The Apache Software Foundation > XML at the ASF

Apache XML Project Downloads

Download Notes

This page gives access to source and binary downloads of the latest releases for all xml.apache.org sub-projects. Releases are now distributed via various mirror sites around the world, and the links below will direct you to a mirror near you. Alternative mirror locations are also provided.

Note
You must verify the integrity of the downloaded files using signatures downloaded directly from our main distribution directory.

The archives below are the latest release versions for each sub-project. The "browse" links provide access to the directory structure where all current binary and source archives are held for the nominated project. In some cases, other recent releases may also be found by browsing the download area.

Access to the latest (and possibly unstable) source can be accessed via SVN. Archives of old releases can be found at the Apache Archives.

Since many XML subprojects have migrated to top-level projects their releases are not available through this page anymore. Please go to their respective project websites instead. You can find a list of all former XML subproject on the XML front page.

Mirrors

You are currently using the https://dlcdn.apache.org/ mirror. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available.

Other mirrors:

Source Archives

Binary Distributions

Verify The Integrity of the Files

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc/sig signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using:

% pgpk -a KEYS
% pgpv <archive-name>.tar.gz.asc
or
% pgp -ka KEYS
% pgp <archive-name>.tar.gz.asc
or
% gpg --import KEYS
% gpg --verify <archive-name>.tar.gz.asc

Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.