And just to provide some references so you don't have to take my word for it, from the Debian FAQ:
"2.2. Are there package upgrades in "stable"?"
Generally speaking, no new functionality is added to the stable release. Once a Debian version is released and tagged "stable" most packages will only get security updates.... there are some cases in which packages will be updated in stable ... When an urgent update is required to ensure the software continues working. The package is a data package and the data must be updated in a timely manner. The package needs to be current to useful to end user (e.g. some security software, such as anti-malware products)....
And:
Users that wish to run updated versions of the software in stable have the option to use "backports". Backports are recompiled packages from testing (mostly) and unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever it is possible) on a stable Debian distribution.
Debian is strict in interpreting security updates:
Security updates serve one purpose: to supply a fix for a security vulnerability. They are not a method for sneaking additional changes into the stable release without going through normal point release procedure.
Your first comment says "Stable does receive updates that address bugs and security issues."
But your quote about stable says "most packages will only get security updates".
So assuming their bug fix isn't security-relevant, it sounds like their original complaint is valid? I don't see how it's "grossly misstating" how stable works.
Backports are useful but the default is that the user is on the buggy stable version.
In practice, Debian stable gets bugfixes. I included (and quoted) the Debian FAQ on this matter largely so that I wasn't simply arguing by assertion.
See for example the Debian 12.10 release notes. This is an update to the Debian Stable v.12 release:
The Debian project is pleased to announce the tenth update of its stable distribution Debian 12 (codename "bookworm"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.
Strong emphasis on "mainly adds corrections", but "along with a few adjustments for serious problems."
That is, in practice, Debian stable receives both security and bugfix updates.
You and other readers are strongly encouraged to look through Debian sources (release notes, Policy, Constitution, and individual package updates within stable repos) to verify other questions before posting further concerns here.
"2.2. Are there package upgrades in "stable"?"
Generally speaking, no new functionality is added to the stable release. Once a Debian version is released and tagged "stable" most packages will only get security updates.... there are some cases in which packages will be updated in stable ... When an urgent update is required to ensure the software continues working. The package is a data package and the data must be updated in a timely manner. The package needs to be current to useful to end user (e.g. some security software, such as anti-malware products)....
And:
Users that wish to run updated versions of the software in stable have the option to use "backports". Backports are recompiled packages from testing (mostly) and unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever it is possible) on a stable Debian distribution.
Debian is strict in interpreting security updates:
Security updates serve one purpose: to supply a fix for a security vulnerability. They are not a method for sneaking additional changes into the stable release without going through normal point release procedure.
<https://www.debian.org/doc/manuals/debian-faq/getting-debian...>