Changelog

Current Version: v2.31.5

This changelog covers what has changed in the WhatsApp Business API client and AWS Templates.

Contents

Recommended Versions of Software
WhatsApp Business API Client
Amazon Web Services Templates
Known Issues

Recommended Versions of Software

Software	Version	Details
WhatsApp Business API for On-premise	`2.31.5`	Expires on May 12, 2021
WhatsApp Business API for AWS	`2.31.5` Template version: `2.3.5`	Expires on May 12, 2021
MySQL	`5.7.xx`	Must be `5.7.xx`. Higher versions of this are not currently supported.
PostgreSQL	`10.6`	Versions `9.5.x`, `9.6.x`, and `10.x` are currently supported.
Docker, Postman	Any recent version	Ideally it should support any recent version.

WhatsApp Business API Client

Deprecated versions are not supported anymore and will soon not be allowed to send messages. Please keep your WhatsApp Business API Client installation updated.

Version	Date Introduced	Available Until
v2.31.5 CURRENT	Nov 13, 2020	May 12, 2021
v2.31.4	Oct 20, 2020	Apr 18, 2021
v2.29.3	Aug 11, 2020	Dec 9, 2020
v2.29.2	Jul 27, 2020	Dec 9, 2020
v2.29.1	Jul 17, 2020	Dec 9, 2020
v2.27.13	Jul 27, 2020	Dec 9, 2020
Archive

Blocking updates are ones in which the Coreapp will suffer downtime while upgrading using the db-upgrade service. Non-blocking updates are ones in which the Coreapp should continue to run when upgrading using the db-upgrade service. You can only use the db-upgrade service to upgrade to a version >= 2.23.* from your current version.

Nov 13, 2020 (v2.31.5)

[Fixed] Receiving messages with fields exceeding expected limits is handled correctly.
[Fixed] /v1/settings/application response to display the config setting for automatic garbage collection

Oct 20, 2020 (v2.31.4)

A stricter version expiry has been enforced beginning with this version and for all previous versions.
Identity change notification
- Businesses using the WhatsApp Business API can choose to be notified when there has been a potential update to the identity of a user with whom they are communicating. This gives businesses a signal that the person behind the account may have changed so a business can verify that they are sending information to the right number.
- If a business opts in to this feature, they will be informed when they receive messages from WhatsApp accounts where the person controlling the account may have changed and will be blocked from sending messages to those accounts until the business acknowledges receipt of the signal and they feel it is safe to continue communications. This will protect the business and their customers from leaking sensitive information.
- Please review best practices to enable integration for this feature: Understanding Identity Change for WhatsApp Business
[Fixed] Highly Structured Message packs download issue
[Fixed] Backup/Restore API security issue

Aug 11, 2020 (v2.29.3)

The Coreapp service is run as user root
The upgrade path to v2.29.3 involves ensuring all pre-existing media volumes have modified ownership to the root user to ensure seamless operation in v2.29.3. This specifically impacts businesses that are running v2.29.1, v2.29.2, or attempted to upgrade to those versions recently. Please follow our recommendation guides to upgrade to v2.29.3:
- Production Setup: Single Instance — Upgrading
- Production Setup: High Availability/Multiconnect — Upgrading
[Fixed] Memory corruption issues with sending/receiving media messages

Jul 27, 2020 (v2.29.2, v2.27.13)

In v2.29.x, in order to support running containers more securely, we have modified the permissions of data volumes.

Depending on the pre-existing size of these volumes (media), the upgrade process could cause additional downtime of the Webapp container.

We recommend upgrading to v2.29.3 instead.

Fixes security vulnerabilities for Grafana monitoring instances

Please note that both v2.29.2 and v2.27.13 will be available until Dec 9, 2020.

Jul 17, 2020 (v2.29.1)

In v2.29.x, in order to support running containers more securely, we have modified the permissions of data volumes.

Depending on the pre-existing size of these volumes (media), the upgrade process could cause additional downtime of the Webapp container.

We recommend upgrading to v2.29.3 instead.

Businesses can receive inbound system notifications when consumers change their phone number
New flags of forwarded and frequently_forwarded are added for inbound notifications from consumers. These can be used to detect whether incoming message is forwarded, frequently forwarded, or not.
Updated the WhatsApp Business API client's security to decrease memory corruption while handling media and to run without root privileges, making the application less vulnerable to attacks
Performance of the WhatsApp Business API client is improved
Added API key support to the /stats and /metrics nodes.
[Deprecated] WhatsApp Web Business Tool is deprecated
[Deprecated] The on_call_pager parameter is deprecated
[Future Deprecation] Structure of sending message template will be changed deprecating the hsm object
Recommendations for database management
- pass_through is disabled by default
- Users who upgrade with
  - pass_through enabled — Automatic database garbage collection is enabled
  - pass_through disabled — It is recommeneded to enable automatic garbage collection to manage the database
- New /services/message/gc endpoint to perform database garbage collection if users want to disable automatic garbage collection
- No read status callbacks will be posted with pass_through enabled.

Amazon Web Services Templates

Current Version: 2.3.5

What's included in the Amazon Web Services (AWS) - Cloud Formation (CFN) templates:

Release Version	Date Introduced	Changes
`2.3.5` CURRENT	Mar 26, 2020	Change details
`2.3.4`	Jan 29, 2020	Change details
`2.3.3`	Aug 19, 2019	Change details
`2.3.1`	Sep 3, 2018	Change details

Release 2.3.5

Template URLs

Dependencies/Prerequisites

N/A

Changelog

Support configurable RDS parameters: storage type, multi-AZ, IOPS, engine version
Support Mumbai region
Add support for M5 level EC2 instances and M5 level DB instance class
Support configurable EBS volume size
Update the default value of DB Idle Connection Timeout to 180000 milliseconds

Release 2.3.4

Template URLs

Dependencies/Prerequisites

N/A

Changelog

Security improvements were made

Release 2.3.3

Template URLs

Dependencies/Prerequisites

N/A

Changelog

All CFN templates are now available in the new S3 bucket
EC2 instance is now launched from a marketplace CentOS 7 AMI
Removed unsupported EC2 instance type from the business API client template
EC2 instance is now equipped with cron jobs for maintenance work (Webapp/Coreapp log rotate, ECS agent update)
Use General Purpose SSD as the RDS instance storage in staging environment, now it’s the same as production environment
Removed unused CloudWatch alarms

Release 2.3.1

Template URLs

Enterprise: https://s3.amazonaws.com/wa-ent-cfn/wa_ent.yml?versionId=2xaTm9dKCdjmuxMKTZOfQI_o9iw.bBTK
DB: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_db.yml?versionId=tq8ZXaK30IIdlWhF3bevI2tCi5nIlFs6
Lambda: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_lambda.yml?versionId=IZykZHXo._QyKHPZKDffLB0ISJPfPevr
Network: https://s3.amazonaws.com/wa-ent-cfn/wa_ent_net.yml?versionId=X51Ww5KtgjcbTwBrn_C3C0m5Sko150f3

Dependencies/Prerequisites

N/A

Changelog

Support for new regions (Seoul, Singapore & Tokyo)

Known Issues

Details	First present in	Fixed in
Using `dbupgrade-compose.yml` to upgrade MySQL to `v2.27.8` may fail	`v2.27.8`	`v2.27.9`
Potential memory leaks	`v2.25.x`	`v2.25.5`
Video preview thumbnails are not correctly generated on the receivers phone client	> `v2.23.x`	`v2.25.4`
More database connections than necessary are opened	> `v2.25.x`	`v2.25.4`