1

Just received the email regarding use of legacy SDK with Paypal Braintree and to update. The email states we should be using PHP SDK version 6.21.0: The current version in my Magento seems to be 6.5.1 "vendor/braintree/braintree_php/" however there are 2 modules for Paypal / Braintree.

  1. Paypal/Gene
  2. Magento/module-paypal

I have contacted Gene who have stated that the braintree_php SDK is used by their module and will be updated by security patch 2.4.5-p12 in April and kindly provided a patch in case this is required to be updated manually.

I am however unsure if this email also refers to the built in Paypal module and if so when this will be updated / steps required for that and was hoping someone can confirm?

Improve this question
2
  • I received the same email. Gene provided patch which replaces the content of vendor/braintree/braintree_php/lib/ssl/api_braintreegateway_com.ca.crt. They further stated that this will be included in the scheduled April 2025 Magento patches. SDK version requirements aside, Braintree's original notice states "you were using a legacy SDK version on a production or Sandbox application that is not compatible with an upcoming update to our root SSL certificate provider for production and Sandbox API traffic." As such, it seems logical that the only real requirement is to update the certificate. Commented Feb 4 at 17:11
  • As far as module versions, these have been re-organized (more than once?). There is a note attached here: experienceleague.adobe.com/en/docs/commerce-admin/config/sales/…. Commented Feb 4 at 17:12

2 Answers 2

Reset to default
0

Found the same issue. Magento 2.4.6. Latest SDK with magento version 2.4.6-p8 is 6.11.1. I could not upgrade the whole paypal module because it's locked in composer dependencies (magento and paypal).

Improve this answer
1
  • If you contact Gene Commerce, they will provide a patch that updates the SSL root certificate in braintree/braintree_php. According to them you can also wait for Magento to release it as part of their planned April 2025 patches. Commented Feb 4 at 17:18
0

The extension vendor has indicated that this will be in the Magento April 2025 patch upgrade, which should give vendors sufficient time to update their sites before the cutoff of June 30th. He also links a patch for those who need it. See here:

https://github.com/magento/magento2/issues/39590#issuecomment-2637403009

Additional information is on their blog:

https://www.gene.co.uk/braintree-sdk-ssl-certificate-update/

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.