Please realise that Forrest is still pre-1.0 release version. It is certainly usable for those who are prepared to move with it. See more notes about status.
Use the links below to download a distribution of Apache Forrest from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache Forrest releases are available under the Apache License, Version 2.0 - see the README.txt and LICENSE.txt and NOTICE.txt files contained in each release artifact.
The "sources" package contains all of the source code, documentation, and resources, together with the pre-built ready-to-run forrest binary. The "dependencies" package includes pre-packaged copies of relevant portions of Apache Cocoon and Apache Ant, and other supporting products.
First unpack the "sources" to your chosen installation location, then unpack the "dependencies" over the top of that, which will install each to the appropriate location.
After unpacking the distribution, follow the README.txt to see the Requirements (just Java 1.5+), Installation Instructions and Documentation, Licensing and legal issues and credits.
You are currently using
[preferred]
If you encounter a problem with this mirror, then please select another.
If all mirrors are failing, there are backup mirrors at the end of the
list. See status of mirrors.
The current release is Apache Forrest 0.9 (see the release notes and the full list of changes).
Note: Both packages are needed. See notes above regarding how to download.
Older releases are available in the archive. Those releases are only provided as historical artefacts. We strongly recommend to not use those releases, but upgrade to the most recent release.
It is essential that you verify the integrity of the downloaded files using the MD5 and PGP signatures. MD5 verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file came from a certain person.
The PGP
signatures can be verified using tools such as
GPG. First download the Apache Forrest
KEYS as well as the
*.asc signature file for the particular distribution. It is
important that you get these files from the ultimate trusted source - the
main ASF distribution site, rather than from a mirror. Then verify the
signatures using ...
% pgpk -a KEYS % pgpv apache-forrest-X.Y-sources.tar.gz.asc or % pgp -ka KEYS % pgp apache-forrest-X.Y-sources.tar.gz.asc or % gpg --import KEYS % gpg --verify apache-forrest-X.Y-sources.tar.gz.asc
The files apache-forrest-0.9.*
are signed by David Crossley 3248A46E (and 23CB7A2A)
To verify the MD5 checksum on the files, you need to use a program called
md5 or md5sum, which is included in many unix
distributions. It is also available as part of
GNU
Textutils. Windows users can get binary md5 programs from
here,
here, or
here or an openssl client
from
here.
% md5sum apache-forrest-X.Y-sources.tar.gz ... output should match the string in apache-forrest-X.Y-sources.tar.gz.md5
We strongly recommend you verify your downloads with both PGP and MD5.