Menu Search


In addition to the source artefacts below, we offer Qpid packages and Qpid via Maven.

Qpid's source artefacts are produced as part of our community release process. The downloads on this page are from our current releases.

It is important to verify the integrity of the files you download.

Messaging APIs

Content Download Verify
Qpid Proton qpid-proton-0.17.0.tar.gz ASC, MD5, SHA1
Qpid Proton-J apache-qpid-proton-j-0.18.0-bin.tar.gz* ASC, MD5, SHA512
Qpid JMS (AMQP 1.0) apache-qpid-jms-0.22.0-bin.tar.gz* ASC, MD5, SHA512
Qpid AMQP 0-x JMS Client qpid-client-6.1.2-bin.tar.gz* ASC, MD5, SHA512
Qpid Messaging API (C++, bindings) qpid-cpp-1.36.0.tar.gz ASC, MD5, SHA1
Qpid Messaging API (Python) qpid-python-1.36.0.tar.gz ASC, MD5, SHA512

Messaging servers

Content Download Verify
Broker for Java qpid-broker-6.1.2-bin.tar.gz* ASC, MD5, SHA512
C++ broker qpid-cpp-1.36.0.tar.gz ASC, MD5, SHA1
Dispatch router qpid-dispatch-0.7.0.tar.gz ASC, SHA1

*These Java artefacts are presented as compiled bytecode. We also offer the source as part of our Qpid Proton-J source release [ASC, MD5, SHA512] and Qpid JMS source release [ASC, MD5, SHA512] and Qpid for Java source release [ASC, MD5, SHA512].

Verify what you download

It is essential that you verify the integrity of the downloaded files using the ASC signatures, MD5 checksums, or SHA checksums.

The signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature file for the relevant artefact. Make sure you get these files from the relevant subdirectory of the main distribution directory, rather than from a mirror. Then verify the signatures using one of the following sets of commands.

% pgpk -a KEYS
% pgpv <artifact-name>.asc

% pgp -ka KEYS
% pgp <artifact-name>.asc

% gpg --import KEYS
% gpg --verify <artifact-name>.asc

Alternatively, you can verify the MD5 or SHA checksums of the files. Unix programs called md5sum, sha1sum and sha512sum (or md5, sha1 and sha512) are included in many unix distributions. They are also available as part of GNU Coreutils. For Windows users, FSUM supports MD5 and SHA1. Ensure your generated checksum string matches the string published in the .md5 or .sha1 file included with each release artefact. Again, make sure you get this file from the relevant subdirectory of the main distribution directory, rather than from a mirror.

More information