Occasionally, security scans are run against our servers and this often results in information that OpenSSH is outdated and/or contains known security holes and such.
However, this information is very rarely correct, as the provider of the operating system running on our servers backports updates from newer OpenSSH versions to the version running on our servers. These updates do not affect the version number presented by OpenSSH, so a security scanning software may see a version that appears old, even if all known security holes are patched.
In short, if a scan reports insecure OpenSSH version, this is not true, as known security holes are patched on our servers even if the version number has not changed.