Update CHANGELOG.md

Author: DaneEveritt

CHANGELOG.md

@@ -6,9 +6,13 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 ## v0.7.14 (Derelict Dermodactylus)
 ### Fixed
 * **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
+* **[SECURITY]** Attempting to login as a user who has 2FA enabled will no longer request the 2FA token before validating
+that their password is correct. This closes a user existence leak that would expose that an account exists if
+it had 2FA enabled.
 
 ### Changed
 * Support for setting a node to listen on ports lower than 1024.
+* QR code URLs are now generated without the use of an external library to reduce the dependency tree.
 * Regenerated database passwords now respect the same settings that were used when initially created.
 * Cleaned up 2FA QR code generation to use a more up-to-date library and API.
 * Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that