Which MAVEN versions are affected by maven:CHECKSUM_VALIDATION_FAILED?

All supported Apache Maven versions.

How can I manually validate maven:CHECKSUM_VALIDATION_FAILED?

Identify the specific artifact/version that failed checksum validation from the Maven output. Delete the artifact version directory under `~/.m2/repository/ / / /` to force a clean re-download. Force updates once: `mvn -U -DskipTests package`.

How do I prevent maven:CHECKSUM_VALIDATION_FAILED in CI?

Use a repository manager proxy to provide consistent artifacts/checksums to all builds. Avoid mixing multiple repository URLs/mirrors for the same coordinates. Keep build caches healthy by cleaning only the specific corrupted artifact directories when needed.

RepoFlow | Checksum validation failed

What This Error Means

Maven downloaded an artifact, but its checksum did not match (or the repository did not provide expected checksums), indicating corruption or repository/proxy issues.

How to Fix It

Delete the affected artifact directory under ~/.m2/repository/ so Maven must re-download it.
Force a remote re-check once: mvn -U -DskipTests package.
If the failure persists, route all builds through a single repository manager proxy to avoid inconsistent upstreams.
If you control the repository, verify that checksum files match the stored artifacts and repair/re-publish the bad artifacts.

Why It Happens

A previous download was interrupted, leaving a truncated artifact in the local repository.
A proxy/cache served stale or corrupted content.
The repository contains inconsistent metadata (artifact and checksum files are out of sync).
Multiple repositories/mirrors with different content are being used for the same coordinates.

How to Verify

Re-run the Maven build and confirm the checksum error is gone.
Confirm the artifact can be downloaded consistently on a second machine/environment.

Manual integrity checks

Identify the specific artifact/version that failed checksum validation from the Maven output.
Delete the artifact version directory under ~/.m2/repository/<groupId path>/<artifactId>/<version>/ to force a clean re-download.
Force updates once: mvn -U -DskipTests package.

Common CLI Output

[ERROR] Checksum validation failed, no checksums available

[ERROR] Checksum validation failed

How Maven verifies artifact integrity

Repositories typically publish checksum files (for example .sha1 / .md5) alongside artifacts.
Maven uses these checksums to verify that downloaded files were not corrupted or altered in transit.
Checksum failures often indicate a partial download, a caching proxy serving stale content, or inconsistent repositories.

Prevention Tips

Use a repository manager proxy to provide consistent artifacts/checksums to all builds.
Avoid mixing multiple repository URLs/mirrors for the same coordinates.
Keep build caches healthy by cleaning only the specific corrupted artifact directories when needed.

Where This Can Be Triggered

github.com/apache/maven/blob/maven-3.9.6/maven-core/src/main/java/org/apache/maven/project/DefaultProjectDependenciesResolver.java

Checksum verification failures are raised by the underlying resolver layer and bubbled up into Maven via the exception message (e.getMessage()). - GitHub

String msg = "Could not resolve dependencies for project " + project.getId() + ": " + e.getMessage();
DependencyResolutionException dex = new DependencyResolutionException(msg, e);
dex.setResult(e.getResult());
throw dex;