Grafana Labs addressed a security update from CircleCI, urging all former users to rotate secrets due to potential vulnerabilities. Although Grafana Labs no longer uses CircleCI, they proactively rotated or invalidated any previously used secrets and conducted a thorough review, finding no signs of suspicious activity or compromise. As a result, they identified two GPG keys used for signing binaries and Helm charts, prompting the rotation of these keys, especially for users who installed Grafana through their package repositories or used binary releases. Helm chart signing is discontinued due to its limited utility and associated risks. Updated instructions are provided for Debian/Ubuntu and rpm-based systems to replace the old GPG keys with new ones, while Helm chart users are advised to remove deprecated keys. Grafana Labs also invites users to report any security vulnerabilities via encrypted emails using their PGP key, and they maintain a dedicated blog category for security announcements and updates.