Yes and no, there's been a change, but in MWS' case there should be no change in the behaviour.
Originally Posted by maggias
Up until version 1.2, MWS used the 2.0 branch of Apache and from 1.3 onwards the 2.2 branch. And between 2.0 and 2.2 there was a slight change in the way the Require directive works. In 2.0
was interpreted so that if either requirement was fulfilled, the user was allowed access. In 2.2 it's interpreted so that both requirements must be fulfilled, which in practice makes it hard to use group and user at the same time. A straightforward workaround is to create, for each user, a group with the same name and then only use Require group.
Require group ...
Require user ...
However, MWS (1.3 and 1.4) installs and uses an authentication module from the 2.0, so the authentication behaviour of 1.[3|4] should be identical to that of 1.2.