Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running.

Starting in April, Oracle will treat JAR files signed with the MD5 hashing algorithm as if they were unsigned, which means modern releases of the Java Runtime Environment (JRE) will block those ...

Topic warns that any developers working on apps that still rely on the Java plugin will switch to something else, like Oracle’s standalone Java framework Java Web Start.

The three flaws affect Java deployments that load and run untrusted code, such as clients running sandboxed Java Web Start applications or sandboxed Java applet, Oracle said in its advisory.

Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.