CentOS (and it's forks) never backported security fixes for old software versions; it was always RedHat that took on this grunt work.
Even within that 12-24 month timeline, security fixes are commonly only backported where there is a significant enough security risk in a significant enough package. More resource on this mundane but important task is sorely needed
Even within that 12-24 month timeline, security fixes are commonly only backported where there is a significant enough security risk in a significant enough package. More resource on this mundane but important task is sorely needed