Suddenly a user will appear out of the blue and report problems or have a question and it gets revealed that said user has a version of your software installed that you thought were long forgotten and extinct.
Open Source versions once released find their ways to some places that just then obviously never again upgrade. But surely, if it works why fix it?
The downside for these users is of course that they then have not gotten any of the security upgrades you have been shipping the last decade.
Often, slow-moving (or stuck) Linux distributions are blamed for this. "I am forced to use Linux Y with version Z so I have to use your software version X".
There is no right or wrong here and I expect just about every project to have their own answers and approaches when these kinds of users appear.
I primarily refer people to the latest version, helping them understand that we have fixed numerous bugs since their version and that the latest is more secure and recommended etc. Explaining the situation.
In some projects I might suggest a paid support contract could be a way for a developer to take on the problem with that ancient version.