Downloading Apache Cocoon

Releases download:

Browse our distribution archive or download the latest Cocoon distribution by selecting one of the links provided below. It is good practice to verify the integrity of the distribution files.

NOTE: Starting with 2.1 we will only release a source distribution. This issue was discussed on the developer list. Using this source distribution is really easy and avoids most of the common pitfalls of the binary distribution. See further explanation.

The latest source distribution (Cocoon 2.1.12):
The latest dependencies distribution (Cocoon 2.1.12):

Browse the distribution archives:


In addition to the above mentioned release and milestone distributions, you can also download the bleeding-edge code freshly extracted from our SVN repositories (snapshots are generated every six hours):

NOTE: The nightly SVN snapshots are not tested and are not guaranteed to even build cleanly without generating errors. Download and use them if (and only if) you know exactly what you are doing.

Using Apache mirrors:

To conserve the bandwidth of the Apache Software Foundation, and improve your download times, the Apache Cocoon source and binary distributions have been spread across the Apache mirrored distribution sites.

You are currently using as your preferred mirror. If you encounter any problem using it, you can select another mirror location from this list and click on Change:

If all mirrors are failing, or you have problems downloading from them, please use one of the ASF primary backup nodes from the list above.

Verify releases:

It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.

The PGP signatures can be verified using PGP or GPG. First download the Apache Cocoon KEYS as well as the asc signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using ...

% pgpk -a KEYS
% pgpv cocoon-X.Y.tar.gz.asc
% pgp -ka KEYS
% pgp cocoon-X.Y.tar.gz.asc
% gpg --import KEYS
% gpg --verify cocoon-X.Y.tar.gz.asc

To verify the MD5 signature on the files, you need to use a program called md5 or md5sum, which is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.

We strongly recommend you verify your downloads with both PGP and MD5.

Copyright © 1999-2015, The Apache Software Foundation. All rights reserved.