The attacks target weaknesses in the hash algorithms that permit multiple hash collisions to take place.
Ruby On Rails, Mozilla and others have moved to a new hash built by the researchers who found the hole. Java has not.
Link to Original Source
e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer