We recommend you use a mirror to download our release builds, but you must verify the integrity of the downloaded files using signatures downloaded from our main distribution directories. Recent releases (48 hours) may not yet be available from the mirrors.
You are currently using http://apache.claz.org/. If you
encounter a problem with this mirror, please select another
mirror. If all mirrors are failing, there are backup
mirrors (at the end of the mirrors list) that should be
The KEYS link links to the code signing keys used to sign the product. The PGP link downloads the OpenPGP compatible signature from our main site. The MD5 link downloads the checksum from the main site.