One thing not mentioned here
Sometimes new releases of libraries break applications. In the windows world, for example, we have software we rely on (and is very expensive) which breaks if the wrong version or service pack of .NET is installed. That isn't helped by these companies not updating their code very often (we had to wait nearly a year to get IE7 everywhere as the web front ends were only built to work in IE6, sadly I'd get in trouble for naming the company in question).
Another app (I'll happily name) is the Shibboleth Identity Provider. As a tomcat webapp (which I hate as it's complex and I don't understand it) I'm reliant on public information about which versions of Xerces libraries are compatible with Shibboleth. And getting an apache-tomcat stack, with the certificates at each end, that'll talk to secure service providers, is a pain in the backside I'm unwilling to do unless our SAN blows up and the extra backups go boom.
</ramble>