How to download

Please realise that Forrest is still pre-1.0 release version. It is certainly usable for those who are prepared to move with it. See more notes about status.

Use the links below to download a distribution of Apache Forrest from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache Forrest releases are available under the Apache License, Version 2.0 - see the README.txt and LICENSE.txt and NOTICE.txt files contained in each release artifact.

The "sources" package contains all of the source code, documentation, and resources, together with the pre-built ready-to-run forrest binary. The "dependencies" package includes pre-packaged copies of relevant portions of Apache Cocoon and Apache Ant, and other supporting products.

First unpack the "sources" to your chosen installation location, then unpack the "dependencies" over the top of that, which will install each to the appropriate location.

After unpacking the distribution, follow the README.txt to see the Requirements (just Java 1.5+), Installation Instructions and Documentation, Licensing and legal issues and credits.

Current official release (closest mirror site selected automatically)

You are currently using [preferred]
If you encounter a problem with this mirror, then please select another. If all mirrors are failing, there are backup mirrors at the end of the list. See
status of mirrors.

Other mirrors:

The current release is Apache Forrest 0.9 (see the release notes and the full list of changes).

Note: Both packages are needed. See notes above regarding how to download.

Archive of old releases

Older releases are available in the archive. Those releases are only provided as historical artefacts. We strongly recommend to not use those releases, but upgrade to the most recent release.

Verify releases

It is essential that you verify the integrity of the downloaded files using the MD5 and PGP signatures. MD5 verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file came from a certain person.

PGP Signature

The PGP signatures can be verified using tools such as GPG. First download the Apache Forrest KEYS as well as the *.asc signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using ...

% pgpk -a KEYS
% pgpv apache-forrest-X.Y-sources.tar.gz.asc


% pgp -ka KEYS
% pgp apache-forrest-X.Y-sources.tar.gz.asc


% gpg --import KEYS
% gpg --verify apache-forrest-X.Y-sources.tar.gz.asc

The files apache-forrest-0.9.* are signed by David Crossley 3248A46E (and 23CB7A2A)

MD5 Checksum

To verify the MD5 checksum on the files, you need to use a program called md5 or md5sum, which is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here or an openssl client from here.

% md5sum apache-forrest-X.Y-sources.tar.gz
... output should match the string in apache-forrest-X.Y-sources.tar.gz.md5

We strongly recommend you verify your downloads with both PGP and MD5.