Am I exposing myself to a log4j vulnerability by installing WIPO Sequence?
In short, no.
A zero-day exploit has been reported against the popular log4J2 Javascript library which can allow an attacker to remotely execute code[1].
According to the Spring Boot documentation, only applications using log4j-core and including input in log messages are vulnerable and as the WIPO sequence validator uses only the log4j-to-slf4j and the log4j-api and both cannot be exploited on their own. As such, the WIPO Sequence is not affected by this vulnerability.
[1] https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot