I've yet to migrate to 3.8.4 from 3.8.3 and was wondering if I need to in order to install the patch?
I'm certainly not going to upgrade from 3.8.3 to 3.8.4 based on what has been typed on vb.com. With my sql version there is no reason to.
If you do want to upgrade to .84 PL1, you can do that directly. The upgrade script will upgrade you to .8.4 and then PL1 automatically.
Let me rephrase this please. I'd rather not update to 3.8.4 as 3.8.3 is fine, it works for me, I'm not having issues and the .4 release adds nothing I need or want. So can I take the patch files and drop them in the .3 release?
Nope, you'll get a mismatch of version numbers. 3.8.4 was a security and bug release fix if I'm not mistaken, there shouldn't be any huge changes or reason to avoid it that I'm aware of. But anyway, If you don't want to upgrade to 3.8.4 for whatever reason, you won't be able to apply the patch and fix the security hole unfortunately. Though you're 99% chance to be unaffected by it any way if you're careful what links you're clicking (especially member posted ones) you should be just fine.
You can do it. However while the Admin CP will say you're up to date and that you're running 3.8.4 PL1, you'll still be running 3.8.3. If you need support, it can be denied due to the mismatched versions but I doubt it will cause any problems. The issue exists all the way back to 3.6.0 so the files haven't changed much. All the change does is restrict a user's homepage to http:// and https:// links. Previously it would allow any protocol.
Alot of people dont seem to overwrite that file and create threads saying they're not running 3.8.4 PL1
