Cryptography Module Release Notes for Mule 4

2.1.0

January 23, 2026

What’s New

Cryptography Module 2.1.0 enhances compatibility with FIPS 140-3 standards and Java 17, providing more robust validation and improved error handling for secure environments.

Improved FIPS 140-3 compatibility with Bouncy Castle FIPS security provider v2+.
Added proactive validation of cryptographic algorithms for PGP operations when running in FIPS environments to provide earlier and clearer errors when unsupported algorithms are detected.
Deprecated the global XMLDSig security provider registration mechanism which is no longer supported in Java 17 environments.
Preserved existing system properties for backward compatibility while marking them as deprecated and discouraged for use in FIPS-bound deployments.

For details about migrating existing applications and understanding FIPS-related limitations, see Upgrading Cryptography Module.

Compatibility

Software	Version
Mule	4.4 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.4 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
Enhanced validation and error reporting for PGP operations in FIPS-compliant environments ensure that you receive immediate and clear feedback regarding unsupported configurations. Additionally, global security provider registration issues no longer occur when running in Java 17 environments, which ensures stable cryptographic operations.	W-20347586
The `org.apache.commons:commons-lang3` dependency is removed.	W-20671542

Enhanced validation and error reporting for PGP operations in FIPS-compliant environments ensure that you receive immediate and clear feedback regarding unsupported configurations. Additionally, global security provider registration issues no longer occur when running in Java 17 environments, which ensures stable cryptographic operations.

W-20347586

The org.apache.commons:commons-lang3 dependency is removed.

W-20671542

2.0.0

May 28, 2025

What’s New

Cryptography Module 2.0.0 brings important updates, including:

Updating default values for connector operations
Migrating your PGP Keyring to AES-Encrypted keys when operating in FIPS mode
Using different key pairs for Sign, Encrypt, and Decrypt operations to enhance security
Using password-based encryption
Using BCFKS as the required keystore and truststore type
Specifying algorithms dynamically
Registering the XMLDSig Security Provider
Enabling compatibility for Decrypt or Validate operations without KDF parameters

For details, refer to Upgrading Cryptography Module.

Compatibility

Software	Version
Mule	4.4 and later
OpenJDK	8, 11, and 17

Software

Version

Mule

4.4 and later

OpenJDK

8, 11, and 17

1.3.22

November 13, 2024

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
The `org.apache.commons:commons-lang3` library is upgraded to version 3.17.0.	W-17024694
The `org.apache.commons:commons-io` library is upgraded to version 2.17.0.	W-17024694

The org.apache.commons:commons-lang3 library is upgraded to version 3.17.0.

W-17024694

The org.apache.commons:commons-io library is upgraded to version 2.17.0.

W-17024694

1.3.21

August 15, 2024

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
The connector no longer throws the `No such provider BC` error when running multiple flows in parallel.	W-15108894
The `org.apache.commons:commons-lang3` library is upgraded to version 3.16.0.	W-15108894
The `org.mule.sdk:mule-sdk-api` library is upgraded to version 0.9.2.	W-15108894

The connector no longer throws the No such provider BC error when running multiple flows in parallel.

W-15108894

The org.apache.commons:commons-lang3 library is upgraded to version 3.16.0.

W-15108894

The org.mule.sdk:mule-sdk-api library is upgraded to version 0.9.2.

W-15108894

1.3.20

February 7, 2024

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
PGP operations now support large payloads.	W-14118536

Issue Resolution

ID

PGP operations now support large payloads.

W-14118536

1.3.19

January 19, 2024

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
The PGP Encrypt operation now works correctly.	W-14792113

Issue Resolution

ID

The PGP Encrypt operation now works correctly.

W-14792113

1.3.18

January 11, 2024

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

Fixed Issues

Issue Resolution	ID
The org.apache.santuario:xmlsec library is upgraded to version 2.3.4 to address reported security vulnerabilities.	W-14668416

Issue Resolution

ID

The org.apache.santuario:xmlsec library is upgraded to version 2.3.4 to address reported security vulnerabilities.

W-14668416

1.3.17

January 9, 2024

What’s New

This connector is now compatible with Java 17.

Compatibility

Software

Version

Mule

4.1.1 and later

OpenJDK

8, 11, and 17

1.3.16

September 20, 2023

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue Resolution ID

Issue Resolution	ID
The `Out of memory` error no longer occurs for files larger than 300MB on PGP Encrypt, PGP Encrypt and Sign, PGP Encrypt Binary, and PGP Decrypt operations.	W-13797282

The Out of memory error no longer occurs for files larger than 300MB on PGP Encrypt, PGP Encrypt and Sign, PGP Encrypt Binary, and PGP Decrypt operations.

W-13797282

1.3.15

September 19, 2023

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue Resolution	ID
The dependency org.bouncycastle:bcpg-jdk18on:1.74 replaces org.bouncycastle:bcpg-jdk15on:1.70.	W-13844863
The dependency org.bouncycastle:bcprov-ext-jdk15to18:1.7, which is no longer in use, is removed to fix security vulnerabilities.	W-13844863

Issue Resolution

ID

The dependency org.bouncycastle:bcpg-jdk18on:1.74 replaces org.bouncycastle:bcpg-jdk15on:1.70.

W-13844863

The dependency org.bouncycastle:bcprov-ext-jdk15to18:1.7, which is no longer in use, is removed to fix security vulnerabilities.

W-13844863

1.3.14

November 16, 2022

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue Resolution	ID
The Pgp encrypt operation no longer fails when running in a FIPS environment.	W-11900235

Issue Resolution

ID

The Pgp encrypt operation no longer fails when running in a FIPS environment.

W-11900235

1.3.13

November 4, 2022

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue	ID
Internal dependencies that fix vulnerability issues are updated.	W-12007146

Issue

ID

Internal dependencies that fix vulnerability issues are updated.

W-12007146

1.3.12

September 26, 2022

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue	ID
Upgraded bcprov-jdk15on to version 1.70 and bcprov-ext-jdk15to18 to version 1.71	W-11676720

Issue

ID

Upgraded bcprov-jdk15on to version 1.70 and bcprov-ext-jdk15to18 to version 1.71

W-11676720

1.3.11

August 16, 2022

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue	ID
Security updates applied to internal dependecies.	W-11550826

Issue

ID

Security updates applied to internal dependecies.

W-11550826

1.3.10

March 15, 2022

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue	ID
Security updates applied to internal dependecies.	W-10583033

Issue

ID

Security updates applied to internal dependecies.

W-10583033

1.3.9

December 22, 2021

Compatibility

Software	Version
Mule	4.1.1 and later

Fixed Issues

Issue ID

Issue	ID
Cipher `RSA/NONE/OAEPWithSHA1AndMGF1Padding` is now supported.	CRYPT-22

Cipher RSA/NONE/OAEPWithSHA1AndMGF1Padding is now supported.

CRYPT-22

1.3.8

June 10, 2021

No new features were added in this version.

Fixed Issues

Upgraded internal dependencies.

1.3.7

June 1, 2021

No new features were added in this version.

Fixed Issues

Upgraded internal dependencies.

1.3.6

January 21, 2021

No new features were added in this version.

Fixed Issues

Unable to locate a key inside the private keyring when decrypting a file that was encrypted using PGP with multiple recipients.

1.3.5

February 28, 2020

No new features were added in this version.

Fixed Issues

Issue	Description
EE-7206	The issue that caused JCE decryption operation fails when both random IV and ECB algorithm was selected

Issue

Description

EE-7206

The issue that caused JCE decryption operation fails when both random IV and ECB algorithm was selected

1.3.4

February 4, 2020

No new features were added in this version.

Fixed Issues

Issue	Description
EE-7197	The issue that caused the inability to create a cipher after deploying the app a second time is fixed.

Issue

Description

EE-7197

The issue that caused the inability to create a cipher after deploying the app a second time is fixed.

1.3.3

January 22, 2020

No new features were added in this version.

Fixed Issues

Issue	Description
EE-7187	The issue that caused loading secret keys from a keyring that contained both public and secret keys to fail is fixed.

Issue

Description

EE-7187

The issue that caused loading secret keys from a keyring that contained both public and secret keys to fail is fixed.

1.3.1

October 1, 2019

No new features were added in this version.

Fixed Issues

Issue Description

Issue	Description
EE-7024	XML sign operation honors the `elementPath` parameter.

EE-7024

XML sign operation honors the elementPath parameter.

1.3.0

September 25, 2019

Features

XML Signatures can be verified against certificates contained in the document.
It is possible to define an XPath expression to select and verify a signature in an XML document that contains multiple signatures.
JCE encryption and decryption use a random initialization vector (IV).

Fixed Issues

Issue	Description
EE-6975	Key principal can be recovered from fingerprint.

Issue

Description

EE-6975

Key principal can be recovered from fingerprint.

1.2.0

August 23, 2019

Features

Added support for the ECDSA XML Signing algorithm.

No issues were fixed in this version.

1.1.0

August 20, 2019

Features

Implemented atomic encrypt and sign operation for PGP.
PGP decryption operation can validate signature if found.
All PGP encryption operations now include MDC (modification detection code) by default. Although this is unlikely to cause any issues, you can use the disableMDC parameter to revert to the previous behavior if needed.

Fixed Issues

Issue	Description
MULE-17337	Upgrade Commons Codec to 1.13

Issue

Description

MULE-17337

Upgrade Commons Codec to 1.13

1.0.1

May 23, 2019

Minimum Mule Version

Mule 4.1.1

Fixed Issues

Issue	Description
MULE-16870	Upgrade BouncyCastle dependency to 1.61.
MULE-16870	Upgrade Commons Lang dependency to 3.8.1.
MULE-16870	Upgrade Commons Codec dependency to 1.12.
MULE-16870	Upgrade XML Sec dependency to 2.1.3.

Issue

Description

MULE-16870

Upgrade BouncyCastle dependency to 1.61.

MULE-16870

Upgrade Commons Lang dependency to 3.8.1.

MULE-16870

Upgrade Commons Codec dependency to 1.12.

MULE-16870

Upgrade XML Sec dependency to 2.1.3.

1.0.0

Mar 19, 2018

Minimum Mule Version

Mule 4.1.0

2.1.0

What’s New

Compatibility

Fixed Issues

2.0.0

What’s New

Compatibility

1.3.22

Compatibility

Fixed Issues

1.3.21

Compatibility

Fixed Issues

1.3.20

Compatibility

Fixed Issues

1.3.19

Compatibility

Fixed Issues

1.3.18

Compatibility

Fixed Issues

1.3.17

What’s New

Compatibility

1.3.16

Compatibility

Fixed Issues

1.3.15

Compatibility

Fixed Issues

1.3.14

Compatibility

Fixed Issues

1.3.13

Compatibility

Fixed Issues

1.3.12

Compatibility

Fixed Issues

1.3.11

Compatibility

Fixed Issues

1.3.10

Compatibility

Fixed Issues

1.3.9

Compatibility

Fixed Issues

1.3.8

Fixed Issues

1.3.7

Fixed Issues

1.3.6

Fixed Issues

1.3.5

Fixed Issues

1.3.4

Fixed Issues

1.3.3

Fixed Issues

1.3.1

Fixed Issues

1.3.0

Features

Fixed Issues

1.2.0

Features

1.1.0

Features

Fixed Issues

1.0.1

Minimum Mule Version

Fixed Issues

1.0.0

Minimum Mule Version

See Also