Download Apache OFBiz
Use the links below to download Apache OFBiz releases from the "Apache Download Mirrors" page. The download page also includes instructions on how to verify the integrity of the release file using the signature and hashes (PGP, MD5, SHA512) available for each release.
PLEASE NOTE: Despite our best efforts to maintain up to three active release branches, support for older branches can decrease because our project volunteers may be focused on other issues. We recommend using releases from the most recent branch wherever possible.
Apache OFBiz 16.11.03
Released in June 2017, this is the third release of the 16.11 series, that has been stabilized since November 2016.Download OFBiz 16.11.03 [PGP] [MD5] [SHA12] [Release Notes]
Apache OFBiz 13.07.03
Released in April 2016, is the third and final release of the 13.07 series, that has been stabilized with bug fixes since July 2013.
Please note that in the 13.07 series the specialpurpose components are no longer inccluded as part of the release files. The only exception is the the ecommerce component due to specific dependencies.Download OFBiz 13.07.03 [PGP] [MD5] [SHA12] [Release Notes]
Special Notice Regarding Branches 14.12 and 15.12
The branches 14.12 and 15.12 contain the complete codebase including the specialpurpose components and will remain as unreleased branches so will be accessible for developers and service providers to support their client base. The project has changed the Apache OFBiz build system from Apache Ant to Gradle beginning with the 16.11* series of releases so 14.12 and 15.12 are still using Ant.
Branches 14.12 and 15.12 will be supported until July 2017 and during this period bug fixes will be backported to them
Apache OFBiz 12.04 and earlier
Older superseded releases of Apache OFBiz can be found in the Apache OFBiz archive
NOTE: To avoid any security vulnerabilities the Apache OFBiz community highly recommend that all users upgrade to the latest stable release.
A descriptions of each release in the history of OFBiz can be found here
We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either firstname.lastname@example.org or email@example.com), before disclosing them in a public forum.
Please see the ASF Security Team webpage for further information about reporting a security vulnerability as well as their contact information.
List of Known Vulnerabilities
- CVE-2016-6800; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01
- CVE-2016-4462; affected releases: 13.07.*, 12.04.*, 11.04.*; fixed in 16.11.01
- CVE-2016-2170; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
- CVE-2015-3268; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
- CVE-2014-0232; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05
- CVE-2013-2250; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
- CVE-2013-2137; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
- CVE-2013-0177; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05
- CVE-2012-3506; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03
- CVE-2012-1622; affected releases: 10.04 (10.04.01); fixed in 10.04.02
- CVE-2012-1621; affected releases: 10.04 (10.04.01); fixed in 10.04.02
- CVE-2010-0432; affected releases: 09.04; fixed in 09.04.01