So Ubuntu has this model where they pretty much freeze package versions for an Ubuntu release after release, and then they only backport security updates from upstream. There's nothing new here, most distros do it this way. The idea is that this way they can polish the gazillions of package versions
Horrendous how canonical engineers with bills to pay might want to monetise their labour!
More seriously, open source should not be confused with free labour. Do you think Linus works on the kernel for free? He does not, nor should he. We are all lucky to benefit from 5 years free updates from Ubuntu. You need longer, because your use case is so mission critical? then pay for the engineer’s time.
Edit: grammar