Braintree PHP SDK Starting June 25th needs to be 6.21.0 or above

[thss-admin]

Hello

We recently received an email from Paypal Braintree mentioning that we must update the version of the SDK to the minimum version of 6.21.0, released on Oct 31, 2024.

This is the official email from Braintree:

Our records show that as of 1/29/2025, you were using a legacy SDK version on a production or Sandbox application that is not compatible with an upcoming update to our root SSL certificate provider for production and Sandbox API traffic on 1/30/2025.

If you do not update to a compatible SDK and push changes to customer devices by June 30, 2025, you will not be able to process requests through your PayPal Braintree production and Sandbox accounts until you make the necessary update.

What action is required?

To avoid interruption to your processing, please update your SDK version to the appropriate minimum version as soon as possible:

Client-Side SDKs:
iOS 6.17.0
iOS 5.26.0
Android 4.45.0
Android 5.0.0
*Web/JS SDK does not require updating to a minimum version

Server-Side SDKs:
Ruby 4.23.0
Java 3.37.0
Python 4.31.0
PHP 6.21.0
Where can I find more information?

For information on how to update your SDK version, see our [developer docs] (https://developer.paypal.com/braintree/docs/reference/general/best-practices/ruby#server-sdk-versions).

If you are using a third-party shopping cart for your integration, we recommend reaching out to your shopping cart provider to ensure that they are using up-to-date Braintree SDKs so your processing is not interrupted.

If you have updated your production and Sandbox integration since 1/29/2025, please disregard this email.

For any additional questions, contact us or reach out to your Customer Success Manager, if applicable.

Thanks,

Basically our question is to verify if Magento plans to fix this as a security update in the sooner patches for 2.4.4, 2.4.5, 2.4.6 and 2.4.7 or if it will be released as a separate patch we could apply.

This will affect almost 60 sites we own and we need to get prepared before June to be sending all of those updates.

Now another solution would be to update the dependency itself to 6.21.0 by using

php composer.phar update braintree/braintree_php:6.21.0

We would like to receive your feedback about this, since it will break a lot of sites not only from us but world wide that uses Paypal as their payment processor.

Regards

[m2-assistant]

Hi @thss-admin. Thank you for your report.
To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce.

• For more details, review the Magento Contributor Assistant documentation.
• Add a comment to assign the issue: @magento I am working on this
• To learn more about issue processing workflow, refer to the Code Contributions.

---

Join Magento Community Engineering Slack and ask your questions in #github channel.
⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.
🕙 You can find the schedule on the Magento Community Calendar page.
📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.