Red Hat backports fixes and keep package versions as they are. At times, security scanners are not smart enough to know that. They’d complain the packages are out of date. Making it worse, apache 2.2 has reached EOL since 2018. And even though openssh is now on version 8.2, one will still find version 5.3…