I can see in OrNetStats that I have several relays marked as having a vulnerable Tor version.
correct, some of your relays run versions before the latest stable security releases and are vulnerable to CVE-2021-38385 (DoS) https://blog.torproject.org/node/2062
https://nusenu.github.io/OrNetStats/w/family/623817eefa493851b18bc3c525939db...
But when I checked and tried to update them, I was told that everything was up to date. In 2 cases relays rented at the same time on the same host have different versions. AlexHost running FreeBSD release 12.1 and 12.2 respectively: 0.4.6.7 and 0.4.5.8
FreeBSD ships tor version 0.4.6.7 - which is fine. https://www.freshports.org/security/tor/ If you do not get that version via pkg make sure you use the latest (not quarterly) repo to get the latest updates sooner.
CoolComputers both running Centos8.4.2105: 0.4.6.6 and 0.4.5.10
EPEL 8 has tor version 0.4.5.10 which is also fine. https://bodhi.fedoraproject.org/updates/?packages=tor
kind regards, nusenu