Merchants Must Upgrade or Apply a PayPal Patch by June 30, 2017
For increased security, merchants will only be able to use HTTPS when posting messages back to PayPal via their Instant Payment Notification (IPN) service. In the past, PayPal has allowed the use of HTTP for these postbacks.
To comply with these changes, Magento merchants using PayPal must upgrade to:
Enterprise Edition 220.127.116.11 or apply the SUPEE-8167 patch
Community Edition 18.104.22.168 or apply the SUPEE-8187 patch
Magento 2.0.15 when it becomes available the week of June 19
All Magento 2.1.x versions already support this change, so no update is required.
Merchants must upgrade or apply a patch by June 30, 2017 to avoid any potential service disruptions. Patches are available in My Account or the Community Edition Download Page. There is also a PayPal microsite that describes this change.