Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.17.1
-
None
-
None
-
2.17.1 JARs downloaded from Maven Central
Description
META-INF/NOTICE files of log4j-api and log4j-slf4j-impl JARs contain a wrong copyright year:
Copyright 1999-1969 The Apache Software Foundation
See:
- https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.17.1/log4j-api-2.17.1.jar
- https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.17.1/log4j-slf4j-impl-2.17.1.jar
This may be problematic as Apache license ยง4d requires all downstream projects to copy the exact content of NOTICE files, so the obviously wrong copyright year has to be transported as-is to comply with the license.
log4j-core still indicates "Copyright 1999-2012 Apache Software Foundation" which might need to be updated.
I only checked log4j-core, log4j-api and log4j-slf4j-impl as those dependencies are included into my project. Other artifacts might be affected as well. Previous versions indicated outdated copyright years (such als 2020 in 2.17.0) but were simply stale, not implausible.