In fact, Joomla regularly releases security patches.
You can only inject into old sites that have been not upgraded,
like with any other software system.