Download Apache OFBiz®

Quick start

  • Java 1.8 (minimum) SDK
  • unpack the release file and go into the newly created directory
  • using the command line, build the system (with demo data) and run it with the following command:
  • gradlew loadDefault ofbiz
    (on Linux and like use "./gradlew" rather than "gradlew")
  • point your browser to http://localhost:8080/catalog and login with username "admin" and password "ofbiz"
  • refer to the README file for further details

Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications.

Use the links below to download Apache OFBiz releases from the "Apache Download Mirrors" page; in that page you'll also find instructions on how to verify the integrity of the release file using the signature and hashes (PGP, MD5, SHA512) available for each release.

Despite our best efforts to maintain up to three active release branches, support for older branches can decrease because our project volunteers may be focused on other issues. We recommend using releases from the most recent branch wherever possible.

Apache OFBiz 16.11.03

Released in June 2017, this is the third release of the 16.11 series, that has been stabilized since November 2016.

Download Apache OFBiz 16.11.03 [PGP] [MD5] [SHA512] [Release Notes]

Other downloads

  • Apache OFBiz 13.07.03 [PGP] [MD5] [SHA512] [Release Notes], released in April 2016, is the latest bug fix release in the 13.07 series that contains all the features of the trunk up to June 2013; it is the final release of this series.
  • Old superseded releases can be found in the OFBiz archive
  • A description of each release in the history of OFBiz can be found here

Release Information

    The naming convention for OFBiz releases is <Release Freeze Date>.<Minor Release Number> for example <13.07>.<04> where:
  • <Release Freeze Date> is in the format of <YY.MM> where YY and MM are the year and month of the date of the feature freeze;
  • <Minor Release Number> is a two digit sequential number: 01 is the first release from the branch; 02 is the second etc...; for a given Release Freeze Date you should always use the release with the highest Minor Release Number because it represents the latest bug fix release for the Release Freeze Date you are using.
    Special Notice Regarding Branches 14.12 and 15.12:
  • The branches 14.12 and 15.12 contain the complete codebase including the specialpurpose components and will remain as unreleased branches so will be accessible for developers and service providers to support their client base
  • The project has changed the build system from Apache Ant to Gradle, but this change will not affect branches 14.12 or 15.12; the new build system is available since the 16.11.* series.
  • Branches 14.12 and 15.12 will be supported until July 2017 and during this period bug fixes will be backported to them

Security Vulnerabilities

We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum. Please see the page of the ASF Security Team for further information and contact information.

    This is the list of all security vulnerabilities fixed in released versions of Apache OFBiz:
  • CVE-2016-6800; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01
  • CVE-2016-4462; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01
  • CVE-2016-2170; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2015-3268; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2014-0232; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05
  • CVE-2013-2250; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-2137; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-0177; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05
  • CVE-2012-3506; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03
  • CVE-2012-1622; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2012-1621; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2010-0432; affected releases: 09.04; fixed in 09.04.01