Mule Runtime 3.9.5 Release Notes

This release includes important security enhancements and fixes.

W-13916544

SE-21462

In Mule runtime engine (Mule) versions 3.8.6 through 3.9.5, if you restart the Mule application on the server where an API is implemented, the custom policies associated with that application are removed. This issue occurs in cases where API gateway cannot track a custom policy applied to an API in API Manager. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

SE-20229

When you redeploy an API implemented in a Mule application that uses HTTP listener, the Listener stops and does not restart. This issue occurs for HTTP Listeners that are defined in a Mule Domain. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

MULE-19207

Updated the XML Beans dependency to 3.1.0.

MULE-19123

Fixed an issue that caused a CXF proxy response with an empty SOAP:BODY to throw an exception when it was read.

MULE-19096

Updated the Guava dependency to 30.1-android.

MULE-19107

Resolved a NullPointerException caused by the http:header builder.

MULE-19073

Fixed a problem in which an exception in a catch exception strategy did not roll back the transaction.

MULE-19094

Updated the Jetty dependency to 9.4.35.

MULE-19093

Updated the Apache HttpClient (httpclient) dependency to 4.5.13.

MULE-19095

Updated the JUnit dependency to 4.13.1.

MULE-19031

Resolved an issue in which the target parameter of HTTP Request Connector did not work properly with flow variables whose names were escaped by single quotes.

MULE-19089

Fixed problem in which the WMQ outbound endpoint with transacted set in a request-response context stopped processing with no warning.

MULE-19071

Updated the WSS4J dependency to 1.6.19.

MULE-19039

Added back-support behavior in scenarios requiring a correlationId to work as it did until version 3.9.3.

In the earlier behavior, the correlation ID remained the same for messages that were split and aggregated within the application’s flows. The newer behavior adds a sequence suffix to the "split" instances of such messages. The new mule.compoundCorrelationId.disable property has a default value of false. Setting it to true disables the newer mechanism (with the sequence suffix) and uses the previous one in which the correlation ID remains the same.

MULE-19042

Resolved an issue in which the Until Successful scope (until-successful) did not retry on asynchronous events.

MULE-19020

Fixed problem in which connection errors were not computed in the application error count statistics.

MULE-19018

Resolved a problem in which transformers and response transformers were registered in dynamic endpoints when they should not be registered.

MULE-18986

Updated the Bouncycastle dependency to 1.67.

MULE-18981

Updated the jetty-webapp dependency to 9.4.34.v20201102.

MULE-18980

Updated the Jackson dependency to 2.11.

MULE-18982

Updated the jruby-joni dependency to 2.1.40.

MULE-18983

Removed the esapi dependency.

MULE-18869

Updated the opensaml dependency to 2.6.6.

MULE-18887

JMS sessions are now transacted.

MULE-18864

Updated the rhino dependency to 1.7.12.

MULE-18891

Updated the Spring dependency to 4.3.29.

MULE-18866

Updated the Apache Commons Codec dependency to 1.15.

MULE-18862

Updated the Apache Commons IO library dependency to 2.8.

MULE-18868

Updated the Apache Ant dependency to 1.10.9.

MULE-18817

Fixed an issue in which an XML-to-JSON transformation failed when the XML depth exceeded 64.

MULE-18798

Resolved a problem in which the JRuby component failed when assigning variables.

MULE-18799

Fixed serialization issues that caused an out-of-memory (OOM) error when splitting big XML documents in cluster mode.

MULE-18768

Resolved a problem in which cached variables in MEL reported the same error on subsequent transactions.

MULE-17732

Fixed a problem in which the JMS transport was not validating a timeout.

MULE-18754

Resolved an issue in which wire logging was not showing the complete XML in the response.

MULE-18710

Updated the Jetty Server dependency to 9.4.31.v20200723.

MULE-18701

Updated the JRuby dependency to 9.2.14.0.

MULE-18714

Fixed an issue in which it was not possible to resolve the Database connector’s connectionTimeout property.

MULE-17911

Resolved an issue in which the application logged FlowStack : <empty> when LoggerContext.updateLoggers() was called.

MULE-18704

Updated the ognl dependency to 3.0.12.

MULE-18700

Updated the Spring Security dependency to 4.2.18.

MULE-18637

Updated the Dom4J dependency to 2.1.3.

MULE-18681

Fixed a problem in which HTTP Listener Connector returned a chunked transfer-encoded response under HTTP 1.0.

MULE-18582

Resolved a problem in which an application was stuck in "starting" status when SFTP was configured to "reconnect forever" and the connection failed on startup.

MULE-17863

Resolved a file leak in TlsConfiguration.

MULE-18575

Fixed an incorrect mail batch-count verification when using the IMAP transport.

MULE-18548

Resolved an issue in which the in-memory object store did not expired in a secondary node.

MULE-18534

Fixed an issue in which a stored procedure with the CLOB In Out parameter failed to execute on an Oracle database.

MULE-18493

Resolved an issue in which HTTP Connector leaked sockets that were in the CLOSE_WAIT state when the client used HTTP/1.0.

MULE-18481

Fixed an issue with the rollback exception strategy in which redelivery attempts were not honored in the correct way.

MULE-18455

Fixed an issue in which Grizzly returned incorrect error codes with a long header request and a long URI request.

MULE-18503

Resolved a deadlock that occurred when handling a failed deferred response in HTTP.

MULE-18393

Resolved an issue in which the out body was cut under high-load scenarios.

MULE-18461

Fixed an issue in which a payload that was set to a target variable altered the original message MIME type.

MULE-18396

Used the graceful shutdown timeout to allow persistent connections to make a last request.

The corresponding response contains the Connection: close header.

MULE-18380

Added a tolerance time to wait for connections to close upon Mule shutdown.

MULE-18348

Fixed an issue in which MVEL interpreted a Bean property as a Mule variable when using MVEL caching.

MULE-18335

Improved the handling of inflight events and the cleanup of associated resources (such as connections) during shutdown.

MULE-18309

Added a Connection: close header when stopping Mule applications.

This change is needed to produce a graceful shutdown during redeployments.

MULE-18249

Updated the Mule launching script to avoid a readlink error.

MULE-18151

Resolved the closing of all connections (including persistent connections) during Mule shutdown.

This change is needed for redeployments.

MULE-18022

Fixed an issue with IBM MQ and JMS connectors that occurred when a channel was closed and the listener did not recover correctly.

MULE-18006

Resolved a ClassLoader leak that led to application undeployment errors on Windows OS because temporary files could not be properly cleaned up.

MULE-17956

Fixed an issue in which SOAP Kit routed requests to an incorrect path because it was not properly managing override rules.

MULE-17688

Fixed an issue in which Salesforce Connector 'sfdc:oauth-callback' was not properly registered.

MULE-17798

Resolved a problem in which MVEL incorrectly inferred the returnType on a substatement that was surrounded by parentheses.

EE-7212

Fixed an issue in which the Mule runtime engine did not start on macOS Catalina.

EE-7624

Updated the Tanuki wrapper dependency to 3.5.45.

EE-7548

Resolved an issue in which the correlationID was not properly resolved in the WMQ transport when the value of the correlationID was defined through an expression.

EE-7347

Removed FileUtils.deleteFile from the gateway domain script.

AGW-3711

Enhanced the User-Agent sent by API Gateway to improve request tracing by Anypoint Monitoring.

AGW-4013

Resolved exceptions from CORS misconfigurations, which were raised when the application started and stopped.

AGW-4034

Added flow and application names to API Analytics events and exposed generation information about those events.

AGW-4127

SE-15047: Fixed a problem in which an autogenerated proxy was incorrectly propagating headers back to Headers Response at Exception (504).

DW-299

Updated the woodstox dependency to 5.3.0.

AGW-1866

Resolved an issue that caused throttling and rate limiting policies to behave incorrectly when nodes in a Mule cluster were out of sync.

AGW-3038

Enhanced the OAuth Provider to accept a bearer header in lowercase.

AGW-3892

Fixed an issue in which starting and stopping an application broke the throttling and rate limiting policy.

AGW-4226

Resolved a CORS 'Error setting up policy' issue that was caused by a cluster race condition.

AGW-4284

SE-16641: Fixed a high CPU utilization issue with the agw-policy-watcher thread.

AGW-4340

SE-15324: Resolved a duplicated Spring object warning that occurred when applying a throttling policy.

AGW-4400

Resolved an issue with the handling of the Basic Auth Policy response.

MULE-19098

Updated the Jersey dependency to 2.33.

MULE-19070

Updated the xstream dependency to 1.4.15.

MULE-18130

SE-15049: Fixed a problem in which a PKCS12-based keystore with several aliases prevented an application from starting.

SE-15717

Resolved an issue in which the JMS consumer could not reconnect when the session was closed, which disrupted the operation.

MULE-17749

Updated the jcifs dependency to 1.3.19.

DEL-1836

Updated the mule-agent dependency to 1.15.3.

MULE-19125

Updated the Hazelcast dependency to 3.12.11.

EE-7087

Updated the licm dependency to 1.2.4.

MULE-18577

Resolved an issue in which an application failed to redeploy because of a StackOverflow condition.

MULE-18591

Fixed an issue with the NTLM dance renegotiation protocol that was caused by the underlying async libraries.

MULE-18653

Resolved an issue in which it was not possible to undeploy an application that was using an XSLT transformation on Windows.

This issue was caused by dependencies on files that could not be removed.

MULE-19019

Avoided adding the Content-length: 0 header for HTTP methods with undefined body semantics (GET, HEAD, and DELETE).

MULE-19150

Upgraded an underlying library dependency to resolve a java.security.SignatureException: Invalid encoding for signature (java.io.IOException) issue that occurred when using SFTP Connector.

SE-14513

DataWeave: Fixed an issue with close streams on lookup.

SE-14007

DataWeave: Fixed an issue in which OutputStream did not close, causing deferred mode failures for XML.

SE-14927

DataWeave: Fixed an issue with memory management.

SE-14294

DataWeave: Fixed an issue in which variables that can be consumed more than once could not be accessed in more than one script.

SE-15180

DataWeave: Fixed an issue to avoid stack overflow on append inside reduce.

SE-15955

DataWeave: Fixed a problem in which namespaces were not processed correctly when dynamically loading an externalized DataWeave script.

SE-18237

DataWeave: Updated the log4j dependency to version 2.8.2 in the FlatFile module.

SE-10638

DataWeave: Fixed an issue in which high CPU usage during transformation caused workers to stop processing.

SE-18372

DataWeave: Fixed an issue in which a packed decimal was converted incorrectly in the FlatFile module.

SE-18679

DataWeave: Added an option to catch the exception similar to previous behavior.

MULE-19140/DW-371

DataWeave: Fixed an issue with property handling.

JDK

JDK 1.8.0 (Recommended JDK 1.8.0_292)

OS

MacOS 11.4.x, HP-UX 11i V3, AIX 7.2, Windows Server 2019, Windows 10, Solaris 11.3, RHEL 8, Ubuntu Server 18.04

Application Servers

Tomcat 7, Tomcat 8, Weblogic 12c, Wildfly 8, Wildfly 9, Websphere 8, Jetty 8, Jetty 9

Databases

Oracle 11g, Oracle 12c, MySQL 5.5+, DB2 10, PostgreSQL 9, Derby 10, Microsoft SQL Server 2014