And, the package selection in RHEL is much smaller than in, say, Debian or Ubuntu [1]. There are the popular EPEL repositories with lots of extra packages, but these are community-maintained on a best-effort basis.
[1] And I think the Ubuntu 'guarantees' only apply to the 'main' repository, not the MUCH larger 'universe'.
If a security bug is discovered in an old version of RabbitMQ do the distro maintainers learn Erlang/OTP to patch the bug?