PayPal Server SDK
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://github.com/paypal/PayPal-Ruby-Server-SDK | Very High | Very Low |
External contacts
The PayPal team is reachable via our Developer Support account. Security policy is not defined. CVEs in other packages have been assigned by both MITRE and Snyk, so it may depend on reporter.
Security posture
The PayPal SDK is used to process payments from customers. Payment and PII are processed via this gem. It is of critical security importance and there is a very high risk to the security and privacy of the system if any vulnerability were found in it.
Abandonment risk
PayPal's official SDK is unlikely to be abandoned, unless they rewrite it using a different API service. If that were to occur, we would consider that similarly to releasing a new major version of the SDK.
Versioning policy
We pin PayPal to 1.0.0 as that is recommended upstream, since APIs may be "changed without notice". When a new version of the PayPal SDK is released, evaluation for security posture shall take place within 24 hours. Other evaluation, including API compatibility, shall take place within one week.