Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📣 Upgrade your integration to continue accepting Braintree payments #993

Open
stechiu opened this issue May 6, 2024 · 6 comments

Comments

@stechiu
Copy link
Contributor

stechiu commented May 6, 2024

Upgrade your integration to continue accepting Braintree payments

Braintree updated the root SSL certificate provider for api.braintreegateway.com (sandbox and prod) on April 12, 2024. The SSL certificates for current Android SDK v4 is set to expire by June 30, 2025.

If you do not update your SDK to the latest version with the updated certificates by June 30, 2025, 100% of your impacted traffic (client via the Android or iOS SDK, server via the server SDKs, server via self-pinning) will fail.

To reduce the impact, your developer will need to update your SDK to version 4.45.0. For details on how to include the SDK, see our setup guide found here.

What other SDKs will be impacted?

The following SDKs need to be updated to the latest version by June 30, 2025. Check the minimum server versions in the Braintree doc.

  • iOS v5, v6
  • Ruby v4, v3
  • Python v4
  • Java v3
  • PHP v5, v6

When do I need to make this change?  

By June 30, 2025.

Is there any flexibility in the deadline?

No. Please work with your TAM to ensure you will meet the deadline in time.

What if I’m using a lower version?  

Android SDK

SDK Update with new cert? Details
Android SDK v3 No Unsupported by June 2025. Upgrade to v4.45.0 or later
Android SDK v4 Yes Upgrade to v4.45.0 or later
Android SDK v5 Yes Upgrade to 5.0 or later
Android Drop-In SDK v5 No Unsupported by June 2025. Upgrade to v6.16 or later
Android Drop-In SDK v6 Yes Upgrade to v6.16 or later. SDK is currently inactive and will be sunset by Nov 2025

iOS SDK

SDK Update with new cert? Details
iOS SDK v5 Yes Upgrade to v5.26.0 or later
iOS SDK v6 Yes Upgrade to v6.17.0 or later
iOS Drop-In SDK v9* No Update v9.12.2 or later. SDK is currently inactive and will be sunset by Nov 2025

*Upgrading to iOS v5.26.0 to continue using Drop-In SDK. The Drop-In SDK is currently unsupported and will be sunset by Nov 2025

What changes does my developer need to make to my integration?  

Your developers needs to update the SDK (client and server) to the latest version to eliminate customer service disruptions and for good security practice.

Braintree's official recommendation is that Merchants use official SDKs, not modified ones. We cannot support modified SDKs. Reference our docs for our official SDK - https://developer.paypal.com/braintree/docs/

It is suggested to make this update as soon as possible to reduce any impacts to the customer experience.  

I've updated my SDK but I'm still getting emails to update

Braintree regularly pulls the latest list of impacted Merchants who need to update their SDK version before sending each email. If you have communicated with your TAM that you will updated but have not, then you will continue to receive email reminders until you have completed the update.

What happens if I don’t update or miss the deadline?

If you are still processing on a legacy SDK when our SSL Root Certificate update goes live, your API calls will no longer be able to reach Braintree's servers. Your customers will start to see errors when trying to complete checkout and their app logs will show SSL-related errors.

As a result, the specific error message you encounter won't be from Braintree, but rather from the language or framework you are using. The error message will likely be unique to that language or framework, but you can expect it to mention SSL – something along the lines of an invalid certificate, a refused connection, a failed handshake, etc. If you begin to encounter an error along those lines, double check that your integration has been updated to at least the minimum version, and then feel free to reach back out to us for further support.

What region is impacted by this change?

All (global)

@sarahkoop sarahkoop pinned this issue May 7, 2024
@tdchow tdchow unpinned this issue Aug 7, 2024
@tdchow tdchow pinned this issue Aug 7, 2024
@BunnyBuddy
Copy link

We're getting the same message

@sshropshire
Copy link
Contributor

Hi @BunnyBuddy thanks for using the Braintree SDK for Android. Can you elaborate on the message you're receiving?

@BunnyBuddy
Copy link

Hi @BunnyBuddy thanks for using the Braintree SDK for Android. Can you elaborate on the message you're receiving?
Thankyou for your reply and sorry for my late response.

image

image (1)

We got this message, now it may be just a precautionary alert or something but we're using,
com.braintreepayments.api:drop-in:6.13.0
com.braintreepayments.api:data-collector:4.38.2

Now I want to know if I just update the drop in version to 6.16 ? would it break anything (is there any major change in the code) or is it just a simple version update.

@hobbes-visionfriendly-com

@stechiu - Just to make sure, this does not affect the .Net SDK, correct?

@stechiu
Copy link
Contributor Author

stechiu commented Dec 12, 2024

@stechiu - Just to make sure, this does not affect the .Net SDK, correct?

@hobbes-visionfriendly-com .net SDK doesn't pin any certificates, so it's not affected nor needs to be updated to a minimum version

@stechiu
Copy link
Contributor Author

stechiu commented Dec 12, 2024

Hi @BunnyBuddy thanks for using the Braintree SDK for Android. Can you elaborate on the message you're receiving?
Thankyou for your reply and sorry for my late response.

image

image (1)

We got this message, now it may be just a precautionary alert or something but we're using, com.braintreepayments.api:drop-in:6.13.0 com.braintreepayments.api:data-collector:4.38.2

Now I want to know if I just update the drop in version to 6.16 ? would it break anything (is there any major change in the code) or is it just a simple version update.

Hi @BunnyBuddy, apologies for the late reply. There are no major changes to drop-in 6.16.0. However, the SDK is inactive as of this month (December 2024). We will be sharing future plans for Drop-In soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants