Hi Tom,
If you run another scan does the warning still appear? The databases may have been out of sync temporarily after a new plugin is released.
Thanks,
brian
I’ve noticed the last few days that plugin readme.txt files are getting flagged up a lot. Jetpack’s is the latest, I just re-scanned and the readme.txt modified file warning is still there. The only change appears as “Tested up to: 4.2.1”.
What generally happens, when you get the warnings about readme files being changed and the changes are like what you mentioned, is that the plugin developer went in and modified the readme.txt file to change compatibility notes. If they change it directly in the repository instead of changing it in a release we flag your version as different than what is in the wordpress.org repository because it is. The developer never really told you that a new version was out so how would you know to upgrade? This is more common than not after a WordPress release.
We could ignore it, you might say, but we’d rather let you double check to make sure someone didn’t add any weird code there.
Hope this helps explain it.
tim
Thread Starter
Tom
(@atomiktd)
This is what I figured out lately Tim. It looks for me, that sometimes developers forget to do some minor changes (like version number) or comments and they do them after launching update. Then you end up with differences because they modify files without upgrading version.
@tom Absolutely. We understand it might be a pain to change something just to say your plugin works with the latest version of wordpress. The thing is that as a security company we want to make sure you know about any change. Its not the hundred minor safe changes that get you, its the one change that is malicious that does.
tim
