Update CHANGELOG

Bugfix: Ensure confidentiality of database password.

Reported by Michael Schiessl

Release: v1.5.0

Point release version bump 1.4.7

Point release version bump 1.4.6

Bugfix: Security fix

    - XSS (reflected) in 'find subnets';

Reported by Celso Bezerra <celso.bezerra@tempest.com.br>

Bugfix: CSRF outlined in CVE-2020-7988 (phpipam#3373)

Update app/tools/pass-change
 - Add CSRF cookie.
 - Require old password.
 - Prevent old password re-use.
 - Enforce password complexity requirements.

Fixes phpipam#3373

Bugfix: Avoid PHP session ID fixation. Fixes phpipam#3342

Add link to GitHub releases

Release: Tag v1.4.1, fix SCHEMA upgrade