Perhaps - but Apple has used very old core utilities for a very long time (licensing issues) but ensures they get security updates. Until recently, they used, what, bash from 2006?
Nah, there are all sorts of missing features, some of which were added over a decade ago. With a few small exceptions and modifications much of the Unix base has been quite dead for a long time.
The suggestion being made is that bugs and vulnerabilities are being fixed without adding new features, in order to provide a safe but very stable feature set.
Well people (including me) are bashing Apple for this deviation. Also it has been a constant consideration when linking/shipping binaries in production. So I feel it is fine to bash Microsoft for doing the same thing.
Perhaps Microsoft has an ABI reason for doing so? I can't imagine why else.
>OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2