When using the X509 app to input and output certs (maybe just converting from PEM to DER) or
when using the req app to input and output a CSR,
any X.590 extensions in the input are copied.

In contract, when using the x509 app with -x509toreq to convert a cert to a CSR or with -req for the opposite direction, or
when using the req app with -x509 to convert a CSR to a cert (whereas the opposite direction is not supported),
any X.509 extensions in the input are not taken over. I find this at least counter-intuitive.
I'm currently cleaning up both apps in particular concerning their user guidance and will make clear that no extension are copied.
Yet I believe it would be better if X.509 extensions were copied also when converting between cert and CSR, at least optionally.

BTW, there is a huge overlap between these two apps, while on the other hand there are needless inconsistencies in their use.
It would have been good, also in terms of code redundancy and maintenance, to have just one app that covers all their (pretty related) use cases.