Download

Latest Releases

The Apache PDFBox community provides feature and bugfix releases.

See also the export control information related to the encryption features included in Apache PDFBox.

Current releases

Binary Distribution

Version Description Download Link PGP Signature SHA512 Checksum
PDFBox
2.0.21

feature
Command line tools
PDFBox standalone pdfbox-app-2.0.21.jar ASC SHA512
Debugger standalone debugger-app-2.0.21.jar ASC SHA512
Preflight standalone preflight-app-2.0.21.jar ASC SHA512
Libraries of each subproject
pdfbox pdfbox-2.0.21.jar ASC SHA512
fontbox fontbox-2.0.21.jar ASC SHA512
preflight preflight-2.0.21.jar ASC SHA512
xmpbox xmpbox-2.0.21.jar ASC SHA512
pdfbox-tools pdfbox-tools-2.0.21.jar ASC SHA512
pdfbox-debugger pdfbox-debugger-2.0.21.jar ASC SHA512
PDFBox
1.8.16

bugfix
Command line tools
PDFBox standalone pdfbox-app-1.8.16.jar ASC SHA512
Preflight standalone preflight-app-1.8.16.jar ASC SHA512
Libraries of each subproject
pdfbox pdfbox-1.8.16.jar ASC SHA512
fontbox fontbox-1.8.16.jar ASC SHA512
preflight preflight-1.8.16.jar ASC SHA512
jempbox jempbox-1.8.16.jar ASC SHA512
xmpbox xmpbox-1.8.16.jar ASC SHA512
JBIG2
3.0.3

feature
JBIG2 ImageIO plugin jbig2-imageio-3.0.3.jar ASC SHA512

Source Distribution

Version Description Download Link PGP Signature SHA512 Checksum
PDFBox
2.0.21

feature
Source ZIP file incl. examples pdfbox-2.0.21-src.zip ASC SHA512
PDFBox
1.8.16

bugfix
Source ZIP file incl. examples pdfbox-1.8.16-src.zip ASC SHA512
JBIG2
3.0.3

feature
Source ZIP file jbig2-imageio-3.0.3-src.zip ASC SHA512

Verify

It is essential that you verify the integrity of the downloaded files using the PGP signatures or SHA512 checksums. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases.

The PGP signatures can be verified using PGP or GPG. First download the KEYS file as well as the .asc signature files for the relevant release packages. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using

% pgpk -a KEYS
% pgpv pdfbox-X.Y.Z-src.zip.asc
or
% pgp -ka KEYS
% pgp pdfbox-X.Y.Z-src.zip.asc
or
% gpg --import KEYS
% gpg --verify pdfbox-X.Y.Z-src.zip.asc pdfbox-X.Y.Z-src.zip

Previous releases

Previous Apache releases (starting with version `0.8.0-incubating`) are available in the release archive. Older releases (up to version `0.7.3`) published from SourceForge are still available on SourceForge Files.

Export control information

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:

  • Apache PDFBox uses the Java Cryptography Architecture (JCA) and the Bouncy Castle libraries for handling encryption in PDF documents.