The Fix
pip install celery==5.1.0rc1
Based on closed celery/celery issue #6763 · PR/commit linked
Production note: This usually shows up under retries/timeouts. Treat it as a side-effect risk until you can verify behavior with a canary + real traffic.
@@ -7,7 +7,7 @@
from kombu.utils.functional import retry_over_time
from kombu.utils.objects import cached_property
-from kombu.utils.url import _parse_url
+from kombu.utils.url import _parse_url, maybe_sanitize_url
this bug.
Follow the reproduction steps, confirm the failure, apply the fix, and repeat the same steps to verify the behavior changes.
Option A — Upgrade to fixed release\npip install celery==5.1.0rc1\nWhen NOT to use: Do not use this fix if the application requires logging sensitive information for debugging.\n\n
Why This Fix Works in Production
- Trigger: - [X ] I have included all related issues and possible duplicate issues
- Mechanism: Passwords in Redis Sentinel URIs were not sanitized, leading to exposure in STDOUT
- Why the fix works: Sanitizes passwords in Redis Sentinel URIs to prevent exposure in STDOUT. (first fixed release: 5.1.0rc1).
- If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.
Why This Breaks in Prod
- Passwords in Redis Sentinel URIs were not sanitized, leading to exposure in STDOUT
- Production symptom (often without a traceback): - [X ] I have included all related issues and possible duplicate issues
Proof / Evidence
- GitHub issue: #6763
- Fix PR: https://github.com/celery/celery/pull/6765
- First fixed release: 5.1.0rc1
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.80
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Hey @K-MTG :wave:, Thank you for opening an issue”
Failure Signature (Search String)
- - [X ] I have included all related issues and possible duplicate issues
Copy-friendly signature
Failure Signature
-----------------
- [X ] I have included all related issues and possible duplicate issues
Error Message
Signature-only (no traceback captured)
Error Message
-------------
- [X ] I have included all related issues and possible duplicate issues
Minimal Reproduction
- this bug.
What Broke
Sensitive information, such as passwords, was exposed in the logs, risking security.
Why It Broke
Passwords in Redis Sentinel URIs were not sanitized, leading to exposure in STDOUT
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install celery==5.1.0rc1
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/celery/celery/pull/6765
First fixed release: 5.1.0rc1
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- Do not use this fix if the application requires logging sensitive information for debugging.
Verify Fix
Follow the reproduction steps, confirm the failure, apply the fix, and repeat the same steps to verify the behavior changes.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
- Pin production dependencies and upgrade only with a reproducible test that hits the failing path.
Version Compatibility Table
| Version | Status |
|---|---|
| 5.1.0rc1 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.