Browse our distribution archive or download the latest Cocoon distribution by selecting one of the links provided below. It is good practice to verify the integrity of the distribution files.
NOTE: Starting with 2.1 we will only release a source distribution. This issue was discussed on the developer list. Using this source distribution is really easy and avoids most of the common pitfalls of the binary distribution. See further explanation.
In addition to the above mentioned release and milestone distributions, you can also download the bleeding-edge code freshly extracted from our SVN repositories (snapshots are generated every six hours):
NOTE: The nightly SVN snapshots are not tested and are not guaranteed to even build cleanly without generating errors. Download and use them if (and only if) you know exactly what you are doing.
To conserve the bandwidth of the Apache Software Foundation, and improve your download times, the Apache Cocoon source and binary distributions have been spread across the Apache mirrored distribution sites.
You are currently using http://apache.tradebit.com/pub/ as your preferred mirror. If you encounter any problem using it, you can select another mirror location from this list and click on Change:
If all mirrors are failing, or you have problems downloading from them, please use one of the ASF primary backup nodes from the list above.
It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.
The PGP signatures can be verified using
First download the Apache Cocoon
as well as the
asc signature file for the particular
distribution. It is important that you get these files from the ultimate
trusted source - the main ASF distribution site, rather than from a mirror.
Then verify the signatures using ...
% pgpk -a KEYS % pgpv cocoon-X.Y.tar.gz.asc or % pgp -ka KEYS % pgp cocoon-X.Y.tar.gz.asc or % gpg --import KEYS % gpg --verify cocoon-X.Y.tar.gz.asc
To verify the MD5 signature on the files, you need to use a program
md5sum, which is
included in many unix distributions. It is also available as part of
Textutils. Windows users can get binary md5 programs from here, here, or
We strongly recommend you verify your downloads with both PGP and MD5.