Contact Us 1-800-596-4880
  1. Homepage
  2. Release Notes

  3. OAuth2 Provider Module Release Notes

OAuth2 Provider Module Release Notes

The OAuth2 Provider module enables a Mule runtime engine (Mule) app to be configured as an Authentication Manager in an OAuth2 dance.

Guide: OAuth2 Provider User Guide
Reference: OAuth2 Provider Reference

1.2.2

January 26, 2026

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue Resolution ID

These libraries are upgraded to address reported security vulnerabilities:

  • The commons-collections library is migrated to commons-collections4 version 4.5.0 to address sonatype-2024-3350.

  • The commons-lang3 library is upgraded to version 3.20.0 to address CVE-2025-48924, and the commons-lang library version 2.6 is excluded to address CVE-2025-48924.

  • The commons-io library is added at version 2.21.0 to override the outdated version in mule-service-http to address CVE-2024-47554.

  • The gson library is upgraded to version 2.13.2 to address CVE-2025-53864.

  • The log4j library is upgraded to version 2.25.3 to address CVE-2025-68161.

  • The spring-core library is upgraded to version 6.2.11 to address CVE-2025-41242 and CVE-2025-41249.

  • The muleHttpConnectorVersion library is upgraded to version 1.10.6.

W-20358376

1.2.1

September 11, 2025

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue Resolution ID

The Spring framework is upgraded to version 5.3.39-spring-framework-5.3.45 to address reported security vulnerabilities.

W-18704894

1.2.0

March 26, 2025

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue Resolution ID

This release includes general security fixes.

W-16889148

The log4j dependency is upgraded to version 2.17.1 to address reported security vulnerabilities.

W-16889148

1.1.0

May 14, 2024

What’s New

This release includes only non-user-impacting changes.

Compatibility

Software Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

1.0.13

March 8, 2024

What’s New

  • This connector is now compatible with Java 17.

Compatibility

Software Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

1.0.12

June 14, 2023

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue Resolution ID

Improved the performance of the Validate operation.

W-13101424

1.0.11

June 12, 2023

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue Resolution ID

Upgraded internal dependencies.

W-13568991

Refactored code to improve security.

W-13145661

1.0.10

October 18, 2022

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue ID

Upgraded internal dependencies.

W-11639029

1.0.9

August 23, 2022

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue ID

Upgraded internal dependencies.

W-11577652

1.0.8

December 16, 2021

Compatibility

Software Version

Mule

4.1.1 and later

Fixed Issues

Issue ID

Fixed inconsistencies in OAuth2 token expiry time.

OPM-31

1.0.7

September 24, 2021

Fixed Issues

  • Added debug logs in the connector to troubleshoot properly. (OPM-29)

1.0.6

February 18, 2021

Fixed Issues

  • Fixed an issue that prevented LDAP authentication. (OPM-20)

  • Fixed the Already exists a listener matching that path and methods error that occurred when restarting an application using the OAuth2 Provider Module. (OPM-21)

  • Fixed the Provider already registered error that occurred when starting a stopped application when using the OAuth2 Provider Module. (OPM-22)

1.0.5

September 15, 2019

Fixed Issues

  • ClassCastException was incorrectly thrown in an error scenario. This has been replaced by OAuth2ProviderSecurityException. (MULE-17445)

1.0.4

August 13, 2019

Fixed Issues

  • HTTP updated to version 1.5.6. (MULE-17254)

  • Upgraded commons-io to version 2.6. (MULE-16582)

Compatibility

The OAuth2 Provider Module is compatible with:

Application or Service

Version

Mule

4.1.1 and later

1.0.3

January 23, 2019

Fixed Issues

  • HTTP request parameters are validated twice. (EE-6529)

  • Missing default login page files. (EE-6528)

Compatibility

The OAuth2 Provider Module is compatible with:

Application/Service

Version

Mule

4.1.1 and later

1.0.2

January 21, 2019

Fixed Issues

The OAuth2 Provider Module is compatible with:

Application/Service

Version

Mule

4.1.1 and later

1.0.1

January 8, 2019

Fixed Issues

  • Token response content-type header is not application/json (EE-6224)

  • ClientCredential grants inconsistent error codes. This broke compatibility, so use system property: mule.oauth.provider.oldErrors=true if wanting to get the previous error codes. (EE-6521)

  • clientSecurityProvider is no longer mandatory. (EE-6488)

  • Static login page is now being exported. (EE-6519)

Compatibility

The OAuth2 Provider Module is compatible with:

Application/Service

Version

Mule

4.1.1 and later

1.0.0

June 15, 2018

Compatibility

The OAuth2 Provider Module is compatible with:

Application/Service

Version

Mule

4.1.1 and later

See Also