Swagger Request Validator Core relies on POM with commercial license

I’ve noticed while fetching the Swagger Request Validator Core dependency ( com.atlassian.oai:swagger-request-validator-core) that it fetches a POM ( com.atlassian.pom:base-pom ).

This POM has a commercial license which I found odd. However, Swagger Request Validator Core is open-source and has an Apache License 2.0.

Is this a bug? Doesn’t the reliance on a POM with commercial license contradict Swagger Request Validator Core’s license?
What is the license of the POM file “com.atlassian.pom:base-pom”? We found different licenses for that file and are not sure what its license is.

///////////////////////////
Prove that the POM (with a commercial license) is actually required:
If I try to force maven not to get the POM, the build fails. (Using offline mode & deleting the POM from the local repository.)

The log:

[ERROR] Failed to execute goal on project grid-execution: Could not resolve dependencies for project com.example:test:jar:v3: Failed to collect dependencies at com.atlassian.oai:swagger-request-validator-core:jar:2.8.4: Failed to read artifact descriptor for com.atlassian.oai:swagger-request-validator-core:jar:2.8.4: Cannot access ***** in offline mode and the artifact com.atlassian.pom:base-pom:pom:5.0.29 has not been downloaded from it before. →
[Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project test: Could not resolve dependencies for project com.example:test:jar:v3: Failed to collect dependencies at com.atlassian.oai:swagger-request-validator-core:jar:2.8.4

////////////////////////

Thanks in advance.