Really a question for @[email protected], but, If the last update was a guide: new version gets released, another instance (usually lemmy.world as they have a large well-funded infrastructure) jumps on it and updates, everyone waits to see if something breaks and then most of the big instances install it.
I'd imagine, if there was a patch for a critical security loophole, then all the admins would move quickly on it but it'd also likely be quite a small patch so relatively easy to do without disrupting the business as usual.
The website going down seems to be due to load (though CPU and RAM levels are fine so not sure what's going on), I've updated to 0.18.3 and will keep monitoring the site