To report a security issue, file a Private Security Report with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. The Ubuntu Security disclosure and embargo policy contains more information about what you can expect when you contact us and what we expect from you.

It is recommended to deploy Juju Dashboard with a TLS certificate. See the Juju TLS guide for more details. For a brief introduction to deploying the dashboard with a TLS certificate see the juju-dashboard or juju-dashboard-k8s charm docs.

For increased security it is recommended to not make Juju Dashboard publicly available. See the docs on deploying Juju offline.

More information about securing your Juju environment can be found in the Juju harden your Juju deployment docs.