Mule Runtime 3.9.4 Release Notes

Initial Release: December 11, 2019

Mule Runtime 3.9.4 includes fixes and patch update releases.

September 2023

What’s New

This release includes security updates.

Patch release version: 3.9.4-20230824

This patch update addresses the following issues:

Description	Issue
This release includes important security enhancements and fixes.	W-13916544

Description

Issue

This release includes important security enhancements and fixes.

W-13916544

There is no DataWeave update for this version this month.

For guidance with the patching process, see Apply Patch Updates.

May 2023

Patch release version: 3.9.4-20230424

This patch update addresses the following issues:

Description	Issue
This release fixes runtime generated usage metrics.	W-12981071

Description

Issue

This release fixes runtime generated usage metrics.

W-12981071

There is no DataWeave update for this version this month.

For guidance with the patching process, see Apply Patch Updates.

December 11, 2019

Mule Runtime 3.9.4 includes the following enhancements, changes, and fixes.

This release is supported on Anypoint Private Cloud Edition 1.6.1 and later.

Key Enhancements

API Gateway: The release makes troubleshooting easier by adding logs to track the Contracts database lifecycle, client validation, Gatekeeper status, pointcut matching, Policy lifecycle, and others.

Changes

Starting with Mule 3.9.4, implementing multiple Autodiscoveries using the same API is no longer valid. Because policies are applied to every API in a specific runtime based on the configuration option you choose, you were able to define the same API in that runtime with multiple Autodiscoveries in Mule versions previous to 3.9.4.

Mule 3.9.4 considers the first API it detects as valid and applies policies to this API, while Gatekeeper keeps the other APIs blocked (if not disabled). To work around this issue, create different API instances for each Autodiscovery in the Mule application. Apply policies and contracts to each of those API instances separately.

Known Issues

Issue	Description
SE-21462	In Mule runtime engine (Mule) versions 3.8.6 through 3.9.5, if you restart the Mule application on the server where an API is implemented, the custom policies associated with that application are removed. This issue occurs in cases where API gateway cannot track a custom policy applied to an API in API Manager. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.
SE-20229	When you redeploy an API implemented in a Mule application that uses HTTP listener, the Listener stops and does not restart. This issue occurs for HTTP Listeners that are defined in a Mule Domain. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

Issue

Description

SE-21462

In Mule runtime engine (Mule) versions 3.8.6 through 3.9.5, if you restart the Mule application on the server where an API is implemented, the custom policies associated with that application are removed. This issue occurs in cases where API gateway cannot track a custom policy applied to an API in API Manager. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

SE-20229

When you redeploy an API implemented in a Mule application that uses HTTP listener, the Listener stops and does not restart. This issue occurs for HTTP Listeners that are defined in a Mule Domain. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

Issues Impacting Migration

Issue Description

Issue	Description
EE-7092	MMC agent was removed from the Mule distribution. Please use the Runtime Manager Agent (ARM) instead.
MULE-8817	Spring Framework was upgraded from 4.1.9 to 4.3.25, and Spring Security was upgraded from 4.2.3 to 4.2.13. Minor incompatibilities are possible in the following components: The `getConnectionFactory()` method in `JmsConnector` now returns a `DefaultXAConnectionFactoryWrapper`, regardless of the `ConnectionFactory` implementation in use. If you depend on this, use the `ConnectionFactory` interface to avoid problems. The `CxfInboundMessageProcessor` no longer includes a newline character in the response stream by default. This might cause problems if you are writing the raw response to an `OutputStream` in a custom implementation. For more details on the migration from Spring 4.1.x to 4.3.x, see Upgrading to Spring Framework 4.x.

EE-7092

MMC agent was removed from the Mule distribution. Please use the Runtime Manager Agent (ARM) instead.

MULE-8817

Spring Framework was upgraded from 4.1.9 to 4.3.25, and Spring Security was upgraded from 4.2.3 to 4.2.13. Minor incompatibilities are possible in the following components:

The getConnectionFactory() method in JmsConnector now returns a DefaultXAConnectionFactoryWrapper, regardless of the ConnectionFactory implementation in use. If you depend on this, use the ConnectionFactory interface to avoid problems.
The CxfInboundMessageProcessor no longer includes a newline character in the response stream by default. This might cause problems if you are writing the raw response to an OutputStream in a custom implementation.
For more details on the migration from Spring 4.1.x to 4.3.x, see Upgrading to Spring Framework 4.x.

Fixed Issues

Issue Description

Issue	Description
MULE-17704	OAuth doesn’t refresh token when client maxRetries property set to zero.
MULE-17677	Unauthenticated denial of service in Mule runtime engine 3.x.
MULE-17674	Only allow MuleSession instances when deserializing corresponding header.
MULE-17460	Mule unexpectedly transforms byte[] to String.
MULE-17411	Null value is not correctly resolved in bean expression resolver.
MULE-17407	Async is defining null `ReplyToHandler` instead of a void/empty one.
MULE-17349	File open validation moves files on Windows.
MULE-17298	Splash screen does not list odd-named patches.
MULE-17116	Wrong logger name in `HttpRequestToMuleEvent`.
MULE-17102	Composite converters that contain the same transformer chain are not filtered out.
MULE-17070	Scatter-gather router inside exception handler is failing due to original exception.
MULE-17058	CXF proxy service losing envelope data with user-defined interceptors.
MULE-17002	Illegal type in constant pool when using more than 51 global function elements inside XML.
MULE-16975	Newly created transaction is incorrectly propagated out of a transactional block.
MULE-16925	Colon (:) should be part of the address when no `resourceInfo` is specified.
MULE-16891	`flowTrace` out of memory (OoM) when using `foreach` with large collections.
MULE-16835	DOM to XML: Maximum attribute size limit (524288) exceeded with a large payload.
MULE-16674	MEL caching null values after second nullsafe operation is done.
MULE-16479	Expired Cookie passed to endpoint if flow starts from another Mule API.
MULE-17647	Allow domains to be redeployed without restarting its stopped applications.
MULE-17389	Implement encrypt and sign atomic operation support in pgp-module.
MULE-17115	Reduce logging verbosity when correlation IDs are repeated but matching.
MULE-17749	Upgrade jcifs to 1.3.19.
MULE-17735	Upgrade Rome to 1.12.2.
MULE-17729	Upgrade Jackson to 2.10.0.
MULE-17723	Upgrade ESAPI to 2.2.0.0.
MULE-17722	Upgrade xml-tooling to 1.4.6.
MULE-17721	Upgrade OpenSAML to 2.6.6.
MULE-17720	Upgrade Jetty to 9.4.22.v20191022.
MULE-17719	Upgrade Ant to 1.10.7.
MULE-17718	Upgrade commons-codec to 1.13.
MULE-17717	Upgrade Jython to 2.7.2b2.
MULE-17716	Upgrade Quartz to 2.3.2.
MULE-17715	Upgrade Rhino to 1.7.11.
MULE-17714	Upgrade JRuby to 9.2.9.0.
MULE-8817	Upgrade Spring to 4.3.17 and Spring Security to 4.2.6.
MULE-17234	Limit static resource loader to its base path.
MULE-17014	Create flag to set a period of time for ignoring recently processed files during the polling process.
MULE-16949	Correct spelling of internal method.
MULE-16893	Use `jakarta.mail` instead of `javax.mail`.
EE-6939	Running `mule -installLicense license.lic` with Runtime v3.9.3 producess the error `java.lang.ClassNotFoundException: org.mule.util.FileUtils`.
EE-6840	Recreate Batch workers for executing job instance on restart.
EE-6832	Batch records without `workTracker` (illegal state) should be cancelled.
EE-6374	Sending large bodies causes out-of-memory (OOM) error in HTTP requester.
EE-7087	Update licm to version 1.2.4 in 3.x.
EE-6891	Backport last changes and tests in JDBC+Cluster to Mule 3.
AGW-3562	In Mule 3, when changes are applied to a policy, `mule-ee` logs that the policy could not be applied.
AGW-3099	Contracts are not updated in memory when encryption is set.
AGW-3700	Improve troubleshooting by adding additional logs.
DataWeave	Upgrade Apache POI to 4.1.1. Close stream to avoid DataWeave files in temporal folder. Fix `MuleExceptions should not be wrapped`. Propagate same exception as the initial but use same sync strategy as the parent event. If format is binary, do not transform it to a string when setting a variable. Add reader property to set the maximum attribute size in XML (`maxAttributeSize`).

MULE-17704

OAuth doesn’t refresh token when client maxRetries property set to zero.

MULE-17677

Unauthenticated denial of service in Mule runtime engine 3.x.

MULE-17674

Only allow MuleSession instances when deserializing corresponding header.

MULE-17460

Mule unexpectedly transforms byte[] to String.

MULE-17411

Null value is not correctly resolved in bean expression resolver.

MULE-17407

Async is defining null ReplyToHandler instead of a void/empty one.

MULE-17349

File open validation moves files on Windows.

MULE-17298

Splash screen does not list odd-named patches.

MULE-17116

Wrong logger name in HttpRequestToMuleEvent.

MULE-17102

Composite converters that contain the same transformer chain are not filtered out.

MULE-17070

Scatter-gather router inside exception handler is failing due to original exception.

MULE-17058

CXF proxy service losing envelope data with user-defined interceptors.

MULE-17002

Illegal type in constant pool when using more than 51 global function elements inside XML.

MULE-16975

Newly created transaction is incorrectly propagated out of a transactional block.

MULE-16925

Colon (:) should be part of the address when no resourceInfo is specified.

MULE-16891

flowTrace out of memory (OoM) when using foreach with large collections.

MULE-16835

DOM to XML: Maximum attribute size limit (524288) exceeded with a large payload.

MULE-16674

MEL caching null values after second nullsafe operation is done.

MULE-16479

Expired Cookie passed to endpoint if flow starts from another Mule API.

MULE-17647

Allow domains to be redeployed without restarting its stopped applications.

MULE-17389

Implement encrypt and sign atomic operation support in pgp-module.

MULE-17115

Reduce logging verbosity when correlation IDs are repeated but matching.

MULE-17749

Upgrade jcifs to 1.3.19.

MULE-17735

Upgrade Rome to 1.12.2.

MULE-17729

Upgrade Jackson to 2.10.0.

MULE-17723

Upgrade ESAPI to 2.2.0.0.

MULE-17722

Upgrade xml-tooling to 1.4.6.

MULE-17721

Upgrade OpenSAML to 2.6.6.

MULE-17720

Upgrade Jetty to 9.4.22.v20191022.

MULE-17719

Upgrade Ant to 1.10.7.

MULE-17718

Upgrade commons-codec to 1.13.

MULE-17717

Upgrade Jython to 2.7.2b2.

MULE-17716

Upgrade Quartz to 2.3.2.

MULE-17715

Upgrade Rhino to 1.7.11.

MULE-17714

Upgrade JRuby to 9.2.9.0.

MULE-8817

Upgrade Spring to 4.3.17 and Spring Security to 4.2.6.

MULE-17234

Limit static resource loader to its base path.

MULE-17014

Create flag to set a period of time for ignoring recently processed files during the polling process.

MULE-16949

Correct spelling of internal method.

MULE-16893

Use jakarta.mail instead of javax.mail.

EE-6939

Running mule -installLicense license.lic with Runtime v3.9.3 producess the error java.lang.ClassNotFoundException: org.mule.util.FileUtils.

EE-6840

Recreate Batch workers for executing job instance on restart.

EE-6832

Batch records without workTracker (illegal state) should be cancelled.

EE-6374

Sending large bodies causes out-of-memory (OOM) error in HTTP requester.

EE-7087

Update licm to version 1.2.4 in 3.x.

EE-6891

Backport last changes and tests in JDBC+Cluster to Mule 3.

AGW-3562

In Mule 3, when changes are applied to a policy, mule-ee logs that the policy could not be applied.

AGW-3099

Contracts are not updated in memory when encryption is set.

AGW-3700

Improve troubleshooting by adding additional logs.

DataWeave

Upgrade Apache POI to 4.1.1.
Close stream to avoid DataWeave files in temporal folder.
Fix MuleExceptions should not be wrapped.
Propagate same exception as the initial but use same sync strategy as the parent event.
If format is binary, do not transform it to a string when setting a variable.
Add reader property to set the maximum attribute size in XML (maxAttributeSize).

Software Compatibility Testing

Mule was tested on the following software:

Software	Version
JDK	JDK 1.8.0 (Recommended JDK 1.8.0_191/192)
OS	MacOS 10.11.x, HP-UX 11i V3, AIX 7.2, Windows Server 2019, Windows 10, Solaris 11.3, RHEL 7, Ubuntu Server 16.04
Application Servers	Tomcat 7, Tomcat 8, Weblogic 12c, Wildfly 8, Wildfly 9, Websphere 8, Jetty 8, Jetty 9
Databases	Oracle 11g, Oracle 12c, MySQL 5.5+, DB2 10, PostgreSQL 9, Derby 10, Microsoft SQL Server 2014

Software

Version

JDK

JDK 1.8.0 (Recommended JDK 1.8.0_191/192)

MacOS 10.11.x, HP-UX 11i V3, AIX 7.2, Windows Server 2019, Windows 10, Solaris 11.3, RHEL 7, Ubuntu Server 16.04

Application Servers

Tomcat 7, Tomcat 8, Weblogic 12c, Wildfly 8, Wildfly 9, Websphere 8, Jetty 8, Jetty 9

Databases

Oracle 11g, Oracle 12c, MySQL 5.5+, DB2 10, PostgreSQL 9, Derby 10, Microsoft SQL Server 2014

Note that for RHEL 7, kernel version 3.10.0-1062 has an issue related to log4j2 that you can address by following guidance in the MuleSoft Knowledge Base article Mule Runtime CPU Utilization Increased After Patching the Linux Kernel to Kernel-3.10.0-1062.

The unified Mule runtime engine 3.9.4 and API gateway is compatible with APIkit 3.9.4.

This version of Mule is bundled with the Runtime Manager Agent plugin version 1.14.2.