Clarify that "only one" means "at least one"

Author: rvedotrc

versions/3.1.1.md

@@ -326,7 +326,7 @@ The `security` field describes how requests are authorized:
 
 - If omitted, then nothing can be inferred about the authorization requirements; the behaviour is implementation-defined.
 - If present but empty (`security: []`), then the behaviour is undefined.
-- Otherwise, it is an array of [Security Requirement Objects](#security-requirement-object), only one of which needs to be satisfied for the request to be authorized.
+- Otherwise, it is an array of [Security Requirement Objects](#security-requirement-object), at least one of which needs to be satisfied for the request to be authorized.
 
 Because the empty Security Requirement Object `{}` will always be satisfied, any `security` list that includes `{}` will allow all requests. In particular, `security: [{}]` means that no security schemes are in use (also known as "no security").
 
@@ -3917,7 +3917,7 @@ The name used for each property MUST correspond to a security scheme declared in
 Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
 This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
 
-When a non-empty list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request; see [the `security` field](#the-security-field).
+When a non-empty list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), at least one of the Security Requirement Objects in the list needs to be satisfied for the request to be authorized; see [the `security` field](#the-security-field).
 
 ##### Patterned Fields