@rg9436920 , thanks for sharing your experience. ... View more

Hi @BiffJingles , Thanks for the update.   Yikes indeed. Update 7 is too far back. A lot has happened in ColdFusion 2018 since then. It is vital to upgrade to the latest update (ColdFusion 2018 Update 19). I don't see how or why the lockdown tool would prevent you from updating. After all, the moral that underpins lockdown is security. And security requires that you install the latest hotfixes. Besides, some of the issues you're now facing might have been resolved in later updates. If necessary, invest some time and money and hire a ColdFusion consultant to help you install the updates. Yes, I consider it that vital. More so because ColdFusion 2018 has passed its end-of-life.  The JVM arguments in the jvm.config file are universal server settings. So, rarely does the file contain sensitive or confidential information. But just check to make sure. Replace anything you don't want us to see with ***, then copy-paste the text to the forum.  ... View more

Not simplistic at all, @TheRealMC . I think that those "felix-cache" issues reduce ColdFusion to a fragile application server.  ... View more

Extra info: the connectors (server.xml) in my installation don't even have URIEncoding="UTF-8". Also, I don't get any issues with activitéshivernales.cfm after I delete -Dfile.encoding=UTF-8 from jvm.config. ... View more

I tested by turning on Developer Tools (F12 keboard key) and then pressing the F5 key to relaunch the CFM page. You will notice that the browser is the first to do the conversion from activitéshivernales.cfm to activit%C3%A9shivernales.cfm. So, as we have assumed all along, it is up to the Tomcat server to translate the % encoded URI text back to  activitéshivernales.cfm  ... View more

Your insight is spot-on. I have just created a file named activitéshivernales.cfm in my ColdFusion 2025 project. It contains just one line of code: <cfoutput>#now()#</cfoutput> When I launch the page in the browser, it works as expected! That means the ColdFusion version is probably not to blame.   Extra info: I am on Windows 10, and using ColdFusion's internal built-in (Tomcat) web server.   For information about configuring a keystore in ColdFusion, google coldfusion keystore. ... View more

First, a question, just to clarify the context. You say you're moving to a new server running Coldfusion 2025. Is your previous server also running ColdFusion? If so, were there no such problems, and which ColdFusion version is it?    Next, yet another suggestion. I have just noticed that we missed one of the connectors.  In \runtime\conf\server.xml, activate the org.apache.coyote.http11.Http11NioProtocol connector, add the attribute URIEncoding="UTF-8" to it, and then restart ColdFusion.   Examples (tailor the attributes to your own needs) <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="500" SSLEnabled="true" scheme="https" secure="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="certificateFilePath" certificateKeystorePassword="certificatePassword" type="certificateAlgorithm" /> </SSLHostConfig> </Connector> <Connector protocol="org.apache.coyote.internal.http11.Http11NioProtocol" URIEncoding="UTF-8" port="443" maxThreads="500" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />   I hope that does it. If not, we could then be thinking of using either (1) the IIS Rewrite Module, or (2) Application.cfc's onMissingTemplate. I prefer the second.     ... View more

Hi Ravi. Thanks for reaching out. That made no difference. By @Dan Good Nevertheless, I would suggest that you continue to use the JVM flag -Dfile.encoding=UTF-8.   Suggestion: add the attribute URIEncoding="UTF-8" to the AJP connector (in \runtime\conf\server.xml), and then restart ColdFusion. <Connector protocol="AJP/1.3" URIEncoding="UTF-8" ... etcetera... />   ... View more

@BiffJingles , The increase in traffic cannot be the cause of the issue. Scores of users per hour should be no problem at all. I once worked on a ColdFusion 2018 application that had tens of thousands of users per day. As it was an application used by students and teachers, most of the visitors stayed online throughout the working day, from Monday to Friday. That wasn't an issue.   However, you are very likely facing the same challenges we faced. Two of those challenges are: optimizing the server and optimizing your code.   Suggestions for optimizing the server:  Ensure that ColdFusion 2018 has the latest update (Update 19).  Use the correct JVM arguments. In other words, avoid using incorrect JVM arguments.      To start with, delete the MaxMetaspaceSize flag. In so doing, you let the Virtual Machine manage Metaspace dynamically. Secondly, though -Xms1024m -Xmx4096m is fine, -Xms4096m -Xmx4096m may improve performance stability, especially in long-running or memory-intensive applications.     (To get more feedback, share the contents of your jvm.config file with the forum)  Use FusionReactor to gain visibility into JVM performance, error logs and transactions (requests, responses, database). Even if you are unable to buy it at the moment, the Trial version can already give you answers. Suggestions for optimizing the code:   Study (all) the logs and any code they refer to. Look for patterns that suggest lengthy requests, timeouts, bottlenecks or high memory consumption. For example, situations that could be caused by thread deadlock, infinite loops, unclosed connections or overly large objects in memory (such as ever-growing arrays or collections).  Use the var scope appropriately in all your functions. Without var, some objects may persist in memory without being garbage-collected.       ... View more

+1 vote. ... View more

Try the following steps. They seem to be a cure-all for many recent CF-update issues: Stop ColdFusion. Delete the folder "felix-cache". Restart ColdFusion. ... View more

@keithm99725152 ,  thank you too for the collaboration. ... View more

@keithm99725152 , Thanks for the update. I am glad to hear that the workaround works for docx.    As Charlie's research shows, your xlsx file (and other POI applications) fail for exactly the same reason. And as he has shown, the workaround is the same: downgrading the relevant package(s) to the last version. ... View more

@Charlie Arehart , No worries.   A massive thank you for the work you've put into this research. The finding is important and timely. Especially given the daily reports of issues resulting from recent ColdFusion updates.    On looking back I regret some of my utterances. Heat of the moment. I am sorry.   I think that, after decades here, our relationship has developed roots that go deep. We're a family of sorts. I hope I can count on forgiveness. ... View more

@keithm99725152 , for your information: I have just done the 6 steps of the workaround on ColdFusion 2023 Update 15. I downgraded the search package from version 2023.0.15.330825 to version 2023.0.11.330706.   The ColdFusion build before the workaround (2023.0.15.330825) remains the same after the workaround.  ... View more

@Charlie Arehart , we've had this discussion before. Why the stop-the-world attitude?   I shall say it once again. This is a free, open forum. So, please kindly desist from trying to orchestrate events here. It is not only overbearing, it is disrespectful for you to try to determine when participants should respond and when not.    People may have thoughts, ideas and musings at any time of the day. If they think of sharing such thoughts, ideas and musings with the forum, nothing and no one should stop them. The forum is all the more spontaneous and innovative for the free flow of ideas.   Anyway, I shall respond to the issues you raised. No, I have not "chosen to press the point overnight rather than wait to give [you] time this morning to write up". The idea of my last post came to mind when I saw online some of the risks the developer could face after moving from xmlbeans-3.1.0.jar to xmlbeans-5.3.0.jar. It is relevant to this thread. So, I thought of sharing it. It therefore has nothing to do with your schedule. Afterall, chances are that we're in time-zones that are a world apart. In short, I am not in your way, and you're not in mine. This forum allows simultaneous, parallel voices.     No, I have not "switched gears on Keith here". I know he is on ColdFusion 2023. My suggestions to him apply to that version. As I explained in my previous post, I was able to reproduce on ColdFusion 2025 Update 3 the bug he had found on ColdFusion 2023 ("Cannot resolve type for handle _XY_Q=space|R=...") . That is why I tested my suggested workaround on ColdFusion 2025 Update 3 instead. ColdFusion's build number (2025.0.03.331507) stays the same before and after the workaround.  As I have said to @keithm99725152 , I expect the workaround to also work on ColdFusion 2023.    The irony must have escaped you. While you say to others "just hold your horses", you don't hold yours, do you? Still, everything aside, I am truly looking forward to the marvellous solution that you've found. ... View more

@keithm99725152 , I am curious to know what happens when you apply the 6-step workaround that I suggested yesterday. ... View more

Folks, I've found the solution. And bkbk I don't expect what you've proposed will work, but what I have to propose will. By @Charlie Arehart   Charlie, it's great news that you have found a solution and I look forward to hearing about it. However, why do you say, in advance, that my suggestion won't work?   I have just tested what I suggested. It works.   I am on ColdFusion 2025 Update 3. As you yourself have confirmed it has the issue the issue reported by @keithm99725152 : Cannot resolve type for handle _XY_Q=space|R= My test runs as follows.  I put a DOCX file, a PDF file and a TXT file in a directory. I placed the file indexTest.cfm in the same directory. It contains the code: <cfset collectionName = "myCollection"> <cfset targetDirectory = expandPath("indexFiles")> <!--- Index the files ---> <cfindex collection="#collectionName#" action="update" type="path" key="#targetDirectory#" extensions=".pdf,.doc,.docx,.txt" recurse="YES"> <!--- Output result ---> <cfoutput> Indexed files from #targetDirectory# into collection "#collectionName#". </cfoutput>   2.  When I launched indexTest.cfm, I could see the following Warnings in coldfusion-out.log: Aug 16, 2025 10:31:20 AM Warning [http-nio-8500-exec-3] - WARNING: Could not index C:\ColdFusion2025\cfusion\wwwroot\workspace\CF_Project\indexFiles\myWord.docx in SOLR. Check the exception for more details: Cannot resolve type for handle _XY_Q=space|R=space@http://www.w3.org/XML/1998/namespace (org.apache.poi.schemas.ooxml.system.ooxml.cttext7f5btype) - code 13 Aug 16, 2025 10:31:20 AM Warning [http-nio-8500-exec-3] - WARNING: Could not index C:\ColdFusion2025\cfusion\wwwroot\workspace\CF_Project\indexFiles\myWord.docx in SOLR. Check the exception for more details: Content of file myWord.docx can not be extracted. 3.  I downgraded the search package, following the steps in the workaround that I proposed. 4.  When I launched indexTest.cfm and looked at coldfusion-out.log, there were no longer any Warnings.   That said, I realize that there have been problems with POI libraries in recent ColdFusion updates. Like you, I too am looking into the issue. For example, I have found the following.   Until Update 14 of ColdFusion 2023 the highest POI version used was poi-4.1.2.jar, of which one of the dependencies is xmlbeans-3.1.0. In Update 15 of last July, the POI version was upgraded to poi-5.4.1.jar, with dependency xmlbeans-5.3.0.jar. However, there might be problems of backward-compatibility in the move from xmlbeans-.3.1.0.jar to xmlbeans-5.3.0.jar.   If your application manipulates DOCX (XWPF), XLSX (XSSF/SXSSF) or PPTX (XSLF) with Apache POI, the jump from xmlbeans 3.1.0 to xmlbeans 5.3.0 (curent release used in POI 5.4.1) can bite in the following ways: Difference in generated classes / schemas: POI ships pre-generated OOXML (.docx, xlsx, pptx) schema bindings (ooxml-schemas / poi-ooxml-full). These are regenerated against the newer xmlbeans 5.3.0 runtime. As a result, your code may experience stricter XML validation. Some documents that loaded error-free in 3.1.0 may now throw a warning. Some documents that loaded with warnings in 3.1.0 may now throw exceptions. The difference in generated schemas may also create differences in whitespace or namespace handling. That is because xmlbeans parsing got stricter in 5.3.0. For example, XML that previously ignored unexpected attributes may now fail to load. Possible package relocation and dependency conflicts: the groupId/artifactId for xmlbeans changed in the 5.x line (org.apache.xmlbeans:xmlbeans), while older 3.x versions sometimes appeared under different coordinates. If your application or its dependencies still bring 3.x jars, you can hit ClassCastException or LinkageError at runtime. To avoid this, you must ensure only one xmlbeans version is on the classpath (5.3.0). I am therefore alerted when I see xmlbeans-3.1.0.jar and mlbeans-5.3.0.jar together in C:\ColdFusion2023\bundles\repo.   I am still looking into the subject. I shall of course share any new information that I find. ... View more

Hi @keithm99725152 and @Charlie Arehart , On reviewing this, I am even more convinced that something went wrong during a previous uninstallation/installation of an update. That would explain the original error message: Message com.zaxxer.sparsebits.SparseBitSet not found by poi-5.4.1 [36] StackTrace java.lang.ClassNotFoundException: com.zaxxer.sparsebits.SparseBitSet not found by poi-5.4.1 [36] at org.apache.poi.xslf.usermodel.XSLFSheet.<init>(XSLFSheet.java:89) at   So there were likely two, possibly related, issues to start with:  the SparseBitSet  ClassNotFoundException, and the DOCX "org.apache.poi.schemas.ooxml.system.ooxml.cttext7f5btype" indexing bug. However, the first problem might have been solved without us realizing. That would have happened during one of the many fixes that @keithm99725152 tried.  In particular, at the moment where the library C:/ColdFusion2023/bundles/repo/SparseBitSet-1.2.jar could be found. That meant no more ClassNotFoundException for SparseBitSet.   So, I would suggest we now focus on looking for a workaround for the DOCX "org.apache.poi.schemas.ooxml.system.ooxml.cttext7f5btype" indexing bug.     ... View more

+1 vote ... View more

Thanks for the info, Charlie. In a way it's good news that you've been able to reproduce a bug. It's a relief to know that the issue is caused by a gremlin in the machine. Mystery solved. ... View more

Hi @keithm99725152 , The way I now see it, something went wrong during a previous uninstallation/installation of an update. An error might have resulted in up-to-date packages being deleted  unintentionally.   Let's look into how to resolve such a problem, starting from the beginning. What does this produce: <cfoutput>#Server.ColdFusion.ProductVersion#</cfoutput>    ... View more

Here are my java.args flags in one column, so you can easily check them: # Arguments to VM java.args= -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -server --add-exports=java.desktop/sun.awt.image=ALL-UNNAMED --add-exports=java.desktop/sun.java2d=ALL-UNNAMED --add-exports=java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports=java.base/sun.util.calendar=ALL-UNNAMED --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.base/java.util.concurrent.locks=ALL-UNNAMED --add-opens=java.base/java.lang.ref=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/sun.security.rsa=ALL-UNNAMED --add-opens=java.base/sun.security.pkcs=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/sun.util.cldr=ALL-UNNAMED --add-opens=java.base/sun.util.locale.provider=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED -Xms4096m -Xmx4096m -XX:+UseParallelGC -Djdk.attach.allowAttachSelf=true -Dcoldfusion.home={application.home} -Djava.awt.headless=true -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.classPath={application.home}/lib/updates,{application.home}/lib/,{application.home}/gateway/lib/,{application.home}/wwwroot/WEB-INF/cfform/jars,{application.home}/bin/cf-osgicli.jar -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dcoldfusion.disablejsafe=true -Dcoldfusion.enablefipscrypto=true -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Dtika.config=tika-config.xml -Djava.locale.providers=COMPAT,SPI -Dsun.font.layoutengine=icu -Dcom.sun.media.jai.disableMediaLib=true -Djdk.lang.Process.allowAmbiguousCommands=true -Dcoldfusion.datasource.blocked.properties=allowLoadLocalInfile,allowUrlInLocalInfile,autoDeserialize -Dcoldfusion.number.allowdotsuffix=true -Dlog4j2.formatMsgNoLookups=true -Dcoldfusion.searchimplicitscopes=true -Dcoldfusion.iframe.allowedprotocols=file,ftp -Dcoldfusion.mail.oauth2=true -Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -Dcoldfusion.xml.allowPathCharacters=true -Djava.util.logging.config.file={application.home}/lib/logging.properties -Duser.region=us -Dfile.encoding=UTF-8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Dcoldfusion.datemask.useDasdayofmonth=true -Duser.timezone=UTC -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Dhttps.protocols=TLSv1.2,TLSv1.3 ... View more

Hmm, it seems OK. I cannot see any obvious classpath issue. Anyway, I have attached an extended jvm.config sample for you to test with. As a "second opinion".   Steps:  Back up your current file by renaming it as jvm.config.backup.  Download the attached file. Inspect it and you will see that it consists of a more comprehensive set of JVM flags.  Remove the .TXT extension from the file's name, and copy the resulting jvm.config to C:\ColdFusion2023\cfusion\bin.  Restart ColdFusion.   Test to see whether your cfindex code still gives an error. ... View more

Since that library is in your installation, it means the class com.zaxxer.sparsebits.SparseBitSet is there too. So there is likely something wrong with ColdFusion's classpath.   That takes us back to jvm.config. There might be a mistake in the settings there. Could you share the contents of /bin/jvm.config?  ... View more

OK let's see whether you have that library. What do you get when you run the following code? <cfscript> obj=createobject("java","com.zaxxer.sparsebits.SparseBitSet"); writedump(obj.getClass().getProtectionDomain().getCodeSource().getLocation().getPath()); </cfscript> ... View more

The error in your last post is related to the error you initially reported. It happens because ColdFusion is missing new versions of certain libraries. As a result it falls back on older libraries which are no longer valid. ... View more

@keithm99725152 , deleting jvm.config might have made the situation worse. Could you please share the contents of the current jvm.config file? Then we can all have a look and give you feedback if and where necessary.   My suggestion:  Bring back the jvm.config file that you deleted (if possible).  Re-install Update 15.  Restart ColdFusion.  Open the ColdFusion Administrator and go to the page Package Manager > Packages.  If you see the button Install All under Available Packages, click on it and wait till ColdFusion installs all the packages. On the other hand, if you see the message "No more packages available to install" then do nothing and go to the next step.  Test to see whether your cfindex code still gives an error. If not, problem solved.       If you still get errors, the proceed to the next steps.  Stop ColdFusion.  Delete the /bin/felix-cache folder.  Restart ColdFusion.  Test to see whether your cfindex code still gives an error. ... View more