Edit Page
 Index > Overview > Downloads User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
Documentation
Microprofile
Downloads
News Archive
Project Management
License
Privacy Policy
ASF
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
Blog
IRC
FAQ
Wiki
Found a Bug?
Security Reports
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Release Roadmaps
  Subprojects
Development Tools
Sample Applications
GBuild
GShell
XBean
Yoko
Java EE Specs
Components
Plugins
RSS News
RSS Site Changes
ATOM User Mailing List
ATOM Developer Mailing List

Downloads




We use the Apache mirror system for our downloads. It can take a day or so for releases to propagate to all mirrors, so if you are downloading something near the release date, please be patient and retry the links from this page in the event that a selected mirror does not yet have the download.

You must verify the integrity of the downloaded files using signatures downloaded from our main distribution directory.

Latest release

Please note that the Apache Geronimo project does not maintain the Geronimo Application Server any longer.

The following section contains a list of old releases.

Verifying the integrity of the files

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache Geronimo Releases for more information on why you should verify our releases.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using

% pgpk -a KEYS
% pgpv geronimo-tomcat6-javaee5-2.1.3-bin.tar.gz.asc
or
% pgp -ka KEYS
% pgp geronimo-tomcat6-javaee5-2.1.3-bin.tar.gz.asc
or
% gpg --import KEYS
% gpg --verify geronimo-tomcat6-javaee5-2.1.3-bin.tar.gz.asc

Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.