW] Possibility to download WAPT packages when asking hosts for updates.
[UPD]
trigger_host_updateadding possibility to download the WAPT package after update.[FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.
[FIX] Fixed saving configuration when new configuration was created.
[FIX] Fixed saving language parameter.
[FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.
[FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.
[FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.
[FIX] patched
setup_package_template_cert.py.tmpl.[FIX] Fixed not adding « cn » in OU.
[FIX] Fixed layout on Windows Update part.
[FIX] Fixed the flow layout.
[IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.
[FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.
[NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).
[REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.
[REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in
DMWaptConsole.ReloadConfigFile. All sections with awapt_serverkey are taken in account. Shares the WaptServerSession across all waptserver connections.[FIX] Fixed bad port for veyon.
Serveur WAPT¶
[SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.
[SEC] Send minimal information on /ping api call.
[IMP] Set session cookie to 3 days
[IMP] waptserversetup: Check if there is a CRITICAL log entry during
winsetup.pyand exit with an exitcode 1000 if it is the case.[IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).
[FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.
[REF] Server python code cleanup.
[IMP] wapttasks: use environment variable on linux to pass
configfile path.[NEW] waptserver: reduced lifetime of session cookie to default 12h.
session_lifetimecan be changed inwaptserver.iniusingsession_lifetimeseconds parameter.[UPD] Updated to python 3.8.16 for all supported operating systems.
[FIX] Fixed stuffed setup exe naming on the WAPT Server.
[NEW] new parameter
list_subnet_skip_login_wads.[FIX] Fixed waptserver: shorten SQL columns aliases for long
get_hostsjson queries.[SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.
[NEW] waptservice websocket: Enabled certificate checking on websockets.
[IMP] waptserver: Added index on
computer_ad_ou.[FIX] Fixed waptserver: by default, do not create stuffed
waptsetupwhen a dynamic config is uploaded.[FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.
[NEW]
model.py: Addedupgrade-dbaction and --overwrite-version=1.2.3 option to force the replay of upgrade db.[FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.
[NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.
[NEW] If licences json data is empty, assume an empty list.
[IMP] Getting storage used by KBs.
[NEW] 22H2 build numbers in WindowsVersions class.
[NEW] Added
hosts_sidendpoint routing to uwsgi in nginx configuration templates.[FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.
[FIX] Fixed waptserver: ignore null bytes in audit data string values.
[FIX] Fixed waptserver: allow access to agent download without client certificate auth.
[FIX] Fixed waptserver model: remove references to unused HostExtData table.
[FIX] Fixed waptserver multiinstance with uwsgi: takes in account
application_rootfor interprocessget_ws_connections/api/v3/hosts_sid calls.[UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.
[UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the
wapt/waptagentfolder to be consistent with other agents location Same for waptdeploy.exe.[DEL] waptserver: Removed « enable_store » setting.
[UPD] waptconsole multiserver: display unreachable servers.
[FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.
[FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.
[FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.
[UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.
[UPD] waptconsole multi servers: Do not try to update / merge repo if
repo_urlis empty.[IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.
[IMP]
allow_unauthenticated_registrationis now likeuse_kerberos.[FIX] Postconf, current config is now autoselected.
[UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.
[UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.
[UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.
[FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.
[FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.
[REF] Removed
enterprise_common.py.[UPD] Upgrade nginx on Windows.
[UPD] Upgraded DB to postgresql v14 for windows.
[UPG] upgraded postgresql 9.6 to v14 on CentOS7.
[FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).
[FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.
[FIX] Fixed waptserver: Improved message when triggering action.
[IMP] Added HTST header to nginx template.
[FIX] Fixed waptserver
update_hosts_audit_data: Updated values with same global key (host_id,value_id).[FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).
[IMP] waptserver websocket auth: Put host certificates in cache.
[UPD] waptserver websocket: Do not cache UUID twice.
[REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.
[FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).
[IMP] waptserver: WIP endpoint
update_hosts_audit_datato bulk insert hosts related data.[IMP] waptserver: update api/v3/get_agents_info to match the online
wapt_agent_list.json.[FIX] Fixed glpi sync: simplified
glpi_upload_hosts.pyscript.[FIX] Fixed waptserver huey tasks:
licences_listnot properly initialized when not using defaultwaptserver.ini.[FIX] Fixed waptserver audit table structure upgrade: typo
[FIX] Fixed avoiding GET method limits on
hosts_for_wua.[FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.
[FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.
[UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.
[FIX] Fixed
update_server_statuswith dynamic configuration.[IMP] Include waptsetup.exe in waptserversetup.exe.
WADS¶
[FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.
[IMP] Check whether
winpe.wimand7z.exefiles exist when creating the WADS WinPE.[FIX] Added missing “/” in
wgetwadserror messages.[IMP] WADS: Added session login type and acl.
[IMP] WADS: Login to server only one time instead of for each request.
[IMP] WADS: Added flags: unchecked for wads login on Windows Server.
[IMP] Use of latest mormot function for
WgetWadsto fix DNS check.[IMP] Improved error messages for WADS and WGETWADS.
[IMP] Added option wads in Windows Server installer.
[IMP]
get_wads_secondary_repo–> follow protocol of the server connection.[FIX] Fixed
list_subnet_skip_login_wadsread configuration.[IMP] WinPE creation key
[REF] Remove useless code on
get_wads_config(Login WADS).[IMP] WgetWads does not require python to work.
[FIX] Be more indulgent on json rules for WADS.
[FIX] Fixed WADS working when no logging required.
[ADD] Login in IPXE, more tests needed.
[IMP] Proper way to secure
wads_get_config.[ADD] Login on WADS register host and get wads configuration.
[NEW] include hostname in
debian.ipxefor OS deployment.[FIX] Fixed
djoinwith given domainuser parameter.[IMP] Added back support GET method on /api/v3/get_wads_config.
[NEW] Added asset tag in HostOSDeploy.
[IMP] Ask for a new hostname when starting to deploy if hostname equals to “autoregister”.
[IMP] Improved filtering keyboard faster + french translation in Make WinPE.
[FIX] Fixed missing glob import in WADS
get_iso_config.[NEW] Adding drivers in WinPE from WADS drivers.
[IMP] Improved feedback when the
djoinfails (already existing machine).[WADS] <Value> format in XML was incorrect and not complete for password definition.
[IMP] Last error message added for failed
djoin.[FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.
[IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.
[NEW] Added customized WinPE export to zip file.
[IMP] Improved showing the error message on upload failure.
[IMP] Improved applying default configuration on wads host if no configuration has been set.
[IMP] ISO download dialog box.
[IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.
[IMP] WADS: XML no longer disable UAC by default.
[FIX] Fixed
mac_addressnot returned with iPXE.[ADD] Added
ipxe_script_jinja_pathand two templates.[UPD] Added file type filters for loading the post-install script.
[FIX] Restored a progression bar when uploading the ISO and the winpe files.
[IMP] kill wapttftpserver and uninstall the service before installing it.
[ADD] Added Windows 11 unattend XML template files.
[IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).
[FIX] Added tftp firewalld port opening.
[IMP] Avoid creating WinPE on Windows partition + some ACL added.
[UPD] Renamed drivers bundle filenames to sha256(filename).
[ADD] Added a template for Debian.
[UPD] GridConfigDeploy showing the platform now.
[FIX] Fixed saving bundle names.
[NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.
[FIX] Fixed SELinux rules for wads.
[FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).
[UPD] WADS grayed when windows update repository is selected.
[UPD] Possibility to select an iso file even if not Windows.
[FIX] Fixed waptconsole
uploadWinPE: regression in upload progress bar and incomplete zip.[FIX] Fixed wads to include non CA certificates for WinPE build.
[IMP] Added
ipxe_scriptin DeployConfig table.
WAPT Agent MacOS¶
[UPD] Delete old pkg if available in pkg list.
[NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.
[FIX] Improved support for macOS MenuBar.
[FIX] Added WAPT Console .app plist file for macOS X.
[FIX] Fixed some macOS X model and serial number reports.
[FIX] Fixed macOS X
local_groupskey inhost_info.[FIX] Updated mormot2 for gssapi on macOS X.
[NEW] support WADS security, Network masks.
[FIX] Fixed
installed_softwareson MacOS.[NEW] Added timestamping to pkg signing.
[FIX] Fixed getting agent version in
get_wads_config.[NEW] Added entitlements file for macOS signing.
[IMP] Force light UI when DarkMode is active on macOS.
[FIX] Fixed opening maximized self service on macOS
[FIX] Fixed loading hosts on macOS when more options in inventory is checked.
[IMP] Better handle on input (utf8 convertion).
[IMP] macOS: Updated build script to handle binary file signing and better debugging.
[IMP] Patched
dmidecodeinfo for macOS.[FIX] Fixed macOS core
get_hostnamereturn binary string instead of str -> update_status loop.[IMP] Use
system_profiler_infofordmi_infoon macOS X.[REF]
plistlib.readPlistFromBytesdeprecation fix.[FIX] Fixed core macOS: use UUID from
system_profiler_infoinstead ofdmidecode.[FIX] Fixed duplicated macOS code in setuphelpers for
get_hostname().[IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.
[NEW] Added the WAPT Console to Linux and macOS gui distribution.
[IMP] Fixed keyword and name with
installed_softwaresin macOS and Linux.[FIX] Fixed register for macOS.
[FIX] Fixed custom waptmessage logo linux.
[FIX] Fixed harakiri on non Windows kills all running processes.
[FIX] Fixed restart waptservice for macOS.
[IMP] Silently attach dmg file.
[FIX] Fixed
get_file_typein macOS.
WAPT Agent Linux¶
[FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.
[IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.
[IMP] Improve support for dark mode on WAPT Console on Linux
[IMP] Replaced in
/usr/bin/wapt-get.sh by wapt-get.bin.[IMP] Added Ubuntu and CentOS icons.
[IMP] Added icons in ImportPackages window.
[FIX] Fixed
user_local_appdatafor Linux.[IMP] waptagent Debian package: removed system python3 dependency.
[IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.
[IMP] Added
PYTHONNOUSERSITE= True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.[UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).
[NEW] Added the WAPT Console to Linux and MacOS gui distribution.
[FIX] Fixed configpackage wizard and main form layouts for Linux.
[UPD] Updated virtualtreeview for Linux visual grid lines improvements.
[IMP] Fixed keyword and name with
installed_softwaresin macOS and Linux.[FIX] Fixed harakiri on non Windows kills all running processes.
[ADD] Added snap software inventory.
[FIX] Fixed waptservice linux restart Linux: AttributeError:
WaptServiceRestartobject has no attribute logger.[NEW] Linux OS deployment.
[FIX] Added firewalld rule on RedHat based server for wapttftpserver.
WAPT-2.3.0.13334 RC3 (2023-01-06)¶
hash : a06031bd
This is the third release candidate of WAPT 2.3.
This is a release candidate for testing that is not intended for production.
This changelog lists the fixes sinces WAPT 2.3 RC2.
WAPT Core¶
[SEC] When checking exe certificate, first check that the signature is OK.
[SEC] when stuffing waptsetup.exe, check that waptsetup.exe downloaded from wapt server is properly signed by Tranquil IT.
[FIX] Fixed handling properly utf8 chars in certificate subject.
[FIX] Small improvement for wapt-get build-waptagent. Do not ask the server password twice.
[FIX] Fixed stuffed legacy waptagent build: be sure to have a deterministic binary result when stuffing in waptconsole or server side.
[IMP] remove client library dependency for command line progress bar.
Agent WAPT¶
[FIX] force create random uuid if bios uuid is not correct.
[FIX] Do not check
wsusscn2.cabif not Enterprise.
Serveur WAPT¶
[SEC] Windows: waptserversetup.exe windows: do not reenable acl inheritance on wapt root folder.
[SEC] Send minimal information on /ping api call.
[IMP] Set session cookie to 3 days
Console WAPT¶
[FIX] display an explicit error message if a new host package can not be saved on the WAPT Server because of acl.
[IMP] Process application messages when performing file hash/zip actions.
[FIX] Fixed waptconsole copy cert to
wapt/ssl: handle properly spaces in target directory name.[FIX] Place cursor at end of line instead of point of click in textareas.
WADS¶
[FIX] Clear WADS stdout before and after diskpart to avoid broken stdout.
[IMP] Check whether
winpe.wimand7z.exefiles exist when creating the WADS WinPE.[FIX] Added missing “/” in
wgetwadserror messages.
WAPT Linux¶
[FIX] Fixed logrotate on RedHat8 for waptserver and wapttasks.
[IMP] wapt-get.bin: Improved python traceback format with proper line endings on non Windows.
[IMP] Improve support for dark mode on WAPT Console on Linux
WAPT-2.3.0.13301 RC2 (2023-01-04)¶
hash: a2af0e8d
What’s New?¶
This is second release candidate of WAPT 2.3. This is second release candidate of WAPT 2.3.
This is a release candidate for testing that is not intended for production.
This changelog lists the fixes sinces WAPT 2.3 RC1.
Note : for security reasons in waptpython, Python isolated mode is now enabled by default (Python -I). If you are using the waptpython Python environment outside of WAPT, please be sure to check for the corresponding Python documentation.
WAPT Core¶
[SEC] waptpython 3.8.16 is now compiled with the isolated mode flag at true by default (Python -I)
Console WAPT¶
[ADD] Popup Menu with Copy and Copy as JSon for Audit TreeView.
[FIX] Fixed proper images on actions buttons.
[FIX] Fixed OU icon when OU name contains an empty character.
[FIX] Fixed Out of bound error : add verification on condition check in specific cases.
[FIX] Fixed missing error message on secondary repositories.
[IMP] Improve usability of copying new certificate in
<WAPT>\ssldirectory
Agent WAPT¶
[IMP] add host_capabilities inventory.
[IMP] Better JSON format (Human Readable) for Audit Data.
[FIX] Use parameter
IncludeCAonListSOCertificatesFromFolder.[FIX] Fixed translation issues in graphical components.
[FIX] Fixed last version, checks the minimal OS version
[FIX] edit waptwua if
install_delayhas value.
WADS¶
[IMP] WADS: Added session login type and acl.
[IMP] WADS: Login to server only one time instead of for each request.
[IMP] WADS: Added flags: unchecked for wads login on Windows Server.
[IMP] Use of latest mormot function for
WgetWadsto fix DNS check.[IMP] Improved error messages for WADS and WGETWADS.
[IMP] Added option wads in Windows Server installer.
[IMP]
get_wads_secondary_repo–> follow protocol of the server connection.[FIX] Fixed
list_subnet_skip_login_wadsread configuration.[IMP] WinPE creation key
WAPT Linux Agent¶
[IMP] Replaced in
/usr/bin/wapt-get.sh by wapt-get.bin.[IMP] Added Ubuntu and CentOS icons.
[IMP] Added icons in ImportPackages window.
WAPT-2.3.0.13239 RC1 (2022-12-21)¶
hash: 675d861e
What’s New?¶
1000+ bugfixes
Less issues with false positive with antivirus software when deploying a new agent: WAPT Agents do not need to be rebuilt. The WAPT Agent is based on waptsetup.exe with certificate and configuration stored in the certificate signature of the file. The signature of the file is not altered.
WAPT Agent on Linux and macOS: improved workflow for installing and updating the WAPT Agent.
Improved Websocket connexion. Disconnects and reconnects have be made more robust.
Improved support on macOS.
Improved support on Linux.
Update of WAPT external components.
Tech Preview¶
WAPT Console support on Linux (Debian and derivatives, Redhat and derivatives).
WAPT Console support on macOS (Mojave and above).
WAPT Core¶
[REF] Removed unused functions.
[REF] Removed unused headers.
[IMP] waptservice: fix setting loglevel for specific components do not log WS listening too often. Fixed some action’s « created_by » attributes which were not not set.
[FIX] Windows setuphelpers: missing service_list in _all__.
[FIX] wapt-get: moved LoadOpenSSLFromPythonLib to get proper path for RegWaptBaseDir on Linux.
[NEW] Added armhf as a valid package architecture.
[FIX] Fixed
scan_packageissue when there are packages withoutpackage_uuid. Packages table was growing at eachscan_packages.[IMP] wapt-get: Added some help for
build-waptagentandadd-config/reset-config/set-config-from-url.[IMP]
wapt-get reset-config-from-url: removes dynamic configs fromconf.dtoo.[IMP] Re-include empty folders in zipped WAPT packages.
[FIX] Update for zip empty folder entries.
[FIX] When checking files and directories from package manifest, create empty directories from the
manifestfile if thet do not exist yet.[UPD]
wapt-get update-package-sources: Implicit transparent import of all functions frompackagesdevhelpers.py.[FIX] Do not audit packages with
install_status<> “OK”.[SEC] waptpackage: Cleanup removed multiple MD type. We use only sha256 now.
[NEW] waptconsole: Stuff
waptsetupwith json config for embedding into waptupgrade package.[FIX] waptpackage signature issue if the WAPT package is created from scratch with null attributes (ex. max_os_version). If signed, these null attributes are written to control file as sempty string, this breaks the signature control. So we initialize all default signed attributes to empty string instead of null.
[UPD]
wapt-get create-waptagent: Use json embedded config stuffed into certificate zone of executable signature.[FIX] Fixed regression in python _sign_control (encoding issue).
[UPG] Upgraded python to 3.8.16.
[IMP]
waptutils.pycleanup and small fix inuser_is_member_of.[REF] waptserver: Cleanup code with pyflakes.
[IMP] Allow none loglevel.
[NEW] Introduced
wapt-get reset-config-from-url.[FIX] Fixed json_load_file() by adding encoding option. Default is « utf-8 ».
[IMP] waptguihelper: Introduced StayOnTop argument for input_dialog() and grid_dialog()
[FIX] Fixed
wapt-get add-config-from-urlin pure Pascal. The hash is retrieved from the filename if present, or as second parameter of command line.[REF] wapt python core: Removed sha1 compatibility with wapt 1.3 packages signatures.
[FIX] Shows the proper logged user after login.
[IMP] Fallback other method for get domain in get_hostname.
[REF]
jsonconfigdata embedded in setup exe.[FIX] Default value for check verify cert.
[UPD] Introduced uwaptjsonconfig (port of json config from python to FPC).
[UPD] wapt-get: Added a command to list the initial configs available on server (in
wapt/conf.d).[UPD] waptsetuputil: Added UnzipConfigFromExe.
[FIX] Removed global variable for PopupEnterprise, check Licensing after closing the window.
[IMP] buildlib: Do not remove unittest from python lib when creating the build environment.
[FIX]
remove_file()was unable to remove symlinks.[FIX] wapt core: Regression on uuid retrieval from WMI. “System_Information” key is an array.
[NEW] wapt core: added « wapt_temp_dir »
wapt-get.iniparameter to specify the directory wher packages are unzipped at installation (for wyse terminal).[REF] Introduced packagesdevhelpers python module to remove helpers useful only for « packages source update » and reduce import time of setuphelpers.
[IMP] windows_version() now getting the correct UBR (Update Build Revision) shown with « winver » command, adding windows_version_full in hardware inventory
[IMP] waptguihelper: help improved for grid_dialog - also, introduced an (optional) Text parameter.
[FIX] waptpackage: trim attributes value in
controldata. (“all” was retrieved as “all “ ).[IMP] twaptpackage: Always set architecture and priority default.
[UPD] Refactored SSLCABundle usage.
[FIX] Fixed waptpackage build issue when sourceroot includes the ending path separator. Fixed self service package building. Fixed version incbuild result.
[FIX] Fixed issue with in path in zipped files created with
CreateRecursiveZip.[FIX] Fixed file not found when calling
GetServerCertificate.[FIX] Fixed editing zipped package inplace (hosts packages).
[FIX] Added call to mormot2
RegisterOpensslfor Access violation in waptlicences.[IMP] Grid editor: Show which column is currently focused even if grid has not the focus.
[IMP] Use UTC time for expiration check of ACLs.
[UPD] wapt core: use datetime in UTC for
audit_data.[IMP] wapt core: allow usage of an environment variable waptbasedir to specify the location of root waptbasedir.
[IMP] Default grid order set to descending signature date.
[FIX] Allow ~ character in WAPT package names (for spaces in Organizational Units packages).
[FIX] waptcrypto: Fixed certificate filename attribute not set when loading a certificate chain.
[UPD] Refactored
SSLCABundleusage.[FIX] Fixed using particular characters in passwords.
[FIX] Fixed waptcore: Fixed the type for dynamic configuration.
[FIX] copytree2
replace_at_next_reboot.[REF] Moved all the dynamic json config functions into the WAPT class to take in account the actual agent settings (specially directories).
[UPD] Created a full version 1.2.3.rev-hash into file
wapt/version-full.
Agent WAPT¶
[IMP] When uninstalling the WAPT Agent, stop the waptservice only if the service exists.
[FIX] Popping wrong license message on new installation.
[FIX] waptservice socketio: Force get new ws params in case of connection error like when config is updated.
[FIX] Fixed add new rule missing import for
isenterprise.[NEW] Added disk drives to host overview template.
[IMP] Reduced size of host json inventory data. Do not send host configurations data if not changed. Do not send audit_data headers if no data. Fixed last audit data that was always sent.
[IMP] Improved local waptservice auth feedback.
[REF] Refactored waptservice code.
[FIX] Enable custom CA file for websockets certificate checking.
[FIX] Fixed WAPT Agent
websockets_verify_cert: error reading setting from ini file. Reset socketioclient to None when connection error to force recreating the object with new TLS settings.[IMP] waptdeploy: Use only registry wapt_is1 install location to get the WAPT base directory.
[IMP] waptdeploy: Do not check wapt-get working condition.
[FIX] Fixed waptdeloy argument parsing.
[UPD] waptsetup: Removed distribution of innosetup as it is no longer needed.
[NEW] waptdeploy: Check that the WAPT Agent installer and wapt-get.exe are digitally signed by Tranquil IT.
[FIX] waptdeploy wapt basedir guessing. Hardened waptdeploy RunTask.
[FIX] Fixed
wapt-get build-waptagent: empty configuration name.[ADD] Check all rules signatures before doing anything else.
[IMP] The agent version is obtained from the exe, not the server.
[FIX] waptsetup auto json config: should accept
waptsetup-1.2.3_<confname>_<confhash>.exe.[FIX] Fixed remote WakeOnLAN.
[IMP] waptservice: Do not include PrinterPaperNames, PaperSizesSupported and self_service_rules in inventory sent to the WAPT Server.
[FIX] waptexit: If unable to get licences from waptservice, assume is_enterprise is False.
[FIX] wapt-get: Set password callbacks after reloading config.
[FIX] Shortened the upgrade scheduled task argument, as it is limited to 256 chars.
[FIX] Stuffed waptsetup: Append waptwua settings to json.
[FIX] waptserver socketio: Host does not register / reconnect by itself when deleted from the WAPT Server.
[NEW] waptsetup.exe : If waptagent.exe is named, and only one config is embedded, take the first available config for the name of the configuartion to install instead of hardcoded « default ».
[IMP] waptservice: Can start right after install even if no
wapt-get.ini.[NEW] Added nopassword to config wizard for
service_auth_type.[UPD] Added
wapt-get reset-config-from-urlandset-config-from-urljson configuration.[FIX] Do not delete the files if the signature has failed.
[IMP] waptsetup: Display a summary of embedded stuffed json configurations. Removed use dynamic configuration task.
[FIX] waptserver: Fixed WakeOnLAN issue when no broadcast address exists in inventory.
[FIX]
remove_user_appxwas not initialized from setuphelpers.[UPD] waptsetup: ApplyJsonConfigToIniFile when a json configuration is stuffed instead of
conf.ddynamic configuration.[IMP] waptsetup: Do not update
wapt-get.iniwhen using dynamic json configuration.[UPD] waptservice socketio: Do not require connection params update / reconnection try if there is no authorization token. When
allow_unauthenticated_connect= True on the WAPT Server, the WAPT agents should be able to connect without getting a token.[FIX] waptself: Fixed next page button unavailable on last page.
[UPD] waptexit: Add
waptexit_disable_skip_windows_updatesparameter inwapt-get.inifile and commandline argument to disable the checkbox for skipping Windows Updates.[UPD] wapt-get: Return ExitCode <> 0 when an exception is raised Added ping --service command to check waptservice accessibility from waptsetup.
[UPD] waptself: Display details of WAPT package on top of packages list to avoid reframes.
[UPD] Enable
waptservice_allow_all_packagesonly for nopasswordservice_auth_type.[NEW] Added a waptservice parameter
waptservice_allow_all_packageswhich allow all user to install / remove all packages as if they were part of the waptselfservice group.[NEW] If a json configuration is provided in waptsetup as stuffed data in certicode certificate area, use it for initial configuration.
[FIX] Improved error message and wait cursor when waptselfservice is starting.
[FIX] Fixed selfservice missing common module for
self_service_ruleswhen using the nopassword argument with the WAPT Enterprise version.[FIX] Changed Icon for to Plus.
[IMP] User is now informed when self service can not get a token (service not started).
[FIX] Remove double slahs in url //Packages.
[NEW] Added Ubuntu22 in waptsetup package.
[FIX] Fixed waptmessage ambiguous “-s” option (use stdout and set window size), replaced by -c for init console.
[FIX] Fixed tasks list on host.
[FIX] Normalized view (lowercase) in grid for target_os from control part.
[FIX] Fixed execution of waptmessage in file instead of base64 (to avoid too long command line).
[FIX] Use cached trusted signer certificates store instead of recreating it each time.
[FIX] Fixed signed_attributes written as string list (instead of python form) and signer is the signer certificate Common Name.
[IMP] use --not-interactive with register if the installation runs in silent mode.
[FIX] waptservice: Do not ignore broadcast for
WaptUpdateServerStatusto avoid the WAPT Tray sticking upon sending data to the WAPT Server.[FIX] Fixed unable to synchronize remote repository.
[IMP] waptmessage: No autosize if a size is specified on the command line.
[FIX] Fixed no hash in clipboard, added missing helper for
add-config-from-urlin wapt-get.[IMP] Limit access right to Administrators to log directory (in case non public stuff gets written to logs).
[IMP]
install_schedulingwork if not in PENDING_UPDATES status.[FIX] Fixed waptexit compilation: Removed specific
WaptIniFilenamefunction.[FIX] Fixed waptmessage unable to load sqlite.
[IMP] Updated waptwua status to “NEED-SCAN” on hosts when
download_wsusscanis triggered andwsusscn2.cabfile is downloaded.[NEW] wapt core: Added
as_dictand descending parameters toWapt.read_audit_data_set.[IMP] Do not take care anymore of maturity for version when it is compared to WAPT store version.
[FIX] Fixed configuration package template
setup_package_template_conf.py.[FIX] Fixed waptservice configuration: Set the
configs_dirrelative towapt-get.inifull path.[FIX] Fixed waptservice “start_waptexit” with arguments Faulty arguments boolean value decoding.
[FIX] Fixed bad arguments sent to waptservice triggering upgrades with
only_prioritiesandonly_if_not_process_running.[FIX] Fixed
Wapt.write_audit_data_if_changed: Write data if previous data has expired.[FIX] Updated the template of dynamic json configuration packages to match new location and naming of json configuration related functions.
[NEW] Option
include_potentially_superseded_updatesin configuration wizard.[FIX] Fixed waptservice: Be sure to dynamically revert to default setting when a key is removed from
wapt-get.ini.[FIX] Fixed waptservice: Make sure we have a random
secret_keyfor local waptservice session.[NEW] WAPTWUA superseded support.
[IMP] wapt-get edit now opens
update_package.pytoo.[UPD] Added a NEED-SCAN waptwua.status, updated when
Wapt.update()is called.[FIX] Fixed waptself: Set focus on search when opening.
[IMP] Ignore history for waptwua status.
[FIX] Fixed wapt-get update-package-sources: Handle properly relative path to package sources.
[FIX] Fixed wapt-get update-package-sources: use
devdirupdate_package.pyto callupdate_package()hook if this file exists. Else usesetup.py.[IMP] wapttray: Launch external waptself and waptconsole with OpenDocument instead of windows only ShellExecuteW.
[FIX] Workaround fix when pyscripter is put as editor for packages.
params_vscod_listfixed when space in parameters. Reupdated description.[IMP] wapt-get edit now opens
changelog.txt, VSCod* now openscontrolfile too. wapt-get edit can now be run as user with VSCod* updatingwapt_sources_edit()description.[UPD] Changed default log path to
wapt/logif writable.[UPD] Same logging initialization code for all UI executables with
waptcommon.InitLoggingFromCommandLine.[IMP] waptservice waptself: localauth with file token (ie. nopassword). Handles local groups.
Console WAPT¶
[FIX] Fixed icon on action
ActWUAGetUnusedKB.[FIX] Fixed actions caption on toolbar in Windows Update.
[FIX] Fixed removing ability to personalize toolbuttons on ISO, configs, and drivers in OS Deployment.
[FIX] Fixed popup menus on toolbar in OS Deployment.
[FIX] Fixed actions on toolbar in Software Inventory.
[NEW] waptconsole / waptserver: Added a specific ACL for
update_audit_data.[UPD] Increasing softwares max count limit in Software Inventory from 5000 to 20000.
[FIX] Fixed locking some actions on non Enterprise versions.
[FIX] Fixed waptconsole package zip build:
CreateRecursiveZip.[IMP] cleanup of HTML templates on waptservice. Removed unused js.
[IMP] Showing icons for target_os.
[FIX] Fixed waptconsole TX509Store: when intermediate certificates are provided in user .pem certificate file, only trust the first one.
[FIX] Fixed waptconsole waptcrypto: implement
TX509Store.GetCertificatesChainFromFingerprint. Fixed self signed certificates are always trusted when checking the WAPT package.[FIX] Fixed waptconsole: when signing packages, make sure we end with LF only (n unix style)
controlfiles.[IMP] Basic POC for Auto Completion on Reporting Queries.
[FIX] Fixed viewing TechPreview Features does not take care of display preferences.
[FIX] Fixed the downloaded packages have now the chosen maturity.
[IMP] Show
*.cmdfiles in post install script selector.[NEW] Upload a default json configuration on the WAPT Server when building waptagent.exe. Fixed waptsetup.exe stuffing on the WAPT Server when uploading a json configuration.
[FIX] Fixed the button Type for update package warning.
[ADD] Confirm button before Update from the WAPT store.
[FIX] Fixed waptconsole update from the WAPT store Introduced
StripPrefixinTPackageRequestto allow searching in the repository on package name without prefix.[FIX] Include
min_os_versionandmax_os_versionin WAPT package identification to check which WAPT package is newest.[FIX] When building customized waptsetup, sometimes missing trusted certificate.
[FIX] Fixed the copy of
wapt-get.iniif there is nowaptconsole.ini.[NEW] Menu item for restoring toolbars to default.
[FIX] Fixed actions on toolbar in WAPT Development and OS Deployment forms.
[FIX] Fixed removing certificates in create waptsetup [NEW] function for listing certificates from folder.
[FIX] Fixed buttons links with actions on WSUS.
[FIX] Fixed encoding problem for WSUS.
[IMP] Removed GUI interface for the Update from the store action.
[ADD] Added a warning message before updating a WAPT package.
[ADD] Updated from the store button in private repository done.
[IMP] Added Updated part for the Store Update Action.
[IMP] Update from the store button (visual part).
[FIX] Fixed regression on creating new wuagroup package.
[UPD] waptconsole , config and hash instead of waptagent.exe/.
[FIX] Fixed __pycache__ included in zipped package when built from waptconsole.
[ADD] reporting: Added Unique save for each query.
[FIX] Fixed SQL query editor: any query can be edited at any time, without erasing the others.
[FIX] Fixed SQL query editor: if queries are already created and registered and have the same name, you can edit both without overwriting the other one.
[IMP] Use system font for html viewers.
[IMP] Allow package wizard without installer path.
[NEW] Added « keys » mustache helper for html templates.
[IMP] waptconsole: Do not try to ping servers before login dialog.
[FIX] Fixed enabling build and upload if all information are set / pre configuration in case of portable app if an executable is found.
[UPD] waptconsole Cyberwatch integration. Added Values mustache helper to format dict as list for Cyberwatch html report template. Added styled Cyberwatch example audit template.
[IMP] Addied listening to ipv6 only if ipv6 is available.
[FIX] Fixed waptconsole crash if custom column with empty size cell.
[IMP] Added a warning when no DNS record is found (Remote repository).
[FIX] Fixed call if app is currently closing (login cancelled).
[IMP] Opening configuration by double-clicking on grid.
[IMP] Package wizard for portable apps.
[IMP] waptconsole, display bytes size in human readable format in grid.
[FIX] Fixed OU options that are now available if the user is currently focusing the OU grid.
[IMP] Improved asking credentials on http error 401.
[FIX] Fixed waptconsole: random timeout error when running commands from the WAPT Console.
[FIX] Fixed WAPT package creation for OUs.
[ADD] Link to the official documentation for the Config Package Wizard.
[IMP] Proper restore of GUI when WindowState is maximized. Prevent flickering if starting maximized.
[IMP] Improved warning before deleting a valid licence.
[FIX] Fixed waptconsole regression: import packages. Check the signature even if it is disabled in remote repository settings.
[FIX] Fixed waptconsole regression on additional private repositories listed in the repositories tab, even if not defined in
repositoriessetting inwaptconsole.ini.[FIX] Fixed waptconsole: private key password is not asked again if a matching key can not be found or decrypted.
[REF] waptserver model upgrade: removed unused database migration steps.
[UPD] waptserversetup: avoid automatic restart when installing MSVC 2022.
[FIX] Fixed error editing same OU package in one session.
[ADD] ACL Edit Repo on Index for secondary repos
[FIX] Fixed missing editing ACL Edit Repo.
[FIX] Fixed waptconsole access violation when checking unzipped package signature.
[FIX] Fixed waptonsole multiple update of hosts corrupt packages depends grid display.
[IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.
[UPD] waptconsole: lazy loading of DMPython. Removed python source scripter tab on main form. Moved to (inactive) uvispysources. Removed debug panel on main form removed unused
uvissearchpackage. Added some euristic icons on audit and reporting grids depending on well known values (OK, ERROR etc…).[IMP] Improved the interpretation of checkbox states due to label description.
[IMP] Improved search when importing queries.
[FIX] Fixed host configuration package that are not editable right after creating them.
[FIX] Fixed waptconsole pkcs12 export and email in X509 certificates.
[IMP] Removed Python dependency in the WAPT Console.
[UPD] waptconsole: Added popup menu to Json hardware treeview.
[IMP] Improved reporting import, now select all queries by default + some code improvement
[IMP] Improved enabling or disabling ACL by double click.
[FIX] Fixed waptconsole: html audit templates. Bad search order.
[FIX] Fixed waptconsole: actions categories fixes and updates. Hide unused categories from toolbars customization.
[FIX] Fixed waptconsole: empty success message for some actions. Updated translations.
[FIX] Fixed waptconsole get agents installers: fixed MISSING -> OK status.
[UPD] Fixed waptconsole: Added Edit html template popup menu action.
[FIX] Fixed no logo resizing if smaller size.
[UPD] Load html templates for
host_overviewandhost_auditfrom user’sappdatadirectory if it exists, else fromwapt.[REF] waptconsole: Refactored
TFrmHtmlViewerto lookup templates either in user templates directory (%APPDATA%waptconsoletemplates) or in defaultwaptinstallation directory (%WAPTBASEDIR%templates).[UPD] waptconsole: Improved drag & drop of columns into GridHosts.
[FIX] Fixed blocking action editing WSUS package if no Enterprise licence is active.
[FIX] Fixed waptconsole drag & drop audit values.
[FIX] Fixed waptconsole regression when signing unit package or modyfing stripped down WAPT packages.
[IMP] waptconsole: Load AD Groups in thread.
[FIX] Fixed waptconsole compilation without USE_WAPTPACKAGE flag.
[REF] waptconsole: Introduced an interface for uwaptpackage TWaptPackage WIP: fix compilation when USE_WAPTPACKAGE is defined TODO: implement IX509Store
[FIX] Fixed waptconsole: fixed host overview layout if no html template.
[UPD] waptconsole: host details layout changes: introduced html templates based overview if
templateshost_overview.htmlfile exists (mustache template).[FIX] Fixed waptconsole sendmessage gui splitter.
[IMP] waptconsole: check that downloaded waptsetup version is the same or newer than that of the WAPT Server.
[FIX] Fixed autosearch in
ttissearchcomponent.[NEW] waptconsole: Added a popumenu copy to clipboard as json for audit data.
[IMP] waptconsole: allow drag & drop of a audit json value subkey from value tree explorer.
[NEW] waptconsole: displays audit history and WIP audit data explorer (treeview + html template).
[FIX] Fixed reporting queries grid layout not saved properly.
[UPD] GUI Vis ACL: zebra colored lines and added possibility to change user password from one button (same action like in right click on user).
[FIX] Fixed avoiding exception if no user was selected before adding ACL rights.
[FIX] Fixed trigger downloads when triggering updates from the WAPT Console (missing import).
[UPD] Updated icons on windows update status for WUA.
[FIX] Fixed waptconsole check external repository version timeout exception raised in frontend.
[FIX] Fixed waptconsole multiserver: fixed can’t trigger action on servers other than main WAPT Server.
[FIX] Fixed waptconsole: Avoid error message of no
repo_urlfor last used package template section.[FIX] Fixed modifying a password if old password was empty.
[ADD] Hide / show all columns in grids.
[NEW] new option
check_package_versioninwaptconsole.ini.[UPD] waptconsole reporting: Added a quick search filtering zone for the query result.
[FIX] Fixed wrong message when no admin rights and the WAPT Agent needs to be upgraded or is not present.
[UPD] Host menu for upgrading hosts part.
[REF] waptconsole multiserver: Refactored
TriggerActionOnHoststo send multiples actions to the right servers.[FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with
verify_cert= True.[UPD] Deleted host popup.
[NEW] Possibility to download WAPT packages when asking hosts for updates.
[UPD]
trigger_host_updateadding possibility to download the WAPT package after update.[FIX] Fixed waptconsole: The WAPT Console crashed when checking newest packages if wapt-templates repository is protected with an encrypted client key.
[FIX] Fixed saving configuration when new configuration was created.
[FIX] Fixed saving language parameter.
[FIX] Fixed waptconsole: access violation when access to external repository is blocked or needs a proxy.
[FIX] Fixed waptconsole multiserver regression: unable to edit a WAPT package which was just edited.
[FIX] Fixed waptconsole edit conf package: Do not close if error when uploading to the WAPT Server.
[FIX] patched
setup_package_template_cert.py.tmpl.[FIX] Fixed not adding « cn » in OU.
[FIX] Fixed layout on Windows Update part.
[FIX] Fixed the flow layout.
[IMP] waptconsole: WIP multiserver. Mostly works for hosts, but not for packages management.
[FIX] Fixed waptconsole: re-enable dataexport to .csv for grids.
[NEW] Explicit hint on number version when the WAPT package is not up to date (GridPackages).
[REF] Refactored private key password handling. Added a callback to clear cached key password in case of decrypt error in http client. Stores client https authentication key password in same storage as package private keys.
[REF] WIP for multiserver console. WaptCookieManager takes in accounts the domain. TODO: send allowed session cookies for cross domain auth. Lazy loading of waptserver instance. Loads list of servers in
DMWaptConsole.ReloadConfigFile. All sections with awapt_serverkey are taken in account. Shares the WaptServerSession across all waptserver connections.[FIX] Fixed bad port for veyon.
Serveur WAPT¶
[IMP] waptserversetup: Check if there is a CRITICAL log entry during
winsetup.pyand exit with an exitcode 1000 if it is the case.[IMP] waptserver: Do not automatically create users in wapt database when user logs in with kerberos (self-service case).
[FIX] Fixed waptserverinstall windows: regression unable to install on new windows machine if wapt was not already installed.
[REF] Server python code cleanup.
[IMP] wapttasks: use environment variable on linux to pass
configfile path.[NEW] waptserver: reduced lifetime of session cookie to default 12h.
session_lifetimecan be changed inwaptserver.iniusingsession_lifetimeseconds parameter.[UPD] Updated to python 3.8.16 for all supported operating systems.
[FIX] Fixed stuffed setup exe naming on the WAPT Server.
[NEW] new parameter
list_subnet_skip_login_wads.[FIX] Fixed waptserver: shorten SQL columns aliases for long
get_hostsjson queries.[SEC] Upgraded werkzeug 2.0.2 -> 2.1.1 for PYSEC-2022-203.
[NEW] waptservice websocket: Enabled certificate checking on websockets.
[IMP] waptserver: Added index on
computer_ad_ou.[FIX] Fixed waptserver: by default, do not create stuffed
waptsetupwhen a dynamic config is uploaded.[FIX] Fixed waptserversetup: if installService, configure the local service to reach newly installed server. Propose to start the WAPT Console right after for demo mode.
[NEW]
model.py: Addedupgrade-dbaction and --overwrite-version=1.2.3 option to force the replay of upgrade db.[FIX] Fixed waptserver nginx config, there can be spaces in path. quotes include.
[NEW] Be sure to not start the WAPT Server if the database structure can not be upgraded properly.
[NEW] If licences json data is empty, assume an empty list.
[IMP] Getting storage used by KBs.
[NEW] 22H2 build numbers in WindowsVersions class.
[NEW] Added
hosts_sidendpoint routing to uwsgi in nginx configuration templates.[FIX] Fixed wapt-get build-waptagent: create waptagent.exe link on the WAPT Server.
[FIX] Fixed waptserver: ignore null bytes in audit data string values.
[FIX] Fixed waptserver: allow access to agent download without client certificate auth.
[FIX] Fixed waptserver model: remove references to unused HostExtData table.
[FIX] Fixed waptserver multiinstance with uwsgi: takes in account
application_rootfor interprocessget_ws_connections/api/v3/hosts_sid calls.[UPD] Added waptserver /api/v3/update_hosts_sid_table endpoint to fill the HostWebsocket table with the in memory ws_connections for reporting purpose.
[UPD] Changed the path of the untouched waptsetup.exe on the WAPT Server: moved to the
wapt/waptagentfolder to be consistent with other agents location Same for waptdeploy.exe.[DEL] waptserver: Removed « enable_store » setting.
[UPD] waptconsole multiserver: display unreachable servers.
[FIX] Fixed waptserversetup: Reinclude waptwua even if service is not installed to allow wapt-get usage.
[FIX] Fixed waptconsole multiserver dynamic config: bad server url for checking https certificate.
[FIX] Fixed waptconsole multiserver: Do not include a server at startup if it is not pingable.
[UPD] waptserversetup windows: Removed some additional unused files when waptservice is not installed.
[UPD] waptconsole multi servers: Do not try to update / merge repo if
repo_urlis empty.[IMP] waptserver / waptservice websockets: When registering host, return an authentication token in response, so that websockets can connect without additional roundtrip.
[IMP]
allow_unauthenticated_registrationis now likeuse_kerberos.[FIX] Postconf, current config is now autoselected.
[UPD] waptsetup waptserversetup: Sign the installers and uninstallers using embedded iscc logic.
[UPD] waptserver db: Changed the primary key of tables HostPackagesStatus, HostExtData, Packages, HostSoftwares, HostGroups, HostWebsocket, HostAuditData, ReportingSnapshots, HostWsus, LogsAPI to bigint.
[UPD] waptserversetup: Check that the user is a LOCAL computer user and not a domain user.
[FIX] Fixed waptserversetup: postgresql upgrade. Try to fix ACLs on data directory.
[FIX] Added a conflict on apache2 in the Linux WAPT Server package to avoid old install leftovers.
[REF] Removed
enterprise_common.py.[UPD] Upgrade nginx on Windows.
[UPD] Upgraded DB to postgresql v14 for windows.
[UPG] upgraded postgresql 9.6 to v14 on CentOS7.
[FIX] Fixed waptserver: Fixed sid map sharing in uwsgi mode (missing imports).
[FIX] Fixed waptserver websocket: Be sure to not clear a SID which would be newer than current disconnect event. Not sure if disconnect / reconnect are always synchronous.
[FIX] Fixed waptserver: Improved message when triggering action.
[IMP] Added HTST header to nginx template.
[FIX] Fixed waptserver
update_hosts_audit_data: Updated values with same global key (host_id,value_id).[FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan).
[IMP] waptserver websocket auth: Put host certificates in cache.
[UPD] waptserver websocket: Do not cache UUID twice.
[REF] waptserver websockets: use a global in memory dictionary to hold the host uuid -> SID of connected host to avoid Database insert or updates.
[FIX] Fixed server regression for custom json fields ValueError: too many values to unpack (expected 3).
[IMP] waptserver: WIP endpoint
update_hosts_audit_datato bulk insert hosts related data.[IMP] waptserver: update api/v3/get_agents_info to match the online
wapt_agent_list.json.[FIX] Fixed glpi sync: simplified
glpi_upload_hosts.pyscript.[FIX] Fixed waptserver huey tasks:
licences_listnot properly initialized when not using defaultwaptserver.ini.[FIX] Fixed waptserver audit table structure upgrade: typo
[FIX] Fixed avoiding GET method limits on
hosts_for_wua.[FIX] Fixed waptserver unable to delete some hosts when CRL is enabled be tolerant if the host certificate is not issued by this server’s CA.
[FIX] Fixed waptconsole multiserver: Computers identified by fqdn uuid are not displayed properly in the grid.
[UPD] Remove references to waptsetup-tis.exe -> renamed to waptsetup.exe.
[FIX] Fixed
update_server_statuswith dynamic configuration.[IMP] Include waptsetup.exe in waptserversetup.exe.
WADS¶
[REF] Remove useless code on
get_wads_config(Login WADS).[IMP] WgetWads does not require python to work.
[FIX] Be more indulgent on json rules for WADS.
[FIX] Fixed WADS working when no logging required.
[ADD] Login in IPXE, more tests needed.
[IMP] Proper way to secure
wads_get_config.[ADD] Login on WADS register host and get wads configuration.
[NEW] include hostname in
debian.ipxefor OS deployment.[FIX] Fixed
djoinwith given domainuser parameter.[IMP] Added back support GET method on /api/v3/get_wads_config.
[NEW] Added asset tag in HostOSDeploy.
[IMP] Ask for a new hostname when starting to deploy if hostname equals to “autoregister”.
[IMP] Improved filtering keyboard faster + french translation in Make WinPE.
[FIX] Fixed missing glob import in WADS
get_iso_config.[NEW] Adding drivers in WinPE from WADS drivers.
[IMP] Improved feedback when the
djoinfails (already existing machine).[WADS] <Value> format in XML was incorrect and not complete for password definition.
[IMP] Last error message added for failed
djoin.[FIX] Fixed uninstall wapttftpserver when uninstalling waptserver.
[IMP] Improved file upload with hash check wads iso files listed from the WAPT Server even if not saved in the WAPT Console.
[NEW] Added customized WinPE export to zip file.
[IMP] Improved showing the error message on upload failure.
[IMP] Improved applying default configuration on wads host if no configuration has been set.
[IMP] ISO download dialog box.
[IMP] WADS: WinPE now pinging WAPT Server. Selected language keyboard layout will be available directly in a new cmd.
[IMP] WADS: XML no longer disable UAC by default.
[FIX] Fixed
mac_addressnot returned with iPXE.[ADD] Added
ipxe_script_jinja_pathand two templates.[UPD] Added file type filters for loading the post-install script.
[FIX] Restored a progression bar when uploading the ISO and the winpe files.
[IMP] kill wapttftpserver and uninstall the service before installing it.
[ADD] Added Windows 11 unattend XML template files.
[IMP] Improved searching WADS data (hosts, isos, driver bundles, configurations).
[FIX] Added tftp firewalld port opening.
[IMP] Avoid creating WinPE on Windows partition + some ACL added.
[UPD] Renamed drivers bundle filenames to sha256(filename).
[ADD] Added a template for Debian.
[UPD] GridConfigDeploy showing the platform now.
[FIX] Fixed saving bundle names.
[NEW] Injecting a:abbr:OEM (Original Equipment Manufacturer) key by slmgr command.
[FIX] Fixed SELinux rules for wads.
[FIX] Potential fix for (over 10 joins for djoin by a standard user on MSAD).
[UPD] WADS grayed when windows update repository is selected.
[UPD] Possibility to select an iso file even if not Windows.
[FIX] Fixed waptconsole
uploadWinPE: regression in upload progress bar and incomplete zip.[FIX] Fixed wads to include non CA certificates for WinPE build.
[IMP] Added
ipxe_scriptin DeployConfig table.
WAPT Agent MacOS¶
[UPD] Delete old pkg if available in pkg list.
[NEW] Added fake menu for macOS for letting user to quit the app from the MainMenu.
[FIX] Improved support for macOS MenuBar.
[FIX] Added WAPT Console .app plist file for macOS X.
[FIX] Fixed some macOS X model and serial number reports.
[FIX] Fixed macOS X
local_groupskey inhost_info.[FIX] Updated mormot2 for gssapi on macOS X.
[NEW] support WADS security, Network masks.
[FIX] Fixed
installed_softwareson MacOS.[NEW] Added timestamping to pkg signing.
[FIX] Fixed getting agent version in
get_wads_config.[NEW] Added entitlements file for macOS signing.
[IMP] Force light UI when DarkMode is active on macOS.
[FIX] Fixed opening maximized self service on macOS
[FIX] Fixed loading hosts on macOS when more options in inventory is checked.
[IMP] Better handle on input (utf8 convertion).
[IMP] macOS: Updated build script to handle binary file signing and better debugging.
[IMP] Patched
dmidecodeinfo for macOS.[FIX] Fixed macOS core
get_hostnamereturn binary string instead of str -> update_status loop.[IMP] Use
system_profiler_infofordmi_infoon macOS X.[REF]
plistlib.readPlistFromBytesdeprecation fix.[FIX] Fixed core macOS: use UUID from
system_profiler_infoinstead ofdmidecode.[FIX] Fixed duplicated macOS code in setuphelpers for
get_hostname().[IMP] Improved mounting content for .pkg, .mpkg, .app only if file is not symbolic.
[NEW] Added the WAPT Console to Linux and macOS gui distribution.
[IMP] Fixed keyword and name with
installed_softwaresin macOS and Linux.[FIX] Fixed register for macOS.
[FIX] Fixed custom waptmessage logo linux.
[FIX] Fixed harakiri on non Windows kills all running processes.
[FIX] Fixed restart waptservice for macOS.
[IMP] Silently attach dmg file.
[FIX] Fixed
get_file_typein macOS.
WAPT Agent Linux¶
[FIX] Fixed
user_local_appdatafor Linux.[IMP] waptagent Debian package: removed system python3 dependency.
[IMP] Avoid loop in checkbox events on search inventory especially on operating systems other than Windows.
[IMP] Added
PYTHONNOUSERSITE= True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.[UPD] Disable compression on unix WAPT agent bundle (each package is itself already compressed).
[NEW] Added the WAPT Console to Linux and MacOS gui distribution.
[FIX] Fixed configpackage wizard and main form layouts for Linux.
[UPD] Updated virtualtreeview for Linux visual grid lines improvements.
[IMP] Fixed keyword and name with
installed_softwaresin macOS and Linux.[FIX] Fixed harakiri on non Windows kills all running processes.
[ADD] Added snap software inventory.
[FIX] Fixed waptservice linux restart Linux: AttributeError:
WaptServiceRestartobject has no attribute logger.[NEW] Linux OS deployment.
[FIX] Added firewalld rule on RedHat based server for wapttftpserver.
WAPT-2.2 Serie¶
WAPT-2.2.3.12481 (2022-11-30)¶
hash: ad3855c9
This is a security release with a few related bugfixes. All WAPT 2.0 versions below 2.2.3.12481 are affected.
Note: if you are using WAPTAgent deployment via GPO, do not forget to update your waptdeploy binary in the definition of the GPO.
WAPT Core¶
[SEC] Upgraded python from 3.8.13 to 3.8.15.
[SEC] Upgraded openssl from 1.1.1k to 1.1.1s.
[SEC] Upgraded WAPT Agent kerberos lib from 1.19.3 to 1.20.1 (Linux / macOS).
[SEC] Upgraded python modules with CVEs:
pylint==2.12.2 -> 2.15.6.
ujson==4.0.2 -> 5.5.0.
waitress==2.0.0 -> 2.1.2.
Agent WAPT¶
- [SEC] waptdeploy.exe: Use only wapt_is1 install location from registry to get the current wapt installation directory.
Do not run wapt-get to check working condition.
[FIX] Added fallback method to get domain in
get_hostname.[FIX] Fixed windows, replaced wapt-get.exe --hide by waptpythonw.exe wapt-get.py to run session-setup because --hide does not actually hide the shell window.
[FIX] Fixed WakeOnLAN relays.
[REF] Cleaned up the WAPT Agent
common.py: removed unused imports.[FIX] Fixed waptexit: fix
only_prioritiesargument when starting waptexit from service.[IMP] MacOS: Updated build script to handle binary file signing and better debugging.
Console WAPT¶
[UPD] WADS: Include hostname in template iPXE Debian Linux.
[IMP] WAPT Console: Do not display empty confirmation messagebox.
Serveur WAPT¶
[FIX] waptserver postconf: Force path when running psql command in postconf (linux).
WAPT-2.2.3.12463 (2022-09-29)¶
hash: fc306143
This release is mainly a bugfix release. The main new feature is tech-preview support for MacOS on Apple M1 architecture.
Note :
due to EOL and security issue, the PostgreSQL database version has been updated on the WAPT Server for Windows and Redhat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. The upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrading.
Serveur WAPT¶
[UPD] WAPT Server for Redhat7 / Centos7: Upgraded PostgreSQL version from 9.6 to 14.5.
[UPD] WAPT Server for Windows: Upgraded nginx to 1.22.0.
[UPD] WAPT Server for Windows: Upgraded vcredist to 2022.
[UPD] WAPT Server for Windows: Upgraded PostgreSQL version from 9.6 to 14.5.
[FIX] WAPT Server for Windows: Fixed icacls for
migrate_pg_db.[FIX] WAPT Server for Windows: Allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for installing).
[UPD] WAPT Server for Windows: waptserversetup: avoid automatic restart when installing MSVC 2022.
[FIX] Fixed upgrade procedure: migrate data text to jsonb only if table hostauditdata in
data_typetext.[FIX] Patched
create_default_userswhen upgrading from 1.8.2 to 2.2.[FIX] Fixed unhandled redirections in TWaptServer wget.
[FIX] Added
RedirectMaxparameter in WaptServer WGet[UPD] Added ubuntu 22.04 in waptagent bundle.
[FIX] Fixed postconf nginx: bad error string format.
Console WAPT¶
[FIX] Fixed host configuration package that were not editable right after creating them.
[FIX] Fixed error editing same OU package in one session.
[FIX] Fixed
CleanupPackagesCacheproper unlock even if no assigned package.[FIX] Fixed access violation at startup when no server is defined in
waptconsole.inifile.[FIX] Fixed waptconsole: When deleting a package in the private repo page, package is still listed until the WAPT Console is restarted, but the package is actually deleted on the WAPT Server.
[FIX] Fixed waptconsole: Random timeout error when running commands from waptconsole
Agent WAPT¶
[FIX] Fixed setuphelpers: reintroduce
running_as_systemfor Linux and macOS (uid==0).[FIX] Fixed start waptservice only if
wapt-get.iniconfiguration exists.[FIX] Fixed
remove_file(): Was unable to remove symlinks.[FIX] Reset properly Wapt core settings to default when reloading config from
wapt-get.ini.[FIX] Try to create a minimal
wapt-get.inifile if it does not exist so that the service can be started without any prior configuration.[FIX] Fixed WAPT Agent for macOS: use
system_profiler_infofordmi_infoon macOS for support for Apple m1 architecture.[FIX] Fixed WAPT Agent for macOS:
plistlib.readPlistFromBytesdeprecation fix.[FIX] Fixed WAPT Agent for macOS: core macOS: use UUID from
system_profiler_infoinstead ofdmidecode.[FIX] Fixed WAPT Agent for macOS: change postinst script for
launchctlcompatibility.[FIX] Fixed WAPT Agent for macOS: macOS core:
get_hostnamereturned binary string instead of str ->update_statusloop.[IMP] Fixed WAPT Agent for macOS: Rationalize pkg filename.
WAPT-2.2.3.12454-rc2 (2022-09-26)¶
hash: 64bfc946
This is the second release candidate for WAPT 2.2.3.
The main new feature is tech-preview support for MacOS on Apple M1 architecture. Otherwise it is mainly a bugfix release.
Note :
due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and RedHat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrade.
Fixes since WAPT-2.2.3-rc1:
WAPT Server for Windows¶
[FIX] Fixed icacls for
migrate_pg_db.
Agent WAPT¶
[FIX] Start waptservice only if wapt-get.ini config is exists
[FIX] Added
PYTHONNOUSERSITE= True to all .sh scripts to avoid spoiling PYTHONPATH with locally installed libraries in user home directory.[FIX] Fixed
remove_file()that was unable to remove symlinks.[FIX] Fixed waptconsole : fix AV at startup when no server is defined in ini file.
WAPT Agent for macOS¶
[FIX] Use
system_profiler_infofordmi_infoon macOS for support for Apple m1 architecture.[FIX] Fixed
plistlib.readPlistFromBytesdeprecation.[FIX] Fixed core macOS: use uuid from system_profiler_info instead of dmidecode
[FIX] change postinst script for launchctl compatibility
[FIX] macOS core get_hostname return binary string instead of str -> update_status loop
[IMP] rationalize pkg filename
WAPT-2.2.3.12411-rc1 (2022-09-05)¶
hash: 29e18f23
This is mainly a bugfix release.
Note :
due to EOL and security issue, PostgreSQL database version has been updated on WAPT Server for Windows and Redhat7 from version PostgreSQL 9.6.24 to PostgreSQL 14.5. Upgrade will be automatic on Windows during waptserversetup.exe install, and is done during postconf.sh run on Redhat7. Be sure to run the postconf.sh script after upgrade.
Serveur WAPT¶
[UPD] WAPT Server for Redhat7 / Centos7 ! upgrade PostgreSQL version from 9.6 to 14.5
[UPD] WAPT Server for Windows : upgrade nginx to 1.22.0
[UPD] WAPT Server for Windows : upgrade vcredist to 2022
[UPD] WAPT Server for Windows : upgrade PostgreSQL version from 9.6 to 14.5
[FIX] WAPT Server for Windows : allow install and upgrade with any server admins (does not require to use the local Administrator with RID -500 for install)
[UPD] WAPT Server for Windows : waptserversetup: avoid automatic restart when installing MSVC 2022
[FIX] fix upgrade procedure : migrate data text to jsonb only if table hostauditdata in data_type text
[FIX] patch create_default_users when upgrading from 1.8.2 to 2.2
[FIX] Fix unhandled redirections in TWaptServer wget
[FIX] Add RedirectMax parameter in WaptServer WGet
[UPD] added ubuntu 22.04 in waptagent bundle
Console WAPT¶
[FIX] host config package are not editable right after creating them.
[FIX] error editing same OU package in one session
[FIX] CleanupPackagesCache proper unlock even if no assigned package
Agent WAPT¶
[FIX] setuphelpers. reintroduce running_as_system for linux and mac (uid==0)
WAPT-2.2.2.12388 (2022-07-22)¶
hash: 10e35aa7
This is mainly a bugfix release.
Note
There is a change in the wapt the wapt->glpi sync is working, please refer to documentation for upgrade.
Tech preview: new multiserver console support (connect to multiple wapt server using one console).
Added support for ubuntu 22.04 amd64.
def update_package() function can now be located in a separate
update_package.pyfile. New packages from wapt store will use this new format to makesetup.pysimpler and more readable. Older wapt version are not impacted for package import and package install, but may be impacted if one wants to update directly from the WAPT Console usingupdate_packagescript.
WAPT Deployment Server (WADS)¶
[NEW] injecting oem key by slmgr command
[FIX] fix tftpserver window size handling (bug on Dell uefi bios)
[FIX] allow djoin with machine in default container CN=computers
[FIX] improve error message when using standard user on MS AD for djoin.exe when >10 machine quota join has been reached
[FIX] allow saving / renaming bundle names and check for empty names
[IMP] add ACL on WADS (before it needed admin level ACL)
[NEW] add post_install script windows
[NEW] add ignore_ipxescript and move conf file and ipxescript
[NEW] Basic Linux OS Deploy support : add Debian ipxe script template
[NEW] add {{server_url}} {{secondary_repo}} and {{hostname}} in get_wads_config
[NEW] add mustach templating in ipxescript
[FIX] waptconsole uploadWinPE : fix regression in upload progress bar and incomplete zip.
[FIX] add a progression form when uploading ISO and winpe
[IMP] add wapttftpserver service shutdown in upgrade sequence (throught net stop, not only taskkill)
[IMP] add tftp firewalld port opening on Redhat
Console WAPT¶
[NEW] techpreview: waptconsole reporting multiservers.
[FIX] Fixed check that downloaded waptsetup version is same or newer than server.
[NEW] Download from https://wapt.tranquil.it and upload on local waptserver agents for Linux and macOS directly from the WAPT Console.
[NEW] Added a popupmenu Copy to clipboard as json for audit data.
[NEW] Display audit history audit data explorer (treeview + html template) + allow drag/drop of a audit json value subkey from value tree explorer.
[IMP] waptwua: update waptwua status to NEED-SCAN on hosts when
download_wsusscanis triggered andwsusscn2.cabfile is downloaded.[IMP] Package import: Don’t take care anymore of maturity for version when it’s compared to store version.
[FIX] Added licence validity check tolerance +1 day.
[FIX] Fixed trigger downloads when triggering updates from the WAPT Console.
[FIX] Allow ~ in package names (for spaces in Organizational Unit packages).
[UPD] Updated icons on windows update status for WUA.
[NEW] New option
check_package_versioninwaptconsole.ini.[FIX] Fixed saving empty value in Editor for packages.
[UPD] waptconsole reporting: Added a quick search filtering zone for the query result.
[FIX] Wrong message when no admin rights and waptagent need upgrade or not present.
[UPD] When going outside modified rules. A popup will ask to save or not the rules.
[UPD] Delete host popup.
[NEW] Added feature to download packages when asking hosts for update.
[UPD]
trigger_host_updateadding possibility to download the package after update.[FIX] Saving language parameter.
[UPD] Added a NEED-SCAN waptwua.status, updated when Wapt.update() is called.
[FIX] Fixed layout on Windows Update form.
[NEW] waptconsole: multiserver: manage packages repositories by server.
[FIX] waptconsole: re-enable dataexport to csv for grids.
[NEW] Explicit hint on number version when the package is not up to date (GridPackages)
[UPD] waptconsole: Improved drag drop of columns into GridHosts
[NEW] waptconsole: New Htmlviewer for audit data and Html auditdataview template filename (
wapttemplates) calculated from section and key, or section.[FIX] waptconsole drag/drop audit values.
[IMP] waptconsole: Load Active Directory Groups in thread.
[FIX] waptserver: Improved message when triggering action.
Serveur WAPT¶
[FIX] glpi sync: simplified
glpi_upload_hosts.pyscript.[NEW] techpreview waptserver: endpoint
update_hosts_audit_datato bulk insert hosts related data (for third party data integration).[NEW] Added multiserver endpoint for multiserver WAPT Console.
[FIX] waptserver update_audit_data fix on_conflicts for value_id.
[IMP] waptserversetup: take in account wapt_folder parameter in
waptserver.iniwhen upgrading a setup.[IMP] Use utc time for acls expiration check.
[FIX] Fixed waptserver unable to delete some hosts when CRL is enabled.
[IMP] waptserver db install: try to register jsquery extension to make json query more powerful for reporting (this is not yet mandatory).
[IMP] Renamed waptsetup-tis.exe to waptsetup.exe on the WAPT Server.
[IMP] Include waptsetup.exe in waptserversetup.exe on Windows.
[IMP] Download from TIS / upload to the WAPT Server of the installation packages of the WAPT Agents.
[UPD] Create a full version 1.2.3.rev-hash into file
wapt/version-full[IMP] Added HTST header to nginx template.
[DEL] Removed direct integration of GLPI sync into WAPT. Now switched to plugin sync
[FIX] Added trigger_host_action ACL on /api/v3/connected_wol_relays (used by /api/v3/trigger_wakeonlan)
[IMP] Force calc_md5 if new filename in server.
[IMP] Improved websockets performance and reliability. Now websocket ids are stored in memory instead being written in the database.
Agent WAPT¶
[FIX] Fixed threading exception in WAPTExit and WAPTTray that could prevent status updates.
[NEW] WAPTWUA superseded support. option include_potentially_superseded_updates in configuration wizard.
[NEW] Added snap software inventory.
[FIX] waptmessage unable to load sqlite on Linux and macOS.
[FIX] Fixed custom waptmessage logo on Linux.
[FIX] Fixed waptservice configuration: sets the
configs_dirrelative towapt-get.inifull path.[FIX] Fixed waptservice “start_waptexit” with arguments
[FIX] Fixed bad arguments sent to waptservice triggering upgrades with “only_priorities” and “only_if_not_process_running”
[FIX]
Wapt.write_audit_data_if_changed: writes data if previous data has expired.[IMP] wapt-get add-config-from-url: provides a meaningful message when hash is not provided.
[FIX] Updated the template of dynamic json configuration packages to match the new location and the naming of json config related functions.
[IMP] Improved dynamic configuration handling for the WAPT Agent.
[FIX] waptservice: ensure a random secret_key for local waptservice session.
[FIX] wapt-get update-package-sources: handles properly relative path to package sources.
[IMP] wapt-get edit now opens changelog.txt, VSCod* now open
controlfile too.[UPD] Changed default log path to
wapt/logif writable.[IMP] waptservice waptself: local authentication with file token (ie. nopassword), handling of local groups.
[NEW] use
--not-interactivewith register if install run in silent mode and not run update if install service.[IMP] waptself, wapt-get, waptexit, wapttray: kill check threads on close, even on linux to speed up application shutdown.
[FIX] Linux: waptservice restart Linux: AttributeError: “WaptServiceRestart” object has no attribute “logger”.
[IMP] macOS: normalize macos wapt install package name format.
[FIX] macOS: Fixed registration failing in some cases.
[IMP] macOS: Added mpkg support.
[FIX] Fixed no hash in clipboard, added missing helper for
add-config-from-urlin wapt-get.[IMP] Limit access right to admins to log directory (in case non public stuff get written to log)
WAPT Core¶
[IMP] Patched with_md5sum in
make_package_filename.[IMP] Added options for update-package-sources.
[UPD] wapt core: use datetime in UTC for
audit_data.[NEW] wapt core: allow usage of an environment variable « waptbasedir » to specify the location of root waptbasedir.
[FIX] configuration package template
setup_package_template_conf.py.[IMP] Support for
def update_packagein fileupdate_package.pyinstead ofsetup.pyfor better readability.[UPG] Upgraded openssl to 1.1.1o.
[NEW] core: define path Wapt.configs_dir relative to Wapt.config_filename if the dir Wapt.config_filename..conf.f exists.
[FIX] Fixed
waptcrypto: certificate filename attribute was not set when loading a certificate chain.[FIX] Fixed new option copytree2 replace_at_next_reboot.
[FIX] Avoid errors on
get_version_from_binary()getting params.[FIX] Fixed keyword and name with installed_softwares in macOS and Linux.
WAPT-2.2.1.11957 (2022-06-02)¶
WAPT Deployment Server (WADS)¶
[FIX] Fixed wapttftpserver restart on Linux.
[IMP] Added xml template for windows 11 deployment.
[FIX] if
verify_certis empty, thenverify_cert = False.
Console WAPT¶
[FIX] CheckLicence => licence is now valid one day before the real beginning.
WAPT Agents¶
[FIX] Fixed harakiri on Linux.
WAPT-2.2.1.11949 (2022-05-18)¶
hash: 1b2dfbee
This is a bugfix release.
WAPT Deployment Server (WADS)¶
[FIX] Fixed waptconsole: use ROOT in addition to CA windows system certificates stores when building winpe with
verify_cert = True.[FIX] Fixed selinux rules for WADS.
[FIX] Fixed non ascii character support in passwords.
[IMP] wgetwads: add more logging data (wget). Disable exe signature certificate as this could be blocking if CRL can not be checked in winpe environment for example.
[UPD] add a timer to wait for network in WADS.
[UPD] Update openssl to 1.1.1n for WADS.
Other fixes¶
[FIX] fix wrong GPO link on waptserver start page
[FIX] fix some translation messages in console
[FIX] wrong element order in message in ACL GUI
[FIX] allow change password if user password has been cleared
[UPD] update mormot2 for bug in TSynDictionary.AddOrUpdate()
[UPD] update mormot statics for sqlite to 3.38.5 (required for mormot compatibility)
WAPT-2.2.1.11932 (2022-05-05)¶
hash: 6522dccb
This is a bugfix release.
WAPT Deployment Server (WADS)¶
[FIX] wapttftpserver : better handling of UEFI PXE/TFTP boot
[FIX] wads now include non CA certificates for winpe build
[FIX] Not adding « cn » in OU
[FIX] wapttftpserver : add firewalld rule on redhat based server for wapttftpserver
[FIX] WADS : improve feed back on upload WinPE
[FIX] wapttftpserver : kill wapttftpserver and uninstall service before installing it
[IMP] waptserversetup: add wapttftpserver configuration for windows
Serveur WAPT¶
[FIX] fix typo for rocky support as server
[FIX] waptservice websocket reconnection: disable by default low level reconnect feature
Console WAPT¶
[FIX] fix bad port configuration for veyon remote assistance support
[FIX] Define default package prefix when creating empty package
[FIX] patch setup_package_template_cert.py.tmpl
[FIX] waptconsole: fix access violation when access to external repo is blocked or need a proxy.
[IMP] package version in bold red if obsolete version compared to external repo for better accessibility
Agent WAPT¶
[FIX] waptservice websocket reconnection: disable by default low level reconnect feature
[FIX] add conf.d to rpm agent installers for the new agent configuration management
[FIX] macOS: fix get_file_type in macos
[IMP] macOS: silently attach dmg file
[IMP] waptwua : improve consistancy between WUA history and WUA status
[FIX] waptself: bad char case for png file (issue for linux)
[IMP] add dummy running_on_ac for linux and mac for compatibility
[FIX] waptutils.user_config_directory() did not work under system account.
WAPT Core¶
[IMP] mormot2 static: add 3.38.2 hash
[IMP] sync htmlviewer with latest github commits from https://github.com/BerndGabriel/HtmlViewer/tree/master
[IMP] waptguihelper: improved the design for InputDialog form
WAPT-2.2.1.11899 (2022-04-06)¶
hash: 2d82654e
This is mainly a bugfix release.
A new tftpserver has been introduced and it will ease WADS installation and configuration as it will be directly integrated into WAPT.
WAPT Deployment Server (WADS)¶
[NEW] add a wapttftpserver binary on windows and linux to act as a tftp server for WADS
[FIX] WADS : don’t use redirect
[FIX] WADS : be tolerant if sendstatus can not be sent.
[IMP] WADS : handle https for drivers (continued)
[UPD] wads : get windows system certificates for WADS server bundle
[UPD] implement https verifyCert in wads and wgetwads
[IMP] add serial_number arg when calling server get_wads_config in wads
[UPD] waptconsole wads: add audit columns (created/updated) in grids.
[NEW] Add an action to prepare a host package in WADS OS Deploy grid
[NEW] wgetwads : use code signing cert of TIS to check signature of json hashes file if no signer_certificate in json file
Console WAPT¶
[UPD] OU « All » fixed to not editable on GridOrgUnits
[FIX] waptconsole: wrong client https key password used for task polling thread.
[FIX] waptwua packages : ALLOWED status in winupdates grid is kept between form display.
[FIX] Package creation did not take silent flags in account
[FIX] memory leak when refreshing packages list
[FIX] waptconsole packages list: Showing all versions when « Last version only » is not checked
[FIX] « property not found » in some grids when refreshing data.
[FIX] running plugins on multiple hosts.
[FIX] taking in account the platform when lookig for TIS store package version
[FIX] nested progress notifications in uwaptserverconnection TWaptServer
[FIX] Disabled pysources check at waptconsole startup.
[FIX] external repo ini settings dialog when importing.
[FIX] waptconsole. some ui elements are not disabled when switching to discovery on login.
Serveur WAPT¶
[NEW] add support for postgresql 14 on centos7
[UPD] wapt windows server: update to nginx 1.20.2
[IMP] server postinstall : put nginx backups in a different dir than nginx config
[FIX] waptserver: fix empty error message when trying to activate an existing licence
Agent WAPT¶
[NEW] added new waptguihelpers : grid_dialog, filename_dialog, input_dialog, combo_dialog
[FIX] waptdeploy multiple setupargs raise « Invalid variant operation »
[FIX] missing root certificates when exporting system store certificates in lazarus app (GetSystemCABundlePath). Must trust CA + ROOT stores
[FIX] setuphelpers: regression in maintaining backward compatibility for some const which are functions too (programfiles etc..)
[FIX] be tolerant if uuid can not be regenerated (on linux, dmidecode can’t be run as normal user in session-setup)
[FIX] fix wget waptdeploy.exe waptagent.exe in wads and detect mismatch drivers config
[FIX] waptagent regression : Revert « [UPD] waptservice : tasks don’t notify server by default to avoid too frequent updates of database. »
[FIX] wapt-get : try to fix get service password on unix.
[NEW] splitting remove_appx() with new function remove_user_appx() to avoid unexpected behavior
[NEW] Add restart-waptservice action in wapt-get.py
[FIX] fix publisher and version in installed_softwares macos
[FIX] use waptservice to check if is_enterprise in waptexit (avoid direct access to local waptdb) (fix unable to access sqlite db on linux / mac)
WAPT to GPLI connector¶
[FIX] glpi fix install_date
[FIX] regression in glpi export (Softwares)
WAPT-2.2.0.11720 (2022-03-15)¶
hash: 8e07f388
This is the first release of the 2.2 serie of WAPT.
WAPT Core¶
[NEW] Discovery mode for the WAPT Console
when checking acls, the licencing status is taken in account to enable or not actions.
maximum number of 300 managed hosts in discovery mode.
WAPT Deployment Server (WADS)¶
[NEW] tech preview Automated Windows OS deployment called WADS
:Using a winpe image (network boot or usb key boot).
Shipping wimboot, ipxe.efi, undionly.kpxe, 7z.dll.
Added openssl win64 binaries for WADS
Added wads.exe and wgetads custom binaries in distribution.
Added WADS repo option in repo rules.
Added a WAPT Console page to list raw registered hosts, upload winpe images, define default config, uplaod drivers bundles.
On WAPT Server: added
/var/www/wads/add a non protected/wadsin nginx config.
Console WAPT¶
[NEW] add columns in private repo to display newest software version (Tranquil IT effort to parse softwares providers download sites) and newest package version (from Tranquil IT store database).
[NEW] Dynamic Agent configuration using .json files stored on the WAPT Server:
Added a
last_update_config_fingerprintlocal param to keep track of current config.Added “configurations” (merged config overview) data when uploading host status to the WAPT Server.
[NEW] Dynamic Agent configuration using config packages:
Added
templates/setup_package_template_conf.py.tmplpackage template.Added a
wapt/conf.ddirectory on the WAPT Agent to hold the installed .json configuration files.
[NEW] New in the WAPT Console: added option to show the host WAPT Agent configurations overview.
[NEW] New in the WAPT Console: option to display a graph of host packages dependencies.
[NEW] New in the WAPT Console reporting: tabbed interface to displays multiple query results.
[NEW] New in the WAPT Console: option to filter host inventory based on the result of a SQL query:
In reporting, right click on column which represent a host UUID and « choose as Host UUID » abnd save.
The query is then available in the combobos « Filter hosts on SQL query » in hosts inventory.
[NEW] New in the WAPT Console: add a Tech preview Tab for packages development workflow:
Create from template;
Displays
waptdevdirectory sources package status;Basic git commands.
[IMP] Improved the WAPT Console send message : enable use of HTML (copy & paste). HTML Preview.
[IMP] Do not clear selection on mouse right-click when selecting package names in package edits.
[IMP] refactored the WAPT Console code to remove most python calls:
removed
waptdevutils.py, removed calls to WaptRemoteRepo, replaced by pure fpc code.
[UPD] Updated the WAPT Console: merged selected hosts add/remove depends, add/remove conflicts in a single action/form
[UPD] Updated the WAPT Console update package source: add a checkbox to enable package version increment.
[UPD] Updated the WAPT Console “plugins” config: warn user if not saved.
[UPD] Updated the WAPT Console: removed obsolete Add ADS Groups to selected host action.
[UPD] Updated the WAPT Console action Refresh Host Inventory triggers a update_server_status instead of a full computer register.
[UPD] Updated the WAPT Console: host additional tools (rdp, vnc, etc) which requires to look for a connected IP are now run in a thread to avoid freezing the UI.
[UPD] Start of use of mormot2 for X509 and RSA crypto instead of python bindings in the WAPT Console
[FIX] waptconsole : store executable signature with new key name format (xxx.exe keys)
[FIX] duplicated panels in initial configuration package wizard.
WAPT Self-Service¶
[IMP] waptself: add logger.
Serveur WAPT¶
[IMP] Improved the WAPT Server authentication: try ldap authentication only if
ldap_auth_serveris defined.[UPD] Updated the WAPT Server licencing: use waptlicences.pyd instead of pure python code.
[UPD] Updated the WAPT Server: add config options
wads_folderandagent_folder.[UPD] Updated the WAPT Server: improve GLPI export, add “smodel” on GLPI exports and add “monitors”.
[IMP] force en_US.utf8 locale for linux services.
[IMP] add /api/v3/latest_installed_package_version.
[UPD] upgraded jquery to v3.6.0.
WAPT Service¶
[NEW] Added
/opt/wapt/wapt-get.binto linux distributions.[NEW] New in the WAPT service: added a WaptUnregisterComputer task and unregister_computer socketio action.
[IMP] Improved the WAPT service: improved logger.
[IMP] Improved the WAPT service and the WAPT Agent take into account the licencing status:
Added a
licenceslocal params to store the current registered licences retrieved from the WAPT Server during the last update.
[UPD] waptcrypto.py: made optional the joining of signer certificate when signing claims.
[UPD] Updated the WAPT Deployment utility: increased timeout from 4s to 15s when pinging the current http WAPT service.
[UPD] Upgraded dmidecode to v3.3 on windows.
[UPD] Updated the WAPT service: do not check battery level for WaptAuditPackage task.
[REF] Installers : merged
wapt.issandcommon.iss.[FIX] wapttasks: took in account non default config filename.
[FIX] Fixed the WAPT service: reporting properly the user which created a task (either locally or using websockets).
[FIX] Fixed the WAPT service: fixed icons in package local webpage.
wapt-get¶
[IMP] wapt-get new config actions. Added actions:
add-config-from-file;
add-config-from-base64;
add-config-from-url;
with parameters:
--not-interactive: Disables dialog to ask credential users (for batch mode);--waptbasedir: Forces a different wapt-base-dir then default dir ofwaptutils.py;--devmode: Enables devmode. dbpath is set to memory and certificate/key paths are inuserappdata;--json-config-name: The name of the .json file given with the action json-config-from-file/base64/url;--json-config-priority: The priority of the json file given with the action json-config-from-file/base64/url.
[UPD] Removed update-packages action synonym for scan-packages.
[IMP] wapt-get added update-status action in service mode wapt-get -S update-status.
[IMP] Enabled
--CAKeyFilenameand--CACertFilenamewapt-get options[IMP] Added logger for waptguihelper pyd module. if
--loglevel=debugin commandline, logger is activated.[IMP] Reporting the
use_repo_rulesflag to the WAPT Server in wapt_statusReport
is_enterpriseflag to the WAPT ServerReport installed antivirus and monitors in host inventory
[IMP] Audit loop granularity based on actual installed packages:
Added get_next_audit_datetime() on Wapt class.
waptaudit_task_periodattribute is now in the Wapt class instead of the WAPT service.
[UPD] Removed the not functional
--dry-runwapt-get option.[IMP] Improved register computer fallback from kerberos to password based authentication:
Do not send audit data when registering to limit workload.
[IMP] Try registering computer if update_server_status fails because of authentication.
[IMP] waptpython.exe, waptpythonw.exe, and nssm.exe are now signed with Tranquil code signing key.
[NEW] added pylint and black modules. Added black configuration to vscode project template.
[NEW] Added
setuphelpers.getscreens.[IMP] Improved SetupHelpers unzip : new
extract_with_full_pathsargument (default True).[NEW] New SetupHelpers
listening_sockets().[IMP] Added
templates/setup_package_template_portable_exe.py.tmplandtemplates/setup_package_template_portable_zip.py.tmplpackage templates.
Others stuff¶
[IMP] Added
windows_version_prettynameandwindows_version_releaseidinhost_info.[IMP] Always use RunAsAdminWait to copy package certificate to the local WAPT service
waptssldirectory.[IMP] Improved the WAPT Console config: stores WAPT Server certificate in
AppUserfolder (roamingwaptconsolesslserver).[IMP] Reset TLS client key password in the WAPT Console config if connection error.
[UPD] Retire python
GetPrivateKeyPath, raise exception ifGetPrivateKeydoes not succeed.[FIX] Clear cached TLS client key password when validating the the WAPT Console config dialog.
[IMP] Improve GLPIlpi settings windows.
[IMP] Clean up the html error page from the WAPT Server when checking the WAPT Server and WAPT repository URL.
[FIX] Don’t reenter the private key password dialog if already asking the user. This issue can be triggered if several therad are using a key, or if cooperative multitasking like TAction messages (OnUpdate) triggers a Get with client side certificate authentication.
[SEC] Fix
dhparamon the WAPT Server postconf.[FIX] Fix failover on file version with remove_outdated_binaries().
[IMP] Add
asset_tagto sysinfo api.[FIX]
Get_antivirus_info: test if timestamp attribute exists.[IMP] New getscreens function.
[IMP] Added columns uuid manufacturer and product serialnumber in database.
[UPD] Added
mac_addressestoLocalSysinfo.[UPD] Expanded LocalSysinfo with uuid, serial_number and sku_number, fixed keys with underscore.
[IMP] Improved matching of reachable IPs of client using new GetReachableIP from mormot2.
[UPD] GetReachableIP: connection tests are performed in parallel using mormot GetReachableAddr instead of one after the other to reduce delay when launching IP based command to remote hosts from the WAPT Console.
[FIX] Take
--configoptionin account for wapt-get fpc code.[UPD] waptcrypto: implemented
TX509Certificate.CN, removedTX509Certificate.DN.[UPD] Updated SetupHelpers need_install: now comparing software versions with 4 members. Assumes that 1.2 == 1.2.0.0 and 1.2.3.4.5 == 1.2.3.4, remove_previous_version: use version with 4 members.
WAPT-2.1 Serie¶
WAPT-2.1.2.10652 (2022-01-10)¶
hash: 7dd63b61
[UPD] shorten the default package filename. If
target_osis alnum, do not include md5sum in the filename. Iftarget_osis in tags, do not duplicate it in filename[FIX] disable debug data for linux
[FIX] try to circumvent issue with Trend antivirus blocking the WaptTaskManager. Looks like the issue is with platform.win32_ver using win32api.GetVersionEx…
[FIX] Installed softwares invalid conditions
[FIX] fix local_user and local_group on macOS
[FIX] removed workaround on 60s delay for websocket disconnect
[FIX] use CompressGZip instead of CompressZLib on the WAPT Server, compression is GZip
[FIX] Allow “~” in package filenames
[FIX] try to not update records in database if data has not changed
[FIX] Wake on lan relay now equals is remote repository
[FIX] fix group members
[FIX] return only local and user group (ignore nsswitch)
[FIX] backported the WAPT Exit utility (improved detailed logging) from 2.2
[FIX] backport waptlicences py module from 2.2
[SEC] check that hostname matches https certificate in the WAPT Console http client.
[FIX] backport uwaptlicencing: allow empty json licencing data
[FIX] fix WaptHttpPostData
[FIX] check valid uri in wapthttputils waptwget WaptWget_Try
[FIX] init LastModifiedDate to “” if not found in THttpResponse
[FIX] add a 50ms report delay for httpprogressnotification
isolate wapt python engine: PyFlags:= [pfNoUserSiteDirectory, pfIsolatedFlag];
[FIX] Fixed SetupHelpers: backported changes from 2.2 is_linux64 type_rhel fix installed_softwares for type_redhat upd uninstall_apt with autoremove
[FIX]
user_appdata=user_local_appdatafor unix[IMP] introduced get_powershell_str, get_default_app remove_appx
[IMP] introduce InitLogger for the WAPT Exit utility
[FIX] Fixed the WAPT Console: generalize the use of a fallback package_uuid in case of old packages without package_uuid field.
[FIX] Fixed the WAPT Console: use editable dropdown in frmpackagedetails for maturity
[FIX] backport issue with inc version of some group packages when importing
[FIX] Disable client side ssl authentication on root WAPT Server url (regression)
[FIX] isolate from user python env when building binary packages
[UPD] improved feedback message for license activation on the WAPT Server.
[UPD] wapt-scanpackages.py: add option -d to disable update of database Packages table.
[FIX] The -b switch is True by defaut, so there were no way to disable update of database table.
[UPD] Updated the WAPT Console: be tolerant for old package without package_uuid
[UPD] strip ending slash in {{data.wapt.hostname}} server template properties to avoid double slashes in templates result
[UPD] backport openssl build parameter from 2.2
[FIX] Fixed the WAPT Agent url link in the WAPT Server index page.
[FIX] setproctitle only for unix
[FIX] locate packages in host packages grid using package_uuid instead of id, so that refreshing grid works properly with a multiselection of hosts.
[UPG][SEC] upgrade python version from 3.8.11 to 3.8.12
[FIX] remove python3 dependencie. Now python3 is included in wapt
WAPT-2.1.2.10605 (2021-11-30)¶
hash: e2a0e2a0
[FIX] Fixed the WAPT Console: backport edit multiple hosts add/remove depends/conflicts (issue « no password available yet » when kerberos enabled) backport IpExecute from 2.2
[FIX] unable to edit stripped down package with integrated package editor. (setup.py file hash issue) update package size
[FIX] bad path for nginx dhparam for Windows server
[FIX] upgrade mormot2
[FIX] waptself local admin NOPASSWORD setting did not work anymore log authentication user when task is triggered from local wapt webservice don ot raise exception in check_auth_groups but return (None, None) instead to avoid Error 500 in browser backport fix for integer attributes in packages index backport fix for loading ssl libraries
[FIX] Update wake on lan with broadcasts
[FIX] Error « Add: Unexpected [%] object property in an array » for old package with empty package uuid
[FIX] Acl handle boolean as global ACL
[FIX][SEC] issue with acls : action is enabled when acl is set to json false
WAPT-2.1.2.10588-rc1 (2021-11-22)¶
hash: e70d9039
[FIX] fix installed_softwares for older debian and improve inventory performance
[FIX] fix glpi inventory failure (exception on int conversion)
[SEC] [FIX] invalid condition on package hash check
[SEC] [FIX] cleanup nginx config templates
[NEW] add uwsgi support for Debian server
[FIX] add user information in audit
[FIX] Improve lazarus ini parser to support other values than “1”/”0” as boolean values (True, true, 1, 01, etc. same behavior as python iniparse)
[IMP] support for message previsualisation and templates in waptmessage editor and better multiline support
[UPD] waptsetup : do not use kerberos by default
[NEW] show certificate when double click in acl tab
[IMP] Do not propose to start the WAPT Console after install (due to different user context)
WAPT-2.1.1.10568 (2021-11-08)¶
hash: 978c00ae
This is a bugfix version with some small improvements. The main fix is for websocket issue.
[IMP] Prevent multiple websockets connections from same host uuid on the WAPT Server (bugged wapt clients can maintain multiple websockets, which leads to a lack of avalable connections on the WAPT Server)
[FIX] Fixed restart of the WAPT service with exit code 10 (managed by the nssm service manager)
[FIX] Fixed case on the WAPT service where different threads access simultaneously to a shared Wapt instance
[IMP] Introduced some randomness when the WAPT service reconnects its websocket.
[IMP] Checking more cases to determine if token for websocket has to be updated.
[IMP] Introducted a wait in the socket client until it is actually disconnected before trying to reconnect to avoid multiple websocket threads from same client.
[IMP] Do not re-create a new SocketIOClient at each reconnection, but reuse existing one to minimize risk of multiple connections.
[FIX] Do not consider “%” char as unsafe in filenames
[IMP] Improved logging of the WAPT service (logger wapttasks report main actions triggered by the service in
waptlogwaptservice.log). Removed “flask.app” logger config.[IMP] Remove the WAPT packages’s persistent directory on the WAPT client when a WAPT package is forgotten
[IMP] Added
ignore_empty_namesargument to SetupHelpers.installed_softwares[IMP] Improved display of
package_uuidwith command wapt-get list[IMP] Added redhat_based tag for WAPT package operating system tags
[FIX] Fixed
decrypt_fernet/fernet_encryptfunctions[IMP] Improved the reporting of key as name in softwares inventory for softwares without a descriptive name
[FIX] The
server_uuidcolumn in hosts database updates properly.[FIX] Fixed the removal of packages when
only_if_not_process_running=True.
Known issues:
When the websocket is reconnecting, if the IP adrress has changed, the main IP adrress is not updated in IP adrress column in the WAPT Console.
WAPT-2.1.0.10550 (2021-10-08)¶
hash: 953c9552
This is a bugfix version with some small improvements.
[FIX] Fixed mass add / remove on multiple host at once.
[FIX] Fixed issue when editing a package without a « description_en » attribute in control file.
[FIX] Fixed drag drop when editing selfservice package.
[IMP] Improved feedback when uploading WAPT packages.
[IMP] Improved handling of the list of wakeonlan relay.
[IMP] Improved remote repository is now by default a wakeonlan relay.
[FIX] Fixed access violation error when viewing certificate list.
[FIX] Fixed do not enable verbose logging by default on the WAPT Console, the WAPT Exit utility and waptselfservice (might fill up %APPDATA% …).
[FIX] Fixed use
templates/wapt-logo.pngin the WAPT Exit utility if it exists.[IMP] Improved login error message.
WAPT-2.1.0.10517 (2021-09-30)¶
hash: fa2af298
This is the first release of the 2.1 branch. It is mainly a incremental improvement with many small but worthy fixes on the 2.0 branch.
The WAPT service
[IMP] During upgrade, wapt-get session_setup is not run if no userspace configuration is defined for the installed WAPT packages.
The WAPT Deployment utility
[IMP] Improved automatic proxy detection and configuration possible with the new
--http_proxy=True/Falseparameter or explicit url command line parameter.[IMP] Disabled https verification when downloading waptagent.exe if a fingerprint is provided (allows installation with on out-of-date computer with expired certificate store).
[IMP] Do nothing if no –waptsetupurl argument is provided (it reduces the probability of false positive on antivirus check).
[IMP] Double check WAPT installed version after install and report error message if it does not match (allow detection of installation that have been blocked by a misconfigured antivirus for example).
The WAPT Console
[NEW] tech preview: new tab to provide basic package editing functionnality directly in the WAPT Console without having to open Pyscripter or VSCode.
[NEW] New tech preview: new tab to browse the developement directory directly from the WAPT console.
[NEW] Single Sign On with Kerberos authentication (if
service_auth_type=waptserver-ldapanduse_kerberos=True).[NEW] New button to display WAPT packages that have a specific WAPT package as a dependency in the private repository tab.
[NEW] New message box to decrypt message sent by the WAPT Agents (using
encrypted_data_str/print_encrypted_datain waptcrypto). This allows an admin to upload sensitive information from desktop that will be asymetrically signed by the Administrator’s public key.[NEW] New set of icons and many small visual improvments.
[NEW] New software inventory tab to display installed software (not packages) and see which hosts have that specific software.
[NEW] New button to delete Windows Update KB files that are not used anymore by any computers. This allows to keep the Windows Update storage volume under control.
[NEW] New tab to have a user-friendly display of the certificates that are deployed on a specific host.
[NEW] New tab to display the certificates that are available on a WAPT repository.
[NEW] New warning icons on the hosts tab when the computer needs a restart (after a windows update for example).
[NEW] New filter by OS option.
[NEW] New icons in the OU tree view if a OU package exists for that Organizational Unit.
[NEW] New information message about the choice of maturity when creating new WAPT Agent and by default uploading in DEV maturity (to avoid being directly deployed to all client computers, this allow to test the new WAP Agent on a subset of computer before full scale deployment).
[IMP] Made GLPI export configuration more intuitive.
[IMP] Improved the WAPT Console plugin versatility. All inventory attribute can now be used in command lines (it use the « mustache » template syntax, eg. {{ main_ip }} {{ computer_fqdn }} {{ host_capabilities.os_version }} « {{#host_capabilities.tags}}{{.}},{{/host_capabilities.tags}} » etc.
[IMP] Allow non standard port in the WAPT Console configuration.
waptself
[NEW] allow custom logo in waptselfservice
[NEW] Single Sign On using Kerberos (
needs service_auth_type=waptserver-ldapanduse_kerberos=True)[IMP] allow customisation of package details view using template engine
WAPT Exit utility
[IMP] allow custom logo (on Windows, Linux and macOS)
wapt-get
[NEW] better handling of licence information. Now the licence is uploaded on the WAPT Server and it is not necessary to install it on every admin WAPT Console computer
[IMP] propagate ExitCode from Python calls for better error handling
[IMP] better handling of websocket reconnection (check of socket status every 120s)
[IMP] periodic check of the UUID and the current certificate of the WAPT Agent for consistency between the WAPT Agent and the client computer
[NEW] waptsetup et waptserversetup new parameters:
set_verify_certandset_kerberos
WAPT-2.0 Serie¶
WAPT-2.0.0.9470 (2021-10-07)¶
hash: 5065cb57
This is a security release with a few related bugfixes. All Wapt 2.0 version below 2.0.0.9467 are affected.
[SEC] fix for vuln in urllib3 CVE-2021-33503 (CVSS Score: 7.5 High, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
[SEC] Sanitize filename used when downloading files on local client. (CVSS Score : 7.5 High, CVSS;3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C). Enforced on wget and local filenames for downloaded packages (chars “\” “..” @ | ( ) : / , [ ] < > * ? ; ` n are removed or replaced).
[SEC] Do not use PackageEntry filename attribute to build target package filename as it is not signed.
[UPD] wapt-get remove: reraise exception if there is exception in uninstall script return traceback in “errors” key return code 3 if there are errors when removing packages in wapt-get remove.
[FIX] handles wildcards in certificates in the WAPT Console config and create waptsetup update UI in external repositories config when setting CA bundle.
[FIX] use PackageEntry.localpath only for local status of a package.
[UPD] split PackageEntry non_control_attributes into repo_attributes and local_attributes. local_attributes are not put into Packages index as they are not relevant for remote access.
[UPD] update python modules requirements following urllib3 upgrade idna==3.2 (from 2.10) certifi==2021.5.30 (from 2020.12.5) requests==2.26.0 (from 2.25) urllib3==1.26.6 (from 1.26.5)
WAPT-2.0.0.9450 (2021-08-10)¶
hash: 7bc6920c
This is a security fix version affected by CVE-2021-38608.
Please visit the security bulletin to learn more.
WAPT-2.0.0.9449 (2021-06-22)¶
hash: 70283a14
This is a bugfix version with some small improvements.
WAPT Agent
[FIX] Fixed Windows Update fix in the progress bar.
[IMP] Allow the WAPT Agent to upgrade even when on batteries.
The WAPT Server
[IMP] Many fixes in GLPI sync.
[FIX] Better handling of service_delete exception cases.
[FIX] Fixed database migration handling with
create_defaults_usersprocedure.[FIX] Fixed on windows skip the WAPT Agent build if there is no available certificate for signing.
The WAPT Core
[IMP] Improved the compatibility of
Packagesfile for easing upgrade from WAPT 1.8.2.[IMP] Improved the WAPT Deployment utility: behavior to avoid wrong red flag from AV softwares.
Caveat¶
For macOS support one should use the WAPT Agent 2.1 version available in nightly channel.
WAPT-2.0.0.9428 (2021-05-06)¶
hash: 4b33cf96
This is a bugfix version with many small improvements.
WAPT Console:
[IMP] Improve CreateWaptSetup form layout.
[IMP] Restore focused column visibility when refreshing grid data.
[FIX] Fix wrong path for wapt-get.py in vscode project.
[UPD] Update No fallback in rules to true by default.
[FIX]
enable-check-certificatewith wildcard.[FIX] take into account the
use_http_proxy_for_repoini setting (if not present, assumeFalse).[FIX] Fix
setup_package_template_msu.py.tmplfor package Wizard.[IMP] Add new template for creating package with certificate.
[IMP] Add option to check downloaded package with VirusTotal in package import GUI.
[IMP] Add update-package source action directly in Private repository in the WAPT Console.
WAPT Agent:
[IMP] Use task queue for the forced installs instead of running them inline.
[FIX] Database not opened when we check Hosts who are secondary repositories.
[IMP] Restart partial download of Windows Update files.
[IMP] Improved icons handling in WaptSelfService.
[IMP] On macOS use host certificate store by default for https certificate validation.
[IMP]
reload_config_if_updatednow reload config ifpublic_certs_dirhas changed.[FIX] WUA: better handling of return code « does not apply to this computer ».
WAPT Server:
[FIX] Fixed bad migration of PGSQL databse server side.
[FIX] Improved database upgrade in corner cases.
SetupHelpers
[FIX] Fixed
register_windows_uninstallcalculation and using correct x86_64 environment with register_uninstall and unregister_uninstall.[IMP] Improved inline function description for documentation.
WAPT-2.0.0.9343 (2021-04-08)¶
hash: 117d62b8
This is mainly a bugfix release after the initial 2.0.0 release.
WAPT Console:
[IMP] Show an explicit message if the user can not build a customized WAPT Agent.
[IMP] Enabled remote repo sync if there are repo configured (making
remove_repo_supportparameter obsolete).[IMP] Better filtering on
maturities.[FIX] Fixed templates for vscode
WAPT Server:
[IMP] Include certificates from WaptUsers table in result of /api/v3/known_signers_certificates.
WAPT ACL handling:
[UPD] ACL: added an action to show the user certificate.
[UPD] Creates default (empty) WaptUserAcls record on user login even for non ldap logins.
[IMP] Better naming for ACL domains.
SetupHelpers
[FIX] Fixed
register_uninstall.[FIX] Do not change silently
maturityandlocaleincheck_package_attributes.[FIX] Fixed regression in wget resume.
Other technical stuff:
[IMP] Added support for installation on OracleLinux.
[FIX] Tightened files ACLs on Linux + fixes + SELinux fixes in postconf.
[IMP] Introduced mORMot2 framework in Lazarus code.
[FIX] Fixed datetime conversion in the WAPT Console.
WAPT-2.0.0.9300 (2021-03-30)¶
hash: 018b8b57
This is the first release of the 2.0 series. After one year in development and more than 1600 commits it brings a bunch of new features and enhancement to the last major update of WAPT 1.8.2. On the technical side WAPT 2.0 now embed Python3 and now support 8 new platforms (some of them backported to 1.8.2).
The switch to Python3 may require minor adjustment to the existing package that may have been development in-house (refer to the corresponding doc page). The packages offered by Tranquil IT through the WAPT Store are already compatible with WAPT 2.0.
From a sysadmin point of view¶
[NEW] ACLs.
[IMP] WAPT Server side ACLs in addition to certificate validation.
[IMP] User management interface with certificate listing.
WAPT Console:
[IMP] gui: change maturity directly from the WAPT Console.
[IMP] gui: all WAPT package types are grouped in one tab.
[IMP] helpers: build and upload locally development package from the WAPT Console.
[IMP] helpers: import default reporting queries from internet.
[IMP] helpers: restart the WAPT Agent and restart client computer from the WAPT Console.
[IMP] Package wizard: support for RPM/DEB/PKG/DMG.
[IMP] Remote repositories: status bar for progression of creation/ update of
sync.jsonfor repo sync.[IMP] Windows Updates: new search bar, view host with specific KB.
[IMP] Faster import and resigning of package, change of maturity, etc.
[IMP] waptmessage: better handling of user oriented notification.
[IMP] Better logging of WAPT Console actions and WAPT Agent activity.
Performance improvements for larger installations:
[IMP] Better handling of insert / update of inventory.
[IMP] Better handling of websocket updates.
[IMP] GLPI integration: synchronize WAPT inventory to GLPI server.
Better OS integration:
[IMP] TLS certificate handling: certifi uses local OS certificate store instead of Python certifi integrated certificate store.
[IMP] Increased the number of supported platform, improved packaging for Linux (deb and rpm) with support for a WAPT Agent running on arm64 and macOS BigSur 64bit.
Package development:
[IMP] Improved package wizard.
[IMP] Many small fixes and improvements to SetupHelpers and better support for Linux and macOS.
[IMP] Improve os targeting now you can specify targeted OS and specific version of OS : eg. Debian(>=9,<=10).
From a technical point of view¶
Python: switch from Python2.7 to Python3:
Linux: use of venv by default with distrib python 3 version.
Windows: switch python3 install to embedded edition 3.8.7.
Different installer for WinXP / WinVista / Win2k3r2 / win2k8 (nonr2) (recent CPython version does not support older Windows systems anymore).
Better handling of passwords with special chars.
Upgraded WAPT core libs and scripting environment.
Upgraded to Python3 and Python libraries, changed kerberos and websocket libraries.
Upgraded to Lazarus 3.0.10 and FPC 3.2.
Caveat¶
Support for non supported Windows version (WinXP, WinVista, Win2k8 (non-R2) and Win2k3) is still baking in the oven and should be ready shortly after the 2.0 release date.
Redhat8 and derivative distributions: for upgrade it is necessary to remove WAPT SELinux rules before using postconf again.