Oracle to Block JAR Files Signed with MD5 Starting with April 2017
Found on Bleeping Computer on Saturday, 21 January 2017
Oracle originally planned MD5's deprecation for the current Critical Patch Update (CPU), released this week, which included a whopping 270 security fixes, one of the biggest security updates to date.
In recent years, Oracle has been advising Java developers to use powerful and dedicated code-signing keys instead.
Java should just be removed entirely. "Write once, run anywhere" was nothing but a marketing joke; you're required to install the runtime environment and different JRE's aren't even compatible.