How to Download

Use the links below to download a distribution of Apache WSS4J from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache WSS4J releases are available under the Apache License, Version 2.0 - see the LICENSE.txt and NOTICE.txt files contained in each release artifact.

Current official release (closest mirror site selected automatically)

• The current stable release is Apache WSS4J 3.0.3:

  wss4j-3.0.3-source-release.zip (PGP) (SHA-512)

• The current release on the older 2.4.x-fixes branch is Apache WSS4J 2.4.3:

  wss4j-2.4.3-source-release.zip (PGP) (SHA-512)

• The current release on the older 2.3.x-fixes branch is Apache WSS4J 2.3.4:

  wss4j-2.3.4-source-release.zip (PGP) (SHA-512)

Verifying Releases

When downloading from a mirror please check the SHA-512/SHA1 checksums as well as verifying the OpenPGP compatible signature available from the main Apache site. The KEYS file contains the public keys used for signing the release. It is recommended that a web of trust is used to confirm the identity of these keys.

You can check the OpenPGP compatible signature with GnuPG via:

• gpg --import KEYS
• gpg --verify wss4j-*-source-release.zip.asc

You can check the SHA-512 digests with:

• sha512sum wss4j-*-source-release.zip (and compare output to wss4j-*-source.release.zip.sha512)

Archive of old releases

Older releases are available in the archive.