Apache » Cocoon »

  Apache Cocoon

Apache Cocoon

Versions & Download

Cocoon 2.2 (stable)

Our latest version of Cocoon is 2.2. The best way to get familiar with Cocoon 2.2 and how to use it together with Maven 2 is the Getting started tutorial. If you follow that path, Maven 2 will take care of downloading all (transitive) dependencies.

However, there is also a Getting Started package that contains a simple Cocoon 2.2 based application that uses Apache Ant as build system.

It is good practice to verify the integrity of the distribution files.





Cocoon 2.2.0

Cocoon Core (pipelines, sitemaps, servlet): sources, binaries, javadocs and docs.


pgp md5 sha1
pgp md5 sha1

Getting Started 2.2.0

A simple web application based on Cocoon 2.2 that makes use of blocks and servlet services.


pgp md5 sha1
pgp md5 sha1

Cocoon 2.2 was split up into smaller units called blocks. Everything that goes beyond what Cocoon provides in its core modules (Spring integration, sitemap and pipeline implementation) is provided as block. Blocks can be downloaded separately. In order to get an overview of what blocks are available, use the list of blocks.

Cocoon 2.1 (stable)

The latest stable release of Cocoon 2.1.x  is 2.1.11. Downloads and documentation are available.

Previous versions

Older versions of Cocoon are 2.0 and 1.x. It is not recommended to start a new project based on one of them.

Verifying Releases

We strongly recommend you verify the integrity of the downloaded files with both PGP and MD5.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the *.asc signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using one of the following sets of commands:

$ pgpk -a KEYS
$ pgpv cocoon-*.tar.gz.asc
$ pgpv cocoon-*.zip.asc
$ pgp -ka KEYS
$ pgp cocoon-*.tar.gz.asc
$ pgp cocoon-*.zip.asc
$ gpg --import KEYS
$ gpg --verify cocoon-*.tar.gz.asc
$ gpg --verify cocoon-*.zip.asc

Alternatively, you can verify the MD5 signature on the files. A Unix/Linux program called md5 or md5sum is included in most distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from these (and likely other) places: