Maybe because it includes JS files?

VirusTotal seems to be fine with it: https://www.virustotal.com/gui/file/91b30e5a1098299cf431f6185f3d6bd204e116e842f766d573c0833eda67ee37/detection

The hosting say that the problem is
in administrator/components/com_templates/tmpl/template/default_updated_files.php that contains on line 59:

<?php echo base64_decode(

Full line is
<a href="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . (int) $value->extension_id . '&file=' . $value->hash_id); ?>" title="<?php echo Text::_('JACTION_EDIT'); ?>"><?php echo base64_decode($value->hash_id); ?></a>

We have 121 occurrences in core of base64_decode(

Ping @SniperSister ;-)

@Razzo1987 base64_decode is a legitimate function call, the alert is a false positive

@SniperSister I know it is a false positive. I write it in my first post...
I think we have a problem if cPanel (852,423 live websites) can't upload Joomla 4 zip file.

No one have a contact directly with cPanel?

No one have a contact directly with cPanel?

Your host is a customer of cPanel right? That might be the fastest way to get contact with them

@zero-24 They have proposed to put the directory under control exclusions.
But it's a patch for my account, not a permanent fix.

@ggenovino also reports me the same problem (different hosting).

In the Joomla 3 version the function base64_decode is never used?

In the Joomla 3 version the function base64_decode is never used?

It is also used in Joomla 3 as this is total valid method to use ;) Example is the tempalte manager

I'm doing some test.

@SniperSister can you help me with the non-regression test on this PR?
#30529