The current minor release receives security fixes.

Report security issues through GitHub's private vulnerability reporting. Do not open a public issue for security vulnerabilities.

Best-effort response, typically within two weeks.

In scope: allelix source code, download integrity (ADR-0029), local file handling, CLI behavior.

Out of scope: upstream database content correctness. ClinVar misclassifications, PharmGKB annotation errors, GWAS Catalog data quality, and similar issues are third-party data — report them to the source database. Allelix verifies download integrity but does not and cannot verify the clinical accuracy of what those databases contain.