Oracle JRE will no longer trust MD5-signed code by default
Beginning with the April 2017 Critical Patch Update, JAR files signed using MD5 (RSA algorithm) will no longer be considered as signed by the Oracle JRE.
Oracle Java SE 8u131 which will be released with the April 2017 Critical Patch Update.
Affected applications: Java applets, or Java Web Start applications.
To check your app/jar file:
jarsigner -verify -J-Djava.security.debug=jar mySynopticApp.jar
To remove any existing MD5 signatures first before re-signing using the zip utility as follows:
zip -d mySynopticApp.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'