@Leftbower how about just releasing a new version, at a minimum just removing the ancient class file which was complied with java 6.0 almost a decade ago?
But honestly, nobody should be using such old, unmaintained software, it’s bundling ancient CVE ridden jars
There are multiple XXE vulnerabilities all over the place, as Office files are XML based, your server can be hacked by just by opening a document
https://mvnrepository.com/artifact/org.apache.poi/poi/3.15
https://mvnrepository.com/artifact/org.apache.xmlbeans/xmlbeans/2.6.0
https://mvnrepository.com/artifact/xalan/xalan/2.7.2
As the Community manager for Lucee, I made the call that chasing the dragon of supporting ancient bytecode for a vulnerable extension isn’t a priority.
Please consider at least just releasing an update minus that one class file
As a .lex file is just a zip file, anyone battling this can simply grab the file, delete that crufty old class file I linked above and drop the modified .lex file into the deploy folder