Use the links below to download Apache UIMA from one of our mirrors. It is good practice to verify the integrity of the distribution files, especially if you are using one of our mirror sites.

Only current recommended releases are available on the main distribution site and its mirrors. Older releases are available from the archive download site.

Apache UIMA is distributed as source and binary (ready-to-use) packages. These are available in zip, tar.gz and tar.bz2 archive formats. Please note that the tar.* archives contain file names longer than 100 characters and have been created using GNU tar extensions. Thus they must be untarred with a GNU compatible version of tar.

Eclipse Update Site

You can install the UIMA Eclipse tooling via our Eclipse update site: http://www.apache.org/dist/incubator/uima/eclipse-update-site/. Don't forget to install EMF before/with the UIMA tooling. If you're doing this for the first time, you may wish to consult the much more verbose instructions in the SDK documentation.

Maven Repository

If you're using Maven to build your projects, you can use the UIMA Maven artifacts that are deployed on the Apache Incubator repository: http://people.apache.org/repo/m2-incubating-repository/. See some of the sandbox POMs for examples on how to reference the UIMA jars in Maven.

Mirror

You are currently using http://apache.seekmeup.com. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available. Other mirrors: http://apache.seekmeup.comhttp://www.urlstructure.com/apachehttp://mirrors.kahuki.com/apachehttp://mirror.candidhosting.com/pub/apachehttp://mirrors.enquira.com/apachehttp://www.signal42.com/mirrors/apachehttp://apache.mirrors.hoobly.comhttp://apache.mirrors.tds.nethttp://apache.mirrors.timporter.nethttp://apache.ziply.comhttp://www.ibiblio.org/pub/mirrors/apachehttp://www.mirrorgeek.com/apache.orghttp://mirror.olnevhost.net/pub/apachehttp://www.trieuvan.com/apachehttp://government-grants.org/mirrors/apache.orghttp://mirrors.sirium.net/pub/apachehttp://mirror.fslutd.org/apachehttp://apache.mirrors.redwire.nethttp://apache.siamwebhosting.comhttp://www.hightechimpact.com/Apachehttp://apache.mirrormax.nethttp://www.gossipcheck.com/mirrors/apachehttp://mirrors.isc.org/pub/apachehttp://veritris.com/mirrors/apachehttp://apache.deathculture.nethttp://www.alliedquotes.com/mirrors/apachehttp://www.eng.lsu.edu/mirrors/apachehttp://www.ip97.com/apache.orghttp://apache.cs.utah.eduhttp://apache.mirror99.comhttp://www.poolsaboveground.com/apachehttp://download.filehat.com/apachehttp://mirror.x10.com/mirror/apachehttp://apache.oregonstate.eduhttp://ftp.wayne.edu/apachehttp://mirror.the-irc.org/apachehttp://www.gtlib.gatech.edu/pub/apachehttp://www.axint.net/apachehttp://mirror.cc.columbia.edu/pub/software/apachehttp://ossavant.org/apachehttp://www.devlib.org/apachehttp://apache.tradebit.com/pubhttp://mirrors.24-7-solutions.net/pub/apachehttp://mirror.nyi.net/apachehttp://www.pangex.com/pub/apachehttp://mirror.atlanticmetro.net/apachehttp://apache.mirror.facebook.comhttp://www.reverse.net/pub/apachehttp://www.uniontransit.com/apachehttp://apache.hoxt.comhttp://download.nextag.com/apache ftp://www.ibiblio.org/pub/mirrors/apacheftp://ftp.wayne.edu/apacheftp://apache.cs.utah.edu/pub/apache.orgftp://ftp.oregonstate.edu/pub/apacheftp://mirror.nyi.net/apacheftp://apache.mirrors.tds.net/pub/apache.org http://www.apache.org/dist (backup)http://www.eu.apache.org/dist (backup)

Apache UIMA Version 2.2.2-incubating - Release Date: 07-May-2008

Artifact Release Notes Binary Source UIMA base framework HTML TXT uimaj-2.2.2-incubating-bin.zip [asc] [md5] [sha1] uimaj-2.2.2-incubating-bin.tar.gz [asc] [md5] [sha1] uimaj-2.2.2-incubating-bin.tar.bz2 [asc] [md5] [sha1] uimaj-2.2.2-incubating-src.zip [asc] [md5] [sha1] uimaj-2.2.2-incubating-src.tar.gz [asc] [md5] [sha1] uimaj-2.2.2-incubating-src.tar.bz2 [asc] [md5] [sha1] UIMA Annotator Addons HTML TXT uimaj-annotator-addons-2.2.2-incubating-bin.zip [asc] [md5] [sha1] uimaj-annotator-addons-2.2.2-incubating-bin.tar.gz [asc] [md5] [sha1] uimaj-annotator-addons-2.2.2-incubating-bin.tar.bz2 [asc] [md5] [sha1] uimaj-annotator-addons-2.2.2-incubating-src.zip [asc] [md5] [sha1] uimaj-annotator-addons-2.2.2-incubating-src.tar.gz [asc] [md5] [sha1] uimaj-annotator-addons-2.2.2-incubating-src.tar.bz2 [asc] [md5] [sha1]

Apache UIMA Version 2.2.1-incubating - Release Date: 21-Dec-2007

Artifact Release Notes Binary Source UIMA base framework HTML TXT uimaj-2.2.1-incubating-bin.zip [asc] [md5] [sha1] uimaj-2.2.1-incubating-bin.tar.gz [asc] [md5] [sha1] uimaj-2.2.1-incubating-bin.tar.bz2 [asc] [md5] [sha1] uimaj-2.2.1-incubating-src.zip [asc] [md5] [sha1] uimaj-2.2.1-incubating-src.tar.gz [asc] [md5] [sha1] uimaj-2.2.1-incubating-src.tar.bz2 [asc] [md5] [sha1]

Older releases of Apache UIMA can be found here. We highly recommend to not use those releases but upgrade to UIMA's latest release.

Signature Files

You may be wondering what those .asc, .md5 and .sha1 files on the download pages are good for. They are signature files that let you verify the integrity and origin of the distribution artifacts (zip files, compressed archives) that you have downloaded. The signatures come in two varieties. The .md5 and .sha1 files contain MD5 and SHA1 checksums, respectively. The main purpose of those files is to let you verify the integrity of your release artifact. You can use a tool to generate the same kind of checksum and check that it's the same checksum as the one you downloaded. If the checksums agree, you can be sure that your archive did not get corrupted during transmission. The .asc files are so-called detached, ASCII-armored PGP signatures. They let you do the same thing as the MD5 and SHA1 signatures, but they let you do something in addition: you can use these signatures to verify that the release artifacts were signed by a certain, trusted source. The .asc files contain checksums that were encrypted with the private PGP key of the release manager responsible for the release. This is useful if you received the release files from some arbitrary source, and you would like to be sure that what you have there is really a UIMA release (and not something containing a virus, for example). You can then download the corresponding public key from a trusted source, and use it to verify not only the integrity of the file, but that it is actually the file the release manager signed in the first place. Anybody can tamper with a released file and create a new checksum, but they can't fake the .asc file so it will work with the public key of the release manager. If you would like to verify your UIMA distribution or not is up to you, but unless you do it, you cannot be sure that you have an uncorrupted copy. The next section will tell you how can use each type of signature file.

Using GnuPG to Verify Release Files

Start by downloading and installing GnuPG, an implementation of OpenPGP. There are many tools for verifying MD5 and SHA1 checksums, here's the GnuPG way for MD5: gpg --print-md MD5 <ReleaseFile> and for SHA1: gpg --print-md MD5 <ReleaseFile> You can simply compare the resulting checksum to the one contained in the <ReleaseFile>.md5 or <ReleaseFile>.sha1 checksum file. Use diff or your eyes, the signatures are short. A better way of verifying a distribution file is to use the PGP signature provided in the .asc files. To be able to use the PGP signature files, you need to obtain the UIMA developers' public keys from a trusted source. The keys do come with the distribution as well, but obviously using those is not a good way to ascertain the pedigree of a distribution. Instead, get the keys from the main Apache distribution site (not a mirror), or directly out of the UIMA SVN repository. (Right click the following links, and select save link/target as ...) KEYS from Apache main distribution site KEYS from the main UIMA SVN repository using https security Depending how sure you want to be that those keys are really the ones you can trust, you may think of even safer ways to obtain them (for example, go to ApacheCon and get them personally). Once you have downloaded the KEYS file, you can import it into your GnuPG key registry with gpg --import KEYS Check what your key registry contains with gpg --list-keys To verify a release file, cd to the directory with the release and run gpg --verify <fileName>.asc for each file you would like to verify. The output should contain something like this: gpg: Good signature from "Thilo Goetz (CODE SIGNING KEY) <twgoetz@apache.org>"

More details on Release Signing

Further information on how all this works can be found at http://www.apache.org/dev/release-signing.html