Hi,

This isn’t quite how it works.

DigitalOcean doesn’t decide what version of software ends up on your droplet - you choose that yourself by picking a distribution such as Ubuntu.

Now, the people who make Ubuntu (canonical as well as the open source community) decide on what version of packages they’ll support for a given version of Ubuntu. This is why you’re getting 1.4.6 rather than the latest 1.6.2.

Thus, there are obviously no security issues to worry about. It’s part of the work of a distribution’s team to ensure that the particular version of the software that they decide to bundle is security bug free - you’ll find that literally every piece of software on your Linux computer is the same way. Your version of ‘top’ isn’t the latest, your version of 'gcc’ isn’t the latest either, etc.

Ubuntu 14.04 is a Long Term Support version, which means such fixes will happen for the next couple years.

Hope this answers your question.

Thank you for the quick reply and detailed answer. That explains it very well, thanks!

Just found this, now the light bulb turns on lol
http://packages.ubuntu.com/trusty/nginx

Well I prefer to install the project repository and install the latest stable package. Here are instructions on how to install the repository and the signing key for nginx.
http://nginx.org/en/linux_packages.html