Suspicious downloads - checksums wrong


I’ve just downloaded from:

The file I get has different checksums to those listed on the downloads page:

SHA1( 737222b744600888a74ca85200b821d3f614c661
MD5( 05814de0b80023bf04d51b278fe4a0c0

I am concerned the download is compromised. Could you confirm the correct checksums (from the originals, not by trying the same download yourself.)

Thank you,



We are in-progress to verify the checksums and will let you know once an update is available.



How you are extracting checksums? I have tried with the WinMD5Free tool and it returns the same MD5 checksum as listed on the download page.


I’m using openssl on Mac OS, like:

$ openssl sha1
SHA1( 737222b744600888a74ca85200b821d3f614c661

$ openssl md5
MD5( 05814de0b80023bf04d51b278fe4a0c0

On the download page, the checksums are given as b943875dbe295893a344a19534837db468953b4e and 101bc265876942737f468b4c8de2714b respectively.

The URL I downloaded is,




We are in communication with the concerned team and will get back to you once an update is available.



The checksum issue has been fixed and you can now find the same SHA1 and MD5 checksums on the download page.



Could you confirm these checksums were computed from the original files?

(NOT computed from the files on the public download link, which would not detect corruption or compromise.)



On the download page, you can see that the listed checksums are same as (737222b744600888a74ca85200b821d3f614c661 and 05814de0b80023bf04d51b278fe4a0c0) you detected with openssl. However, we have sent an inquiry for the confirmation purposes and will let you know once an update is available.



Please note, the listed SHA1 and MD5 values on the download page are new and these values are computed from the original file.


Thank you, much appreciated.