CVE

The amount of effort required to literally backport every fix is just not sustainable, especially for the longer LTS support times where the user base shrinks significantly and is often mostly comprised of Enterprise customers who want to pay as little as possible while demanding to be treated entirely differently from everyone else (i.e. the people sticking to relatively up to date versions no older than a year or two at most).

Not to mention that the stability, the whole reason for staying on an old version, becomes a bigger and bigger lie the more backports introduce changes to the old version anyway.