That's specific to your situation, and should be treated as such each and every time.
I got caught twice on a mail server with updates that broke functionality. In one case, a clamav update required a larger allocation of resources for threading, but it wasn't mentioned. As clamav didn't return an error code to qmail-scanner, all mail was delivered, infected or not.
On the other occasion, the perl suid "fix" required a minor change to my inbound and outbound qmail-scanner scripts, which actually delayed mail for awhile.
Patches can be a nightmare, but even so I'd much rather deal with undocumented issues than expose my doze users.