Bots are now trying to access images created by cfimage and related tags that are, in the case of captchas, temporary. So accessing them should throw a 404 however it throws a 500 server error as does any direct request to the /lucee/graph.cfm file due to a lack of exception handling for various required variables.
Would be nice to have validation of required variables for this template so a 500 error was not thrown when it is accessed directly.
A simple example can be observed by accessing the lucee.org site itself
Lucee 5 on Windows Server or Linux
please give thr new build a try
, I've checked this with fixed version 22.214.171.124-SNAPSHOT. Now works fine as we expected.