Using a Mirror
We recommend you use a mirror to download our release
builds, but you must verify the integrity of
the downloaded files using signatures downloaded from our main
distribution directories. Recent releases (48 hours) may not yet
be available from all the mirrors.
You are currently using https://dlcdn.apache.org/. If you
encounter a problem with this mirror, please select another
mirror. If all mirrors are failing, there are backup
mirrors (at the end of the mirrors list) that should be
available.
It is essential that you
verify the integrity
of downloaded files, preferably using the PGP signature (*.asc files);
failing that using the SHA512 hash (*.sha512 checksum files).
The KEYS
file contains the public PGP keys used by Apache Commons developers
to sign releases.
