Apache POI - Download Release Artifacts
Available Downloads

This page provides instructions on how to download and verify Apache POI release artifacts.

Apache POI releases are available under the Apache License, Version 2.0. See the NOTICE file contained in each release artifact for applicable copyright attribution notices.

To insure that you have downloaded the true release you should verify the integrity of the files using the signatures and checksums available from this page.

28 September 2009 - POI 3.5-FINAL available

The Apache POI team is pleased to announce the release of 3.5 FINAL. This release brings many improvements including support for the new OOXML formats introduced in Office 2007, such as XLSX and DOCX.

A full list of changes is available in the change log. People interested should also follow the dev list to track progress.

The POI source release as well as the pre-built binary deployment packages are listed below. Pre-built versions of all POI components are available in the central Maven repository under Group ID "org.apache.poi" and Version "3.5-FINAL".

Binary Distribution
  • poi-bin-3.5-FINAL-20090928.tar.gz ( 19MB, signed)
    MD5 checksum: 8cdf715caca82ef55be8de8ed0fc5a13
  • poi-bin-3.5-FINAL-20090928.zip ( 26MB, signed)
    MD5 checksum: a53fa84cb24c7d4750e77c2bbb2b1d8e
Source Distribution
  • poi-src-3.5-FINAL-20090928.tar.gz ( 41MB, signed)
    MD5 checksum: 0919fe59b96b8fb852cdcf9b6a627d61
  • poi-src-3.5-FINAL-20090928.zip ( 51MB, signed)
    MD5 checksum: 343a78b54d2ed36093cc0870b167b0f8
Verify

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases. This page provides detailed instructions which you can use for POI artifacts.

The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using

% pgpk -a KEYS % pgpv poi-X.Y.Z.jar.asc

or

% pgp -ka KEYS % pgp poi-X.Y.Z.jar.asc

or

% gpg --import KEYS % gpg --verify poi-X.Y.Z.jar.asc

Sample verification of poi-bin-3.5-FINAL-20090928.tar.gz

% gpg --import KEYS gpg: key 12DAE9BE: "Glen Stampoultzis <glens at apache dot org>" not changed gpg: key 4CEED75F: "Nick Burch <nick at gagravarr dot org>" not changed gpg: key 84B5A42E: "Rainer Klute <rainer.klute at gmx dot de>" not changed gpg: key F5BB52CD: "Yegor Kozlov <yegor.kozlov at gmail dot com>" not changed gpg: Total number processed: 4 gpg: unchanged: 4 % gpg --verify poi-bin-3.5-FINAL-20090928.tar.gz.asc gpg: Signature made Mon Sep 28 10:28:25 2009 PDT using DSA key ID F5BB52CD gpg: Good signature from "Yegor Kozlov <yegor.kozlov at gmail dot com>" gpg: aka "Yegor Kozlov <yegor at dinom dot ru>" gpg: aka "Yegor Kozlov <yegor at apache dot org>" Primary key fingerprint: 7D77 0C77 6CE7 754E E6AF 23AA 6934 0A02 F5BB 52CD % gpg --fingerprint F5BB52CD pub 1024D/F5BB52CD 2007-06-18 [expires: 2012-06-16] Key fingerprint = 7D77 0C77 6CE7 754E E6AF 23AA 6934 0A02 F5BB 52CD uid Yegor Kozlov <yegor.kozlov at gmail dot com> uid Yegor Kozlov <yegor at dinom dot ru> uid Yegor Kozlov <yegor at apache dot org> sub 4096g/7B45A98A 2007-06-18 [expires: 2012-06-16]
Release Archives

Apache POI became a top level project in June 2007 and POI 3.0 aritfacts were re-released. Prior to that date POI was a sub-project of Apache Jakarta.