Mule ESB 3.7.0 Release Notes

Compatibility Information

Software Version

ESB Runtime


Anypoint Studio



Anypoint DevKit


1.7.0 and later

In case of having any issues with APIKit, consider the upgrading to the latest minor release of APIKit.

MuleSoft is pleased to announce the release of Mule 3.7.0.

Hardware and Software Recommendations

Mule 3.7 was validated on the following; however earlier OS versions can work:


Oracle JRE 1.7.0 (recommended: JRE 1.7.0_79/80), Oracle JRE 1.8

Note: Mule 3.7 permits a JRE, whereas Anypoint Studio requires a JDK


Mac OS 10.10.0, HP-UX 11i V3, AIX 7.1, Windows 2012 R2 Server, Windows 8.1, Solaris 11.2, RHEL 7.0, Ubuntu Server 14.04


  • 2 GHz, dual-core CPU, or 2 virtual CPUs in virtualized environment

  • 2 GB RAM

  • 4 GB of storage

New Features and Functionality

DataWeave Language and Transformer

This release introduces a new language, called DataWeave, which is a simple, powerful way to query and transform data inside of Mule. It provides JSON-like language that’s purposefully built to make writing transformations as fast as possible and highly maintainable over the long term. It supports a variety of transformations, from simple 1 to 1 mappings, to more elaborate mappings including normalization, grouping, joins, partitioning, pivoting and filtering.

The language is tightly integrated with Mule ESB and Anypoint Studio. There is a DataWeave Transformer that allows you to use the language to query and transform data. It fully supports DataSense, allowing you to leverage metadata from connectors, schemas and sample documents to more easily design your transformations. DataSense provides content assist while you are coding and scaffolds your mappings to help make writing transformations fast and easy. The editor also provides real time feedback as you code, processing sample inputs into sample outputs that are constantly updated as you write your transform.

DataWeave replaces our current DataMapper component as our recommended way of doing data transformation. It comes with a number of advantages over DataMapper, including:

  • Support for more complex transformations

  • Improved performance

  • Better error reporting

  • Support for multiple inputs

  • Support for larger than memory payloads

  • Random access to input documents

Currently there are some features of DataMapper that DataWeave does not yet support and which will be addressed in future releases, including:

  • A graphical drag and drop editor for creating DataWeave transforms

  • Excel support

DataMapper continues to be fully supported in all current and future versions of Mule 3.x.

Non-Blocking Processing Strategies

A new non-blocking processing strategy for HTTP proxy scenarios. This enables higher API scalability with minimal tuning inside the runtime. To support this, there is also a new direct threading profile and a new configuration option to set the default threading profile on the <configuration> element.

Not all Mule components fully support non-blocking operations.

HTTP Connector

The HTTP connector contains may additional security options for the request element, including:

  • NTLM authentication support

  • Preemptive authentication support

  • SNI support

Additional Improvements

  • Set payload, set-variable, set-property and set-session-variable now support setting the mimeType and encoding.

  • Support for custom serializers and a new Kryo serializer which boosts performance for HA, VM Queues and ObjectStore

  • Connect to databases dynamically by using MEL expressions in the database configuration

  • WS-Consumer support for signing and encrypting payloads with WS-Security

  • Many internal libraries have been upgraded, most notably Spring has been upgraded to Spring 4.1.6 and CXF has been upgraded to 2.7.15.

  • Java 8 is now an officially supported runtime, in addition to Java 7

  • Lifecycle improvements: the object lifecycle is now applied on registered objects in the correct order, taking into account both object types and declared dependencies. Also, dependency injection is now supported on all registered objects as defined by JSR-330. Non registered objects can also be injected through the new Injector API. For more information, see Lifecycle Improvements in the Migration Guide section.

  • More than 100 bug fixes

Bundled Runtime Manager Agent

This version of Mule ESB comes bundled with the Runtime Manager Agent Plugin version 1.1.0.

Enterprise Edition Fixed Issues

Issue Description


VM does not honor XA transaction timeout in cluster


ClusterCoreExtension putClusteringTicket fails when .mule directory doesn’t exist


Application folder not being deleted when deployment fail doesn’t allows to deploy the app again with MMC.


VM transaction timeout not being set on cluster


[Regression] Enricher failing with null payload and recordVars as target


Connectors using @RequiresEnterpriseLicense throws ClassNotFoundException on mule-ce


HazelcastManager holds references to HazelcastObjectStore instances after undeploying applications


Issue unzipping Mule plugin


Disable/Remove Alert Definition from MMC agent does not stop the alert from firing

Enterprise Known Issues

Issue Description


Set attachment component not handling DataWeave transformer output correctly

Community Edition Fixes

Issue Description


XA transaction must set tx timeout in XA resources


Passing a JaxB annotated POJO to the HTTP listener response is throwing a transformer error


Polling from MS SQL Server produces exception when streaming is enabled


Mule execution folder .mule should be created before every other deployment service


TestLogConfigurationHelper should decode file path


Set mime type correct for common files with FTP/File connectors


Typo in AbstractFlowConstruct


Commit failure does not trigger exception strategy


Database Connector artifact located in registry no longer implements Testable and DataSense interfaces


Can’t use redelivery policy with FTP


HTTP Listener header section does not allow big headers or query params


HTTP Requester fails when sending big attachments over HTTPS


FTP requester is not validating single files


scatter-gather: can’t access session and flow variables modified when an event failed


ConcurrentModificationException when hot deploying


HTTP Listener Connector reject a GET and DELETE that contains a body.


HTTP Connector should not send/respond http.* properties


Polling watermark MIN/MAX selectors do not make use of the Comparable interface correctly


Can’t use redelivery policy


Incorrect error processing on Jetty transport


keepAlive is not working correctly in the HTTP requester


ObservableList doesn’t work with Collections#reverse


Content-type is not set on HTTP responses


Add a Base64 decoded which doesn’t automatically unzip


The Json-to-Object transformer not change the mimeType correctly. It should set application/json


Inbound properties copied to outbound properties not maintain their datatypes


Add support for expressions in the authentication configuration of the HTTP connector


Dependency injection fails when injection candidate is registered on domain


Applications and corresponding domains should share the same OptionalObjectController


Add support for preemptive basic authentication in the HTTP module


Fix jffi version


DB connector does not correctly detects query types


Add support in new DB connector for MERGE operation


Deployment failure if two apps are both using BTM in the same Mule server


Add max-send-buffer-size entry in wrapper.conf


Unused resolvePath method in DefaultHttpListenerConfig


MBeans/JMX Memory Leak on vanilla Mule ESB Standalone


Async Loggers stop working after reconfiguration


Provide access to client certificate on 2-way TLS authenticated connections


Allow default processing strategy to be configured per app


Setting a NullPayload in a property must behave as setting null


Provide a builder for HttpRequesterConfig interface


WSConsumerConfig should use the HttpRequesterConfig interface rather than the internal implementation


Race condition on <reconnect-forever> and deployment lifecycle


StaxSource NPE - Location can be null


Add a way to inject all available core extensions in a core extension


Domain creates .mule folder on CWD instead of MULE_HOME


Error with RedShift parameterized queries


FileMessageDispatcher return subfolders when no files found


Domain deployment fails on path with spaces


Domains are not well disposed and get reused on redeploy.


XmlToXMLStreamReader does not support OutputHandler as source type


Unable to use a keystore with $ in its path


Web Service Consumer Does not Support OutputHandler


PGP decryption fails when the key used to sign the message doesn’t match the key used to encrypt it


Session vars "lost" in foreach that uses outbound endpoint


log4j2.xml not being loaded during functional test case


Can’t uncompress zip files containing no entries for folders


ObjectAlreadyExistsException when using splitter and until-successful


json validate-schema doesn’t pick up a schema if it is in the application classpath


Race condition in ExpressionConfig


Source attribute in http requester not working when payload is null


Incorrect anchor file content


Global transformer not initialized when called from message.getPayload(Class<T>)


Domain redeployment fails with zip file closed


HTTPS connectors interfere with each other


HTTP listener fails when receiving empty request with content type x-www-form-urlencoded


WS consumer not evaluating flow vars in the serviceAddress when used with the new HTTP connector


Schema locations for includes are not being fixed.


FTP client not timing out


HTTP requester throws timeout errors with POST request


DB Drivers should be removed from DriverManager when MuleApplicationClassLoader is disposed.


ObjectToHttpClientMethodRequest ignoring filename on file attachments


ClassCastException when setting a MEL expression in the config-ref of a Connector’s call


Using set-variable does not removes variables when assigned value is null


Undeployment does NOT release pooled database connections


Http Listener allows inexistent keystore


OAuth2 postAuthorize() with an expired token fails even if token was refreshed


Comparator not finding the class in the right classloader


Avoid to set the same message listener on the message consumer


HTTP connector throws exception when WSC response is received


SFTP inbound-endpoint autoDelete="false" does not work


SFTP connect hangs in pre-authenticated phase


JMS Durable Subscriber - unexpected behavior in Mule HA Cluster - no failover


Inconsistent implementation of streamingMode="NEVER" between listener and requestor.


Exception in HTTP listener when path="/" and basePath="/"


Outbound endpoints should be correctly disposed when an app with shared resources is undeployed or redeployed.


Improve HTTP listener logging for usability


HTTP Listener Server should return Method not supported


Problem sending outbound attachments in HTTP requester


Default HTTPS configuration in requester not working correctly


HttpListener ParameterMap should behave as a Map


Cannot log to application log for a failed deployment


HTTP listener fails with NPE when the message is filtered out


Grizzly thread leaks


HTTP Listener is storing only the first part of a MultiPart request as attachment


Thread names are i) lacking app prefix ii) duplicated between http inbound and outbound


Null pointer exception on the first request causes the listener to close the connection.


HTTP Listener Module is not adding the WWW-Authenticate header field in the response


Resource Not Found in HTTP should return a body with a clear message


Max connections exceeded in the outbound part should block instead of failing


Default maxThreads is 128 when worker-threading-profile isn’t present but 16 when it is.


New HTTP Module doesn’t support queries paremters without value


HTTP requester not sending query parameters when processing a redirect under HTTPS


HTTP Listener with Basic Auth should return status code 401 when authentication fails


Create Serialization API


initialise() phase is triggered before all objects are registered


#[payload == null] is not true when the payload is NullPayload


Setting encoding attribute on a transformer has no effect


XSL Transformation fails with xsl:result-document on repeated transformations

Community Edition Known Issues

Issue Description


Missing NamespaceHandler entry for non-blocking-processing-strategy


Mule registry failing to lookup sub-flows


DISCARD or DISCARD_OLDEST policies not working as expected when used in the Threading Profile of HTTP Listeners


Exception thrown in Mule Shutdown Hook


Logger categories are not working properly. From a custom message processor at debug level is not being output in any log file.


Class org.mule.routing.EventGroup has a static field (hasNoCommonRootId) that may cause aggregation to fail


MuleContext’s ExpressionLanguage is not properly initialized


Using Preemptive basic authentication in the new HTTP Module uses two request where the User/Pass are invalid

Hardware and Software System Requirements

MuleSoft recommends a minimum of 4 GB RAM on a developer workstation. As applications become complex, consider adding more RAM. You can contact MuleSoft with any questions you may have about system requirements.

Deprecated in this Release

Issue Description


As ASM 3.3.1 is not fully compliant with Java 8, the class in the packages org.mule.util.scan and org.mule.util.scan.annotations have been deprecated, however you can use them under Java 7.


Lifecycle has been fixed:

  • TransientRegistry is deprecated and no longer used by the runtime. SpringRegistry is now the only registry the runtime uses by default. AbstractMuleContextTestCase uses the new SimpleRegistry instead.

  • addRegistry() and removeRegistry() methods from the MuleContext have been deprecated. Manually added registries cannot participate of dependency injection

  • The org.mule.api.registry.Registry.registerObject(key, Object, metadata) method has been deprecated. The metadata is no longer used.

  • RegistryBroker and RegistryBrokerLifecycleManager classes have been deprecated

  • SimpleRegistryBootstrap is deprecated and is no longer used by the runtime. SpringRegistryBootstrap is used instead

  • PreInjectProcessor, InjectProcessor, ObjectProcessor and all their implementation have been deprecated and are no longer used by the runtime. Use a Spring BeanPostProcessor instead


@deprecated As of 3.7.0, use \{@link #toXMLStreamReader(, org.mule.api.MuleEvent, Object)} instead.


NoActionTransformer class inside TCK test folder


class AsyncMessageProcessorWorker


Timeout attribute in <ee:multi-transaction> component

Updated Libraries

Issue Description


Spring dependency was upgraded to version 4.1.6.RELEASE. The org.springmodules:spring-modules-cache dependency was removed as is not needed anymore.


Upgrade Spring security to 4.0.1.RELEASE.


The following Apache Tomcat libraries were upgraded from version 6.0.29 to version 6.0.41: annotations-api, coyote, el-api, jasper, jasper-el, jsp-api, juli. Removed catalina-6.0.29.jar as is not needed anymore.


jruby was upgraded to version 1.7.4 because of a security issue with previous version. Artifact jruby-complete was removed and replaced with jruby-core and its dependencies.


CXF was upgraded to version 2.7.15.
Also, the following dependencies were updated:
jibx-extras: from version to 1.2.5
jibx-run: from version to 1.2.5
jibx-schema: from version to 1.2.5
neethi: from version 3.0.2 to 3.0.3
opensaml: from version 2.5.1-1 to 2.6.1
openws: from version 1.4.2-1 to 1.5.1
wsdl4j: from version 1.6.2 to 1.6.3
wss4j: from version 1.6.9 to 1.6.18
xmlschema-core: from version 2.0.3 to 2.1.0
xmltooling: from version 1.3.2-1 to 1.4.1

Note 1: If you need to use URI parameters add an org.apache.cxf.interceptor.URIMappingInterceptor interceptor to the CXF service in your flow, see Apache CXF.

Note 2: jibx binding could have some issues if you use it under Java 8.


Upgraded Quartz to version 2.2.1.


As ASM 3.3.1 is not fully compliant with Java 8, the class in the packages org.mule.util.scan and org.mule.util.scan.annotations have been deprecated, however you can use them under Java 7.


async-http-client was upgraded to 1.9.21.


Grizzly was upgraded to 2.3.21.


Update C3P0 to version 0.9.5


Remove jasper-jdt-6.0.29.jar from Mule distributions

Migration Guide

DataMapper is now an optional plugin that must be installed inside the Mule runtime for applications that are using it.

MULE-8583 also introduced hostname validation in the HTTP requester since the upgrade included the fix for this async-http-client security vulnerability. This means that seemingly valid certificates for HTTPS connections in older versions could now be rejected if they contain no Subject Alternative Name extension matching the host of the request.

Issue Description


mule-transport-axis was removed from standalone and embedded EE distributions. Following libraries were also removed as they are not required anymore: axis-1.4.jar, commons-discovery-0.4.jar and geronimo-jaxrpc_1.1_spec-1.1.jar


Mule ESB 3.7.0 requires version of Anypoint Enterprise Security to be 1.5.0 or greater


The wrapper.conf file now contains default garbage collection and memory settings configured to improve performance in an environment with 2 GB+ memory. If you need to run Mule with less than 2 GB of RAM, edit the wrapper.conf file.


To migrate DataMapper applications, install the DataMapper plugin manually following these steps:

  1. Download the DataMapper plugin from the "Customer Portal"

  2. Add the DataMapper plugin to the "plugins" folder in your <MULE_HOME> directory

Mule information:

Issue Description


TLS configuration is not mapped anymore to the default JVM system properties. In order to keep this behavior, define the following system property: mule.tls.disableSystemPropertiesMapping=false


Property http.relative.path was added to the inbound properties of the HTTP listener. This property reflects the value of the http.request.path property without the basePath part of the corresponding listener.


Lifecycle has been fixed. Please have the following considerations:

  • Initializable objects invoke only after the registry has instantiated all objects and successfully injected dependencies into them. initialize() is no longer eagerly invoked.

  • JSR-330 annotations are now the recommended way of getting hold of dependencies. Manual lookups through the mule context registry are still supported but not recommended.

  • Initialization is now applied on dependency order, meaning that if object 'A' depends on 'B' and 'C', Mule guarantees that by the time that 'A' is initialized, 'B' and 'C' have already been initialized. Note that for this to work, to dependency has to be explicitly expresses through the javax.inject.Inject annotation or through a Spring configuration.

  • TransientRegistry is deprecated and no longer used by the runtime. SpringRegistry is now the only registry the runtime uses by default. AbstractMuleContextTestCase uses the new SimpleRegistry instead.

  • addRegistry() and removeRegistry() methods from the MuleContext have been deprecated. Manually added registries cannot participate in dependency injection.

  • The org.mule.api.registry.Registry.registerObject(key, Object, metadata) method has been deprecated. The metadata is no longer used.

  • RegistryBroker and RegistryBrokerLifecycleManager classes have been deprecated.

  • SimpleRegistryBootstrap is deprecated and is no longer used by the runtime. SpringRegistryBootstrap is used instead.

  • PreInjectProcessor, InjectProcessor, ObjectProcessor and all their implementation have been deprecated and are no longer used by the runtime. Use a Spring BeanPostProcessor instead.

  • Spring’s init-method and destroy-method are no longer recommended when defining Spring beans that implement any of the Mule Lifecycle interfaces (Initialisable, Startable, Stoppable, Disposable)

  • Class org.mule.config.bootstrap.SimpleRegistryBootstrap.ArtifactType was moved to org.mule.config.bootstrap.ArtifactType

  • Spring Bean Definition parsers no longer automatically call the initialize() and dispose() methods. If you want to maintain that behavior in your custom parsers, you must explicitly do it yourself.

  • An example of doing that would be:

private void setInitAndDisposeMethods(BeanDefintionBuilder builder, Class<?> parsedObjectType) {

   if (Initialisable.class.isAssignableFrom(parsedObjectType)) {

   if (Disposable.class.isAssignableFrom(parsedObjectType)) {


In previous versions of Mule, domain home folders where created relative to current working directory instead of relative to <MULE_HOME> folder.

Now that this is fixed, if your Mule instance was started from a folder other than <MULE_HOME> then folder <WORKING_DIRECTORY>/.mule/<DOMAIN_NAME> must be moved to <MULE_HOME>/.mule/<DOMAIN_NAME>


set-payload element is now implemented using a plain MessageProcessor instead of using a MessageTransformer. This means that <set-payload> continues working as before unless it is used as a transformer. (For example, inside an endpoint.)

To use SetPayloadTransformer in the Mule configuration file as a transformer, define it as a <custom-transformer> like this:

<custom-transformer class="org.mule.transformer.simple.SetPayloadTransformer">
    <spring:property name="value" value="someValue"/>


Applying a message transformer does not changes message’s data type if the payload was not replaced during the transformation.

In particular, this changes affects usages of message properties transformer configured like this:

<message-properties-transformer name="setResponseType" mimeType="text/baz" encoding="UTF-16BE"/>

That now must be configure in this way:

<message-properties-transformer name="setResponseType">
<add-message-property key="Content-Type" value="text/baz;charset=UTF-16BE"/>

Or like this:

<set-property propertyName="Content-Type" value="text/baz;charset=UTF-16BE"/>


Applying a message transformer that changes message’s payload updates the message data type, but instead of using transformer’s output data type, it uses a merge between payload’s and transformer data types.

If a transformer’s output data type does not provide a MIME type and/or encoding, then the original payload data type MIME type and/or encoding is used. This can cause different transformers to be applied to an application after the upgrade. In case there is a failure, use <set-payload> to set encoding and the MIME type while maintaining the same payload.


A new API for object serialization has been added through the ObjectSerializer interface. Use the following considerations:

  • If you were manually using the org.mule.util.SerializationUtils class in custom components, scripts or flows, you should use this API instead.

  • In the same way, where you were before catching a org.apache.commons.lang.SerializationException you should now expect a org.mule.api.serialization.SerializationException

  • You can now specify which is the default implementation of ObjectSerializer that you want your application to use. Such instances are used by Mule (although you’re free to use others in your custom code). By default, the ObjectSerializer implementation uses default Java serialization an behaves exactly the same as in prior versions.

  • To configure your custom serializer as the default you can use the <configuration> tag:

<configuration defaultObjectSerializer-ref="myCustomSerializer" />
  • There are many ways to obtain an ObjectSerializer. Recommended approach is through dependency injection. The following shows how to get the ObjectSerializer that has been configured as the default:

public class MyClass {

private ObjectSerializer objectSerializer;

  • Instead, if you want a specific named serializer (whether it’s the default or not) you can also do it like this:

public class MyClass {

private ObjectSerializer objectSerializer;

  • Finally, you can always pull it from the muleContext but dependency injection is preferred:


 // returns a named object serializer


setting a message property/variable with the message’s payload when it is NullPayload removes the given property/variable instead of storing NullPayload.


MULE_ENCODING and Content-Type properties are not added on the outbound scope when message encoding or mimeType are updated. This was done in order to maintain consistency on MuleMessage data type and properties. In case any of these properties is needed, use <set-property> indicating the expected value.


Default maximum permanent generation has been increased to 256 mb. This property is only used when using Java 7. When using Java 8 the property may lead to a warning. In such case it can be comment out in the wrapper.conf file.


For those with custom implementation of class org.mule.config.spring.SpringXmlConfigurationBuilder, some important changes have been made:

  • The method createApplicationContext(MuleContext, ConfigResource[]) is now private. If you want to overwrite it, use doCreateApplicationContext(MuleContext, ConfigResource[], OptionalObjectsController) instead.

  • If you want to intercept and change the list of resources to be loaded, override the new addResources(List<ConfigResource>) method


jasper-jdt-6.0.29 is not included anymore on Mule distributions because of detected vulnerabilities. In case this artifact is needed, when using Drools for example, manually add it to <MULE_HOME>/lib/opt


The wrapper.conf file now contains default garbage collection and memory settings configured to improve performance in an environment with 2 GB+ memory. If you need to run Mule with less memory, edit this file.


The HTTP connector now ignores its own custom properties (http.* ones) when sending a request and when responding to one, instead of transforming them to headers.

This means that:

  • Properties generated by a listener won’t affect a subsequent request

  • Properties generated by that request won’t affect the listener response

  • If such properties are desired, they should be explicitly added as headers using a response/request builder


AbstractMessageReceiver.routeMessage(..) no longer return nulls if the endpoint exchange pattern is one-way. It always returns the result of the flow so if a transaction commit fails the exception strategy is executed using the message result of the flow execution. Custom message receivers implementations may need to be updated.

For a full and detailed list of considerations when migrating from the previous version to this one, see the MIGRATION.txt file, located in the root folder of Mule ESB.

MMC 3.7.0 Fixes

The following issues were fixed for MMC 3.7.0.

MMC Bug Fixes

Issue Description


Events Received Graph (Async): Too specific time scale for clustered application


Anchor file not deleted using MMC REST API


MMC is not showing the correct status of an application


Bundle doesn’t come with Mule Server registered


Cannot explore flow generated from APIKit


MMC deployments last modified date changing constantly


Wrong tooltip text


Portlets "Application status" and "Server Metrics" in the dashboard do not show any information


Sorting by column on all tables is applied only for each page

MMC Security Improvements

Issue Description


Add XSS check


Make login call works through SSL


Add password strength validation

See Also

Was this article helpful?

💙 Thanks for your feedback!

Give us your feedback!
We want to build the best documentation experience for you!
Help us improve with your feedback.
Take the survey!