Update CHANGELOG.md

Author: DaneEveritt

CHANGELOG.md

@@ -3,6 +3,25 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v1.12.1
+### Fixed
+* [CVE-2026-26016](https://github.com/pterodactyl/panel/security/advisories/GHSA-g7vw-f8p5-c728)
+* [GHSA-hr7j-63v7-vj7g](https://github.com/pterodactyl/panel/security/advisories/GHSA-hr7j-63v7-vj7g)
+* Fixes bug where presigned URLs would 
+* Fixes issue where certain input values would cause the activity log screen to stop rendering properly due to improper element encoding.
+* Fixes improper display of unicode characters in console output.
+* Fixes page number not resetting when toggling between "Show My Servers" and "Show All Servers" on the dashboard.
+
+### Changed
+* SFTP sessions are now revoked on nodes when a user changes their password or their account is deleted.
+* Remote node access tokens are now scoped to only allow access to servers that belong to the same node. Previously a node could access information and control the installation status for any server in the system.
+* The default rate limit for the client API was bumped from `128` to `256` requests per minute.
+
+### Added
+* HTTP responses now include default security headers if not otherwise set.
+* Adds modal popup when running a Hytale server that requires additional auth.
+* Adds support for administrators to view any application API key that has been created, regardless of the owning account.
+
 ## v1.12.0
 ### Fixed