Many old, unmaintained apps have been archived

MD5 APK signatures are still supported by Android and, for example, are accepted by Google Play when you upload an APK there.

What happened with jarsigner and apksigner is that these tools use Sun/Oracle’s PKCS #7 classes to verify JAR signatures of APKs. In recent versions of Java, these classes were switched to reject MD5 signatures by default, unless special command-line parameters are provided to the JVM.

apksigner has now switched to using its own PKCS #7 codebase which accepts MD5 signatures because Android does so. Unfortunately, apksigner version 0.8 which contains this change is not yet out (as of Aug 23 2017). It will be released in the next release of Android SDK Build Tools. If you’re desperate to try it out until then, the source code is at platform/tools/apksig - Git at Google.