Installing only security updates is a mistake?


On my Debian, I only do security updates:

deb http://security.debian.org/debian-security/ buster/updates main

deb-src http://security.debian.org/debian-security/ buster/updates main

For example, Debian recently migrated from 10.3 to 10.4, but I still use version 10.3 and automatically install available security updates.

Is that enough for security?