[
https://issues.apache.org/jira/browse/LOG4J2-3465?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Sicker reassigned LOG4J2-3465:
-----------------------------------
Assignee: Volkan Yazici
> Maven and download hashes do not align
> --------------------------------------
>
> Key: LOG4J2-3465
> URL: https://issues.apache.org/jira/browse/LOG4J2-3465
> Project: Log4j 2
> Issue Type: Bug
> Components: API, Core
> Affects Versions: 2.17.2
> Reporter: Daniel Stratton
> Assignee: Volkan Yazici
> Priority: Major
>
> The SHA1 checksums for the download of API and Core differ based on whether
> they were downloaded from the core site or downloaded from Maven central.
> From download
> [https://dlcdn.apache.org/logging/log4j/2.17.2/apache-log4j-2.17.2-bin.zip]
> {code:java}
> Algorithm Hash
> Path
> --------- ----
> ----
> SHA1 00AE567DABF40EEC11027B8BE59EBDCA65A5AD06
> log4j-api-2.17.2.jar
> SHA1 70BFABC6EF2D35188EE4615BEBC1416080C6F76F
> log4j-core-2.17.2.jar {code}
> From maven
> [https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.17.2/]
> and
> [https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.17.2/]
> {code:java}
> Algorithm Hash
> Path
> --------- ----
> ----
> SHA1 F42D6AFA111B4DEC5D2AEA0FE2197240749A4EA6
> log4j-api-2.17.2.jar
> SHA1 FA43BA4467F5300B16D1E0742934149BFC5AC564
> log4j-core-2.17.2.jar {code}
> Using Beyond Compare to compare the JAR files, all of the content is
> identical except for the MANIFEST.MF file.
> The differences there are a singular difference in Bnd-LastModified. For
> example, API is
> Bnd-LastModified: 1645648089746
> vs
> Bnd-LastModified: 1645647755961
> This has resulted in validation errors in Snyk where we're bundling it in as
> part of a larger Eclipse feature plugin.
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
