Skip to content
This repository has been archived by the owner on Sep 10, 2022. It is now read-only.

Releases: paypal/merchant-sdk-php

Fixes name attributes

10 Oct 19:05
Compare
Choose a tag to compare
  • Fixes name attribute in EBLBaseComponents. Fixes #136.
  • Minor bug fixes.

Updated stubs to latest version

07 Mar 18:03
Compare
Choose a tag to compare
  • Updated stubs to API version 204.

Minor stub updates

06 Mar 16:57
Compare
Choose a tag to compare
  • Add RiskSesionCorrelationId to DoReferenceTransactionRequestDetailsType.

TLSv1.2 Update

09 Dec 17:56
Compare
Choose a tag to compare
  • Enabled samples to verify it TLSv1.2 is supported
  • Replace mode in configurations from sandbox to tls to verify

SDK Core Dependency

22 Sep 18:10
Compare
Choose a tag to compare
  • Updated sdk-core-php dependency.

Poodle Fix - PHP 5.3 or higher (Recommended)

11 Nov 18:28
Compare
Choose a tag to compare

POODLE Fix

  • Because of the Poodle vulnerability, PayPal has disabled SSLv3.
  • To enable TLS encryption, the changes were made to PPHttpConfig.php in SDK Core to use a cipher list specific to TLS encryption.
    /**
     * Some default options for curl
     * These are typically overridden by PPConnectionManager
     */
    public static $DEFAULT_CURL_OPTS = array(
        CURLOPT_SSLVERSION => 1,
        CURLOPT_CONNECTTIMEOUT => 10,
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_TIMEOUT        => 60,   // maximum number of seconds to allow cURL functions to execute
        CURLOPT_USERAGENT      => 'PayPal-PHP-SDK',
        CURLOPT_HTTPHEADER     => array(),
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_SSL_VERIFYPEER => 1,
        CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
    );
  • There are two primary changes done to curl options:
    • CURLOPT_SSLVERSION is set to 1 . See here for more information
    • CURLOPT_SSL_CIPHER_LIST was set to TLSv1, See here for more information

All these changes are included in the recent release, along with many other bug fixes. We highly encourage you to update your versions, by either using composer or running this command shown below:

curl -k -L https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable-php5.3/samples/install.php | php    
    OR        
wget  https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable-php5.3/samples/install.php
php install.php

Poodle Fix - PHP 5.2 compatible

11 Nov 18:28
Compare
Choose a tag to compare

POODLE Fix

  • Because of the Poodle vulnerability, PayPal has disabled SSLv3.
  • To enable TLS encryption, the changes were made to PPHttpConfig.php in SDK Core to use a cipher list specific to TLS encryption.
    /**
     * Some default options for curl
     * These are typically overridden by PPConnectionManager
     */
    public static $DEFAULT_CURL_OPTS = array(
        CURLOPT_SSLVERSION => 1,
        CURLOPT_CONNECTTIMEOUT => 10,
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_TIMEOUT        => 60,   // maximum number of seconds to allow cURL functions to execute
        CURLOPT_USERAGENT      => 'PayPal-PHP-SDK',
        CURLOPT_HTTPHEADER     => array(),
        CURLOPT_SSL_VERIFYHOST => 2,
        CURLOPT_SSL_VERIFYPEER => 1,
        CURLOPT_SSL_CIPHER_LIST => 'TLSv1',
    );
  • There are two primary changes done to curl options:
    • CURLOPT_SSLVERSION is set to 1 . See here for more information
    • CURLOPT_SSL_CIPHER_LIST was set to TLSv1, See here for more information

All these changes are included in the recent release, along with many other bug fixes. We highly encourage you to update your versions, by either using composer or running this command shown below:

curl -k -L https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable/samples/install.php | php    
        OR        
wget  https://raw.githubusercontent.com/paypal/merchant-sdk-php/stable/samples/install.php
php install.php