Apache POI - Download Release Artifacts

This page provides instructions on how to download and verify the Apache POI release artifacts. Apache POI is a pure Java library for manipulating Microsoft Documents, for more information please see the project homepage.

• The latest beta release is Apache POI 3.13-beta1
• The latest stable release is Apache POI 3.12
• Archives of all prior releases

Apache POI releases are available under the Apache License, Version 2.0. See the NOTICE file contained in each release artifact for applicable copyright attribution notices.

To insure that you have downloaded the true release you should verify the integrity of the files using the signatures and checksums available from this page.

The Apache POI team is pleased to announce the release of 3.13-beta1. Featured are a handful of new areas of functionality, and numerous bug fixes.

A summary of changes is available in the Release Notes. A full list of changes is available in the change log. People interested should also follow the dev list to track progress.

The POI source release as well as the pre-built binary deployment packages are listed below. Pre-built versions of all POI components are available in the central Maven repository under Group ID "org.apache.poi" and Version "3.13-beta1".

• poi-bin-3.13-beta1-20150723.tar.gz (18MB, signed)
  MD5 checksum: 21ea88715420f2c89bb04f7d57458ba2
  SHA1 checksum: c255b6f0af5c19204290d54066b554b83f3b60cf
• poi-bin-3.13-beta1-20150723.zip (25MB, signed)
  MD5 checksum: 723f0f985476cfaf794ca050dbe2ddb2
  SHA1 checksum: ccc167ae77791eda816ec6bba20be7bfef55f2a9

• poi-src-3.13-beta1-20150723.tar.gz (58MB, signed)
  MD5 checksum: 87965d40044f02c196574ccf4af17fe5
  SHA1 checksum: cef9c8fae36bee1afe4d1e887a595ae77aa17cf4
• poi-src-3.13-beta1-20150723.zip (62MB, signed)
  MD5 checksum: f1e81b69590ff692ea25173e61182597
  SHA1 checksum: 78718fc76d9947f5a8ef7eca9de5280566c6aac5

This is the new stable release. Featured are a several new areas of functionality, and numerous bug fixes.

A summary of changes is available in the Release Notes. A full list of changes is available in the change log. People interested should also follow the dev list to track progress.

The POI source release as well as the pre-built binary deployment packages are listed below. Pre-built versions of all POI components are available in the central Maven repository under Group ID "org.apache.poi" and Version "3.12".

• poi-bin-3.12-20150511.tar.gz (17MB, signed)
  MD5 checksum: cc48a15571094436780b9118e2d0a530
  SHA1 checksum: 19514761addad48112cf1ef45469935855be2bf3
• poi-bin-3.12-20150511.zip (24MB, signed)
  MD5 checksum: 7d06e431debbac18a290357e7e22d62c
  SHA1 checksum: 6d5e42b65dd136781227729675a92bea11e8ac99

• poi-src-3.12-20150511.tar.gz (51MB, signed)
  MD5 checksum: c76d87bf973818b7a3f3f584fec4cda2
  SHA1 checksum: 616b7704a01a9405ec63bde2583fde48bbfb8097
• poi-src-3.12-20150511.zip (55MB, signed)
  MD5 checksum: ee1dcea648cd7a8aa1ed3693a17437a1
  SHA1 checksum: 06d2d4bf8d6ecc00018c9ab5d744ea0fd0fece6c

The POI nightly builds are run on the Jenkins continuous integration server. Note that these are not officially verified builds and they are not endorsed or even supported by the POI team.
These builds should not be used in production: they are only intended for use by developers to help with resolving bugs and evaluating new features.

• Last Successful Jenkins build for POI-trunk

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases. This page provides detailed instructions which you can use for POI artifacts.

The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using

% pgpk -a KEYS
% pgpv poi-X.Y.Z.jar.asc        
      

or

% pgp -ka KEYS
% pgp poi-X.Y.Z.jar.asc
      

or

% gpg --import KEYS
% gpg --verify poi-X.Y.Z.jar.asc
      

Sample verification of poi-bin-3.5-FINAL-20090928.tar.gz

% gpg --import KEYS
gpg: key 12DAE9BE: "Glen Stampoultzis <glens at apache dot org>" not changed
gpg: key 4CEED75F: "Nick Burch <nick at gagravarr dot org>" not changed
gpg: key 84B5A42E: "Rainer Klute <rainer.klute at gmx dot de>" not changed
gpg: key F5BB52CD: "Yegor Kozlov <yegor.kozlov at gmail dot com>" not changed
gpg: Total number processed: 4
gpg:              unchanged: 4
% gpg --verify poi-bin-3.5-FINAL-20090928.tar.gz.asc
gpg: Signature made Mon Sep 28 10:28:25 2009 PDT using DSA key ID F5BB52CD
gpg: Good signature from "Yegor Kozlov <yegor.kozlov at gmail dot com>"
gpg:                 aka "Yegor Kozlov <yegor at dinom dot ru>"
gpg:                 aka "Yegor Kozlov <yegor at apache dot org>"
Primary key fingerprint: 7D77 0C77 6CE7 754E E6AF  23AA 6934 0A02 F5BB 52CD
% gpg --fingerprint F5BB52CD
pub   1024D/F5BB52CD 2007-06-18 [expires: 2012-06-16]
       Key fingerprint = 7D77 0C77 6CE7 754E E6AF  23AA 6934 0A02 F5BB 52CD
uid                  Yegor Kozlov <yegor.kozlov at gmail dot com>
uid                  Yegor Kozlov <yegor at dinom dot ru>
uid                  Yegor Kozlov <yegor at apache dot org>
sub   4096g/7B45A98A 2007-06-18 [expires: 2012-06-16]
      

Apache POI became a top level project in June 2007 and POI 3.0 aritfacts were re-released. Prior to that date POI was a sub-project of Apache Jakarta.

• Binary Artifacts
• Source Artifacts
• Keys
• Artifacts from prior to 3.0