Thank you Hikari Kobayashi for reporting the issue and even doing the work identifying the patch.
This was backported to 2.4.11 and therefore obviously is also in 2.4.18.
Thereby Xenial and Wily are not affected.
Note: This is a regression 2.2.22 (precise) -> 2.4.7 (trusty) since migrating from mod_authn_alias to mod_authn_core.
Settign tags accordingly.