Part of the value of the product that I work on is not introducing security vulnerabilities to our clients. That means keeping things like openssl up to date. We did find a vulnerability in a penetration test as a result of not keeping openssl up to date.

Otherwise, compiler upgrades have improved our runtime and prevented errors (which in our case typically result in the user experiencing a 500), and database upgrades have improved query performance.

So, yes. Update your stuff.