This bug is security-sensitive but is already publicly disclosed.
The RoleSettings class has a write() method that was not properly using umask. As a result, JSON files were written to disk as world-readable, which could lead to a leak of sensitive information such as auto-generated passwords. On 0.4.0rc1, this could also lead to a leak of manually-entered passwords specified at kickstart time.
This bug is security-sensitive but is already publicly disclosed.
The RoleSettings class has a write() method that was not properly using umask. As a result, JSON files were written to disk as world-readable, which could lead to a leak of sensitive information such as auto-generated passwords. On 0.4.0rc1, this could also lead to a leak of manually-entered passwords specified at kickstart time.