No security fix for PHP 7.4 in RHEL 8

PHP 7.4 became available in RHEL 8 Application Stream with version 8.3 of the OS released in october 2020. The exact version of PHP at that moment was 7.4.6 (7.4.6-4.module+el8.3.0+7002+2eb69d76) and even though it was lagging from the upstream version, I thought that this version was frozen and at least security fixes would be backported to it. Now, we're in february 2021, I've just applied all updates available and if I look at the build date of my PHP installation from phpinfo function, it still says "May 12 2020 08:09:15" even though there has been security releases of PHP 7.4 coming out. Among others, 7.4.11 which has been released on october 1st 2020 and 7.4.14 which has been released on january 7th 2021. So, what is the policy for the updates of packages in "app stream"? It doesn't seem normal to me to run on a PHP build dating more than 6 months ago...