In Microsoft’s usage, we have discovered there is an inconsistency in the spec. In the end game, we provided for the possibility that an embedded link in a message might contain a valid URL in addition to a non-negative integer that represents a location id for the result. We updated the spec properly for plaintext messages but the restriction to prevent valid URLs in markdown elements remains behind. Removing the restriction would obviously constitute a material change in the standard. If we fix it, we will reset the process and introduce another month’s delay. I personally don’t believe we’re at the end of the issues that remain in this very complex document. And so Microsoft will vote to move the spec to the next phase (and plan for some future bug fix revision if we, in fact, accumulate a substantive body of known errata). Michael
https://github.com/oasis-tcs/sarif-spec/issues/432