alternatives to STIG Viewer once Oracle JDK 8 / JavaFX 8 is EOL in January 2019?

Tue, 27 Nov 2018 11:07:23 -0800 

I apologize if this is a little off-topic for this list, but a
question: what are others who use STIG Viewer planning to do once
Oracle JDK 8 / JavaFX go EOL in January 2019?

Any Oracle Java 8 security updates released after January 2019 will
require a commercial support license from Oracle:

    
https://developers.redhat.com/blog/2018/11/05/migrating-from-oracle-jdk-to-openjdk-on-red-hat-enterprise-linux-what-you-need-to-know/

STIG Viewer requires Oracle JDK 8 and JavaFX 8 in order to function.
Oracle JDK 11 is the next LTS (long term support) version of Java.
(Java 9 and Java 10 are not LTS releases, and are already EOL.)  But
in Java 11, Oracle removed JavaFX:

    
https://www.infoworld.com/article/3305073/java/removed-from-jdk-11-javafx-11-arrives-as-a-standalone-module.html

The OpenJFX project provides a JavaFX 11 implementation that works
with OpenJDK 11:

    https://openjfx.io/

But: I tested the latest STIG Viewer (version 2.8) with OpenJDK 11 /
OpenJFX 11, and it does not work; it simply crashes at startup.

This will shortly place all STIG Viewer users in the situation where
they must purchase a commercial support contract from Oracle in order
to run STIG Viewer, because STIG Viewer requires outdated / EOL
technology.

I asked DISA/IASE what their intentions were with STIG Viewer in light
of this.  As of 2018-11-27, this was their response:

> There are currently no plans on creating a non-Oracle java version
> of STIG Viewer at this time.  We also have no information regarding
> how DoD will be addressing the licensing requirement for Oracle java
> going forward.

So.

Ideally, I'd like to find a Linux replacement for STIG
Viewer—something that can read, annotate, and write STIG Viewer
checklist (*.ckl) files.  But although SCAP Workbench can load and
check STIGs, unless I'm missing something, it has no support for STIG
Viewer checklist files.

I can't be the only person in this boat.  What are others doing?
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org

Reply via email to