Generated docs contain MIT/GPL-licenced works without reproducing the licence

A DESCRIPTION OF THE PROBLEM :
Originally reported as: https://issues.apache.org/jira/browse/MJAVADOC-669



A javadoc JAR generated by the Maven Javadoc Plugin 3.2.0 contains multiple components under the MIT licence:

    jQuery 3.5.1
        jquery/external/jquery/jquery.js
        jquery/jquery-3.5.1.js (duplicate of the above, blowing up the PKZIP archive size of the JAR, why is it included like this?)
    JSZip 3.2.1
        jquery/jszip/dist/jszip.js
        jquery/jszip-utils/dist/jszip-utils-ie.js
        jquery/jszip-utils/dist/jszip-utils.js
    jQuery UI 1.12.1
        jquery/jquery-ui.css
        jquery/jquery-ui.js
        jquery/jquery-ui.structure.css
    and their respective minified versions

It also contains script.js and search.js which are GPLv2-with-Classpath-exception-licenced and refer to “as provided by Oracle in the LICENSE file that accompanied this code” but no such file accompanies said code.

There are also multiple static resources and jquery/images whose licence is not documented.

The MIT licence specifically requires that “The […] copyright notice and this permission notice [the licence body] shall be included in all copies or substantial portions of the Software.” The distribution PKZIP archives (JAR files) created by the Maven Javadoc Plugin violate this licence, making them not redistributable.

Similarily, the GPLv2 used by the Oracle-provided files requires that redistributors “give any other recipients of the Program a copy of this License along with the Program.” The “if not, write to the Free Software Foundation” comment is specifically not sufficient for this and only provided as fallback should distributors violate this clause, as Maven Javadoc Plugin-generated PKZIP archives do. To be effective, the Classpath exception must also be provided.
Suggested fix

Include the following new files:

    jquery/LICENCE containing the MIT licence and all respective copyright notices for the various jQuery-related projects (including those they include, i.e. Sizzle, widget.js, position.js, keycode.js, unique-id.js, widgets/autocomplete.js, widgets/menu.js, pako, and possibly others)
    js/LICENSE (creating a new subdirectory) containing the Classpath exception as provided by Oracle
    COPYING or js/COPYING (this being the customary name for this file) containing the verbatim text of the GNU GPL version 2
    Ideally, add a top-level LICENCE file pointing out those three and briefly documenting the licence of all other non-generated files and state all other files are generated from the original project and share its licence


FREQUENCY : always