The attacks target weaknesses in the hash algorithms that permit multiple hash collisions to take place.
Ruby On Rails, Mozilla and others have moved to a new hash built by the researchers who found the hole. Java has not."
Link to Original Source
The tree of research must from time to time be refreshed with the blood of bean counters. -- Alan Kay