Not getting updates for features is perfectly fine. What is a problem is not getting security fixes, and having the security team of Canonical not caring at all about that.
When someone maintains a package in Debian, he may care about it, and provide sound security updates once the stable release is out. Though what's unexpected, is that the same package, while well maintained in Debian, may not be fixed in Ubuntu, because you know... it's "Universe"... The security team from Canonical will not take the time to get the updated package from Debian, unless someone carefully prepares the update and do the work for them.
The final result is that the Ubuntu universe repository is full of security issues unless someone "from the community" (understand: the Debian package maintainer) cares doing it, which often doesn't happen.
Don't use Ubuntu on your servers, it's simply not safe.