Failed to bootstrap security configuration (correctly)

Hello I have some more issues with Artifactory's security configuration.
I'm running 2.4.2, so https://issues.jfrog.org/jira/browse/RTFACT-4526 should be fixed right?

I configure my JBoss/Artifactory node initially using the bootstrap mechanisms as explained in the doc (http://wiki.jfrog.org/confluence/display/RTF/Global+Configuration+Descriptor and http://wiki.jfrog.org/confluence/display/RTF/Security+Descriptor).
( The global configuration descriptor remains consistent ;)

The security configuration (however) is not bootstrapped correctly.
The descriptor I prepare for import (which I hand over via the bootstrap in $ARTIFACTORY_HOME/etc/security.import.xml has a few users in it.
From the logs, Artifactory happily says that it successfully imported the config descriptors:
    ... [INFO ] (o.a.s.SecurityServiceImpl:200) - Security configuration imported successfully from .../artifactory-data/etc/security.import.xml

Then using the REST API (for example - same result of course from the admin UI), I then verify what has actually been imported by the bootstrap.
But the users definitions are missing!

    curl -i -X GET -u admin:password http://10.192.198.231:8080/artifactory/api/system/security
    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    X-Powered-By: Servlet 2.4; JBoss-4.2.2.GA (build: SVNTag=JBoss_4_2_2_GA date=200710221139)/Tomcat-5.5
    Server: Artifactory/2.4.2
    Content-Type: application/xml
    Transfer-Encoding: chunked
    Date: Tue, 31 Jan 2012 12:59:25 GMT

    <?xml version='1.0' encoding='UTF-8'?>
    <security version="v7">
      <users/>
      <groups/>
      <acls>
        <acl>
          <permissionTarget>
            <name>Any Remote</name>
            <repoKeys>
              <string>ANY REMOTE</string>
            </repoKeys>
            <includes>
              <string>**</string>
            </includes>
            <excludes/>
          </permissionTarget>
          <aces>
            <ace>
              <principal>anonymous</principal>
              <group>false</group>
              <mask>3</mask>
            </ace>
          </aces>
          <updatedBy>_system_</updatedBy>
        </acl>
        <acl>
          <permissionTarget>
            <name>Anything</name>
            <repoKeys>
              <string>ANY</string>
            </repoKeys>
            <includes>
              <string>**</string>
            </includes>
            <excludes/>
          </permissionTarget>
          <aces>
            <ace>
              <principal>readers</principal>
              <group>true</group>
              <mask>1</mask>
            </ace>
            <ace>
              <principal>anonymous</principal>
              <group>false</group>
              <mask>1</mask>
            </ace>
          </aces>
          <updatedBy>_system_</updatedBy>
        </acl>
      </acls>
    </security>

Yet another issue appears when I restart the Artifactory node.
Then I have the same result as explained in https://issues.jfrog.org/jira/browse/RTFACT-4526, which means that my security configuration reverted back to the default (i.e. empty: no users, no groups, no ACLs).
For which nothing appears in the logs.

regards,
alain