So Ubuntu has this model where they pretty much freeze package versions for an Ubuntu release after release, and then they only backport security updates from upstream. There's nothing new here, most distros do it this way. The idea is that this way they can polish the gazillions of package versions
Since you(r team) already have the Ubuntu experience, the obvious and senseful migration path is Debian. Stable plus docker/podman covers for most of what’s needed plus cover for the “bUt thIS paCKaGe iS 2 weEkS olD!!!1” crew.