First off, the security patches are backported to the table versions that RH settles on, there are not holes just because the version is not the latest.

Second, if you require php 5.4.13, have a look at the IUS repositories, and maybe give a go at compiling your own apache2.4 if you just have to have it.

Most times, unless you specifically require a certain feature of the software, people "make do" with the versions that RH/CentOS provide, due to their stability, the fact that they are thoroughly tested, and any security holes are patched without breaking compatibility (like the upgrade from 2.2 to 2.4 does).

First off, the security patches are backported to the stable versions that RH settles on, there are not holes just because the version is not the latest.

Second, if you require php 5.4.13, have a look at the IUS repositories, and maybe give a go at compiling your own apache2.4 if you just have to have it.

Most times, unless you specifically require a certain feature of the software, people "make do" with the versions that RH/CentOS provide, due to their stability, the fact that they are thoroughly tested, and any security holes are patched without breaking compatibility (like the upgrade from 2.2 to 2.4 does).