OAuth Module Release Notes for Mule 4 | MuleSoft Documentation

1.1.27

May 18, 2026

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
OAuth Module now enforces a configurable timeout on token-request futures so that stuck or slow authorization-server responses no longer block threads indefinitely. The new `mule.oauth.token.request.timeout.millis` system property sets the maximum time (in milliseconds) that OAuth Module waits for a token-request future to complete before cancelling it and raising an error. Default: `60000` (60 seconds). Recommended range: 30000–60000 ms. Set higher only if your authorization server is known to be slow. Invalid values (non-numeric, zero, or negative) are ignored with a `WARN` log, and the default is used. Set the property on the worker JVM, for example: -Dmule.oauth.token.request.timeout.millis=45000 On CloudHub, add the property as a Properties entry on the deployment. No application redeploy of the runtime is needed.	W-22132137

OAuth Module now enforces a configurable timeout on token-request futures so that stuck or slow authorization-server responses no longer block threads indefinitely. The new mule.oauth.token.request.timeout.millis system property sets the maximum time (in milliseconds) that OAuth Module waits for a token-request future to complete before cancelling it and raising an error.

Default: 60000 (60 seconds).
Recommended range: 30000–60000 ms. Set higher only if your authorization server is known to be slow.
Invalid values (non-numeric, zero, or negative) are ignored with a WARN log, and the default is used.

Set the property on the worker JVM, for example:

-Dmule.oauth.token.request.timeout.millis=45000

On CloudHub, add the property as a Properties entry on the deployment. No application redeploy of the runtime is needed.

W-22132137

1.1.26

February 12, 2026

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
These libraries are upgraded to address CVE-2024-38820: The `commons-lang3` library is upgraded to version 3.20.0. The `mule-http-connector` library is upgraded to version 1.10.6.	W-19805507

These libraries are upgraded to address CVE-2024-38820:

The commons-lang3 library is upgraded to version 3.20.0.
The mule-http-connector library is upgraded to version 1.10.6.

W-19805507

1.1.25

September 8, 2025

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
Dynamic HTTP requester configurations now properly handle the OAuth dancer lifecycle to prevent race conditions during configuration expiration.	W-19449357

Issue Resolution

ID

Dynamic HTTP requester configurations now properly handle the OAuth dancer lifecycle to prevent race conditions during configuration expiration.

W-19449357

1.1.24

May 27, 2025

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
The proxy now works as intended.	W-18568237

Issue Resolution

ID

The proxy now works as intended.

W-18568237

1.1.23

May 8, 2025

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
`NullPointerException` errors no longer occur with OAuth authentication when restarting the application intermittently in production.	W-18230789

NullPointerException errors no longer occur with OAuth authentication when restarting the application intermittently in production.

W-18230789

1.1.22

February 26, 2025

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
The commons-io dependency is updated to fix the CVE-2024-47554 vulnerability.	W-17412056
A ClassCastException is no longer thrown when using the OAuth Retrieve Access Token operation.	W-15832018

Issue Resolution

ID

The commons-io dependency is updated to fix the CVE-2024-47554 vulnerability.

W-17412056

A ClassCastException is no longer thrown when using the OAuth Retrieve Access Token operation.

W-15832018

1.1.21

December 15, 2023

What’s New

This connector is now compatible with Java 17.

Compatibility

Software	Version
Mule	4.1.1 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

1.1.20

May 23, 2023

Compatibility

Application/Service	Version
Mule	4.1.1

Application/Service

Version

Mule

4.1.1

Fixed Issues

Issue Resolution	ID
The internal libraries are upgraded.	W-11680326
The OAuth localCallbackConfig parameter is refactored to avoid different inconsistent behavior according to the configuration order.	MULE-14827

Issue Resolution

ID

The internal libraries are upgraded.

W-11680326

The OAuth localCallbackConfig parameter is refactored to avoid different inconsistent behavior according to the configuration order.

MULE-14827

1.1.19

September 13, 2022

Compatibility

Application/Service	Version
Mule	4.1.1

Application/Service

Version

Mule

4.1.1

Fixed Issues

Issue	ID
OAuth module now responds when Token URL fails more than three times.	W-11680326

Issue

ID

OAuth module now responds when Token URL fails more than three times.

W-11680326

1.1.18

March 3, 2022

Compatibility

Application/Service	Version
Mule	4.1.1

Application/Service

Version

Mule

4.1.1

Fixed Issues

Issue	ID
Oauth token refresh issue no longer occurs in Mule 4.4.0.	W-10781856

Issue

ID

Oauth token refresh issue no longer occurs in Mule 4.4.0.

W-10781856

1.1.17

July 12, 2021

Minimum Mule Version

Mule 4.1.1

Fixed Issues

The default object store of oauth:token-manager-config is no longer cleared on shut down. (OAMOD-6)

1.1.16

March 15, 2021

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Fixed the MULE:OVERLOAD error that occurred concurrently when refreshing the token in dynamic HTTP configs. (OAMOD-4)

1.1.15

March 2, 2021

Minimum Mule Version

Mule 4.1.1

Fixed Issues

In MUnit, the OAuth module creates an object store twice and fails. (OAMOD-2)

1.1.14/1.1.13

September 10, 2020

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Fixed an issue in which using payload in an expression for the refreshTokenWhen property resulted in an error. (MULE-18307)

1.1.12

December 19, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Fixed the leak of dynamic configs that resulted from the token manager not initializing in AbstractGrantType. (MULE-17827)

1.1.11

October 18, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Misnamed parameters in the OAuth module generated invalid extension model. (MULE-17662)
Upgraded Commons Codec to 1.13. (MULE-17337)

1.1.10

August 13, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

HTTP updated to version 1.5.6. (MULE-17254)

1.1.9

July 18, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Removed dependencies on MuleContext on OAuth module. (MULE-11412)
OAuth uses the wrong access token when multiple concurrent refresh requests are sent. (MULE-17010)

1.1.8

April 10, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

OAuth authenticators do not implement equals() and hashCode(). (MULE-16704)

1.1.7

November 2, 2018

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Setting refreshTokenWhen=true in oauth:authorization-code-grant-type fails with an exception. (MULE-15809)

1.1.6

November 1, 2018

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Support non-blocking in OAuth HTTP calls. (MULE-11272)
Remove *-object-store elements (MULE-11724)

1.1.5/1.1.4

August 14, 2018

Minimum Mule Version

Mule 4.1.0

Fixed Issues

OAuth: Provide option encodeClientCredentialsInBody in authCode. (MULE-15539)

1.1.3

May 7, 2018

Minimum Mule Version

Mule 4.1.0

Fixed Issues

ConfigurationException: Element 'tokenManagerConfig-MyConfigName' is not defined in the Mule Registry. (MULE-14822)

1.1.2

May 7, 2018

Minimum Mule Version

Mule 4.1.0

Fixed Issues

ConfigurationException: Element 'tokenManagerConfig-MyConfigName' is not defined in the Mule Registry. (MULE-14822)

1.1.1

January 23, 2018

Minimum Mule Version

Mule 4.1.0

Fixed Issues

Provide a singleton MultiMap instance. (MULE-14544)

1.1.0

January 23, 2018

Minimum Mule Version

Mule 4.1.0

Upgrade Requirements

This version does not work with Mule 4.0.0, you need to move to 4.1.0 or a higher version to use it.

Fixed Issues

OAuth Module exports internal classes. (MULE-14446)
Users should not be able to use an expression when configuring a proxy. (MULE-14379)
HTTP Connector does not route OAuth tokens request through proxy. (MULE-14160)

1.0.0

November 27, 2017

Minimum Mule Version

Mule 4.0.0