redis-py 7.4.0 fixes password leak in ConnectionPool repr and exposes OTel classes

[mitchh456]

Background

redis-py 7.4.0 was released on March 24, 2026. Notable changes:

1. Security: Password leak fix (#3998) — Fixed __repr__ methods for ConnectionPool where passwords could leak in plain text logs.
2. OTel observability exposure (#3996) — Basic OpenTelemetry classes and functions are now importable through redis.observability.
3. Cluster metrics fix (#3999) — Fixed AttributeError in cluster metrics recording when connection is None.

Impact

• Password leak fix: Directly relevant to APM/observability. If Scout or any logging captures connection pool string representations, passwords would have been exposed in logs. Scout should verify its own logging doesn't trigger __repr__ on redis connection pools.
• OTel observability classes: redis-py is investing in first-party observability via redis.observability. This may overlap with or complement Scout's redis instrumentation. Worth tracking for Scout's instrumentation strategy — if redis-py provides native tracing hooks, Scout could leverage them instead of monkey-patching.
• Cluster metrics fix: The fix for AttributeError when connection is None could resolve edge-case crashes in Scout's cluster monitoring if Scout accesses connection objects during metrics collection.

Suggested Action

1. Audit Scout's redis instrumentation to ensure it doesn't log or capture ConnectionPool.__repr__() output that could contain passwords (even with the fix, good practice to verify).
2. Investigate redis.observability — evaluate whether Scout can leverage these native OTel hooks for redis instrumentation rather than monkey-patching.
3. Run Scout's test suite against redis-py 7.4.0 to verify compatibility.

References

• redis-py 7.4.0 release
• Password leak fix (#3998)
• OTel observability exposure (#3996)