Mule Runtime 3.9.1 Release Notes

Initial Release: April 23, 2018

Mule Runtime 3.9.1 includes fixes and patch update releases.

September 2023

What’s New

This release includes security updates.

Patch release version: 3.9.1-20230823

This patch update addresses the following issues:

Description Issue

This release includes important security enhancements and fixes.

W-13916544

There is no DataWeave update for this version this month.

For guidance with the patching process, see Apply Patch Updates.

May 2023

Patch release version: 3.9.1-20230424

This patch update addresses the following issues:

Description Issue

This release fixes runtime generated usage metrics.

W-12981071

There is no DataWeave update for this version this month.

For guidance with the patching process, see Apply Patch Updates.

April 23, 2018

This document describes new features and enhancements, known limitations, issues, and fixes in Mule Runtime 3.9.1.

Be sure to read this document before you install this release. For reference, save these release notes to your hard drive or print a copy.

New Features and Enhancements

Regarding API Gateway capabilities:

  • This patch version ships with the OpenID Connect library missing on v3.9.0, which allows to use the out-of-the-box OpenID Connect oAuth 2.0 token enforcement policy.

  • In the previous version, in the case of APIKit based Mule apps, only the root RAML was uploaded by API Autodiscovery when the API was created. Now the root RAML and the files specified in the include entries of the RAML, which are included in the Mule application in folders which are present in the root, are also uploaded.

  • This version enhances analytics data with Host name information.

  • Outage management is improved: Backoff behavior and its corresponding logs, Gatekeeper behavior when initializing and Gatekeeper flexible mode logs on Cloudhub.

  • Security fixes.

  • DataWeave:

    • Adds support for surrogated chars in UTF-8.

    • Adds a new system property to control caches: com.mulesoft.dw.mapping.cache.size for mapping cache, com.mulesoft.dw.p_function.cache.size to control p function cache.

    • Supporting RFC 4180. Empty quotes are treated as empty values.

    • Support for underflow and overflow.

  • Mule as Websphere/Weblogic Custom Service

    • New functionality was added to manage license keys in the default OS Java preferences location. This is used for effective license verification when Mule is deployed as a Mule Websphere Custom Service.

Changes in This Release

Fixed Issues

Issue Description

MULE-14866

Only asynchronous notifications should receive a copy of the MuleEvent.

MULE-14835

In until-successful scope, if an exception occurs only the last retry payload is closed.

MULE-14829

HTTP listener does not close streams when NEVER is set

MULE-14775

JMSConnector can’t reconnect if the broker breaks when the application is stopped

MULE-14764

HttpRequester lifecycle is not managed properly in OAuth scenarios.

MULE-14683

Mime Type Disappears Dissapears in VM inbound when under load

MULE-14623

JMSMessageToObject causes NPE in debug mode.

MULE-14605

Deadlock when two JDBC connections are created concurrently before the DriverManager classloading takes place

MULE-14601

Json Schema Validator treats duplicate keys in an inconsistent way depending on the input type.

MULE-14549

CXF is writing payload after the latest boundary in multipart/related scenarios

MULE-14541

Status code validators cannot handle spaces in the values

MULE-14540

Use an independent lock to synchronize the lifecycle of the MuleContext

MULE-14531

In XML Schema Validation Filter, ErrorHandler doesn’t receive validation error notifications

MULE-14529

XMLSecureFactories is setting unsupported properties at factories creation.

MULE-14507

When payload is empty, HTTP Requester should send a zero content length.

MULE-14461

transactional element not propagating flowConstruct

MULE-14421

After domain full redeployment failure, all dependent applications are removed.

MULE-14416

Optimise HTTP retry on remotely close logic

MULE-14408

MVEL error in chained calls where two or more objects of the chain possess the same method signature

MULE-14381

Process empty files In File Connector should be optional

MULE-14357

ClassCastException in FileConnector restart

MULE-14319

encoded characters in SMTP username cause failure on reconnection

MULE-14309

Domain is not being disposed with its own classloader.

MULE-14304

SFTP Connector not masking Passwords in Exceptions and Logs with bad host/port

MULE-14297

OAuth is not supported in domain scenarios.

MULE-14287

MEL caching strategy is inconsistent when the variable accesor is set

MULE-14282

When an accExpr is not compiled yet DataType propagation generates a NPE

MULE-14264

Fix HttpRequestProxyConfigTestCase

MULE-14194

HTTP connector fails to close streaming content connection from HEAD request

MULE-14178

JMS connector is printing DEBUG logs as ERROR

MULE-14160

HTTP Connector does not route OAuth tokens request through proxy.

MULE-14135

getFullStackTrace has to be added to ExceptionUtils to guarantee retrocompatibility

MULE-14133

Change DISCARD and DISCARD_OLDEST behavior so that the http connector does not timeout

MULE-14123

In FTP Transport, checking if a resource is a file degrades performance

MULE-14115

In Db Module, CLOB implementation is JDBC version dependent.

MULE-14098

When resolving importBase for JAR files in WSDL solving, Unix separator has to be preserved

MULE-14053

Update commons-io to 2.6 to avoid problems when deserialize primitive types

MULE-14035

Automatic retry on remote Closed exception does not respect RFC 7320

MULE-14030

SAXParseException when trying to import nested xsd

MULE-14019

Deserialization does not handle primitive types

MULE-14009

Mule context not disposed if doTearDown method fails

MULE-14004

TransactionManager and TransactionManagerFactory definition should be mutually exclusive

MULE-13978

SFTP logging does not mask credentials when special regex chars in password

MULE-13974

ObjectToJMSMessage does not register source types

MULE-13969

SFTP receiver reconnection is invoking exceptionListener twice.

MULE-13963

idempotent-message-filter throws null pointer exception when onUnaccept forwards to a sub-flow

MULE-13941

Dynamic flow reference from a For-Each causes 'ConcurrentModificationException'

MULE-13935

In Message Filter, unacceptedMessageProcessor is not being notified

MULE-13934

Failure when attempting to access an XSD file with an WSDL with an HTTP/HTTPS base path

MULE-13933

MVEL functions with object instantiations doesn’t work well in heavy load.

MULE-13916

Race condition when firing rules from concurrent threads in drools module

MULE-14383

Disable RSA encryption ciphers

MULE-13833

Change default sslType to use the JVM’s one.

MULE-13825

Users must be able to set the name of a stream inside encrypted file of PGP

MULE-13811

EventGroup is not disposing unused object store partitions

MULE-13788

Oauth authentication using refreshTokenWhen parameter is not retaining attachments and properties

MULE-13761

Add serial version UID in SimpleDataType to allow migration in case of changes from older version

MULE-13746

Race condition when verifying group expiration just before resequencer finishes

MULE-13738

Is not possble to tell in some DeploymentListener notifications if they’re fired by an app or domain

MULE-13737

SftpClient are not released in permission failure scenarios.

MULE-13732

GraphTransformerResolver is not handling correctly concurrency access

MULE-13729

Collection Aggregator does not honor the arrival order

MULE-13723

Support out-of-browser applications in OAuth module redirect url

MULE-13718

ClusterCoreExtension is not being loaded as a domain deployment listeners

MULE-13698

PollingReceiverWorker should clean RequestContext after performing poll.

MULE-13678

When more than one regex is used as a file system, trim is not performed

MULE-13398

Propagation of SSL prevents Jackson serialization of InboundProperties

MULE-13034

Error responses with special characters should be scaped

MULE-12617

Prefetch size cannot be set for activemq-connector to guarantee order

MULE-12400

Mule referencing buggy jruby-engine pom

MULE-10304

Application redeployment fails to undeploy old application

MULE-9658

Empty timeZone in poll doesn’t fallback to server time zone

MULE-8923

maxRows on db:select element is not really substitutable

EE-5988

Jdbc object store in cluster creates a connection pool for every JdbcMap

EE-5960

Provide capability to transform file names in database cluster object store

EE-5901

JDBCMapStore is commiting auto-commit transactions.

EE-5895

JdbcMapStore is not SQL92 compliant.

EE-5866

HTTP request fails when certain multiple encoded characters are included.

EE-5762

BitronixTransactionManager can’t be referenced from Spring beans.

EE-5760

BatchJobInstance does not wait for all dispatched records to finish before shutting down

EE-5723

Fix Serialization problems when AMQP and Caching Strategy are used together.

EE-5700

Bitronix does not clean ActiveMQ ended transaction contexts in case of failure/recovery

EE-5689

Batch test cases do not dispose context if final assertions fail

EE-5069

Possible DoS in HTTP transport due to old commons-httpclient

EE-4965

JDBC Map Store - Application name length limitation

AGW-2047

Missing OpenID Connect lib from v3.9.1 distribution

AGW-1772

Error saving policy cache file when api name or version have invalid filename characters

AGW-1474

Some Throttling configurations may allow DoS attacks

AGW-1951

Pointcut cache can have key collisions when using resource level policies and +1 sources

AGW-1946

API created with auto discovery from RAML 1.0 spec with includes doesn’t attach includes

AGW-1788

Small insecurity window regression

AGW-1640

S3 backup access forbidden to bucket

AGW-1786

Missing logs in CloudHub

AGW-1737

API Gateway Agent does not work with proxy with authentication

AGW-1809

Apply backoff on IOException

AGW-1780

Analytic sending 200 when the flow ended with a 500

AGW-1487

API Auto Discovery is uploading only the Root RAML

AGW-1563

SLA tiers change [agw-policy-watcher] warns about a policy direct modification

AGW-1586

Outage status codes property not being used for backoff

AGW-1458

Backport entry limits to Analytics cache

AGW-1771

AnalyticsQueue addAll only adds till the first successful

(No Issue Number)

DataWeave fixes:

  • Fixes security vulnerability in Apache POI.

  • Enum should not be kept as Enum and not converted to String.

  • DataWeave was generating wrong number values instances on Java writer.

  • Excel was not able to do random access.

  • Relative timezones such as Australia/NSW should be resolved against the shifted time and not local.

  • Equals should work based on values and not types.

  • DataWeave failed to parse an XML attribute.

  • sizeOf operator should work over numbers with system property com.mulesoft.dw.sizeOfIntEnabled.

  • Fixes Weave reader not able to reuse values.

  • Avoid exception propagation.

  • DataWeave was double-escaping on large XML payloads.

Enhancement Request Issues

Issue Description

MULE-14580

Update DefaultResourceReleaser for newer mysql versions

MULE-12551

Fix commons-beanutils vulnerability

EE-6010

Support PowerPC Little endian

EE-5991

Allow the user to configure cluster datasource as cluster properties

EE-5816

Need to validate Hostname resolution and error reporting in Mule HTTP module

EE-4945

JDBC Map Store: Add support for configurable DataSource

AGW-1953

API tracking is not retried in case of error in secondary nodes

AGW-1995

Add Host Server name as part of the Analytics data 3.x

Known Limitations and Workarounds

Issue Description

MULE-14848

Cxf does not correctly resolve Exchange Pattern in bindings with multiple operations

Upgrade Requirements

Issue Description

MULE-14381

By default, the File Connector processes empty files. For disabling this behavior use the mule.transport.file.ignoreEmptyFiles=true system property

MULE-14507

The HTTP Requester now sends a zero content length in empty payloads scenarios. For disabling this behavior use the mule.http.client.avoidZeroContentLength=true system property.

MULE-14169

Remove Drools module from distribution (check the Drools doc for details in case you need to use it: https://docs.mulesoft.com/mule-user-guide/v/3.9/drools-module-reference)

Library Changes

Issue Description

MULE-14842

Update commons-lang version to 2.6

MULE-14832

Update commons-httpclient to 3.1-14-MULE-001

MULE-14831

Update Jackson 1 to 1.9.14-MULE-002

MULE-14795

Upgrade Jackson 2 to Upgrade Jackson to 2.9.5

MULE-14763

Upgrade Jetty to 9.2.24.v20180105

MULE-14639

Upgrade jruby-stdlib to 9.1.16.0 in Scripting Module

MULE-14618

Upgrade Spring JMS to 4.1.9.RELEASE-MULE-001

MULE-14462

Upgrade MVEL to 2.1.9-MULE-015 version

MULE-14442

Upgrade Grizzly version 2.3.35

MULE-14382

Upgrade BouncyCastle to 1.59

MULE-14144

Upgrade Spring LDAP to 2.3.2

MULE-14053

Update commons-io to 2.6 to avoid problems when deserialize primitive types

MULE-13487

Upgrade JAXB to version 2.3.0-MULE-001 and CXF to 2.7.19-MULE-003.

Compatibility Notes

  • The unified Mule Runtime 3.9.1 and API Gateway is compatible with APIkit 3.9.1.

  • This version of Mule runtime is bundled with the Runtime Manager Agent plugin version 1.9.5.

  • This release is supported on Anypoint Private Cloud Edition 1.6.1 and later.

Software Compatibility Testing

Mule was tested on the following software:

Software Version

JDK

Oracle JDK 1.8.0 (Recommended JDK 1.8.0_151/52), IBM JDK 1.8, OpenJDK 8

OS

MacOS 10.11.x, HP-UX 11i V3, AIX 7.2, Windows Server 2019, Windows 10, Solaris 11.3, RHEL 7, Ubuntu Server 16.04

Application Servers

Tomcat 7, Tomcat 8, Weblogic 12c, Wildfly 8, Wildfly 9, Websphere 8, Jetty 8, Jetty 9

Databases

Oracle 11g, Oracle 12c, MySQL 5.5+, DB2 10, PostgreSQL 9, Derby 10, Microsoft SQL Server 2014

Note that for RHEL 7, kernel version 3.10.0-1062 has an issue related to log4j2 that you can address by following guidance in the MuleSoft Knowledge Base article Mule Runtime CPU Utilization Increased After Patching the Linux Kernel to Kernel-3.10.0-1062.