On-Premises API Changelog Archive

WhatsApp Business API Client

2023

Sep 26, 2023 (v2.49.5)

Version 2.49.5 is now available and includes:

• Fix an issue leading to /tmp folder not being cleaned when sending media messages.

Sep 15, 2023 (v2.49.4)

Version 2.49.4 is now available and includes:

• Fix a performance regression issue when sending template messages. The issue was impacting accounts with large number of templates, and only on v2.49.1, v2.49.2 and v2.49.3 (the v2.47.x series is not affected by this issue).

Aug 11, 2023 (v2.49.3)

Version 2.49.3 is now available and includes:

• Fix an issue with empty webhook notifications being generated for messages that shouldn’t have webhooks created for them.
• Address the issue where coreapps are experiencing a state of being stuck.

July 31, 2023 (v2.49.2)

Version 2.49.2 is now available and includes:

• Fix an issue which prevented garbage collector to delete processed messages.
• Fix an issue of delayed 24-hour messaging session opening.

July 11, 2023 (v2.49.1)

Version 2.49.1 is now available and includes:

• Improves garbage collector which now clears unused outbound and inbound media.
• Introduces a new endpoint to store inbound media. This allows to download media which was not downloaded (or failed to download) when a media message was received
• Attempting to send an existing authentication template will now return error code 1009 if parameters are not allowed. See more at Authentication Templates.
• Captions are now supported for document messages.
• Adds support for Location Messages.
• Fix an issue that was preventing phone number change notifications from being posted on webhooks.

July 28, 2023 (v2.47.8)

Version 2.47.8 is now available and includes:

• Fix various memory crashes.
• Fix sending interactive message of type 'product'.
• Fix an issue preventing from getting notifications when users change their phone number.

July 4, 2023 (v2.47.7)

Version 2.47.7 is now available and includes:

• Fix issue that was preventing messages to be correctly received by businesses (users only saw 1 tick on their side) in specific scenario.

June 21, 2023 (v2.47.6)

Version 2.47.6 is now available and includes:

• Fix overcharge issues from free entry point conversations. All v2.47 versions before this patch are not recognising free entry point conversations and thus are classifying them as service conversations. This issue was also affecting the length of free entry point conversations, wrongly considered as 24 hours windows (instead of 72 hours).
• Fix various memory crashes.
• Fix delivery receipts not received in specific situations.

May 22, 2023 (v2.47.3)

Version 2.47.3 is now available and includes:

• Fix a rare crash that can occur when receiving an invalid message.
• Fix 100% CPU usage in unregistered coreapps.
• Fix a memory leak.

May 22, 2023 (v2.45.5)

Version 2.45.5 is now available and includes:

• Fix a memory leak.

May 15, 2023 (v2.47.2)

Version 2.47.2 is now available and includes:

• Fix crashes that would lead to the coreapp stalling and going unhealthy.
• Fix issue that could lead to empty webhook bodies when a large number of messages are received simultaneously.

May 15, 2023 (v2.45.4)

Version 2.45.4 is now available and includes:

• Fixed crashes that would lead to the coreapp stalling and going unhealthy.

April 11, 2023 (v2.47.1)

Version 2.47.1 is now available and includes:

• Media upload reliability
  • Improved the media upload flow, fixing several known edge cases when sending media messages.
• Receive payments on WhatsApp (feature available only in Singapore)
  • Businesses can now collect Stripe payment for orders from their customers on WhatsApp. Refer to our developer docs for more information.

March 24, 2023 (v2.45.3)

Version 2.45.3 is now available and includes:

• Fixed bug preventing multi-connect setups from upgrading from 2.41 to 2.43. Upgrades now succeed and after upgrading, the health endpoint returns the status of all Coreapps that were started.
• Fixed webapp to support ipv6 networks. (Set env-var ENABLE_IPV6=false on the webapp container to disable).
• Fixed bug when the show_security_notifications option is turned on, we may receive unknown_system messages rather than receiving notifications with user information whose identity has changed.

March 17, 2023 (v2.43.3)

Version 2.43.3 is now available and includes:

• Fixed bug preventing multi-connect setups from upgrading from 2.41 to 2.43. Upgrades now succeed and after upgrading, the health endpoint returns the status of all Coreapps that were started

March 9, 2023 (v2.45.2)

Version 2.45.2 is now available and includes:

• Fix for High Availability setup.
  • When launching a new High Availability setup (i.e. fresh containers and new database), health endpoints on individual Coreapps can now be used without first registering a business phone number.
• Fix for /v1/payments endpoint.
  • The /v1/payments endpoint is now usable in High Availability setup; it no longer returns a "WhatsApp server is disconnected" error.
• Docker latest version support
  • CoreApp & Web Containers may fail to start with containerd.io-v1.6.18
  • Troubleshooting details

January 10, 2023 (v2.45.1)

The 2.45.1 version of our Business API client is available today and includes:

• Security Improvements
  • We updated key dependencies of On-Premise client and monitoring stack fixing critical vulnerabilities and making prometheus monitoring transport using secure protocol. 2 environment variables are introduced which will be be used to enable the securing of the SSL connection, and to ensure verification of the webapp certificate. These new environment variables are:
    • WA_SKIP_SSL_VERIFICATION is going to be used to enable, and disable ssl verification. Valid values are TRUE or FALSE.
    • WA_SSL_CA_PATH gives the path to the certificate which can be used to verify the webapp certificate used by the businesses. This is useful if businesses are using a self-signed certificate or certificate that was signed using their own Certificate Authority. The path here should be accessible from the container so it needs to added as a volume. If WA_SKIP_SSL_VERIFICATION is set to TRUE, this value is ignored.
• Service reliability
  • Errors such as “invalid namespace” would happen at times when trying to send template messages while the HSM packs weren’t loaded yet. This has been fixed, now businesses will encounter a new error “Coreapp is not ready” whenever they try to use the messaging endpoint before the client is not fully ready.
• Database Performance Improvement
  • We have improved the database query execution time by reducing round trips between client and database server. There are also some new DB indexes to improve performance of some heavy queries on message send path.
• Stability and bug fixes
  • Message deleted webhook is working again. When businesses send a message to the consumer and deletes it, the business will receive a webhook.
  • out_message_persisted prometheus metric has been fixed and is working again
  • Video thumbnail is fixed. When sending videos, the thumbnail was sometimes missing and consumers couldn’t see the first frame before playing the video.
• New field in message sent status webhook notification
  • We introduced a new field media_id in the message sent status webhook notification for all media messages.

2022

November 24, 2022 (v2.43.2)

The 2.43.2 version of our Business API client is available today and includes:

• Fix for deleted message webhook notifications
  
  1. There was a bug in the v2.43.1 release which caused deleted message status webhook notifications to not be delivered. No other internal clean-up procedures were impacted except for sending this webhook notification in v2.43.1

October 11, 2022 (v2.43.1)

The 2.43.1 version of our Business API client is available today and includes:

• Changes to contacts node
  • Responses from contacts requests will no longer provide status information about a phone number. contacts can still be used to preload contact information before sending a message to the number. This can improve send message performance when sending messages in large volumes
• New API for blocking contacts
  • We are introducing a new API which will allow businesses to block and report customers who are sending obscene content, using inappropriate language, or harassing businesses’ employees
• Media reliability improvements
  • Improved reliability for media message sends (including template media messages) in cases where the same media is sent at a high throughput, such as during campaigns
• Extended API timeout
  • The timeout for API requests has been increased to 120 seconds. This is a short-term mitigation to reduce the number of timeouts for operations that are still being processed by the API client
• Incoming contact message fix
  • Incoming contact messages will now correctly show a contact’s company and department
• Stability and bug fixes
  • Fixing crashing issues when sending message right after registration
  • Fixing an issue with the web app so special charactors in password are handled correctly
  • Adding a new table index on message_receipt_log

September 19, 2022 (v2.41.3)

The 2.41.3 version of our Business API client includes:

• Adding a new table index on message_receipt_log that could benefit partners with high throughput needs (sending more than 200 messages / second)

June 27, 2022 (v2.41.2)

The 2.41.2 version of our Business API client includes:

• Improvements to the latency of the bulk /contacts endpoint requests and resolution of deadlock issues
• Improvements to the performance and reliability of the garbage collection process
• Businesses now have the ability to enable/disable delivered and read webhook notifications which gives them greater control over webhook notifications for messages. This can be achieved through the settings/applications endpoint
• namespace field is optional for the template object
• More robust handling of media download errors so businesses should experience less issues downloading media sent by customers
• Additional reliability and bug fixes within the send message and registration workflows
• The caption property is limited to 1024 characters This change only applies to captions on media messages being sent on v2.41.2. There is no impact on previously sent messages with other versions. No character limitations have been introduced on other message types

May 10, 2022 (v2.39.4)

This client version contains all features and fixes shipped with v2.39.1. Additionally, this release:

• Fixes a bug that prevented video messages from being sent under certain circumstances. This fix was also included in v2.39.2.
• Fixes a bug that prevented businesses from sending messages to a customer, if the consumer was the first to initiate an interaction between the two parties on WhatsApp, and that initiation happened more than 7 days ago. This fix was also included in v2.39.3.
• Fixes a bug that prevented businesses from receiving disappearing messages from customers. After v2.39.4 is installed, businesses will get notified they received a disappearing message by a webhooks notification with type set to "ephemeral". Businesses will not be able to see the message's content.

When we launched v2.39.3, the disappearing messages issue was handled by WhatsApp automatically disabling these messages in the chat thread with the client. For v2.39.4, we will not do that. With this version, businesses that receive disappearing messages must ask the customer to disable disappearing messages and resend their latest message.

Mar 25, 2022 (v2.39.3)

The v2.39.3 version of our Business API client is available for developers today. The new client includes two fixes and additional logs to support debugging. The two fixes are:

• Fixed a bug that prevented businesses from sending messages to a customer, if the consumer was the first to initiate an interaction between the two parties on WhatsApp, and that initiation happened more than 7 days ago.
• Fixed a bug that prevented businesses from receiving disappearing messages from customers. After v2.39.3 is installed, businesses will get notified they received a disappearing message by a webhooks notification. On their end, customers will see a warning saying that the disappearing messages mode has been turned off.

Mar 4, 2022 (v2.39.2)

Fixed bug that prevented video messages from being sent under certain circumstances.

Known Issues

• A bug exists that prevents businesses from sending messages to a customer, if the consumer was the first to initiate an interaction between the two parties on WhatsApp, and that initiation happened more than 7 days ago.
• A bug exists that prevents businesses from receiving disappearing messages from customers.

Feb 1, 2022 (v2.39.1)

The 2.39.1 version of our Business API client is available for developers starting today. The new client includes:

• New field for the Set Shards API.
• New hostname added to network requirements.
• New error code 1031.
• Deprecations of the hsm type and the webhook_payload_conversation_pricingmodel_disabled application setting.

Set Shards API

Starting with the new API client version, you may provide your phone’s certificate when you are setting up multiconnect. That means that, when calling the /v1/account/shards endpoint, you can add the Base64-encoded certificate in the cert field. See Scale Your API Client With Multiconnect for information.

New Hostname

We have added graph.whatsapp.com to the list of WhatsApp server hostnames that the Business API client requires connectivity to. See Set Up and Debug Your Network, Hostnames for information.

Error Code Updates

With v2.39, we have added error code 1031. You will get this error if your account has been locked and can’t send any messages due to an integrity policy violation. See Error and Status Messages and Policy Enforcement for information.

Deprecations

• Messages API: The hsm type has been deprecated with v2.39. You should use the template type instead.
• Application Setting: The application setting webhook_payload_conversation_pricingmodel_disabled has been deprecated.

Known Issues

Some video messages fail to send under certain circumstances.

March 26, 2022 (v2.37.2)

This version contains the same features as v2.37.1, but there's a different expiration date. v2.37.2 expires on Sep 22, 2022.

Known Issues

Some Kubernetes developers may see CrashLoopBackOff for their webapp container and their container may fail to start. To fix that, add following line in the Kubernetes deployment YML file under webapp configuration:

command: ["/opt/whatsapp/bin/wait_on_mysql.sh", "/opt/whatsapp/bin/launch_within_docker.sh"]

2021

Sep 30, 2021 (v2.37.1)

This new version of the API introduces:

• Commerce Messages. (Businesses in India have to follow a set of different rules and have access to a new endpoint: /settings/business/compliance_info).
• New webhook fields to support Conversation-Based Pricing.
• New webhook field inside the statuses object.
• Deprecation announcements for Messages API, Application Settings API, and pricing.

Commerce Messages

This version of the API introduces two new types of interactive messages: Single Product Messages and Multi-Product Messages. Users that receive these messages can view products, add them to a shopping cart, and send the cart back to businesses.

Both Multi and Single Product Messages lend themselves best to user experiences that are simple and personalised, where it’s a better experience to guide the customer to a subset of items most relevant to them, rather than browsing a full catalog. They work best when combined with navigation tools like natural language processing, text search or List Messages and Reply Buttons to get to what the customer is looking for fast. See Commerce Guides for more information.

Commerce Messages in India

API businesses in India (+91 phone number) can start integration from today, but will only be able to send Multi-Product or Single Product messages after 15 November 2021. The Laws enacted by the Department of Consumer Affairs in India require you to provide additional information to customers in your Business Profile and Product Detail Pages.

With the WhatsApp Business API v2.37, businesses in India also gain access to the /settings/business/compliance_info endpoint. See more information here.

Conversation-Based Pricing

We have previously announced that the WhatsApp Business API will switch from a notification-based pricing model to a conversation-based pricing (CBP) model on February 1, 2022. To support your efforts in getting ready for the new pricing system, this version of the API introduces new webhook fields. The webhooks field listed below will only start showing up on your webhooks on February 1, 2022.

See examples of the new webhooks here.

New Webhooks Field For the Statuses Object

The webhooks statuses object now includes a type field. Currently, the only supported type is "message".

Deprecations

• Messages API: The hsm type will be deprecated when we launch the WhatsApp Business API v2.39. You should use the template type instead.
• Application Settings: The setting webhook_payload_conversation_pricingmodel_disabled will be disabled on February 1, 2022.
• Pricing:

  • Notification-Based Pricing will be deprecated on February 1, 2022. With it, the "NBP" webhook field under pricing_model will also be deprecated.
  • The webhooks billable flag that was added for the Mexico conversation-based pricing test is scheduled to be deprecated as early as March 2022. We recommend that you stop using this field before upgrading to the next version.

Jun 28, 2021 (v2.35.4)

Fixes:

• Retry mechanism for Reply Buttons messages on multi-device.
• Check on incoming message maximum size to prevent MySQL errors.
• Memory issues.

May 26, 2021 (v2.35.2)

Interactive Messages

This version of the API allows you to send interactive messages, which includes list messages and reply button messages. These new features give users a simpler way to find and select what they want from your business during an interaction on WhatsApp. During testing, chatbots using interactive messaging features achieved significantly higher response rates and conversions compared to those that are text-based.

The following messages are considered interactive:

• List Messages: Messages including a menu of up to 10 options. This type of message offers a simpler and more consistent way for users to make a selection when interacting with a business.
• Reply Buttons: Messages including up to 3 options —each option is a button. This type of message offers a quicker way for users to make a selection from a menu when interacting with a business. Reply buttons have the same user experience as interactive templates with buttons.

At the API level, interactive messages are set by specifying a message’s type to interactive and adding the interactive object. Generally, these messages include 4 main parts: header, body, footer, and action.

For more information, see our Sending Interactive Messages guide.

Deprecations

TTL

The ttl parameter has been deprecated. Moving forward, any POST requests to /messages that include this field will return an error message. Previously, this field was only accepted for messages of type hsm and template

Passthrough Setting

Starting with v2.35, you can no longer re-enable the pass_through setting for WhatsApp Business API Clients.

Mar 10, 2021 (v2.33.4)

• [Fixed] Webhook notifications for delete message events are sent to the business successfully.

Feb 23, 2021 (v2.33.3)

General Updates

• All the docker images are now running Ubuntu 20.04. External libraries are all using latest version: php 7.4, openSSL 1.1.1, and Lighttpd 1.4.55.
• [Deprecation] The WhatsApp Web Business Tool (deprecated since v2.29.1) will no longer be available through the Webapp URL. Postman is now the recommended way of accessing the REST API.
• [Fixed] Security vulnerabilities within the Grafana monitoring instance.

In-Thread Context for ads that Click to WhatsApp

Starting April 21, 2021, as part of API v2.33, businesses will have access to the In-Thread Context feature for ads that click to Whatsapp. With In-Thread Context, a consumer can easily reference the ad they tapped on, and a business can understand which messages come from which ads, making the first interaction more convenient, personal and efficient.

Initial tests have shown In-Thread Context to increase the number of conversations and reduce the cost per conversation.

In order to enable In-Thread Context, the business or Business Service provider that is hosting API v2.33 needs to update their inbound webhooks integration to read a new 'referral' property added to inbound messages by April 21.

After April 21, consumers will be able to send the In-Thread Context via message attachment, containing the header, body image and video related to the ad.

If the advertiser does not complete the above updates by April 21, they will not be able to receive the attachment, and will miss important context on what the customer is messaging about. The consumer will see the ad context, and will expect the business to as well.

Conversation-based pricing

Since February 1, 2021, we have been testing a new pricing model for the WhatsApp Business API that impacts businesses messaging users with a Mexico phone number.

To support this effort, some message webhooks notifications now include the new conversation and pricing objects —only messages with status sent, delivered, and read are impacted. For more information, see Message Status Notifications.

2020

Nov 13, 2020 (v2.31.5)

• [Fixed] Receiving messages with fields exceeding expected limits is handled correctly.
• [Fixed] /v1/settings/application response to display the config setting for automatic garbage collection

Oct 20, 2020 (v2.31.4)

• A stricter version expiry has been enforced beginning with this version and for all previous versions.
• Identity change notification
  • Businesses using the WhatsApp Business API can choose to be notified when there has been a potential update to the identity of a user with whom they are communicating. This gives businesses a signal that the person behind the account may have changed so a business can verify that they are sending information to the right number.
  • If a business opts in to this feature, they will be informed when they receive messages from WhatsApp accounts where the person controlling the account may have changed and will be blocked from sending messages to those accounts until the business acknowledges receipt of the signal and they feel it is safe to continue communications. This will protect the business and their customers from leaking sensitive information.
  • Please review best practices to enable integration for this feature: Understanding Identity Change for WhatsApp Business
• [Fixed] Highly Structured Message packs download issue
• [Fixed] Backup/Restore API security issue

Aug 11, 2020 (v2.29.3)

• The Coreapp service is run as user root
• The upgrade path to v2.29.3 involves ensuring all pre-existing media volumes have modified ownership to the root user to ensure seamless operation in v2.29.3. This specifically impacts businesses that are running v2.29.1, v2.29.2, or attempted to upgrade to those versions recently. Please follow our recommendation guides to upgrade to v2.29.3:
  • Production Setup: Single Instance — Upgrading
  • Production Setup: High Availability/Multiconnect — Upgrading
• [Fixed] Memory corruption issues with sending/receiving media messages

Jul 27, 2020 (v2.29.2, v2.27.13)

• Fixes security vulnerabilities for Grafana monitoring instances

Jul 17, 2020 (v2.29.1)

• Businesses can receive inbound system notifications when consumers change their phone number
• New flags of forwarded and frequently_forwarded are added for inbound notifications from consumers. These can be used to detect whether incoming message is forwarded, frequently forwarded, or not.
• Updated the WhatsApp Business API client's security to decrease memory corruption while handling media and to run without root privileges, making the application less vulnerable to attacks
• Performance of the WhatsApp Business API client is improved
• Added API key support to the /stats and /metrics nodes.
• [Deprecated] WhatsApp Web Business Tool is deprecated
• [Deprecated] The on_call_pager parameter is deprecated
• [Future Deprecation] Structure of sending message template will be changed deprecating the hsm object
• Recommendations for database management
  • pass_through is disabled by default
  • Users who upgrade with
    • pass_through enabled — Automatic database garbage collection is enabled
    • pass_through disabled — It is recommeneded to enable automatic garbage collection to manage the database
  • New /services/message/gc endpoint to perform database garbage collection if users want to disable automatic garbage collection
  • No read status callbacks will be posted with pass_through enabled.

Apr 17, 2020 (v2.27.12)

• Grafana version upgrade to 6.7.2
• New alerts added

Apr 8, 2020 (v2.27.11)

• Coreapp Overview dashboard improvements
• [Bug fix] Coreapp disconnects database connections more frequently than necessary

Mar 4, 2020 (v2.27.9)

• Fixes a potential database upgrade issue when upgrading to 2.27.8

Jan 29, 2020 (v2.27.8)

• Sticker support is added
  • Send/receive stickers as a message
  • Download Whatsapp stickers and generate/manage third-party stickers
• Bypass the cache when checking contacts using the force_check parameter
• For a /v1/contacts API call in async mode, the results can be posted to the callback server without having to poll the check contacts status
• [Deprecated] The fallback language policy is deprecated for sending message templates
• [Deprecated] Ability to send message templates from a different namespace is deprecated
• Message templates hydration logic moved from the consumer app client to the WhatsApp Business API client
• Ability to close idle MYSQL DB connections using WA_DB_CONNECTION_IDLE_TIMEOUT (in seconds)

Jan 6, 2020 (v2.25.5)

• [Bug fix] Issues related to memory leaks identified in previous versions of 2.25.x are resolved
• [Bug fix] Previewing URLs are crashing Coreapp intermittently

2019

Nov 13, 2019 (v2.25.4)

• [Bug fix] Video preview thumbnails are not correctly generated on the receivers phone client
• [Bug fix] Too many database connections issue
• [Bug fix] Video duration generation

Oct 7, 2019 (v2.25.3)

• Throughput for outbound text type messages is improved to 50 messages/second
• Improved efforts to show URL preview
• Improved error handling when preview URL is invalid or not supported
• [Bug fix] Mark messages as read in Postgres
• [Bug fix] Previously, photos larger than 63 KB were encoded. This limit is now increased to 5 MB, enabling original high quality pictures to be sent as they are.
• [Bug fix] Fixed security vulnerabilities for CVE-2019-11931 and CVE-2019-14835

Sep 9, 2019 (v2.25.2, v2.23.6)

• Improvements to Coreapp security

Aug 26, 2019 (v2.25.1)

• Throughput for outbound media type messages is improved to 18 messages/second
• Throughput for outbound text type messages is improved to 25 messages/second
• Throughput for inbound text type messages is improved to 100 messages/second for single instance
• “Non-secure http” Webhooks are deprecated — Please upgrade Webhooks to https for inbound notifications
• A long lived authentication token is available for health API calls to help monitor multiple deployments of WhatsApp Business API clients
  • The number of requests (rate limits) for the health endpoint is set to 10 per second
• Business vertical values to be enumerable rather than free-form text
• [Bug fix] Propagating mime-types correctly to address inbound media issues
• [Bug fix] Mark message read request in multiconnect mode should be distributed uniformly to all the shards rather than sending to shard 0 alone
• AWS cloud formation template is made publicly available from S3, removing manual step of requesting access via Direct Support

Security Advisory

The following security vulnerabilities impact the v2.25.1 Coreapp image. The next patch release will include fixes.

• CVE-2018-20856: A patch release will include the fix when published by the vendor for Ubuntu 16.04

Jun 18, 2019 (v2.23.5)

• [Fixed] WhatsApp Web Business Tool not working in Multiconnect mode
• Upload media file size now 100MB
• Disallow setting shards for single instance
• Improved error handling while
  
  • Setting shards
  • Setting two-factor verification
  • Sending message templates
• Oncall pager error messages improved for "structure unavailable errors"
• "Mark messages as read" now includes all readable message types

Apr 29, 2019 (v2.23.4)

• Ability to get the group icon and profile photo by URL instead of a binary blob
• Revamped WhatsApp Web Business Tool
• Ability to upgrade the WhatsApp Business API Client database independent from the WhatsApp Business API Client
• Ability to update business profile settings independently — no longer requires all of the fields
• Support PostgreSQL database in addition to MySQL
• Message template validations at send time have been added to reduce rendering errors on the customer's device
  
  • New error codes have been added to indicate why these failed
• Ability to send videos as a message, currently limited to videos that are in the MP4 format with H.264 video codec and AAC audio codec
• New Monitoring dashboards (Grafana) added that help track the performance of database and Coreapp more closely
• Ability to send media using a web link
  • Ability to support media providers to access web links that require authentication to download the media
• More descriptive error message for existing error codes (e.g., 471, 472, etc.)
• For document messages, ability set a filename in addition to the caption field that the user will see when they attempt to download the document
• When receiving document messages, the filename provided by the sender will now also be shared in the callback in addition to the caption field

Breaking Changes

Metrics

• callback_requests replaced with callback_requests_duration_ms_count and callback_requests_duration_ms_sum
• metric out_message_received_by_server, out_message_received_by_target, out_message_received_by_target_read, out_message_sent replaced with out_message_status
• Upgrade Prometheus/Grafana containers to 2.23+ to enable monitoring for new metrics

Security Advisory

The following security vulnerabilities impact v2.23.4 images. The next patch release will include fixes.

Coreapp

• CVE-2019-2683 (CVSS Rating Medium)
• CVE-2019-2566 (CVSS Rating Medium)
• CVE-2019-2581 (CVSS Rating Medium)

Webapp

• CVE-2019-11034 (CVSS Rating Critical)
• CVE-2019-11035 (CVSS Rating Critical)

Jan 24, 2019 (v2.21.6)

• Bug fixes:
  • [Security fix] Removed Mercurial package that has a security vulnerability in the Webapp container
  • [Fixed] Couldn't send “0” in text messages
  • [Fixed] Fixed memory leak due to race condition in server request handling and media request handling
• Known issues:
  • For WhatsApp Business API client's running v2.21.6, when the client is disconnected from the server it may remain disconnected for a few minutes (up to 4 minutes) and then will retry the connection. Upgrading to v2.23.4 will allow for less downtime for a client when attempting to connect to the server.

2018

Nov 13, 2018 (v2.21.4)

• New features:
  • Added profile name in a separate contacts object for callbacks
  • New Operations guide
  • New Security guide
  • Register 1800 and Toll Free Numbers
• Bug fixes:
  • [Fixed] Partially populated business profiles were causing GET /v1/settings/business/profile to return as empty
  • [Fixed] The Business Account Settings in the WhatsApp Business Web Tool would not load if the business profile was empty
  • [Fixed] API calls to /v1/contacts did not return info
  • [Fixed] Error code 500 returned when sending JPEG images
  • [Fixed] When attempting to mark deleted messages as read, 500: Internal Server Error was returned.
  • [Fixed] Media upload would be attempted before the application was fully initialized

Oct 24, 2018 (v2.21.3)

• New messaging features:
  • Ability to set a TTL (time-to-live) on messages sent to consumers to specify an expiry window for yet undelivered messages (Default: 7 days)
  • Ability to send (in response to a customer care window) and receive contacts from business to consumers
  • Ability to send location from business to consumer in response to a customer care window
  • Ability for business to mark a message received from consumer as 'read'
  • Unsupported incoming messages from a consumer will now raise a callback
  • Incoming message from a consumer that was later deleted (by the consumer) will now raise a callback to notify business
  • New API to allow deleting the profile photo for a business account
  • New error codes for messages that were failed to be delivered to consumer
• New monitoring features:
  • Containers for prometheus and grafana now available to easily help setup monitoring for the Business API client
  • New stats available for monitoring web container
  • Published WADebug, an open source tool to troubleshoot WhatsApp Business API Integrations
  • Troubleshooting enhancement (new fields in API response headers) to easily track all logs related to a specific request/API call made against the Business API client
• Announcements:
  • Data volume deprecation: The data volume is no longer necessary for Business API Client operation from this version onwards
  • Admin privileges now required to access settings, registration, and uploading/deleting certificates or downloading Webhook certificates.
• Bug-fixes:
  • [Fixed] Uploading a webhook CA certificate did not work in a multi-connect deployment
  • [Fixed] API response structure for GET settings/profile/about was incorrect

Sep 24, 2018 (v2.19.7)

• Explicit request timeouts for media transfer, prevent requests from getting stuck indefinitely
• Support IPv6 address for database hostname
• Allow larger profile photo sizes (up to 5MB)
• Fix JSON response format for Profile > About

Jul 24, 2018 (v2.19.4)

• AWS upgrade issues from previous minor version is fixed
• Known Issues:
  • Using an IPV6 address as a database hostname doesn't work.
    In the environment passed to the containers, if WA_DB_HOSTNAME is an IPV6 address the Webapp container does not work. Workaround is to make the system see it as a hostname, either by finding the DNS name or changing /etc/hosts. Please note that if WA_DB_HOSTNAME is IPV4 address, it works fine.
  • Profile pictures above 70k don't work.
    Setting profile pictures for WhatsApp Business API Client of size more than 70k is failing. Currently, there is no workaround for this issue. We will patch this to 2.19.X as soon as it's ready.
  • Registration with bad pin for "Two-Factor Verification" crashes the Coreapp.
    Registration with wrong pin of two-factor authentication (2FA) crashes the Coreapp. Workaround is to 1) Restart the containers and register with correct pin, or 2) Disable 2FA and retry registration without a 2 pin.

Jul 18, 2018 (v2.19.3)

• Removed command line registration
• Support for "manual registration codes" is ended
• Recommended to install and upgrade using docker compose
• Script to install and upgrade continue to work. But, It will be removed at later version
• Builds now have a longer 6 month expiration
• Better error handling in Multiconnect
• For Multiconnect setup, only master can change vname
• Support for SQLite is deprecated from this release. Please migrate to MySQL if you haven't already.
• Allow user provided CA certificates to enforce HTTPS for Webhooks
• SSL certs are now stored in the waweb database
• Login fail tolerance rate limit for Webapp is set to 50 per hour
• Support for secure payload between the Webapp and Coreapp
• Enhanced security in the Webapp
• Change default db environment to not to use root
• Log rotation script support for Webapp and Coreapp

Jun 15, 2018 (v2.18.26)

• Increased rate limits to reflect real world usage
• Improved encryption key performance
• Faster reconnects when application disconnects
• Enhanced security in the Webapp
• Support password change in web admin
• Improvements on database performance in the Webapp
• Launching deterministic HSM — This allows the business to set the language for the HSM rather than it being a fallback.
• Make Prometheus compatible with the new API
• Fix incorrect media download uuid info
• Fix issues related to document MIME type
• Retrieve Prometheus stats with the parameter format=prometheus
• Improve throttling performance when job/callback queue exceeds the size
• Fix high/low threshold model for queue limit
• Support for SQLite is deprecated post this release. Please migrate to MySQL if you are still on SQLite.
• Enforce HTTPS for Webhooks, deprecating new HTTP Webhooks — Recommend HTTPS with publicly signed certificate, and if not possible, turn off SSL verification by setting the Webhooks parameter under the application settings:

{
    "webhooks": {
      "ignore_ssl_errors": true,
      "url": "https://webhook_endpoint"
    }
}

May 10, 2018 (v2.18.22)

• The oncall pager can be set to a group so more people are notified.
• If message fails to send, errors returned will be more specific and actionable.
• Security enhancements across the board.
• Must have webhook url set before sending messages on new RESTful API.
• Smarter handling of database failures, reconnects, and restarts.
• Better web admin UI error handling.
• Configurations are stored on DB by default nobew.
• Force password change on first admin user login on UI and API.
• Only return message ID when sending message after request has been stored.
• Continued development for multiconnect.
• Allow and respect proxy environment variables for all connections.
• New unique message IDs which will be required in API calls.
• Multithreading is now more optimized when sending messages.
• Improvements to network events and job queue logging.
• Minor compiler optimizations

Apr 18, 2018 (v2.18.16)

• Enhanced security on user account credentials.
• Improve performance by ensuring job queue ordering is maintained.
• API registration returns verified name to ensure correctness.

Apr 16, 2018 (v2.18.15)

• Web admin now has updated settings.
• Fix for sending HSM without any parameters.
• With the move to MYSQL and configurations on DB, DB settings in application settings are no longer used so they are removed.
• Improvements to security between webapp and coreapp.
• Added support for framework neutral SSL parameters.
• Improvements to AWS setup.
• Enhancements to user-level security like forcing password reset on first login.
• Performance improvements by moving operations into own thread.

Apr 5, 2018 (v2.18.13)

• Performance improved by handling message receipts in own thread.
• DB password securely stored in AWS.
• Improvements to web admin.

Mar 29, 2018 (v2.18.12)

• Added support for prefixing DB tables using environment variable.
• Fix bug that deleted media folder when last file was deleted.
• Increased logging for analytics reconciliation.
• Update to new contacts API so it returns wa_id only for valid contacts.
• Fix for potential bug that corrupts DB when callbacks are purged.
• Callback identifies voice messages correctly.
• SSL cert creation works with high availability.
• Improvements to multiconnect with more shards.

Mar 22, 2018 (v2.18.11)

• Improved performance by reducing number of DB queries.
• Fixed bug where filename was used as captions for media messages.
• Profile photos are no longer stored on the shared volume.

Mar 14, 2018 (v2.18.10)

• Fixed issue with backup/restore when using config on DB.
• Better error handling with new API.
• Fix possible crash in job manager.
• Critical errors will trigger pager set in settings.
• Continued development of multiconnect.
• Fixed webhook setting in config on DB.

Mar 5, 2018 (v2.18.7)

• Expose WhatsApp version expiration date in support_info.
• Added enhancements to internal jobs manager.
• Continued improvements to multiconnect.

Feb 26, 2018 (v2.18.6)

• Added support for user provided certificate for SSL.
• Fixed issue where link previews weren't always loaded.
• Better error messages during webapp exceptions.
• Include environment variables when exposing support_info.
• Continued improvements to the new API.
• Continued improvements to multiconnect.

Feb 10, 2018 (v2.18.4)

• HSM parameter handling improvements.
• Improvements on rate limiting.
• Better error when API request is made and chat is disconnected.
• Modifications to help make WhatsApp Enterprise Application play better with CRM software.
• Continued improvements to multiconnect.

Jan 31, 2018 (v2.18.3)

• Improvements to multiconnect.
• Maintain longer connections to WhatsApp servers.
• Fix edge case bug where business could not reply to inbound message.
• Improvements to the new API.
• Don't let business send message to a group of just itself.
• Fix for crash on startup if there is no webhook.

Jan 22, 2018 (v2.18.2)

• Improvement to threading performance.
• Better handling of the job queue by balancing incoming requests and message sends.
• Attempt to restart connection after critical error.
• Fix for media not downloading on iPhones.
• Added support for configurations on database for AWS template setups.

Jan 10, 2018 (v2.18.1)

• New REST API with a single webhook (support for old API exists).
• Optional reduction of volumes to just 2 (data and media).
• More information will be returned in support info when hitting the health check endpoint.
• More actionable errors when Enterprise Application goes in a bad connection state.
• Added first version of the feature multiconnect (high availability).
• Shipped configurations on database to remove dependence of file system.
• General improvements to performance.

2017

Dec 28, 2017 (v2.17.73)

• Added additional logging to job queue to debug issues.
• Improvements to coreapp and webapp communication.

Dec 22, 2017 (v2.17.72)

• It is now OK to message a user in a group that your business is in.
• Changes to the database schema for performance and upgrade enhancements.
• Improvements to API registration to avoid hanging states.
• Can now see support info from the health check endpoint.
• Better message send timeouts to avoid stuck jobs.
• Added two step verification where you can set a code that will be required each time you attempt to register.
• Improved errors when setting bad settings.
• Changes to verified name logic to avoid reconnect loops.

Dec 11, 2017 (v2.17.62)

• Fix bug where passing wrong json type to set_settings can cause coreapp to crash.

Nov 30, 2017 (v2.17.61)

• Rate limiting fixes and improvements.

Oct 27, 2017 (v2.17.48)

• Fix to prevent logs from getting too big.
• Fix bug where duplicate callbacks were being sent.
• Fix for AWS backup and restore feature.
• Improved rate limiting functionality.
• Option to prevent business from being added to groups.
• No more HTTP support, only HTTPS endpoints.
• Improvements to verified name so it is not lost.
• Web admin/settings view can now be password protected.
• Bug fixes to the web admin/settings view.
• Callbacks will persist by default on the database.
• Callback performance improvements.

Oct 15, 2017 (v2.17.46)

• Improvements to verified name so it is not lost.

Sept 25, 2017 (v2.17.42)

• Improvements to callback performance, monitoring, and retries.
• Added support for mentions in a group.
• New web UI to set and view settings.
• Improvements to network.
• Fix to an edge case for backup and restore.
• Improvements to logging throughout the application for better analysis and debugging.
• Added rate limits to prevent runaway scripts/programs that could result in account being disabled.
• 4096 character limit enforced.
• Group creation time is now in Unix time.

Sept 18, 2017 (v2.17.41)

• Skipped version 2.17.40.
• Fix to race condition when sending audio files.
• Improvements to checking contacts logging.

Sept 15, 2017 (v2.17.39)

• Connections to web app will timeout after 5 minutes with graceful error message.
• Improvements to checking contacts.

Sept 15, 2017 (v2.17.38)

• Fix incoming media links.

Aug 8, 2017 (v2.17.37)

• Skipped versions 2.17.34, 2.17.35, and 2.17.36.
• Fix sending media to groups.
• Sending media improvements.
• Enable URL previews for first URL in a message.
• More powerful web app.
• General improvements and crash bug fixes.

Aug 28, 2017 (v2.17.33)

• Callback retry delay can now be configured.
• Phone numbers must be contact checked before sending a message.
• DB performance improvements.
• Ability to get app settings via API.
• Known Issues:
  • Incoming media links are broken if media is stored in media volume.

Aug 8, 2017 (v2.17.32)

• Fixes known issue with DB configuration failures.
• Ability to get message sent callback.
• Introducing WhatsApp groups.
• Callback and general performance improvements.
• Known Issues:
  • Sending media to groups is broken.

July 28, 2017 (v2.17.31)

• Fixes to interactive registration flow.
• Skipped version 2.17.30.
• Known Issues:
  • Failures during DB configuration causing the coreapp to not start.

July 25, 2017 (v2.17.29)

• Improvements to the database.
• Fixed issue with restoring from backup that shutdown the WhatsApp Enterprise Application.
• Improved check contacts performance.

July 15, 2017 (v2.17.28)

• Introduced new endpoint for application settings
  • Added ability to set the business profile.
  • Added ability to set the About of the WhatsApp account.
  • Added support for MySQL.
  • Changed the field for setting the profile photo.
• Added ability to backup settings, keys, and other data and then restore from backup.
• Better error messages when registering via the API.
• Added support for receiving location information from users in webhooks.
• Added a field to incoming message webhooks called type which is the indicates the type of message.

July 6, 2017 (v2.17.27)

• Fixed register script to handle verified name cert.
• Added ability to register for the first time via settings API.

June 30, 2017 (v2.17.26)

• Introduced new registration flow where the verified name certificate is provided by the user and they can preview it before completing registration.
• Fixed issue when there are overlapping check contact calls.
• Fixed crash log.

June 20, 2017 (v2.17.25)

• Easier registration flow is VName exists on server.
• Improved performance when handling heavier load.

June 14, 2017 (v2.17.24)

• Fixed bugs around checking contacts and MySQL.
• Improved network performance.

June 8, 2017 (v2.17.23)

• Fixed issue with some accounts sending messages.
• Fixed media_url_prefix logic so that replacing "media.hostname.com" with IP address of web container will point to incoming media file.

June 7, 2017 (v2.17.22)

• Fixed issue of excess memory and storage usage when dealing with many contacts.
• Known Issues:
  • Some accounts having trouble sending messages.

June 1, 2017 (v2.17.20)

• New versioning format.
• More flexibility when selecting profile picture.
• More stats from health check endpoint.
• Pass through mode enabled for less application footprint.
• Known Issues:
  • Large memory and storage consumption on large number of contacts.

May 11, 2017 (v17018)

• Fixed sending JPG images.
• Fixed registration so calls and SMS to phone number actually happen.
• Added context information for message callback to understand message replies.
• Improved callback performance.
• Known Issues:
  • Profile pictures must be 640x640 JPG.

May 8th, 2017 (v17017)

• New registration flow that no longer uses recovery token.
• Deprecated conversation and now using text for message field.
• Added a health check endpoint that shares the gateway status of application.
• Support to see the caption of media sent by user.
• Known Issues:
  • Sending JPG images fails.
• Voice and SMS registration not working.

April 26th, 2017 (v17016)

• New inbound media download callback.
• Configurable WhatsApp server IP and protocol with added SSL wrapping for testing.
• Known Issues:
  • Sending JPG images fails.

Scripts

2018

June 20, 2018 (v2.33)

• Pushed default version up to 2.18.26.
• Moved Prometheus and Grafana into separate scripts

June 12, 2018 (v2.30)

• Pushed default WhatsApp Enterprise Application version up to 2.18.22.
• No longer using mysql to check DB settings.
• Use Docker container IP addresses to link containers rather than deprecated Docker link

May 10, 2018 (v2.27)

• Pushed default version up to 2.18.20.
• Changed naming of slave instances in multiconnect to coreapp.
• Added support network host and mount options in mutliconnect scripts.

Mar 27, 2018 (v2.23)

• Pushed default version up to 2.18.13.
• The default setup will require MYSQL and enable config on DB.
• Added support for high availability and multiconnect.
• Pull Docker images from JFrog repository.
• Ability to load and run Prometheus and Grafana using the setup script.

Feb 16, 2018 (v2.19)

• Added better error checking for coreapp and webapp startups.

Feb 10, 2018 (v2.18)

• Pushed default version up to 2.18.4.
• Default to a single media volume with option to keep old volume setup.
• Enable config on DB by specifying environment variable file.
• Included sample environment variable file.

Jan 23, 2018 (v2.15)

• Pushed default version up to 2.18.2.

Jan 11, 2018 (v2.14)

• Refactored scripts to share commonly used code and setup scripts for multiconnect (high availability).

2017

Dec 21, 2017 (v2.13)

• Fixed issue of maintaining port for TCP 443 during upgrade.

Dec 11, 2017 (v2.12)

• Updated default app version to be 2.17.62.

Dec 6, 2017 (v2.11)

• Updated default app version to be 2.17.61.

Oct 31, 2017 (v2.10)

• Updated default app version to be 2.17.48.
• Command to pull logs from core app.

Oct 1, 2017 (v2.9)

• Updated default app version to be 2.17.42.

Sept 19, 2017 (v2.8)

• Updated default app version to be 2.17.41.
• Standardized commands for scripts with short form.
• The wadockersetup script now has an upgrade command.

Sept 18, 2017 (v2.7)

• Updated default app version to be 2.17.39.
• Ability to specify port on Docker setup and upgrade.
• Include necessary volumes to web app.

July 31, 2017 (v2.6)

• Updated default app version to be 2.17.31.

July 25, 2017 (v2.5)

• Updated default app version to be 2.17.29.
• Removed unused scripts to set settings and send messages.

July 10, 2017 (v2.4)

• Updated default app version to be 2.17.27.
• Added pass_through to set settings script.
• Make installation scripts work with new registration and verified name flow.

June 21, 2017 (v2.3)

• Updated default app version to be 2.17.25.

June 10, 2017 (v2.2)

• Updated default app version to be 2.17.23.

May 11, 2017 (v2.1)

• Take into account new registration flow and display correct message to continue with old registration or not.
• Updated default app version to be 17018.
• Don't download Docker images if they already exist in current directory.
• Added versioning to all script files.
• Sending message uses WhatsApp username instead of country code and phone number.

Amazon Web Services Templates

What's included in the AWS (Amazon Web Services) - Cloud Formation (CFN) templates:

Release 2.3.6

Template URLs

• Enterprise: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent.yml?versionId=lYu.TOcU7oob75JIQNq8hwDa5DV8LETZ
• DB: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_db.yml?versionId=E8G3Hvsd8osglCbCMJ37wMQDgDqiX.8z
• Lambda: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_lambda.yml?versionId=hL2KwxNHEIDBB.m8DyBZ0gTkKdwmPYLO
• Network: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_net.yml?versionId=4SyZ_JRIu9Qjv1sS0_gq64uI9b5ZVki0
• Monitoring: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_monitoring.yml?versionId=k5w2uyGdSYdgzsah4K74GiX3hka92o7i

Changelog

• Added monitoring template to setup Grafana.
• Added option to enable exporting coreapp host stats for monitoring.
• Fixed issue that prevented some packages from being installed on hosts.
• Set database to not be publicly accessible by default.
• Updated Lambda runtime to Python 3.8.

Release 2.3.5

Template URLs

• Enterprise: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent.yml?versionId=xyE_FkWE5FyYIiXozixCiwJ7qEBFHJD_
• DB: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_db.yml?versionId=6S64vuEJuIUYgcKMakIUVsBnYVLe8FlZ
• Lambda: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_lambda.yml?versionId=ORGseStC38YfQnnbUDp0aAu2hgva1mvt
• Network: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_net.yml?versionId=jIAQAZ0h7Mr6zGPDX0Du_2TxRvov27Bv

Changelog

• Support configurable RDS parameters: storage type, multi-AZ, IOPS, engine version
• Support Mumbai region
• Add support for M5 level EC2 instances and M5 level DB instance class
• Support configurable EBS volume size
• Update the default value of DB Idle Connection Timeout to 180000 milliseconds

Release 2.3.4

Template URLs

• Enterprise: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent.yml?versionId=tZ1laU2RSC7r3bXJpBb8GvTKSZtTjcor
• DB: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_db.yml?versionId=AnGlHzLonTRUbARyCxqO.WNaMs0igmRD
• Lambda: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_lambda.yml?versionId=mzhd2_Rl8H8_hzX2z0RQNRWfILb78Pn7
• Network: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_net.yml?versionId=rSNKu7R_4LccpMDkEAstdWiRogj8e4dd

Changelog

• Security improvements were made

Release 2.3.3

Template URLs

• Enterprise: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent.yml?versionId=jnUkOxCK0d.PKuI50esojEJuYXsQ7HiQ
• DB: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_db.yml?versionId=W8wVUEc4qrdK4wEycvkKArmfLhxbd3dF
• Lambda: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_lambda.yml?versionId=ltvjuVbzyk02hF8X4FnQL4WTGLQmwWPb
• Network: https://wa-biz-cfn.s3-us-west-2.amazonaws.com/wa_ent_net.yml?versionId=WmOUyj8x0nvGT3k0X7Oc1KGZ3_puX.En

Changelog

• All CFN templates are now available in the new S3 bucket
• EC2 instance is now launched from a marketplace CentOS 7 AMI
• Removed unsupported EC2 instance type from the business API client template
• EC2 instance is now equipped with cron jobs for maintenance work (Webapp/Coreapp log rotate, ECS agent update)
• Use General Purpose SSD as the RDS instance storage in staging environment, now it’s the same as production environment
• Removed unused CloudWatch alarms

Release 2.3.1

Template URLs

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=2xaTm9dKCdjmuxMKTZOfQI_o9iw.bBTK
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=tq8ZXaK30IIdlWhF3bevI2tCi5nIlFs6
• Lambda: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_lambda.yml?versionId=IZykZHXo._QyKHPZKDffLB0ISJPfPevr
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=X51Ww5KtgjcbTwBrn_C3C0m5Sko150f3

Changelog

• Support for new regions (Seoul, Singapore & Tokyo)

Release 2.3.0

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=C3JDtTfqFxGm4QAd_tMm33UHbDCGvts3
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=1XJEwdOPecEsecG0rfQIZAh9sIKh9HIv
• Lambda: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_lambda.yml?versionId=qo_Tx6j6.M5WJjE4b3k22bpQz4YJHFV_
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=5lI_QAUA7H1Og9HXWdf7Ds1LYkrYTjsQ

Dependencies/Prerequisites:

It's recommended to use WhatsApp Business API client version v2.18.20 or later. This template might work with prior releases, though we don't recommend it.

Changelog:

• Multiconnect feature is now available with this template. Please follow the multiconnect guide to learn more and setup.

Release 2.2.1

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn-beta/wa_ent.yml?versionId=UGXYUCZXdffRe8_mAHfVFwc8HAjzDI2A
• DB: https://s3.amazonaws.com/wa-ent-cfn-beta/wa_ent_db.yml?versionId=N3I6q9CkQMbE8bQQvaFsYLRKTkCDm2Jw
• Lambda: https://s3.amazonaws.com/wa-ent-cfn-beta/wa_ent_lambda.yml?versionId=4yGnpz8a5xtaaXKg.UAiatOlOYM71UrD
• Network: https://s3.amazonaws.com/wa-ent-cfn-beta/wa_ent_net.yml?versionId=sX9jYgVgajf.gownIUc0R70S9uT_aX5e

Dependencies/Prerequisites:

This template requires WhatsApp Business API client version v2.18.14 or later. This template will not work with prior releases.

Changelog:

• Support for a configurable log driver for containers. The default log driver is json-file, which stores the logs as a JSON file on the hosts (EC2) where containers are run. This template also provides an option to configure awslogs, where all container logs are streamed to CloudWatch. This makes all logs available in one place. When the awslogs option is selected, the container logs will not be available on the EC2 hosts. However, the log files inside a container will continue to exist.
• Added all SSL parameters — SSL certificate, SSL key and SSL CA. SSL CA support was added in the 2.2.0 release, but the description is rephrased to avoid ambiguity.

Release 2.2.0

Template URLS:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=G1kEgU_D._ksw97T3pDBO938lVyxmnhb
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=H0qu4NzJewXpE8xcuJuBcPzAvdW.mFqn
• Lambda: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_lambda.yml?versionId=vhx_JvViDextJCRUSvYeLy7ZRYSpbR0M
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=mV7iD6iNdF4E3gzSDBYyhjfVmL1CfjaW

Dependencies/Prerequisites:

This template requires WhatsApp Enterprise client version v2.18.14 or later. This template will not work with prior releases.

Changelog:

• Support for "static" HA
  • Staging environment: Minimum container (EC2) instances: 2, Max: 3, Desired number of master, coreapp and web containers: 2
  • Production environment: Minimum container (EC2) instances: 3, Max: 4, Desired number of master, coreapp and web containers: 3
  • This option is disabled by default
• Encryption support (RDS/DB & EFS)
  • Data at rest can be encrypted with new release. Default option is to use default AWS service key to encrypt it. Other supported options are:
    • Don't encrypt
    • Create a new key and use that
    • Encrypt using user provided key
• DB connection encryption support
  • Data in transit to database can be encrypted with new release. Caveat: This is applicable for coreapp only at this point. Web app encryption is not supported yet. In addition, with new DB engine, even if this is not set, coreapp seems to perform encryption, without server cert verification.
• Support for Beta release channel
  • WhatsApp has setup a beta channel to test new set of templates that is not in production. Customers require separate access to Beta channel/templates
• Configurable container registry support
  • New template has configurable container registry, which can be used to get access to experimental enterprise client releases in future. In most cases, default value is good
• Support for new region (us-west-1: N California)
  • AWS EFS service is now supported in N California region. Any customer interested in using this region should be given access
• DB password is stored in secure parameter store to limit exposure
• DB (MySQL) engine version updated to 5.17.21
• Template versioning for nested templates
  • We link all the referenced nested templates with correct versions. This will avoid mismatch among template versions (E.g., main template → database template)
• Support for configuration on DB
  • Configuration on DB is no more an experimental feature and set to enabled by default. Customer still has an option to turn it off
• Bug fixes:
  • Found a bug in EFS mount order, where EFS volume is mounted after container is started. This happened once out of 100+ tries, but a nastier one. The issue is fixed by enforcing the order.
  • Due to timing issue, port mapper required few retries to find the correct external port mapping for HA to work. This was a non-issue prior to HA; however, the issue is fixed by adding adequate retries

Note: Please use experimental/beta features with caution. It's highly recommended to work with WhatsApp team closely when using these features so that we can support you quickly, if there are any issues.

Known Issues:

WhatsApp Enterprise client doesn't work when HA is disabled. This will be addressed in next WhatsApp Enterprise Client release.

Release 2.1.0

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=G1kEgU_D._ksw97T3pDBO938lVyxmnhb
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=H0qu4NzJewXpE8xcuJuBcPzAvdW.mFqn
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=dwwWw0d07CXWn4UUh0zTByadVa8ANN8d

Changelog:

• Support for logging configuration: maximum container log file size and number of files to retain & maximum days to retain CloudWatch logs
• Container metrics are now visible on AWS ECS console
• Automatic DB configuration - With new templates there is no need to explicitly configure DB via. API
• Retain stopped/terminated containers for 3 days, instead of 3 hours
• EFS mount failure will now cause the CFN stack creation to fail
• Support for configuration on DB (experimental)
  • Note: Please use experimental features with caution. It's highly recommended to work with WhatsApp team closely when using experimental features so that we can support you quickly, if there are any issues
• Bug fixes:
  • EC2 host restart lost the mount point and hence the previous configuration
  • Logrotation issue is now fixed
  • Telemetry permission issue for ecs-agent, which floods the ecs-agent log files with TCS related errors

Release 2.0.0

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=0AebXsDpC1K0anavueHimLGADZHSLS9Y
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=6XfLkIitlgTajEI892hReQMgHfwSb8n9
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=ArE8AtF1A6uusRs6_Hr9XNCdDEVf694t

Changelog:

• utf8mb4 character set support on RDS
• Configurable environment type: production vs. staging
  • Production: EBS: 16GB & SSD; RDS: Multi-AZ & SSD
  • Staging: EBS: 10GB & SSD; RDS: No Multi-AZ & magnetic disks
• Log rotation configuration for EC2 host included
• Separate subnets for load balancer and configurable load balancer scheme
• Latest CentOS 7 based AMI (7.4.1708)
• Revamped network template supports private subnet creation, nat gateway, etc.
• New region in EMEA (Frankfurt) is now supported
• Bug fixes:
  • Removed cfn-hup service logs from awslogs configuration
  • Upgrade failure issue is resolved when too many media files are present
  • Resolved ecs-agent startup issue

Release 1.1.0

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=.Sc8G5IyWSYUu_D76L_xwng5he797WXw
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=YT6bS49XRJE7_TOB5A_ufflt71.mejG1
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=XSTKDOfjbSy4KEfkxgR_1Zp76G4iTcNs

Changelog:

• Support for cloud-watch logs for easy debugging
• Validated upgrading EC2 and RDS instance type w/o loss of data (downtime of ~15mins or less expected)
• Added 'm' class instance types for EC2 and RDS
• Network related information collection for easy troubleshooting
• HTTP endpoint is removed (security concerns)
• Database password accepts special characters

Release: 1.0.0

Template URLs:

• Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=BsmMWbouupu2pW_42El8b8FjHZOaGL2f
• DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=q1u3dUeGRGYLEsrJWoVnLEd9ekOQyG2B
• Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=QQWM24CLiXnsHH1Reg_fR3TaK5YRiyfj

Changelog:

• One-click AWS infrastructure setup for WhatsApp Enterprise client
• One-click upgrade support to new version
• Network and database are optional

Known Issues