Download Apache OFBiz®

Quick start

  • Java 1.7 (minimum) SDK
  • unpack the release file and go into the newly created directory
  • using the command line, build the system (with demo data) and run it with the following command:
  • ant load-demo start
    (on Linux and like use "./ant" rather than "ant")
  • point your browser to http://localhost:8080/catalog and login with username "admin" and password "ofbiz"
  • refer to the README file for further details

Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications.

Use the links below to download Apache OFBiz releases from the "Apache Download Mirrors" page; in that page you'll also find instructions on how to verify the integrity of the release file using the signature and hashes (PGP, MD5, SHA512) available for each release.

Despite our best efforts to maintain up to three active release branches, support for older branches can decrease because our project volunteers may be focused on other issues. We recommend using releases from the most recent branch wherever possible.

Apache OFBiz 13.07.03

Released in April 2016, this is the last release of the 13.07 series, that has been stabilized with bug fixes since July 2013. Please notice that in the 13.07 series the specialpurpose components are no longer included in the release. The only exception to this is the ecommerce component (because there are still some dependencies on it): the specialpurpose components may be released in a separate package in the future.

Download Apache OFBiz 13.07.03 [PGP] [MD5] [SHA512] [Release Notes]

Other downloads

  • Apache OFBiz 12.04.06 [PGP] [MD5] [SHA512] [Release Notes], released in April 2016, is the latest bug fix release in the 12.04 series that contains all the features of the trunk up to April 2012; it is the final release of this series.
  • Apache OFBiz 11.04.06 [PGP] [MD5] [SHA512], released in September 2014, is the latest bug fix release in the 11.04 series that contains all the features of the trunk up to April 2011; it is the final release of this series.
  • Old superseded releases can be found in the OFBiz archive
  • A description of each release in the history of OFBiz can be found here
  • Nightly snapshots can be found here

Release Information

    The naming convention for OFBiz releases is <Release Freeze Date>.<Minor Release Number> for example <13.07>.<04> where:
  • <Release Freeze Date> is in the format of <YY.MM> where YY and MM are the year and month of the date of the feature freeze;
  • <Minor Release Number> is a two digit sequential number: 01 is the first release from the branch; 02 is the second etc...; for a given Release Freeze Date you should always use the release with the highest Minor Release Number because it represents the latest bug fix release for the Release Freeze Date you are using.
    Special Notice Regarding Branches 14.12 and 15.12:
  • The branches 14.12 and 15.12 contain the complete codebase including the specialpurpose components and will remain as unreleased branches so will be accessible for developers and service providers to support their client base
  • The project is currently in the transition of changing the build system from Apache Ant to Gradle, but this change will not affect branches 14.12 or 15.12
  • Branches 14.12 and 15.12 will be supported until July 2017 and during this period bug fixes will be backported to them
    The Next Release 16.x Release:
  • A release branch 16.x will be created later this year. Once that has been done, we will be able to provide more details on the tentative release dates

Security Vulnerabilities

We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing list of the ASF Security Team, before disclosing them in a public forum. Please see the page of the ASF Security Team for further information and contact information.

    This is the list of all security vulnerabilities fixed in released versions of Apache OFBiz:
  • CVE-2016-2170; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2015-3268; affected releases: 13.07.02 and earlier versions (13.07.*), 12.04.05 and earlier versions (12.04.*); fixed in 13.07.03 and 12.04.06
  • CVE-2014-0232; affected releases: 12.04.03 and earlier versions (12.04.*), 11.04.04 and earlier versions (11.04.*); fixed in 12.04.04 and 11.04.05
  • CVE-2013-2250; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-2137; affected releases: 12.04.01, 11.04.02 and earlier versions (11.04.*), 10.04.05 and earlier versions (10.04.*); fixed in 12.04.02, 11.04.03 and 10.04.06
  • CVE-2013-0177; affected releases: 11.04.01, 10.04.04 and earlier versions (10.04.*); fixed in 11.04.02 and 10.04.05
  • CVE-2012-3506; affected releases: 10.04.02, 10.04 (10.04.01); fixed in 10.04.03
  • CVE-2012-1622; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2012-1621; affected releases: 10.04 (10.04.01); fixed in 10.04.02
  • CVE-2010-0432; affected releases: 09.04; fixed in 09.04.01