Jump to solution
Verify

Celery Clerey inspect report leaking beat_dburi password (Fix)

Fixed
Spec
Package
Celery
Fixed In
5.5.3
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.65
#9569 ai auth caching dns duplicates llm Updated: 2026-02-13
Issue #9569

The Fix

pip install celery==5.5.3

Based on closed celery/celery issue #9569 · PR/commit linked

Production note: This usually shows up under retries/timeouts. Treat it as a side-effect risk until you can verify behavior with a canary + real traffic.

Jump to Verify Open PR/Commit
@@ -35,7 +35,7 @@ HIDDEN_SETTINGS = re.compile( - 'API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE|DATABASE', + 'API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE|DATABASE|BEAT_DBURI', re.IGNORECASE,
repro.py
report: software -> celery:5.4.0 (opalescent) kombu:5.4.2 py:3.11.11 billiard:4.2.1 redis:4.6.0 platform -> system:Linux arch:64bit, ELF kernel version:6.8.0-52-generic imp:CPython loader -> celery.loaders.app.AppLoader (I cannot show more, but in this report the "beat_dburi" value is repaced with *******)
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install celery==5.5.3\nWhen NOT to use: This fix should not be applied if the application does not use Celery Beat.\n\n

Why This Fix Works in Production

  • Trigger: Clerey inspect report leaking beat_dburi password
  • Mechanism: The Celery Inspect report does not obscure the beat_dburi password, exposing sensitive information
  • Why the fix works: Introduces support for a new setting BEAT_DBURI, which allows specifying the database URI for Celery Beat, ensuring that the password portion of the URI is properly masked in logs and diagnostic outputs. (first fixed release: 5.5.3).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • The Celery Inspect report does not obscure the beat_dburi password, exposing sensitive information
  • Production symptom (often without a traceback): Clerey inspect report leaking beat_dburi password

Proof / Evidence

  • GitHub issue: #9569
  • Fix PR: https://github.com/celery/celery/pull/9695
  • First fixed release: 5.5.3
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.65

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“Celery Inspect report obscures some passwords from the worker report (I.E. broker url, result_backend) but it is not obscuring passwords from "beat_dburi". As a result this shows in Flower UI under the config section. !Image !Image # Propos”
Issue thread · issue description · source

Failure Signature (Search String)

  • Clerey inspect report leaking beat_dburi password
  • - [x] I have included all related issues and possible duplicate issues
Copy-friendly signature
signature.txt
Failure Signature ----------------- Clerey inspect report leaking beat_dburi password - [x] I have included all related issues and possible duplicate issues

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- Clerey inspect report leaking beat_dburi password - [x] I have included all related issues and possible duplicate issues

Minimal Reproduction

repro.py
report: software -> celery:5.4.0 (opalescent) kombu:5.4.2 py:3.11.11 billiard:4.2.1 redis:4.6.0 platform -> system:Linux arch:64bit, ELF kernel version:6.8.0-52-generic imp:CPython loader -> celery.loaders.app.AppLoader (I cannot show more, but in this report the "beat_dburi" value is repaced with *******)

What Broke

Sensitive database URI passwords are visible in the Flower UI, risking data exposure.

Why It Broke

The Celery Inspect report does not obscure the beat_dburi password, exposing sensitive information

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install celery==5.5.3

When NOT to use: This fix should not be applied if the application does not use Celery Beat.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/celery/celery/pull/9695

First fixed release: 5.5.3

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix should not be applied if the application does not use Celery Beat.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Capture the exact failing error string in logs and tests so you can reproduce via a minimal script.
  • Pin production dependencies and upgrade only with a reproducible test that hits the failing path.

Version Compatibility Table

VersionStatus
5.5.3 Fixed

Related Issues

No related fixes found.

Cluster: celery:configuration-error Celery hub Celery best practices All hubs All clusters
Related clusters: Data consistency Duplicates Duplicate processing

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #9569. Not affiliated with the library maintainers. Verify before production use.