Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

List of Libraries used by OFBiz

Deprecated Document

Note that this document was used to collect the information when OFBiz was in the Apache Incubator. It has been maintained for a long period (about end of 2009) but is not maintained anymore. So it's now deprecated and the official source of information are the LICENCE ans NOTICE files (see links below)

This is the list of the libraries distributed with OFBiz, needed to build and run OFBiz in the default configuration.

However, in order to run OFBiz in a different configuration (for example a different database) or in order to activate some specialized plugins (for example the JasperReport plugin) you may need additional jar files in your classpath. Some of them are delivered with licenses not compatible with the OFBiz license, the ASL2.0, and (also) for this reason they are not distributed with OFBiz. You can find some of them here. For details see the OPTIONAL_LIBRARIES file in the ofbiz directory from svn.

The official OFBiz license files, included in the trunk, are the following ones:

Some notes on licenses

We can use and include libraries licensed with any BSD/MIT like license including Apache, etc. We can also change and redistribute these libraries.

We can use and include libraries licensed with SPL (Sun), MPL (Mozilla), and similar licenses. We cannot change these and redistribute the changes though. These are a combination of the GPL and BSD licenses and make a distinction between "Covered Code" and "Larger Works". If we change the code the changes must be SPL/MPL/whatever licensed, but we can use the libraries unmodified just fine.

We can use, but can not include, libraries licensed with LGPL. The licensing quirk here is that we can write code that uses the libraries but can't include (distribute) the libraries themselves. This means that we have to have the build.xml files out of the box with exclusions for these source files. For each one we should document which jar files are needed, where they can be obtained, and which build.xml file(s) need to be changed to compile the Java files that depend on them.

We cannot use nor include libraries licensed with the GPL. The use and distribution restrictions are simply too tight and there is no way around them.

To have a more complete view on licences compatibilty please use this ASF policy : ASF Legal Previously Asked Questions

File Name

URL

License

Notice

Runtime Dependencies

Notes

base

 

 

 

 

 

commons/ commons-beanutils-1.7.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-cli-1.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-codec-1.3.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-collections-3.2.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-digester-1.8.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-discovery-0.4.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-el-1.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-fileupload-1.2.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-io-1.3.1.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-lang-2.3.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-logging-1.1.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-modeler-2.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-pool-1.3.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-primitives-1.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-validator-1.3.1.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

commons/ commons-vfs-1.0.jar

Apache Commons

Apache 2.0

ASF Only

 

updated

scripting/ antlr-2.7.6.jar

Antlr

BSD

 

 

updated

scripting/ asm-2.2.jar, asm-analysis-2.2.jar, asm-tree-2.2.jar, asm-util-2.2.jar

ASM

BSD

 

 

updated

scripting/ bsf-2.4.0.jar

Jakarta BSF

Apache 2.0

ASF Only

 

updated

scripting/ bsh-2.0b4.jar

BeanShell

SPL(Sun)/LGPL

License notice only for SPL

 

updated

scripting/ groovy-1.5.6.jar

Groovy

Apache 2.0

 

 

updated

scripting/ jython-nooro.jar

Jython

license

None

 

 

scripting/ jakarta-oro-2.0.8.jar

Jakarta ORO

Apache 2.0

ASF Only

 

updated

Tidy.jar

JTidy

W3C License

License notice only for W3C

 

Not used?

ant-1.7.0.jar

Apache Ant

Apache 2.0

Has ASF plus additional notices


updated

ant-launcher-1.7.0.jar

Apache Ant

Apache 2.0

Has ASF plus additional notices

ant-1.7.0.jar

updated

ant-junit-1.7.0.jar

Apache Ant

Apache 2.0

Has ASF plus additional notices

ant-1.7.0.jar

updated

avalon-framework-4.2.0.jar

Apache Avalon

Apache 2.0

Has ASF plus additional notices (here)

 

 

avalon-util-exception-1.0.0.jar

Apache Avalon

Apache 2.0

Has ASF plus additional notices

 


freemarker-2.3.15.jar

FreeMarker

BSD

License notice for BSD plus additional notice

 

updated

j2eespecs/ geronimo-activation_1.0.2_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices (here)

 

 

j2eespecs/ geronimo-j2ee-connector_1.5_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-jaxr_1.0_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-jaxrpc_1.1_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-jms_1.1_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-jsp_2.0_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-jta_1.1_spec-1.1.1.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-qname_1.1_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-saaj_1.1_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

j2eespecs/ geronimo-servlet_2.4_spec-1.0.jar

Apache Geronimo

Apache 2.0

Has ASF plus additional notices

 

 

httpunit.jar

HttpUnit

BSD  license

License notice only for BSD

 

 

icu4j_3_6.jar

ICU

X License

License notice only for MIT/X

 

updated

jakarta-regexp-1.5.jar

Jakarta Regexp

Apache 2.0

ASF Only

 

updated

javacc.jar

JavaCC 4.1

3-Clause BSD

 

 

 

javolution-5.2.3.jar

Javolution

BSD  license

License notice only for BSD

 

updated

jdbm-1.0.jar

JDBM

BSD (JDBM LICENSE v1.00)

5. Due credit should be given to the JDBM Project

 

updated; however, this comment by Peter Goron is worth of consideration: "Jdbm doesn't seem to be an active project anymore. Maybe we must start thinking about another project to manage ofbiz cache stuff to avoid to have to maintain this stuff ourself. I've heard some interesting features from ehcache project (ehcache.sourceforge.net) like distributed caches and scalability."

junit.jar

JUnit

CPL 1.0

License notice only for CPL

 

 

junitperf.jar

junitperf

BSD

License notice only for BSD

 

 

log4j-1.2.15.jar

Log4j

Apache 2.0

Has ASF plus additional notices

 

updated

mail.jar

Glassfish

CDDL

 

 

javax.mail.* and com.sun.mail.*

mx4j-3.0.1.jar

 

Apache 2.0

Found something that looks like a notice in the license file here

 

 

mx4j-remote-3.0.1.jar

 

Apache 2.0

Found something that looks like a notice in the license file

 

 

owasp-esapi-full-java-1.4.jar

http://www.owasp.org/index.php/ESAPI

BSD

 

 

 

resolver-2.8.1.jar

Distributed with Xerces

Apache 2.0

Has ASF plus additional notices

 

 

xercesImpl-2.8.1.jar

 

Apache 2.0

Has ASF plus additional notices

resolver-2.8.1.jar
xml-apis-2.8.1.jar

 

xml-apis-2.8.1.jar

Distributed with Xerces

Apache 2.0

Has ASF plus additional notices

 

 

catalina

 

 

 

 

 

catalina.jar

 

Apache 2.0

ASF Only

 

5.5.23

catalina-cluster.jar

 

Apache 2.0

ASF Only

 

5.5.23

catalina-optional.jar

 

Apache 2.0

ASF Only

 

5.5.23

jasper-compiler.jar

 

Apache

No notice file - ASF Only

 

5.5.23

jasper-compiler-jdt.jar

 

Apache

No notice file - ASF Only

 

5.5.23

jasper-runtime.jar

 

Apache

No notice file - ASF Only

 

5.5.23

naming-factory.jar

 

 

No notice

 

5.5.23

naming-resources.jar

 

 

No notice

 

5.5.23

servlets-default.jar

 

Apache 2.0

ASF Only

 

5.5.23

tomcat-ajp.jar

 

Apache 2.0

ASF Only

 

5.5.23

tomcat-coyote.jar

 

Apache 2.0

ASF Only

 

5.5.23

tomcat-http.jar

 

Apache 2.0

ASF Only

 

5.5.23

tomcat-util.jar

 

Apache 2.0

ASF Only

 

5.5.23

content

 

 

 

 

 

lucene-2.2.0.jar

lucene

Apache 2.0

ASF and additional notice

 

updated

poi-3.2-FINAL-20081019.jar

poi

Apache 2.0

ASF Only

 

 

entity

 

 

 

 

 

commons-dbcp-1.3-20091113-r835956.jar

Apache Commons

Apache 2.0

ASF Only

 

Built using DBCP trunk

ofbiz-minerva.jar

 

X license

License notice only for MIT/X

 

 

jdbc/ derby-10.4.2.0.jar
jdbc/derbytools-10.4.2.0.jar

derby

Apache

Has ASF plus additional notices

 

updated

geronimo

 

 

 

 

 

geronimo-transaction-2.1.1.jar

geronimo

Apache 2.0

Has ASF plus additional notices

geronimo-jta_1.1_spec-1.1.1.jar, geronimo-connector-2.1.1.jar

 

geronimo-connector-2.1.1.jar

geronimo

Apache 2.0

Doesn't appear to have any notice

geronimo-jta_1.1_spec-1.1.1.jar

 

guiapp

 

 

 

 

 

XuiCoreSwing-v3.2rc2b.jar
XuiOptional-v3.2rc2b.jar

xui

MPL 1.1

License notice only for MPL

 

It's now XPL but we don't have to worry it's a clone of MPL see here

images

 

 

 

 

 

dojo

dojo

BSD

License notice only for BSD

 

 

prototype

prototypejs

MIT

License notice only for MIT

 

prototype 1.6


Scriptalous

Scriptalous

MIT

MIT plus additional notice

 

scriptaculous 1.8


calendar_date_select.js

Calendar Date Select

MIT

License notice only for MIT

prototype 1.6

Version 1.10.5

control.progress_bar.js

control.progress_bar

MIT

License notice only for MIT

 

progress_bar 1.0.1


progress_bar.css

control.progress_bar

MIT

License notice only for MIT

 

progress_bar 1.0.1


WhizzyWig.js

unverse.net

MIT

MIT plus additional notice

 

whizzywig_v55i.js

 

jetty

 

 

 

 

 

ant.jar

 

Apache 2.0

Has ASF plus additional notices

 

 

jasper-compiler.jar

 

Apache

No notice file - ASF Only

 

 

jasper-runtime.jar

 

Apache

No notice file - ASF Only

 

 

org.mortbay.jetty.jar

jetty

Apache 2.0

Has custom notice file

 

Not needed?

org.mortbay.jmx.jar

jetty

Apache 2.0

Has custom notice file

 

Not needed?

service

 

 

 

 

 

axis.jar

axis see also

Apache

Axis 2 has a NOTICE file, but not Axis; appears to be ASF only

 

 

axis-ant.jar

axis

Apache

Axis 2 has a NOTICE file, but not Axis; appears to be ASF only

 

 

wsdl4j.jar

wsdl4j

CPL

License notice only for CPL

 

 

webapp

 

 

 

 

 

DataVision-1.0.0.jar

datavision

Apache 1.1

License notice for Icons

bsf (2.3.0)
iText

In order to run some reports the following runtime dependencies may exist:
jcalendar.jar
jruby.jar
the files are not included in OFBiz and can be found in the DataVision distribution.

barcode4j-fop-ext-complete-2.0.jar

barcode4j

Apache 2.0

Has notice with ASF, Krysalis, and JDOM

fop-0.95.jar

Explanations here

batik-all-1.7.jar

batik

Apache 2.0

Has ASF plus additional notices

 

 

ezmorph-0.9.1.jar

ezmorph

Apache 2.0

No notice found

 

 

fop-0.95.jar

fop

Apache 2.0

Has ASF plus additional notices

avalon-framework-4.2.0.jar
xmlgraphics-commons-1.2.jar
batik-all-1.6.jar
commons-logging-1.1.jar
commons-io-1.3.1.jar
xalan-2.7.0.jar (see notes)
serializer-2.7.0.jar (see notes)
xml-apis-ext-1.3.04.jar (needed for SVG/Barcode generation)

The following (optional) jars, included in the FOP distribution, have not been included in OFBiz: commons-logging-1.0.4.jar (because we already have commons-logging-1.1.jar), xercesImpl-2.7.1.jar (because we already have xercesImpl-2.8.1.jar), xml-apis-1.3.02.jar (because we already have xml-apis-2.8.1.jar)

xalan-2.7.0.jar

Xalan

Apache 2.0

ASF plus additional notice

serializer-2.7.0.jar

This jar is only required by fop because there is a bug in the 0.94 release

serializer-2.7.0.jar

Xalan

Apache 2.0

ASF plus additional notice

 

This jar is only required by fop because there is a bug in the 0.94 release

itext-2.0.1.jar

itext

MPL 1.1

License notice only for MPL

 

updated

jdom-1.1.jar

jdom

Modified Apache

No notice found

 

 

json-lib-2.2.3-jdk15.jar

json

Apache 2.0

ASF plus additional notice

 

 

rome-0.9.jar

rome

Apache 2.0

No notice found

 

 

velocity-1.5.jar

velocity

Apache 2.0

ASF Only

commons-collections
commons-lang
oro

updated

ws-commons-java5-1.0.1.jar

ws

Apache 2.0

ASF Only

 

 

ws-commons-util-1.0.1.jar

ws

Apache 2.0

ASF Only

 

 

xmlgraphics-commons-1.2.jar

xmlgraphics

Apache 2.0


ASF Only

 

 

xmlrpc-client-3.0.jar

xmlrpc

Apache 2.0

ASF Only

xmlrpc-common-3.0.jar

 

xmlrpc-common-3.0.jar

xmlrpc

Apache 2.0

ASF Only

 

 

xmlprc-server-3.0.jar

xmlrpc

Apache 2.0

ASF Only

xmlrpc-common-3.0.jar

 

ldap

 

 

 

 

 

cas-server-core-3.3.jar

JA-SIG CAS

BSD

License notice only for BSD

 

CAS (Central Authentification Service) provide a trusted way for an application to authenticate a user

pos

 

 

 

 

 

jcl.jar

jposloader

CPL

License notice only for CPL

 

Configuration and loading of device services developed to the JavaPOS architecture and standard

jpos18-controls.jar

JavaPOS see also POSTest

CPL

License notice only for CPL

 

Latest version is now 1.10 and the licence is CPL which is an OSS Apache-like license. The complete license here

looks-2.0.2.jar

JGoodies

BSD

License notice only for BSD

 

JGoodies look&feels make your Swing applications and applets look better

googlecheckout

 

 

 

 

 

checkout-sdk-0.8.8.jar

Google Checkout

Apache 2.0

ASF plus additional notice

 

 

  • No labels

8 Comments

  1. Shouldn't this document reside under the technical section?

    1. As it's said at top it's deprecated anyway, and this for a long time now. So no.

  2. I suggest to remove this page from the Wiki. It is of no use when not maintained. Moved to Trash for now.

    1. Agreed, the reference is now the main build.gradle file

  3. In stead of maintain in the list here (and the changes from released version to released version), It would be better to have this page reference the revision (link to viewvc, or similar) per released version.

  4. Yes Jacques,

    That way you can reference a single confluence doc in the sets per release while at the same time keeping the maintenance to a minimum. But I wouldn't do this against the release branches. Instead I would do this against releases. We don't want to confuse our adopters with links to sources that don't reflect the release they implemented, right?

    And I would disentangle the dependencies from the build.gradle file into a separate dependencies.gradle file so that adopters (and their developers) don't get confused by the overload of commands and comments in that file. 

    So you would get something like:

    And for the older releases (prior to the releases with gradle) we could have a link to old confluence confluence pages (if there are any).

     

    1. Pierre, you said

      But I wouldn't do this against the release branches. Instead I would do this against releases. We don't want to confuse our adopters with links to sources that don't reflect the release they implemented, right?

      I agree we could have to change a library version between freezing the branch and releasing it (several times), because of a possible CVE in a library (only case I found). So a link to the branch is not enough.

      A separate dependencies.gradle file (included in the main build.gradle using apply from) would be a good idea. But I still see no universal way to show, using a browser, the content of the dependencies.gradle file from inside the the released packages. We could though reference the dependencies.gradle file from the svn release tag...

      All: Other ideas?