Red Hat, and by extension, CentOS are very conservative about changes made during the course of a stable series, and certainly during an individual release. More so than a lot of Linux users are prepared for. However, I agree with their policies. A fix for some users may break things for others.
In, I believe, CentOS 4.1, the fuser command had some weird and extraneous debugging text appear on stdout or stderr when the "-n" option was used. Just a piece of a word, with a ":" after it, followed by the expected process id list. Looked quite confusing on the screen. I reported it, and included the trivial patch, but it was not immediately fixed because existing installations could very well have workarounds in scripts in place which could break if the bug was fixed mid-release. Actually, I don't think it was fixed in the 4.2 either, as they said that they already had enough changes going into that for one update.
Such things can be a slight bummer and force one to apply workarounds. But I very *rarely* have a nightly CentOS server yum update surprise me unpleasantly or unexpectedly.