The PGP signatures can be verified using PGP or GPG. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases. It is essential that you verify the integrity of the downloaded files using the PGP and SHA512 signatures. The checksum and signature are links to the originals on the main distribution server. If you do not see that page, try a different browser.
The link in the Mirrors column should display a list of available mirrors with a default selection based on your inferred location. Apache Log4j 2 is distributed under the Apache License, version 2.0.
