Version 2.5.2 of Apache Ivy™ is available. Check the release notes.

Use the links below to download a distribution of Apache Ivy from one of our mirrors. It is good practice to verify the integrity of the distribution files, especially if you are using one of our mirror sites. To do this you must use the signatures from our main distribution directory.

Apache Ivy is distributed as zip and tar.gz archives - the contents are the same. Please note that the tar.gz archives contain file names longer than 100 characters and have been created using GNU tar extensions. Thus they must be untarred with a GNU compatible version of tar.

If you do not see the file you need in the links below, please see the master distribution directory or, preferably, its mirror.

Select mirror

You are currently using If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available.

Other mirrors:
To get information about the different kind of distributions, see that page.
binary (PGP SHA512)
apache-ivy-2.5.2-bin.tar.gz (PGP SHA512)
binary-with-dependencies (PGP SHA512)
apache-ivy-2.5.2-bin-with-deps.tar.gz (PGP SHA512)
sources (PGP SHA512)
apache-ivy-2.5.2-src.tar.gz (PGP SHA512)

Old releases

Older releases of Apache Ivy can be found here. We highly recommend to not use those releases but upgrade to the latest release.

Building from source

What you can get here at the ASF is the latest sources from the git repository:
git clone
Then to build Apache Ivy from source, assuming you have Apache Ant™ 1.6.2+ and a jdk 1.5+ installed, then you only need to run the following command:
ant jar
Then you will find ivy.jar in build/artifact.

Snapshot build

The Apache Software Foundation hosts an installation of the Jenkins CI-system where a continuous build of Ivy is available. Note that these are not official builds and they are not endorsed or even supported by the Apache Ivy team. But if you have problems with testing the latest (successful) build, you are welcome to post that on the mailinglist.

The project page of Apache Ivy on this Jenkins installation is: Here you can find links to the latest version of the jars.

Verify Releases

It is essential that you verify the integrity of the downloaded files using the PGP signature or the SHA512 checksum. The checksums are not as strong indicators as the PGP signature.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using
% pgpk -a KEYS
% pgpv apache-ivy-2.5.2-bin.tar.gz.asc
% pgp -ka KEYS
% pgp apache-ivy-2.5.2-bin.tar.gz.asc
% gpg --import KEYS
% gpg --verify apache-ivy-2.5.2-bin.tar.gz.asc apache-ivy-2.5.2-bin.tar.gz
Alternatively, you can verify the checksums on the files. Many Linux and Windows distributions include utilities to verify SHA checksums. You can use one of those programs to verify the SHA512 checksum that's made available for each of the downloadable files.

We highly recommend to verify the PGP signature, though.

For additional information on how to verify the download files, please refer to this page.

For previous version information and download, see the history page.