[Culonavirus]

Yea, some of these (e.g. PHP) have dozens of minor/bug fix releases which then just suddenly stop which just shows that you're vulnerable all the time... either because the release isn't "mature yet" or because it's "already eol" :)

[kijin]

Nothing ever gets "mature" in today's web development environment. As soon as something becomes stable, people don't find it exciting anymore so the devs need to introduce new features, create new bugs, and make backward-incompatible changes.

If you want to keep your sanity and focus on building an actual business on a solid foundation, ignore all the upstream EOLs and just use a major stable Linux distro that promises to backport security fixes for 5+ years. The peace of mind is totally worth the larger container size.