Choose a release version:

Development and Maintenance Branches

If you are interested in working with the newest under-development code or contributing to REEF, you can also check out the master branch from Git:

$ git clone git://

How to verify the integrity of the files

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the *.asc signature file for the relevant distribution. Make sure you get these files from the main distribution directory rather than from a mirror. Then verify the signatures using one of the following sets of commands:

% pgpk -a KEYS
% pgpv downloaded_file.asc


% pgp -ka KEYS
% pgp downloaded_file.asc


% gpg --import KEYS
% gpg --verify downloaded_file.asc

Alternatively, you can verify the MD5 signature on the files. A Unix/Linux program called md5 or md5sum is included in most distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from these (and likely other) places:

Maven Dependencies

REEF artifacts are hosted in Maven Central and can be added to your Maven project using the following format: