"Security Update - If I install latest udpate of Unity, do I need to intall the security patch too?" (734550)

I see there are some Remote Code Execution vulnerabilities that Unity just tweeted. If I install latest update, do I need to download & install the patch too?

I got confused because it said:

“Additionally, you can download and install the corresponding patch for your version of the Unity Editor. The download links are available in the Patch Versions of the Vulnerabilities Details section and in the References section.”

And there is a patch for latest version of Unity (2018.3.7f1),

“References - [3] 2018.3.7f1 (Win)”

If the latest version already contains the patch, why they still put the patch file for latest version there.

But If the latest version doesn’t contains the patch, is it too risky for the community, not everyone check the Unity Security page, shouldn’t the security patch be easily noticed & installed via Unity Editor Updater?

Unity said:
“All future versions of the Unity Editor will include this update moving forward.”
But does latest update 2018.3.7f1 contain the patch CVE-2019-9197?

I installed 2018.3.7f1 followed by the related patch. I haven’t had any problems so far.

Additionally, if you’re using Visual Studio it should also be updated to address recent security vulnerabilities.

2018.3.8 is finally out. I don’t have to manually install the patch, cool