So Ubuntu has this model where they pretty much freeze package versions for an Ubuntu release after release, and then they only backport security updates from upstream. There's nothing new here, most distros do it this way. The idea is that this way they can polish the gazillions of package versions
It only matters if you want support after 5 years. Just upgrade to a new release if you don’t need 10 years. If that’s a hassle, get the free subscription for 5 machines and you get 10 years.
Seems reasonable!