Apache POI - Download Release Artifacts
This page provides instructions on how to download and verify the Apache POI release artifacts. There are different versions available depending on how stable your code should be.
- The latest stable release is Apache POI 3.17
- Nightly/CI builds are available as well
- Archives of all prior releases
Apache POI releases are available under the Apache License, Version 2.0. See the NOTICE file contained in each release artifact for applicable copyright attribution notices.
To ensure that you have downloaded the true release you should verify the integrity of the files using the signatures and checksums available from this page.
15 September 2017 - POI 3.17 available
The Apache POI team is pleased to announce the release of 3.17. Featured are a handful of new areas of functionality and numerous bug fixes.
POI 3.17 is the last release to support Java 6. The next release will be 4.0.0 and supports min. Java 8.
The POI source release as well as the pre-built binary deployment packages are listed below. Pre-built versions of all POI components are available in the central Maven repository under Group ID "org.apache.poi" and Version "3.17".
(20.11 MB, signature (.asc))
MD5 checksum: 00d75d263fa8aaf991b4d9f538fa3499
SHA1 checksum: 30b4ddd491a1d016e48e10fbd92e0cc43a6cb196
SHA512 checksum: c1a760f4f051054e5cf17c512e837b22fd28484bd82b691db019e3309d1736942e39e3fb8c4195e72c474077d95e89ded0b40ec49c7c78dace8e6596d6c7e298
(28.65 MB, signature (.asc))
MD5 checksum: d3f49331d4c3375f9729d864c1fa1164
SHA1 checksum: 517824614c6a90ea6f0843b8efdb0b7ad80f69ed
SHA512 checksum: 39f4a85f2cc8a0355c65c73e28df1ac91e5a24baa25ecc591bcd8b3701c29c5b6f7aba15199b4f1a88479ef634996f9b86c5a7b1164d57c2ba2059acfb30e448
(88.14 MB, signature (.asc))
MD5 checksum: c11eac47c8b870e1f9626bfba8d2dc56
SHA1 checksum: 3e71f7c7d973ab8b226e1b1cf87dbcf1aab9e717
SHA512 checksum: 9008c47f1e3b15a0579d9cb518b8b3219e143e3100de9d7e1501ddd64e6fe439265a072ecabb85e6eecdb8621e20ac46fede26c382d98f11f0998c1a19b79ee9
(92.23 MB, signature (.asc))
MD5 checksum: 68e181082793adfe571b03ec8a2bb927
SHA1 checksum: 83ad40c6ad762da0531677c977f3f9f1bad41734
SHA512 checksum: 64a5103b5841a8e516d308de15ffb5d94f6b11f5d45f822b7645fad4b84d0af80abad690b7ed979c10009c21fd254c30fe416d4b034139e7be4e835967a36e2b
The POI nightly builds are run on the Jenkins continuous integration server.
These builds should not be used in production: they are mostly intended for use by developers to help with resolving bugs and evaluating new features or users who want to try out the latest version.
It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases. This page provides detailed instructions which you can use for POI artifacts.
The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures.
As an example:
% pgpk -a KEYS % pgpv poi-X.Y.Z.jar.asc
% pgp -ka KEYS % pgp poi-X.Y.Z.jar.asc
% gpg --import KEYS % gpg --verify poi-X.Y.Z.jar.asc poi-X.Y.Z.jar
Sample verification of poi-bin-3.5-FINAL-20090928.tar.gz
% gpg --import KEYS gpg: key 12DAE9BE: "Glen Stampoultzis <glens at apache dot org>" not changed gpg: key 4CEED75F: "Nick Burch <nick at gagravarr dot org>" not changed gpg: key 84B5A42E: "Rainer Klute <rainer.klute at gmx dot de>" not changed gpg: key F5BB52CD: "Yegor Kozlov <yegor.kozlov at gmail dot com>" not changed gpg: Total number processed: 4 gpg: unchanged: 4 % gpg --verify poi-bin-3.5-FINAL-20090928.tar.gz.asc poi-bin-3.5-FINAL-20090928.tar.gz gpg: Signature made Mon Sep 28 10:28:25 2009 PDT using DSA key ID F5BB52CD gpg: Good signature from "Yegor Kozlov <yegor.kozlov at gmail dot com>" gpg: aka "Yegor Kozlov <yegor at dinom dot ru>" gpg: aka "Yegor Kozlov <yegor at apache dot org>" Primary key fingerprint: 7D77 0C77 6CE7 754E E6AF 23AA 6934 0A02 F5BB 52CD % gpg --fingerprint F5BB52CD pub 1024D/F5BB52CD 2007-06-18 [expires: 2012-06-16] Key fingerprint = 7D77 0C77 6CE7 754E E6AF 23AA 6934 0A02 F5BB 52CD uid Yegor Kozlov <yegor.kozlov at gmail dot com> uid Yegor Kozlov <yegor at dinom dot ru> uid Yegor Kozlov <yegor at apache dot org> sub 4096g/7B45A98A 2007-06-18 [expires: 2012-06-16]