Mule Runtime 3.9.5 Release Notes

Initial Release: February 24, 2021

Mule Runtime 3.9.5 includes fixes and patch releases.

Install Monthly Patch Releases

MuleSoft releases cumulative Mule patches on a regular basis, typically once per month. The patch version specifies a Mule version and a patch identifier. Unlike the Mule upgrade process, which is for upgrades to a new minor version of Mule (version n.x to n.y) or to a new patch version (n.x.y to n.x.z), the cumulative patching process applies the latest bug fixes and security enhancements to a specific patch version of Mule. Installing a patch to the wrong Mule version can lead to instabilities and result in issues that are difficult to debug.


Before applying the patch in a production environment, run your MUnit tests on new versions of Mule to validate the applicationโ€™s behavior with that version.

The following procedure is for updating a patch version of an existing Mule instance:

  1. Stop your Mule instance.

  2. Extract the content of the ZIP file that contains the cumulative patch.

  3. Before proceeding with the installation, review the extracted README file to understand any version-specific steps for installing the patch.

  4. Back up the original content of the MULE_HOME/lib/patches and MULE_HOME/services directories.

  5. Remove any previous patch files from MULE_HOME/lib/patches.

    Important: Do not remove the patches within the MULE_HOME/lib/patches/mule-artifact-patches directory.

  6. Copy the new mule-ee-distribution-standalone-X.Y.Z-YYYYMMDD-patch.jar into MULE_HOME/lib/patches.

    Retain the following in the MULE_HOME/lib/patches directory:

    • mule-ee-distribution-standalone-3.9.5-patch.jar

    • MULE_HOME/lib/patches/mule-artifact-patches

  7. Starting at step 2 in the README file, complete the version-specific service patching instructions.

  8. Restart the Mule instance to pick up the patch.

For more guidance with the patching process, see the support article, How to apply patches to Mule 4.x.

CloudHub and Anypoint Runtime Fabric follow different patching processes.

October 2021

Patch release version: 3.9.5-20210915

For guidance with the patching process, see Install Monthly Patch Releases.

The October update addresses the following issues:

Issue Description

Introduced a new mechanism for collecting API gateway usage statistics, which defaults to enabled.

To opt out, include anypoint.platform.metrics_enabled=false in wrapper.conf or as a parameter when starting Mule.


September 2021

Patch release version: 3.9.5-20210823

For guidance with the patching process, see Install Monthly Patch Releases.

The September update addresses the following issues:

Issue Description


WebSphere MQ (WMQ) connector outbound endpoint does not create a transactional context when there is no transaction.


Added a new system property for WebSphere MQ (WMQ) connector to reflect the encryption status of the correlation ID.

August 2021

Patch release version: 3.9.5-20210719

For guidance with the patching process, see Install Monthly Patch Releases.

The August update addresses the following issues:

Issue Description


Custom policies are no longer deleted after restarting an application from Anypoint Runtime Manager.


A serialization issue no longer occurs after a RoutingException error when using an SFTP transport in a Mule cluster.

July 2021

Patch release version: 3.9.5-20210622

For guidance with the patching process, see Install Monthly Patch Releases.

The July update addresses the following issues:

Issue Description


The RAML Java parser logger improves log messages.


The soundslike comparison operator now returns false instead of an InvalidExpressionException error.


The soundslike comparison operator no longer throws InvalidExpressionException error.


DataWeave flat files now contain the property notTruncateDependingOnSubjectNotPresent to avoid truncating the group-item when the subject is not present or the length of the subject of an OCCURS clause is zero. Earlier versions contained this property.


This release updates XStream to 1.4.16 and Spring Security to 4.2.20.


Upgraded the Java RAML parser to 1.0.44-1.

June 2021

Patch release version: 3.9.5-20210517

For guidance with the patching process, see Install Monthly Patch Releases.

The June update addresses the following issues:

Issue Description


A class-loading regression, introduced in the May update, that caused a java.lang.ClassNotFoundException: error no longer occurs when using WMQ Connector.


Updated the Groovy dependency to version 2.4.21.

May 2021

Patch release version: 3.9.5-20210419

For guidance with the patching process, see Install Monthly Patch Releases.

The default for the DataWeave XML reader property supportDtd changes to false in this release. The new default is described in fixed issue DW-377.

This change affects Mule versions 3.9.5, 4.1.6, and 4.2.2 for on-premises Mule, CloudHub, and other hosted or embedded runtimes, including Anypoint Runtime Fabric and Anypoint Studio. Future patches to these releases and future minor releases of Mule will also incorporate the new default.

The May update addresses the following issues:

Issue Description


Provided the system property -Dmule.jms.closeConnectionOnStop=true to enable the forced closure of connections when stopping an application that uses Anypoint Connector for IBM MQ and the WMQ Connector.


Fixed an issue that caused the DOM of the XML component to not work in Mule runtime engine 3.9.5.


Fixed an HTTP listener issue that caused all HTTP listeners from applications of a domain to close when redeploying an application from that domain.


Upgraded the XStream library dependency to 1.4.15.


DataWeave: Support for XML DTD validation is disabled by default. To enable XML DTD validation, use the com.mulesoft.dw.xml.supportDTD system property or the supportDtd XML reader property.

April 2021

Patch release version: 3.9.5-20210322

For guidance with the patching process, see Install Monthly Patch Releases.

For an upcoming release in May, the behavior of the DataWeave XML reader functionality will change.

This change will affect Mule versions 3.9.5, 4.1.6, 4.2.2, and 4.3.0 for on-premises Mule, CloudHub, and other hosted or embedded runtimes, including Anypoint Runtime Fabric and Anypoint Studio.

The April update addresses the following issues:

Issue Description


DataWeave: The DataWeave XML module includes a new property to handle XML DTDs.


DataWeave: Fixed an issue in which the lookup function incorrectly called flows asynchronously.


DataWeave: Prevented an error that occurred when reading inboundProperties from an HTTPS endpoint.


DataWeave: Fixed a dependency inconsistency in the Flat File module that caused a java.lang.IncompatibleClassChangeError on certain operating systems.

March 2021

Patch release version: 3.9.5-20210304

For guidance with the patching process, see Install Monthly Patch Releases.

The March update addresses the following issues:

Issue Description


DataWeave: Fixed the flow variables lifecycle within transforms, which caused application failure when using the February release.

Initial 3.9.5 Release

Release date: February 24, 2021

The initial release of Mule 3.9.5 includes fixed issues.

New Features and Enhancements

Not applicable.


Not applicable.

Known Issues

Issue Description


In Mule runtime engine (Mule) versions 3.8.6 through 3.9.5, if you restart the Mule application on the server where an API is implemented, the custom policies associated with that application are removed. This issue occurs in cases where API gateway cannot track a custom policy applied to an API in API Manager. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.


When you redeploy an API implemented in a Mule application that uses HTTP listener, the Listener stops and does not restart. This issue occurs for HTTP Listeners that are defined in a Mule Domain. To resolve this issue, upgrade to Mule 3.9.5 if using a previous version, and then apply the latest monthly patch for Mule 3.9.5.

Fixed Issues

Issue Description


Updated the XML Beans dependency to 3.1.0.


Fixed an issue that caused a CXF proxy response with an empty SOAP:BODY to throw an exception when it was read.


Updated the Guava dependency to 30.1-android.


Resolved a NullPointerException caused by the http:header builder.


Fixed a problem in which an exception in a catch exception strategy did not roll back the transaction.


Updated the Jetty dependency to 9.4.35.


Updated the Apache HttpClient (httpclient) dependency to 4.5.13.


Updated the JUnit dependency to 4.13.1.


Resolved an issue in which the target parameter of HTTP Request Connector did not work properly with flow variables whose names were escaped by single quotes.


Fixed problem in which the WMQ outbound endpoint with transacted set in a request-response context stopped processing with no warning.


Updated the WSS4J dependency to 1.6.19.


Added back-support behavior in scenarios requiring a correlationId to work as it did until version 3.9.3.

In the earlier behavior, the correlation ID remained the same for messages that were split and aggregated within the application’s flows. The newer behavior adds a sequence suffix to the "split" instances of such messages. The new mule.compoundCorrelationId.disable property has a default value of false. Setting it to true disables the newer mechanism (with the sequence suffix) and uses the previous one in which the correlation ID remains the same.


Resolved an issue in which the Until Successful scope (until-successful) did not retry on asynchronous events.


Fixed problem in which connection errors were not computed in the application error count statistics.


Resolved a problem in which transformers and response transformers were registered in dynamic endpoints when they should not be registered.


Updated the Bouncycastle dependency to 1.67.


Updated the jetty-webapp dependency to 9.4.34.v20201102.


Updated the Jackson dependency to 2.11.


Updated the jruby-joni dependency to 2.1.40.


Removed the esapi dependency.


Updated the opensaml dependency to 2.6.6.


JMS sessions are now transacted.


Updated the rhino dependency to 1.7.12.


Updated the Spring dependency to 4.3.29.


Updated the Apache Commons Codec dependency to 1.15.


Updated the Apache Commons IO library dependency to 2.8.


Updated the Apache Ant dependency to 1.10.9.


Fixed an issue in which an XML-to-JSON transformation failed when the XML depth exceeded 64.


Resolved a problem in which the JRuby component failed when assigning variables.


Fixed serialization issues that caused an out-of-memory (OOM) error when splitting big XML documents in cluster mode.


Resolved a problem in which cached variables in MEL reported the same error on subsequent transactions.


Fixed a problem in which the JMS transport was not validating a timeout.


Resolved an issue in which wire logging was not showing the complete XML in the response.


Updated the Jetty Server dependency to 9.4.31.v20200723.


Updated the JRuby dependency to


Fixed an issue in which it was not possible to resolve the Database connector’s connectionTimeout property.


Resolved an issue in which the application logged FlowStack : <empty> when LoggerContext.updateLoggers() was called.


Updated the ognl dependency to 3.0.12.


Updated the Spring Security dependency to 4.2.18.


Updated the Dom4J dependency to 2.1.3.


Fixed a problem in which HTTP Listener Connector returned a chunked transfer-encoded response under HTTP 1.0.


Resolved a problem in which an application was stuck in "starting" status when SFTP was configured to "reconnect forever" and the connection failed on startup.


Resolved a file leak in TlsConfiguration.


Fixed an incorrect mail batch-count verification when using the IMAP transport.


Resolved an issue in which the in-memory object store did not expired in a secondary node.


Fixed an issue in which a stored procedure with the CLOB In Out parameter failed to execute on an Oracle database.


Resolved an issue in which HTTP Connector leaked sockets that were in the CLOSE_WAIT state when the client used HTTP/1.0.


Fixed an issue with the rollback exception strategy in which redelivery attempts were not honored in the correct way.


Fixed an issue in which Grizzly returned incorrect error codes with a long header request and a long URI request.


Resolved a deadlock that occurred when handling a failed deferred response in HTTP.


Resolved an issue in which the out body was cut under high-load scenarios.


Fixed an issue in which a payload that was set to a target variable altered the original message MIME type.


Used the graceful shutdown timeout to allow persistent connections to make a last request.

The corresponding response contains the Connection: close header.


Added a tolerance time to wait for connections to close upon Mule shutdown.


Fixed an issue in which MVEL interpreted a Bean property as a Mule variable when using MVEL caching.


Improved the handling of inflight events and the cleanup of associated resources (such as connections) during shutdown.


Added a Connection: close header when stopping Mule applications.

This change is needed to produce a graceful shutdown during redeployments.


Updated the Mule launching script to avoid a readlink error.


Resolved the closing of all connections (including persistent connections) during Mule shutdown.

This change is needed for redeployments.


Fixed an issue with IBM MQ and JMS connectors that occurred when a channel was closed and the listener did not recover correctly.


Resolved a ClassLoader leak that led to application undeployment errors on Windows OS because temporary files could not be properly cleaned up.


Fixed an issue in which SOAP Kit routed requests to an incorrect path because it was not properly managing override rules.


Fixed an issue in which Salesforce Connector 'sfdc:oauth-callback' was not properly registered.


Resolved a problem in which MVEL incorrectly inferred the returnType on a substatement that was surrounded by parentheses.


Fixed an issue in which the Mule runtime engine did not start on macOS Catalina.


Updated the Tanuki wrapper dependency to 3.5.45.


Resolved an issue in which the correlationID was not properly resolved in the WMQ transport when the value of the correlationID was defined through an expression.


Removed FileUtils.deleteFile from the gateway domain script.


Enhanced the User-Agent sent by API Gateway to improve request tracing by Anypoint Monitoring.


Resolved exceptions from CORS misconfigurations, which were raised when the application started and stopped.


Added flow and application names to API Analytics events and exposed generation information about those events.


SE-15047: Fixed a problem in which an autogenerated proxy was incorrectly propagating headers back to Headers Response at Exception (504).


Updated the woodstox dependency to 5.3.0.


Resolved an issue that caused throttling and rate limiting policies to behave incorrectly when nodes in a Mule cluster were out of sync.


Enhanced the OAuth Provider to accept a bearer header in lowercase.


Fixed an issue in which starting and stopping an application broke the throttling and rate limiting policy.


Resolved a CORS 'Error setting up policy' issue that was caused by a cluster race condition.


SE-16641: Fixed a high CPU utilization issue with the agw-policy-watcher thread.


SE-15324: Resolved a duplicated Spring object warning that occurred when applying a throttling policy.


Resolved an issue with the handling of the Basic Auth Policy response.


Updated the Jersey dependency to 2.33.


Updated the xstream dependency to 1.4.15.


SE-15049: Fixed a problem in which a PKCS12-based keystore with several aliases prevented an application from starting.


Resolved an issue in which the JMS consumer could not reconnect when the session was closed, which disrupted the operation.


Updated the jcifs dependency to 1.3.19.


Updated the mule-agent dependency to 1.15.3.


Updated the Hazelcast dependency to 3.12.11.


Updated the licm dependency to 1.2.4.


Resolved an issue in which an application failed to redeploy because of a StackOverflow condition.


Fixed an issue with the NTLM dance renegotiation protocol that was caused by the underlying async libraries.


Resolved an issue in which it was not possible to undeploy an application that was using an XSLT transformation on Windows.

This issue was caused by dependencies on files that could not be removed.


Avoided adding the Content-length: 0 header for HTTP methods with undefined body semantics (GET, HEAD, and DELETE).


Upgraded an underlying library dependency to resolve a Invalid encoding for signature ( issue that occurred when using SFTP Connector.


DataWeave: Fixed an issue with close streams on lookup.


DataWeave: Fixed an issue in which OutputStream did not close, causing deferred mode failures for XML.


DataWeave: Fixed an issue with memory management.


DataWeave: Fixed an issue in which variables that can be consumed more than once could not be accessed in more than one script.


DataWeave: Fixed an issue to avoid stack overflow on append inside reduce.


DataWeave: Fixed a problem in which namespaces were not processed correctly when dynamically loading an externalized DataWeave script.


DataWeave: Updated the log4j dependency to version 2.8.2 in the FlatFile module.


DataWeave: Fixed an issue in which high CPU usage during transformation caused workers to stop processing.


DataWeave: Fixed an issue in which a packed decimal was converted incorrectly in the FlatFile module.


DataWeave: Added an option to catch the exception similar to previous behavior.


DataWeave: Fixed an issue with property handling.

Software Compatibility Testing

Mule was tested on the following software:

Software Version


JDK 1.8.0 (Recommended JDK 1.8.0_292)


MacOS 11.4.x, HP-UX 11i V3, AIX 7.2, Windows 2016 Server, Windows 10, Solaris 11.3, RHEL 8, Ubuntu Server 18.04

Application Servers

Tomcat 7, Tomcat 8, Weblogic 12c, Wildfly 8, Wildfly 9, Websphere 8, Jetty 8, Jetty 9


Oracle 11g, Oracle 12c, MySQL 5.5+, DB2 10, PostgreSQL 9, Derby 10, Microsoft SQL Server 2014

The unified Mule runtime engine 3.9.5 and API gateway is compatible with APIkit 3.9.5.

This version of Mule is bundled with the Runtime Manager Agent plugin version 1.15.3.

Was this article helpful?

๐Ÿ’™ Thanks for your feedback!