Releases of Geode are made available to the general public at no charge, under the Apache License, in both binary and source distributions.


    Binaries [ ZIP, SHA-256, PGP ] - [TAR.GZ, SHA-256, PGP ]
    Binary downloads are provided for the convenience of our users and are not official Apache Geode releases.

Dependency Managers

  • Gradle
      dependencies {
          compile 'org.apache.geode:geode-core:1.0.0-incubating'
  • Maven

If you need access to older releases they can be found in the release archives.

Project releases are approved by vote of the Apache Geode Project Management Committee (PMC). Support for a release is provided by project volunteers on the project mailing lists. Bugs found in a release may be discussed on the list and reported through the issue tracker. The user mailing list and issue tracker are the only support options hosted by the Apache Geode project.

Note: When downloading from a mirror, please be sure to verify that checksums and signatures are correct. To do so, use the checksum and signature files from the main Apache site at Find here the KEYS file, which contains all OpenPGP keys we use to sign releases here: KEYS

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the particular distribution. Then verify the signatures using:

% pgpk -a KEYS

% pgpv ${filename}.tar.gz.asc


% pgp -ka KEYS

% pgp ${filename}.tar.gz.asc


% gpg --import KEYS

% gpg --verify ${filename}.tar.gz.asc

Alternatively, you can verify the MD5 signature on the files. A Unix program called md5 or md5sum is included in many Unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.

If you want to build directly from source, instructions are within the User Documentation in the How to Install subsection.