For RESTXQ auth its unclear to me what the entry is to preserve older versions of basex auth. Thank!

see...

Authentication was readded to RESTXQ. As a consequence, you need to specify the admin user in your web.xml file if you want to preserve the behavior of older versions of BaseX.
In turn, if users are defined in the web.xml file, no passwords must be specified anymore.
The server-side authentication method, and default users, are now enforced and cannot be overwritten by client.