When a request is made to a cached event route and that first ( non-cached ) event delivers a graceful 500-level response ( e.g. an API response from within an aroundHandler try/catch block ) , the response is still cached and will return a 203 Non-Authoritative status code on the subsequent requests until the cache is cleared.
Any consumer to that request will interpret the the response to be successful rather than a failure.
This line in the Bootstrap ( https://github.com/ColdBox/coldbox-platform/blob/development/system/Bootstrap.cfc#L181 ) should omit from caching any 500-level status codes.
Addtional improvment : There might be other implement strategies that would require the omission of other specific status codes from caching ( authorization levels, etc ), so a framework-level setting or AOP method annotations might be in order, as well to allow more granular control of what status codes and HTTP methods are allowed to be cached.