You should read the policy on backports of security fixes - RHEL (and thus CentOS) do not upgrade version numbers in mid-product cycle but RH backport security fixes to their own versions of the co... [by TrevorH]
I have ran yum update several times - I am 100% up to date as far as the standard repos are concerned. I am aware that CentOS / RHEL releases backport security fixes for software packages - such as Apache and PHP.
The second of Gerald's links provides the rationale as to why the version numbers do not change. As it say in that link, the Upstream Vendor backports all security fixes from the current code ... [by TrevorH]