Updated changelog

Author: jricher

CHANGELOG.md

@@ -1,4 +1,12 @@
 Unreleased:
+- Authorization codes are now longer
+- Client/RS can parse the "sub" and "user_id" claims in introspection response
+- Database-direct queries for fetching tokens by user (optimization)
+- Device flow supports verification_uri_complete (must be turned on)
+- Long scopes display properly and are still checkable
+- Language system remebers when it can't find a file and stops throwing so many errors
+- Index added for refresh tokens
+- Updated to Spring Security 4.2.4
 
 *1.3.2:
 - Added changelog